Updated: January 31, 2008 9:20:23 AM
Type: Misleading Application
Infection Length: 3,727,138 bytes
Name: MalwarePro
Version: 7.0.6.1
Risk Impact: Medium
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000
This program is usually downloaded while surfing or downloading files from a malicious Web site. It can also arrive bundled with other Adware or Spyware applications.
BehaviorThe program must be manually installed.
The program shows the following Graphical User Interface (GUI) and prompts the user to perform a system scan:
The program then reports false or exaggerated system security threats on the computer.
The user is then prompted to pay for a full license of the application in order to remove the errors.
InstallationWhen the program is executed, it creates the following files:
%UserProfile%\Desktop\MalwarePro.lnk
%UserProfile%\Start Menu\Programs\MalwarePro\MalwarePro.lnk
%UserProfile%\Start Menu\Programs\MalwarePro\Uninstall MalwarePro.lnk
%ProgramFiles%\MalwarePro\MalwarePro.exe
%ProgramFiles%\MalwarePro\Uninstall\IRIMG1.JPG
%ProgramFiles%\MalwarePro\Uninstall\IRIMG2.JPG
%ProgramFiles%\MalwarePro\Uninstall\IRIMG3.JPG
%ProgramFiles%\MalwarePro\Uninstall\uninstall.dat
%ProgramFiles%\MalwarePro\Uninstall\uninstall.xml
%Windìr%\MalwarePro\uninstall.exe
%Windìr%\MalwarePro Setup Log.txt
It then creates the following registry subkeys:
HKEY_CURRENT_USER\Software\MPMFC1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MalwarePro5.2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\MalwarePro
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\MalwarePro
It also creates the following registry subkey so that it executes whenever Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MalwareProMFC
Technorati
Digg
Delicious
Reddit
StumbleUpon
Facebook
Yahoo
Twitter
Faves
Newsvine
