VirusHeat
| Common name | VirusHeat |
|---|---|
| Technical name | VirusHeat |
| Aliases | Virus Heat, VirusHeat 3.9, VirusHeat 4.3, VirusHeat 4.4 |
| Classification | Rogue security software |
| Type | Microsoft Windows |
| Point of origin | Russian Federation |
VirusHeat is malware that disguises itself as a legitimate anti-virus program. VirusHeat tricks users into buying the full version of the program through repeated false alerts and popups, purporting to alert the user that there is a system error or they are infected, and must buy the full version to remove. It was launched on February 8, 2008.
Infection[edit]
VirusHeat is usually downloaded through a trojan, usually the Zlob trojan, that is bundled in fake Video codecs. It may also be downloaded from the malware's website. Once installed, VirusHeat will run a scan and report exaggerated results that the user's computer is infected. When the scan is complete, a warning message will pop up linking to VirusHeat's homepage where the user is prompted to buy the software.
Symptoms[edit]
VirusHeat displays false warning messages (e.g. imitating that you had downloaded e.g. an XXX video) followed by a realistic Virus removal pop up which launches to their web-site whether you select "Yes" or "No" button: Then uses exaggerated scan reports to mislead the user. VirusHeat repeatedly annoys the user with pop up warnings that prompt the user to purchase a full version of the program. VirusHeat may attempt to change the user's IE homepage to go to VirusHeat's homepage. VirusHeat may automatically launch on startup.
VirusHeat installs the following: Processes
- VirusHeat 3.9
- VirusHeat 3.9.exe
DLLs
- eeioq.dll
- iinqyl.dll
- wuuawkz.dll
Directories
- C:\Program Files\VirusHeat
Registry Keys
- HKEY_CLASSES_ROOT\clsid\{5b55c4e3-c179-ba0b-b4fd-f2db862d6202}
Known variants[edit]
VirusHeat behaves similar to other known rogue security software. SpywareQuake, VirusBurst, AntiVirGear, VirusProtect, VirusProtectPro are variants of VirusHeat.
Removal[edit]
![[icon]](/File:Wiki_letter_w_cropped.svg){kind=small} | This section needs expansion. You can help by adding to it. (March 2008) |
Various anti-spyware removal tools are known to remove VirusHeat. The latest definition file must be utilized in most anti-spyware programs to completely remove VirusHeat and any associated files.
See also[edit]
References[edit]
- Symantec.com - VirusHeat is a misleading application that may give exaggerated reports of threats on the computer
- research.sunbelt-software.com - VirusHeat is a rogue security program known for scaremongering, high-pressure advertising practices
- virusheat.com Web Safety Ratings from McAfee SiteAdvisor
External links[edit]
This article "VirusHeat" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:VirusHeat. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.
