ContraVirus

Last updated

ContraVirus is a rogue spyware application that poses as a legitimate anti-spyware program. [1] The application uses a false scanner to force computer users to pay for the removal of non-existent spyware items. It may also be known as ExpertAntivirus. [2] [3]

Contents

Methods of infection

ContraVirus may be downloaded as a trojan horse, along with possible other software. Typically, it may be installed by the SmitFraud trojan. [4]

Symptoms of infection

ContraVirus has been known to display fake messages stating that a user's computer is infected with spyware. It may also install the file wincom27.dll, located in C:\WINDOWS\ and ext32inc.dll located in C:\WINDOWS\system\, in order to persuade a user to purchase the software. [5] Traditionally, a user will see Contravirus running a "scan" of their computer, at which time a user will be prompted to purchase the Contravirus software in order to remove the threat. It may also hijack the user's browser and install a toolbar. [6]

95, 98, Me, NT, XP, Server 2000, 2000, Server 2003, Vista, Server 2008, 7 and Server 2008 R2 are operating systems capable of becoming infected.

Removal

The removal of Contravirus is difficult and may require assistance from qualified IT Support Personnel. However, users have had success removing the program using the SmitFraudFix.zip program, as well as known programs such as Kaspersky Anti-Virus, Spybot Search & Destroy, and the Norton Family of Security products.

See also

Related Research Articles

Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types.

Spyware is any software with malicious behavior that aims to gather information about a person or organization and send it to another entity in a way that harms the user by violating their privacy, endangering their device's security, or other means. This behavior may be present in malware and in legitimate software. Websites may engage in spyware behaviors like web tracking. Hardware devices may also be affected.

<span class="mw-page-title-main">Timeline of computer viruses and worms</span> Computer malware timeline

This timeline of computer viruses and worms presents a chronological timeline of noteworthy computer viruses, computer worms, Trojan horses, similar malware, related research and events.

Scareware is a form of malware which uses social engineering to cause shock, anxiety, or the perception of a threat in order to manipulate users into buying unwanted software. Scareware is part of a class of malicious software that includes rogue security software, ransomware and other scam software that tricks users into believing their computer is infected with a virus, then suggests that they download and pay for fake antivirus software to remove it. Usually the virus is fictional and the software is non-functional or malware itself. According to the Anti-Phishing Working Group, the number of scareware packages in circulation rose from 2,850 to 9,287 in the second half of 2008. In the first half of 2009, the APWG identified a 585% increase in scareware programs.

Norton AntiVirus is an anti-virus or anti-malware software product founded by Peter Norton, developed and distributed by Symantec since 1990 as part of its Norton family of computer security products. It uses signatures and heuristics to identify viruses. Other features included in it are e-mail spam filtering and phishing protection.

Mobile malware is malicious software that targets mobile phones or wireless-enabled Personal digital assistants (PDA), by causing the collapse of the system and loss or leakage of confidential information. As wireless phones and PDA networks have become more and more common and have grown in complexity, it has become increasingly difficult to ensure their safety and security against electronic attacks in the form of viruses or other malware.

Layered Service Provider (LSP) is a deprecated feature of the Microsoft Windows Winsock 2 Service Provider Interface (SPI). A Layered Service Provider is a DLL that uses Winsock APIs to attempt to insert itself into the TCP/IP protocol stack. Once in the stack, a Layered Service Provider can intercept and modify inbound and outbound Internet traffic. It allows processing of all the TCP/IP traffic taking place between the Internet and the applications that are accessing the Internet (such as a web browser, the email client, etc.). For example, it could be used by malware to redirect web browers to rogue websites, or to block access to sites like Windows Update. Alternatively, a computer security program could scan network traffic for viruses or other threats. The Winsock Service Provider Interface (SPI) API provides a mechanism for layering providers on top of each other. Winsock LSPs are available for a range of useful purposes, including parental controls and Web content filtering. The parental controls web filter in Windows Vista is an LSP. The layering order of all providers is kept in the Winsock Catalog.

A registry cleaner is a class of third-party utility software designed for the Microsoft Windows operating system, whose purpose is to remove redundant items from the Windows Registry.

<span class="mw-page-title-main">WinFixer</span> Rogue security software

WinFixer was a family of scareware rogue security programs developed by Winsoftware which claimed to repair computer system problems on Microsoft Windows computers if a user purchased the full version of the software. The software was mainly installed without the user's consent. McAfee claimed that "the primary function of the free version appears to be to alarm the user into paying for registration, at least partially based on false or erroneous detections." The program prompted the user to purchase a paid copy of the program.

The Vundo Trojan is either a Trojan horse or a computer worm that is known to cause popups and advertising for rogue antispyware programs, and sporadically other misbehavior including performance degradation and denial of service with some websites including Google and Facebook. It also is used to deliver other malware to its host computers. Later versions include rootkits and ransomware.

Trojan.Emcodec.E is a trojan horse that is mis-represented as an audio and video codec for Windows-based PCs. It exists in various variants with names such as Media Codec, Ecodec, Imediacodec, IntCodec, Pcodec, SVideocodec, Video iCodec, QualityCodec, Vcodec, Zip Codec, zCodec, ZCODEC and began to be widely used in spring 2005.

Rogue security software is a form of malicious software and internet fraud that misleads users into believing there is a virus on their computer and aims to convince them to pay for a fake malware removal tool that actually installs malware on their computer. It is a form of scareware that manipulates users through fear, and a form of ransomware. Rogue security software has been a serious security threat in desktop computing since 2008. An early example that gained infamy was SpySheriff and its clones, such as Nava Shield.

<span class="mw-page-title-main">SpySheriff</span> Spyware

SpySheriff is malware that disguises itself as anti-spyware software. It attempts to mislead the user with false security alerts, threatening them into buying the program. Like other rogue antiviruses, after producing a list of false threats, it prompts the user to pay to remove them. The software is particularly difficult to remove, since it nests its components in System Restore folders, and also blocks some system management tools. However, SpySheriff can be removed by an experienced user, antivirus software, or by using a rescue disk.

The Zlob Trojan, identified by some antiviruses as Trojan.Zlob, is a Trojan horse which masquerades as a required video codec in the form of ActiveX. It was first detected in late 2005, but only started gaining attention in mid-2006.

Ultimate Defender is a rogue antivirus program published by Nous-Tech Solutions Ltd. The program is considered malware due to its difficult uninstallation and deceptive operation. It is commonly installed by the Vundo trojan.

VirusHeat is malware that disguises itself as a legitimate anti-virus program. VirusHeat tricks users into buying the full version of the program through repeated false alerts and popups, purporting to alert the user that there is a system error or they are infected, and must buy the full version to remove. It was launched on February 8, 2008.

MS Antivirus is a scareware rogue anti-virus which purports to remove virus infections found on a computer running Microsoft Windows. It attempts to scam the user into purchasing a "full version" of the software. The company and the individuals behind Bakasoftware operated under other different 'company' names, including Innovagest2000, Innovative Marketing Ukraine, Pandora Software, LocusSoftware, etc.

<span class="mw-page-title-main">Internet Security Essentials</span> Fake antivirus malware

Internet Security Essentials, also InternetSecurityEssentials, is rogue security software pretending to protect the computer against malware and viruses. It is one of several clones belonging to the "FakeVimes" family of fake antivirus malware.

<span class="mw-page-title-main">Fakesysdef</span> Trojan targeting the Microsoft Windows operating system

Trojan:Win32/FakeSysdef, originally dispersed as an application called "HDD Defragmenter" hence the name "FakeSysdef" or "Fake System Defragmenter", is a Trojan targeting the Microsoft Windows operating system that was first documented in late 2010.

References

  1. "W32/Contra.worm". Archived from the original on 2009-09-01. Retrieved 2008-08-20.
  2. "Risk Detected".
  3. http://www.ca.com/securityadvisor/pest/pest.aspx?id=453113271 [ dead link ]
  4. "What is a Trojan Horse? Definition from WhatIs.com". Security. Retrieved 2023-12-11.
  5. "How to Remove Contravirus (Removal Instructions) - Spyware and Malware Removal Guides Archive".
  6. Vincentas (12 October 2012). "ContraVirus in SpyWareLoop.com". Spyware Loop. Retrieved 28 July 2013.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.