ContraVirus

ContraVirus is a rogue spyware application that poses as a legitimate anti-spyware program.[1] The application uses a false scanner to force computer users to pay for the removal of non-existent spyware items. It may also be known as ExpertAntivirus. [2][3]

Methods of Infection

ContraVirus may be downloaded as a trojan horse, along with possible other software. Typically, it may be installed by the SmitsFruad trojan.

Symptoms of infection

ContraVirus has been known to display fake messages stating that a user's computer is infected with spyware. It may also install the file wincom27.dll, located in C:\WINDOWS\ and ext32inc.dll located in C:\WINDOWS\system\, in order to persuade a user to purchase the software.[4] Traditionally, a user will see Contravirus running a "scan" of their computer at which time a user will be prompted to purchase the Contravirus software in order to remove the threat. It may also hijack the user's browser and install a toolbar.[5]

95, 98, Me, NT, XP, Server 2000, 2000, Server 2003, Vista, Server 2008, 7 and Server 2008 R2 are operating systems capable of becoming infected.

Removal

The removal of Contravirus is difficult and may require assistance from qualified IT Support Personnel. However, users have had success removing the program using the SmitFraudFix.zip program, as well as known programs such as Kaspersky Anti-Virus, Spybot Search & Destroy, and the Norton Family of Security products.

See also

References

  1. http://vil.nai.com/vil/content/v_122056.htm#threat-minimum-engine
  2. http://www.symantec.com/security_response/writeup.jsp?docid=2007-050111-3914-99&tabid=2
  3. http://www.ca.com/securityadvisor/pest/pest.aspx?id=453113271
  4. http://www.bleepingcomputer.com/forums/topic95405.html
  5. Vincentas (12 October 2012). "ContraVirus in SpyWareLoop.com". Spyware Loop. Retrieved 28 July 2013.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.