Monday, 20 September 2010

Remove fake Avast!, NOD32, DivX7, Emule, uTorrent installers (Uninstall Guide)

Another day, another threat lurking on the Internet. This time we've found several malicious software installers. The malware masquerades as an installer for a program, i.e. Avast! Antivirus, NOD32 Antivirus, Emule, DivX7, Windows Media Player 11, Limware, Format factory and some other well known software.



The rogue installer prompts user to to send SMS messages to a premium number and obtain a code to complete the program installation. It's not as aggressive as ransomware, but it's still a threat. Besides, the fake installer drops malicious files upon execution:
  • C:\Windows\System32\svchost64.exe
  • C:\Windows\System32\updtr.exe
Detection:
Trojan:MSIL/Fakeinstaller.A [Microsoft]
Trojan-Ransom.MSIL.FakeInstaller.a [Kaspersky]
Win32/RansomFakeInstaller.A [CA]
Trojan-Ransom.MSIL [Ikarus]
FakeInstaller [Sunbelt Software]
Win32/Agent.QNG [ESET]

These fake installers were made for users residing in western and central European countries, mainly Spain, France, Germany, Switzerland, The Netherlands and Belgium. Secretly installed files are Trojans that may download additional malware onto your computer. Here's a list of malicious websites that distribute these fake installers:
  • antivirus-avast2009.com
  • antivirus-nod32-gratuit.com
  • div-x-gratis.com
  • divx-9-gratuit.com
  • emule09-download.com
  • limewire-gratuit.com
  • lw-download.com
  • media-player12.com
  • ut-download.com
  • utorrent-gratuit.com

If you suspect that your computer is infected please download free anti-malware software from the list below and run a full system scan.
NOTE: before saving the selected program onto your computer, please rename the installer to iexplore.exe or winlogon.exe. With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.


Fake installers display the following messages:


















Share the knowledge:

No comments:

Post a Comment