Name: Misc.Scam.Iwin Category: Misc Advice: Remove Risk: High Risk High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May use a security flaw in the operating system to gain access to your computer. Description: Misc.Scam.Iwin is created by an infected Windows Meta File (WMF) that is downloaded through an exploit for the purpose of transmitting false clicks to internet URLs. The victim's computer is used to generate income for the attacker in a pay-per-click affilate program by transmitting false clicks to the attacker's URLs without the user's knowledge. The infected Misc.Scam.Iwin files are not ordinarily visible to the user. The files are executed and run silently in the background when the user starts the computer and/or connects to the internet. Misc.Scam.Iwin is thought to be related to CoolWebSearch. Signatures: process: whois.exe: MD5 Hash: 556298963ffc317ef98... process: iwin.exe: MD5 Hash: 556298963ffc317ef98... process: iwin.exe: MD5 Hash: 556298963ffc317ef98... process: regoptimize.exe: MD5 Hash: 237de6b9507f8000c74.. Type: Misc -