- Nov 25, 2015
- 23
Malwarebytes has issued a detailed report explaining the various tricks Vonteera adware uses to compromise your PC -- and it makes for uncomfortable reading.
Some of Vonteera’s strategies are basic. The adware installs an IE Browser Helper Object, for instance, which you can view and modify from Tools > Manage Add-Ons.
Others are more involved, like modifying desktop and Start Menu shortcuts for all your browsers to launch them with a custom site (c:\path\to\firefox.exe http:www.scam.com).
Malwarebytes detailed report : Vonteera Adware Uses Certificates to Disable Anti-Malware
Some of Vonteera’s strategies are basic. The adware installs an IE Browser Helper Object, for instance, which you can view and modify from Tools > Manage Add-Ons.
Others are more involved, like modifying desktop and Start Menu shortcuts for all your browsers to launch them with a custom site (c:\path\to\firefox.exe http:www.scam.com).
Vonteera’s installer then enables a Chrome setting called Policies\Chromium\ExtensionInstallForcelist, which apparently:
In other words, the adware gets to add its own code to Chrome, without you noticing, and even if you do it’s hard to do anything about it.
But the killer blow here is that the adware drops 13 certificates into "Untrusted Certificates", covering a host of antimalware companies: AVAST, AVG, Avira, Bitdefender, Malwarebytes and more.
Windows then prevents you running anything signed by one of those certificates.
Even if you realize what’s happened, launch Certificate Manager (certmgr.msc), go to Untrusted Certificates > Certificates and delete the certificates, it won’t help for long, because the adware puts them back.
Malwarebytes detailed report : Vonteera Adware Uses Certificates to Disable Anti-Malware