Thursday, June 28, 2007

VirusHeal

VirusHeal is the newest rogue program. Some say it's SpyHeal with a new name. Sunbelt reports it comes along with DVDacess, a fake codec that different web sites will trick you into installing. The whole thing is a scam. They trick you into installing the codec so you will get infected. Then they try to sell you the cure, this time called VirusHeal.

You should be able to remove this pest by using Smitfraudfix. Being new, you may have to manually uninstall Virusheal, but the zlob trojan that is making the pop ups and fake warnings should be removed.

Websites to avoid and to add to block lists:

Virusheal.com
inc-codec.com


Some of the files and registry entries that are added by VirusHeal:

%ProgramFiles%\VirusHeal 3.7\VirusHeal 3.7.exe
%ProgramFiles%\VirusHeal 3.7\msvcp71.dll
%ProgramFiles%\VirusHeal 3.7\msvcr71.dll
%ProgramFiles%\VirusHeal 3.7\antispy.vh
%UserProfile%\Start Menu\Programs\VirusHeal 3.7\VirusHeal 3.7.lnk
%UserProfile%\Start Menu\Programs\VirusHeal 3.7\VirusHeal 3.7 Website.lnk
%UserProfile%\Start Menu\Programs\VirusHeal 3.7\Uninstall VirusHeal 3.7.lnk



HKEY_CLASSES_ROOT\CLSID\{FA222968-C5BA-FA9F-6458-C63131328081}
HKEY_CLASSES_ROOT\Interface\{18F5E902-679B-4B12-BF13-BC16D02F7D80}
HKEY_CLASSES_ROOT\Interface\{1AEAAA6B-4EF6-488E-82F8-36E766F29220}
HKEY_CLASSES_ROOT\Interface\{39B58318-66E6-48D7-AB96-0208DA05FCEB}
HKEY_CLASSES_ROOT\Interface\{4E213C44-13CB-4E9F-8CBF-4C1A9EB9C2C9}
HKEY_CLASSES_ROOT\Interface\{518A840C-6647-4832-AB7D-CE4B314A1027}
HKEY_CLASSES_ROOT\Interface\{624F9366-D33B-492A-A3B7-217C14255A42}
HKEY_CLASSES_ROOT\Interface\{6AC53946-8646-42E6-B470-AD77648364C2}
HKEY_CLASSES_ROOT\Interface\{7867D50C-8459-4B0A-84B3-4F2D469A6C95}
HKEY_CLASSES_ROOT\Interface\{7BD05E7F-D2F0-42EA-B886-1A627968F9B0}
HKEY_CLASSES_ROOT\Interface\{899AE9A8-5BDD-4B68-A662-FCCDB4F9D91B}
HKEY_CLASSES_ROOT\Interface\{8B32593C-EBD5-4082-9059-708C19E153F3}
HKEY_CLASSES_ROOT\Interface\{A6FF06A4-5DC7-42D6-8960-141E676B1B8A}
HKEY_CLASSES_ROOT\Interface\{AF3E3CCE-C353-4D29-B30D-3F0E1A7C8E5B}
HKEY_CLASSES_ROOT\Interface\{C3FC451D-2851-4F5D-80D9-B15858E7B468}
HKEY_CLASSES_ROOT\Interface\{C4132813-FCCA-4F83-AF12-DC6D36F3FAB8}
HKEY_CLASSES_ROOT\Interface\{E3842CE8-9D0F-4809-A0D7-BF013946BB24}
HKEY_CLASSES_ROOT\TypeLib\{1963F207-DC66-4D6C-9A3C-B4DE1DEC24E4}

0 comments:

Sitemeter