1. Symantec/
  2. Security Response/
  3. VirusIsolator

VirusIsolator

Updated:
April 16, 2008 10:59:27 AM
Type:
Misleading Application
Name:
VirusIsolator
Publisher:
VirusIsolator.com
Risk Impact:
Medium
Systems Affected:
Windows
Behavior
The program must be manually installed.

The program reports false or exaggerated system security threats on the computer.





The user is then prompted to pay for a full license of the application in order to remove the errors.





Installation
When the program is executed, it creates the following folders:
  • %ProgramFiles%\VirusIsolator\Infected
  • %ProgramFiles%\VirusIsolator\Suspicious


It also creates the following files:
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusIsolator.lnk
  • %UserProfile%\Desktop\VirusIsolator.lnk
  • %UserProfile%\Start Menu\Programs\VirusIsolator\Uninstall.lnk
  • %UserProfile%\Start Menu\Programs\VirusIsolator\VirusIsolator.lnk
  • %ProgramFiles%\VirusIsolator\uninstall.exe
  • %ProgramFiles%\VirusIsolator\VirusIsolator.exe
  • %ProgramFiles%\VirusIsolator\vscan.tsi
  • %ProgramFiles%\VirusIsolator\zlib.dll


Next, the program creates the following registry entries so that it executes whenever Windows starts:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"VirusIsolator.exe" = "43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 56 00 69 00 72 00 75 00 73 00 49 00 73 00 6F 00 6C 00 61 00 74 00 6F 00 72 00 5C 00 56 00 69 00 72 00 75 00 73 00 49 00 73 00 6F 00 6C 00 61 00 74 00 6F 00 72 00 2E 00 65 00 78 00 65 00 00 00 00 00 78 01 B0 00 0A 00 00 00 78 01 B0 00 78 01 B0 00 00 00 15 00 58 32 B0 00 00 00 00 00 00 32 B0 00 78 01 15 00 14 F6 12 00 91 0E 91 7C 08 06 15 00 6D 05 91 7C 08 C4 17 00 B4 E1 FD 7F 00 00 00 00 00 00 00 00 00 00 00 00 E8 C3 17 00 78 01 15 00 00 00 00 00 F0 C3 17 00 00 00 00 00 00 00 00 00 90 00 00 00 78 01 15 00 00 00 00 00 04 00 00 00 54 FA 12 00 E9 00 00 00 78 01 15 00 EE 00 00 00 45 00 00 00 B8 F5 12 00 00 00 00 00 B0 6F B0 00 C8 31 B0 00 84 F6 12 00 51 05 91 7C A8 07 B0 00 6D 05 91 7C 28 B4 48 00 D0 31 B0 00 28 B4 48 00 00 01 00 00 58 32 B0 00 02 00 00 00 05 00 00 00 18 F6 12 00 00 00 00 00 3D FB 90 7C A8 F6 12 00 34 00 00 C0 28 F6 12 00 6C FB 90 7C 71 FB 90 7C 34 00 00 C0 A8 F6 12 00 3D FB 90 7C 04 F6 12 00 58 32 B0 00 70 F6 12 00 18 EE 90 7C 78 FB 90 7C FF FF FF FF 71 FB 90 7C 18 6A DD 77 51 6A DD 77 08 45 47 00 01 00 00 80 58 00 00 00 18 00 00 00 58 00 00 00 A8 F6 12 00 40 00 00 00 00 00 00 00 00 00 00 00 2E 00 2E 00 08 45 47 00 C0 F6 12 00 02 00 00 00 34 F6 12 00 00 26 80 7C 0C FF 12 00 55 56 DF 77 58 6A DD 77 FF FF FF FF 51 6A DD 77 5E 6B DD 77 58 00 00 00 A8 F6 12 00 00 00 00 00 3F 00 0F 00 D8 F6 12 00 D1 B4 48 00 D6 B4 48 00 28 B4 48 00 2E 00 2E 00 08 45 47 00 00 00 00 00 18 FF 12 00 AD 21 41 00 01 00 00 80 08 45 47 00 00 00 00 00"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"VirusIsolator" = "C:\Program Files\VirusIsolator\VirusIsolator"


It also creates the following registry subkeys:
  • HKEY_CURRENT_USER\Software\VirusIsolator
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusIsolator
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube