Do you know what CaptureItPlus is?
It came to our attention that an open source program CaptureItPlus could be exploited by cyber criminals using Phishing techniques. Our researchers found out that if you download this application from the wrong sources it could be injected with malicious programs. Though it does not harm your computer directly, it could try to trick the user into revealing sensitive information. We urge you to learn more about this and continue reading, especially if you have recently downloaded CaptureItPlus. We have no doubt that once you learn all about this scheme; you will not fall for the lies. Also, in case you have the infected version of this application, it is better to get rid of it. Since it might be difficult to delete it, we will add the instructions to help you with its removal.
CaptureItPlus is a tool created to capture a screen for a Windows platform. It was developed as an open source program, and, in consequence, its source code was made freely available. It gave the right for others to study, change, and distribute the software. Apparently, someone decided to use it for the wrong purpose, but you can still download the original and not infected version from the official website captureitplus.codeplex.com. Therefore, if you have downloaded this program from anywhere else than the official site it is likely that your version might be infected.CaptureItPlus screenshot
Scroll down for full removal instructions
The main sign showing that something is wrong with your CaptureItPlus will be the regularly appearing pop-up. Even though the pop-up will look like from McAfee, it is a fake that just looks very similar to the mentioned company. We are sure that most of you know that McAfee is a developer of antivirus software, and probably many of you use its products to scan your PC. This pop-up will show you fake malware detections and, to scare you even more, it adds a bunch of warnings such as “System Critically Infected!”, “Trojan Detected!” or “Your PC is At Risk.” However, the McAfee pop-up displayed after installing CaptureItPlus is fake and you will notice two things that will indicate it. Firstly, the pop-up itself is not clickable, and so you cannot click for more information on the detected threats or press on the home, settings, help, etc. buttons. Secondly, it will urge you to contact support immediately with the given phone number (1-800-245-2579). As we mentioned before, we think that this is a Phishing attempt and if you call that number you will probably talk to someone pretending to be a member of the McAfee support team. Since your PC is supposedly infected with Trojans and other kinds of malware and you do not have an “updated Anti-virus on your computer” they could suggest you buying McAfee products. Therefore, your call will show them your concern, so they could try to scare you even more. Consequently, you might fall for these lies and reveal your sensitive information, which is the goal of Phishing. Therefore, using the gathered knowledge cyber criminals could try to get even more information or steal your money if what they have is enough to log into your bank account. Undoubtedly, you should not make the call, and get rid of this fake message.
Even if you understand that the message is fake, it would be hard to find its source on your own, as CaptureItPlus will work just fine without raising any suspicion. At times like this, an antimalware tool would be useful since it would detect the threat at once and you could easily remove it. However, if you do not have a reliable security tool, you will have to delete this application yourself. Unfortunately, you cannot erase it via Control Panel; instead, you will have to find a particular executable file and remove it manually. This executable file will appear in the same directory where the installer file was when you launched it. Also, you should erase the application’s data from Windows Registry and directories that will be listed in the removal instructions. If you still need CaptureItPlus on your computer, then download it only from the official site.
How to remove CaptureItPlus from your computer
- Navigate to the folder where you launched CaptureItPlus installer.
- Find other executable file created by CaptureItPlus.
- Right-click on the executable file and the installer to delete them.
Delete CaptureItPlus data
- Press Windows Key+R to launch RUN.
- Copy and insert the listed directories one by one:
%UserProfile%\Local Settings\Application Data.
- Locate gltstech.net, PopupAlert in the listed directories.
- Right-click to delete them.
Erase the remaining files from Windows Registry
- Launch RUN (Win+R).
- Type regedit and click OK.
- Locate this path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PopupAlert.
- Right-click on PopupAlert key and click Delete.
In non-techie terms:
Downloaded from the right source CaptureItPlus is not harmful, but the way it was developed gives a chance for cyber criminals to exploit it for malicious purposes. Naturally, there are ways that could help you avoid such situations in the future. Downloading software from their official websites is always the smartest choice, especially when it comes to open source programs. Also, it is advisable to search for more information about the application before installing it and learn about it from the users who know all advantages, disadvantages, etc. Apparently, a reliable security tool would protect you from infections too.