- ContraVirus
-
ContraVirus is a Rogue Spyware application that poses as a legitimate anti-spyware program.[1] The application uses a false scanner to force computer users to pay for the removal of non-existent spyware items. It may also be known as ExpertAntivirus. [2][3]
Contents
Methods of Infection
ContraVirus may be downloaded as a Trojan horse, along with possible other software. Typically, it may be installed by the SmitFraud trojan.[4]
Symptoms of infection
ContraVirus has been known to display fake messages stating that a user's computer is infected with spyware. It may also install the file wincom27.dll, located in C:\WINDOWS\ and ext32inc.dll located in C:\WINDOWS\system\, in order to persuade a user to purchase the software.[5] Traditionally, a user will see Contravirus running a "scan" of their computer at which time a user will be prompted to purchase the Contravirus software in order to remove the threat. It may also hijack the user's browser and install a toolbar.
95, 98, Me, NT, XP, Server 2000, 2000, Server 2003, Vista, Server 2008, 7 and Server 2008 R2 are operating systems capable of becoming infected.
Removal
The removal of Contravirus is difficult and may require assistance from qualified IT Support Personnel. However, users have had success removing the program using the SmitFraudFix.zip program, as well as well known programs Kaspersky Anti-Virus, Spybot Search & Destroy, and the Norton Family of Security products.
See also
References
- ^ http://vil.nai.com/vil/content/v_122056.htm#threat-minimum-engine
- ^ http://www.symantec.com/security_response/writeup.jsp?docid=2007-050111-3914-99&tabid=2
- ^ http://www.ca.com/securityadvisor/pest/pest.aspx?id=453113271
- ^ http://answers.yahoo.com/question/index?qid=20070612151517AAcGLlh
- ^ http://www.bleepingcomputer.com/forums/topic95405.html
External links
Categories: Spyware | Rogue software | Computer network security | Internet advertising and promotion
Wikimedia Foundation. 2010.