Block Watcher
What is Block Watcher?
Block Watcher or sometimes called the BlockWatcher virus is a fake security application that may cause an infected computer to display overload of pop-up security alerts. Block Watcher intentionally did this to mislead computer users and makes them think that computer is in great risks of virus attack. This method was commonly utilize on the operation of rogue security applications.
If innocent users fall into this trap, they will end up buying the registered version of Block Watcher. Executing any buttons that pertains to removal of detected threats will lead to the payment website where fraudulent transaction will take place. Security experts always advise that obtaining registered version of Block Watcher will not help in resolving the issue, instead it will make things worst.
| Type | Rogue |
| Sub-Type | FakeAV |
| Aliases | |
| OS Affected | Windows |
| Detected By | MalwareBytes |
What are the Symptoms of Block Watcher Infection?
This rogue program will pretend as Windows error called BlockWatcher - Online Protection
It will modify Windows Registry and add the following entries:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “BlockWatcher”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “ert6.tmp.exe”
- HKEY_CURRENT_USER\Software\BlockWatcher
- HKEY_LOCAL_MACHINE\SOFTWARE\BlockWatcher
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BlockWatcher
The threat will drop the following malicious files:
- c:\Program Files\BlockWatcher Software\BlockWatcher\BlockWatcher.exe
- c:\Documents and Settings\All Users\Desktop\BlockWatcher.lnk
- c:\Documents and Settings\All Users\Start Menu\Programs\BlockWatcher\1 BlockWatcher.lnk
- c:\Documents and Settings\All Users\Start Menu\Programs\BlockWatcher\2 Homepage.lnk
- c:\Documents and Settings\All Users\Start Menu\Programs\BlockWatcher\3 Uninstall.lnk
- c:\WINDOWS\30062tro9zd85.exe
- c:\WINDOWS\302145z9amb5t73a.bin
- c:\WINDOWS\30474virzs5f9.ocx
- c:\WINDOWS\system32\21z89s5y574.dll
- c:\WINDOWS\system32\3d576tzal22149.dll
- c:\WINDOWS\system32\4cs6tzi951779.cpl
- %Temp%\ert6.tmp.exe
Automatic Removal of Block Watcher
1. Print this procedure as we need to close all programs running later.
2. Download MalwareBytes’ Antimalware here and save it to your Desktop.
3. Close all open applications.
4. Double-Click on the downloaded mbam-setup.exeto start the installation. If unable to execute, infections on computer is preventing it from running, rename the file mbam-setup.exe to anything (like myfile.exe)
5. Run the installation on the default settings. No changes are necessary.
6. Just before completing the installation, make sure that the following are marked check.
- Update Malwarebytes’ Anti-Malware
- Launch Malwarebytes’ Anti-Malware
7. MBAM will run and update itself after installation. Close MBAM after the update.
8. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8
- From the selections, Select SafeMode
9. Click on the MBAM icon and start to Perform Full Scan to begin scanning your computer for BlockWatcher related files.
10. After scanning, a message will appear stating that the scan is completed successfully. Click OK.
11. Click Show Results and detected threats will be displayed.
12. Make sure that all threats are marked check, then click Remove Selected to begin removal of the malicious files.
13. Exit MalwareBytes’ AntiMalware and restart your computer.
14. Block Watcher and all its files are now removed from your computer. To protect your computer from this threat and avoid future infections, you may want to obtain a Full Version of MalwareBytes’ AntiMalware.
