Malwarebytes exposes adware that disables antivirus

Ben10

Level 1
Thread author
Verified
Nov 25, 2015
23
Malwarebytes has issued a detailed report explaining the various tricks Vonteera adware uses to compromise your PC -- and it makes for uncomfortable reading.

Some of Vonteera’s strategies are basic. The adware installs an IE Browser Helper Object, for instance, which you can view and modify from Tools > Manage Add-Ons.

Others are more involved, like modifying desktop and Start Menu shortcuts for all your browsers to launch them with a custom site (c:\path\to\firefox.exe http:www.scam.com).

Vonteera’s installer then enables a Chrome setting called Policies\Chromium\ExtensionInstallForcelist, which apparently:

In other words, the adware gets to add its own code to Chrome, without you noticing, and even if you do it’s hard to do anything about it.

But the killer blow here is that the adware drops 13 certificates into "Untrusted Certificates", covering a host of antimalware companies: AVAST, AVG, Avira, Bitdefender, Malwarebytes and more.

Windows then prevents you running anything signed by one of those certificates.

Even if you realize what’s happened, launch Certificate Manager (certmgr.msc), go to Untrusted Certificates > Certificates and delete the certificates, it won’t help for long, because the adware puts them back.

Malwarebytes detailed report : Vonteera Adware Uses Certificates to Disable Anti-Malware
 

SloppyMcFloppy

Level 13
Verified
Sep 12, 2015
617
Not really surprise that "adware" have trojan behavior. But interesting article to read, and the question is how do you prevent it? Well, the obvious answer is have up-to-date all applications and Windows updates, and antivirus.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top