Unvirex

Updated:
June 2, 2009 10:45:44 AM
Type:
Misleading Application
Infection Length:
13,029,376 bytes
Name:
Unvirex
Version:
1.0.0.1
Publisher:
www.univirex.com
Risk Impact:
Medium
Systems Affected:
Windows
Behavior
The program can be downloaded and manually installed.

The program reports false or exaggerated system security threats on the computer.





The user is then prompted to pay for a full license of the application in order to remove the threats.





Installation
When the program is executed, it creates the following files:
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\UnVirex.lnk
  • %UserProfile%\Local Settings\Temp\[RANDOM CHARACTERS]\ext.dll
  • %UserProfile%\Local Settings\Temp\[RANDOM CHARACTERS]\System.dll
  • C:\Documents and Settings\All Users\Desktop\UnVirex.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\UnVirex\How to Register UnVirex.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\UnVirex\Register UnVirex.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\UnVirex\Uninstall.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\UnVirex\UnVirex.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\UnVirex.lnk
  • %ProgramFiles%\UnVirex\daily.cvd
  • %ProgramFiles%\UnVirex\Drvfltip.sys
  • %ProgramFiles%\UnVirex\hjengine.dll
  • %ProgramFiles%\UnVirex\IEAddon.dll
  • %ProgramFiles%\UnVirex\main.cvd
  • %ProgramFiles%\UnVirex\MFC71.dll
  • %ProgramFiles%\UnVirex\MFC71ENU.DLL
  • %ProgramFiles%\UnVirex\msvcp71.dll
  • %ProgramFiles%\UnVirex\msvcr71.dll
  • %ProgramFiles%\UnVirex\pthreadVC2.dll
  • %ProgramFiles%\UnVirex\siglsp.dll
  • %ProgramFiles%\UnVirex\uninstall.exe
  • %ProgramFiles%\UnVirex\UnVirex.exe


Next, the program creates the following registry entry so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"UnVirex" = "C:\Program Files\UnVirex\UnVirex.exe"

It then creates the following registry entries, which modify the LSP stack:
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\00000001\"PackedCatalogItem" = "%ProgramFiles%\UnVirex\siglsp.dll"
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000013\"PackedCatalogItem" = "%ProgramFiles%\UnVirex\siglsp.dll"


The program also creates the following registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\"UnVirex" = "UnVirex"

It also creates the following registry subkeys:
  • HKEY_CLASSES_ROOT\AppID\IEAddon.DLL
  • HKEY_CLASSES_ROOT\AppID\{C0E56AC2-9F72-436E-B6E7-AEC28AF9E4EB}
  • HKEY_CLASSES_ROOT\CLSID\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}
  • HKEY_CLASSES_ROOT\IEAddon.StatusBarPane.1 HKEY_CLASSES_ROOT\IEAddon.StatusBarPane
  • HKEY_CLASSES_ROOT\Interface\{5B184B9D-B7BD-4FEA-8D1F-5E27182206A5}
  • HKEY_CLASSES_ROOT\TypeLib\{3ED0E410-5C8E-47B6-A75D-D10B886E903C}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UnVirex
  • HKEY_LOCAL_MACHINE\SOFTWARE\UnVirex
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DrvFltIp
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube