VirusHeat
VirusHeat is malware that disguises itself as a legitimate anti-virus program. VirusHeat tricks users into buying the full version of the program through repeated false alerts and popups, purporting to alert the user that there is a system error or they are infected, and must buy the full version to remove. It was launched on February 8, 2008.
| Common name | VirusHeat |
|---|---|
| Technical name | VirusHeat |
| Aliases | Virus Heat, VirusHeat 3.9, VirusHeat 4.3, VirusHeat 4.4 |
| Classification | Rogue security software |
| Type | Microsoft Windows |
| Point of origin | Russian Federation |
Infection
VirusHeat is usually downloaded through a trojan, usually the Zlob trojan, that is bundled in fake Video codecs. It may also be downloaded from the malware's website. Once installed, VirusHeat will run a scan and report exaggerated results that the user's computer is infected. When the scan is complete, a warning message will pop up linking to VirusHeat's homepage where the user is prompted to buy the software.
Symptoms
VirusHeat displays false warning messages (e.g. imitating that you had downloaded e.g. an XXX video) followed by a realistic Virus removal pop up which launches to their web-site whether you select "Yes" or "No" button: Then uses exaggerated scan reports to mislead the user. VirusHeat repeatedly annoys the user with pop up warnings that prompt the user to purchase a full version of the program. VirusHeat may attempt to change the user's IE homepage to go to VirusHeat's homepage. VirusHeat may automatically launch on startup.
VirusHeat installs the following: Processes
- VirusHeat 3.9
- VirusHeat 3.9.exe
DLLs
- eeioq.dll
- iinqyl.dll
- wuuawkz.dll
Directories
- C:\Program Files\VirusHeat
Registry Keys
- HKEY_CLASSES_ROOT\clsid\{5b55c4e3-c179-ba0b-b4fd-f2db862d6202}
Known variants
VirusHeat behaves similar to other known rogue security software. SpywareQuake, VirusBurst, AntiVirGear, VirusProtect, VirusProtectPro are variants of VirusHeat.
Removal
Various anti-spyware removal tools are known to remove VirusHeat. The latest definition file must be utilized in most anti-spyware programs to completely remove VirusHeat and any associated files.
See also
- Malware
- Spyware
- Adware
- Rogue security software
- Wikipedia's Spyware removal category
References
- Symantec.com - VirusHeat is a misleading application that may give exaggerated reports of threats on the computer
- research.sunbelt-software.com - VirusHeat is a rogue security program known for scaremongering, high-pressure advertising practices
- virusheat.com Web Safety Ratings from McAfee SiteAdvisor