VirusRescue
VirusRescue is a program that purports to remove spyware and malware from users' computers but is distributed by malware. VirusRescue as been observed to be distributed by Zlob variants that are fake codecs. The Zlob variants are generally downloaded
from websites with adult content, claiming that the codec is needed to view a video. When the user downloads and installs the fake codec, it initiates pop-ups stating the computer is infected with spyware to frighten the user into downloading the
software.0
General information:
| Malware Name: |
VirusRescue |
| Malware Type: |
Rogue Security Program |
| Company Name: |
VirusRescue Inc |
| Company URL: |
http://www.virusrescue.com/
|
| Threat Level: |
Elevated Risk |
| Operating System: |
WIN XP |
| Installation Type: |
Installed through EXE |
| Operation: |
Time of After Installation. |
Company Description:
VirusRescue Inc is known mostly for VirusRescue, its powerful mix of Anti-Malware, Anti-Virus, Anti-Trojan, Anti-Backdoor, Anti-Worm and Anti-PornoDial in one program. VirusRescue scans and removes trojans and other malware, which can be placed on
a computer without the owner's knowledge. VirusRescue is marketed exclusively over the internet and can be purchased for immediate download for $29.95. VirusRescue is powerful and easy-to-use Trojan horses, Viruses and all types of Malware removal
software, which detects and eliminates more than 100'000 Trojan Horses and Spywares.
Spyware Description:
VirusRescue is a program that purports to remove spyware and malware from users' computers but is distributed by malware. VirusRescue as been observed to be distributed by Zlob variants that are fake codecs. The Zlob variants are generally downloaded
from websites with adult content, claiming that the codec is needed to view a video. When the user downloads and installs the fake codec, it initiates pop-ups stating the computer is infected with spyware to frighten the user into downloading the
software.0
Characteristics/Symptoms:
-> False positives work as good to purchase -> False scan results -> Uses inadequate scan/detection scheme -> Bundled with other adware 0
Additional information might be found here:
Processes Running:
VirusRescue.exe
File information Created after Installation:
| File Location |
Size (Bytes) |
Type |
| C:\Program Files\VirusRescue\UnARJ.api |
43588 |
API File |
| C:\Program Files\VirusRescue\UnMSCAB.api |
65604 |
API File |
| C:\Program Files\VirusRescue\uninst.exe |
41145 |
Application |
Folder information Created after Installation:
| Folder Location |
| C:\Program Files\VirusRescue\Languages |
| C:\Program Files\VirusRescue\Logs |
Registry information Created after Installation:
| Main Registry Key |
Sub Registry Key |
Key Value Name |
| HKEY_LOCAL_MACHINE |
SYSTEMCurrentControlSetServicesvrsvcEnum |
Count |
| HKEY_LOCAL_MACHINE |
\SYSTEM\CurrentControlSet\Services\vrsvc\Enum |
NextInstance |
| HKEY_LOCAL_MACHINE |
\SYSTEM\CurrentControlSet\Services\vrsvc\Security |
Security |
