Virusheat
Encyclopedia
VirusHeat is a rogue
anti-spyware
program that is part of the Smitfraud
family. VirusHeat tricks users into buying the full version of the program through repeated false alerts and popups, purporting to alert the user that there is a system error or they are infected, and must buy the full version to remove. It was launched on February 8, 2008.
, usually the Zlob trojan
, that is bundled in fake Video codec
s. It may also be downloaded from the malware's website. Once installed, VirusHeat will run a scan and report exaggerated results that the user's computer is infected. When the scan is complete, a warning message will pop up linking to VirusHeat's homepage where the user is prompted to buy the software.
VirusHeat installs the following:
Processes
DLLs
Directories
Registry Keys
, VirusBurst, AntiVirGear, VirusProtect, VirusProtectPro
are variants of VirusHeat.
Rogue software
Rogue security software is a form of computer malware that deceives or misleads users into paying for the fake or simulated removal of malware, or that installs other malware...
anti-spyware
Spyware
Spyware is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's...
program that is part of the Smitfraud
SmitFraud
SmitFraud or W32/SmitFraud.A is a type of spyware that installs itself into a computer via adware, without the user's knowledge. Most of the time, it installs itself after a computer user installs a spurious codec, such as BrainCodec, PCodec or VideoKeyCodec...
family. VirusHeat tricks users into buying the full version of the program through repeated false alerts and popups, purporting to alert the user that there is a system error or they are infected, and must buy the full version to remove. It was launched on February 8, 2008.
Infection
VirusHeat is usually downloaded through a trojanTrojan horse (computing)
A Trojan horse, or Trojan, is software that appears to perform a desirable function for the user prior to run or install, but steals information or harms the system. The term is derived from the Trojan Horse story in Greek mythology.-Malware:A destructive program that masquerades as a benign...
, usually the Zlob trojan
Zlob trojan
The Zlob Trojan, identified by some antiviruses as Trojan.Zlob, is a trojan horse which masquerades as a needed video codec in the form of ActiveX...
, that is bundled in fake Video codec
Video codec
A video codec is a device or software that enables video compression and/or decompression for digital video. The compression usually employs lossy data compression. Historically, video was stored as an analog signal on magnetic tape...
s. It may also be downloaded from the malware's website. Once installed, VirusHeat will run a scan and report exaggerated results that the user's computer is infected. When the scan is complete, a warning message will pop up linking to VirusHeat's homepage where the user is prompted to buy the software.
Symptoms
VirusHeat displays false warning messages (e.g. intimating that you had downloaded e.g. an XXX video) followed by a realistic Virus removal pop up which launches to their web-site whether you select "Yes" or "No" button: Then uses exaggerated scan reports to mislead the user. VirusHeat repeatedly annoys the user with pop up warnings that prompt the user to purchase a full version of the program. VirusHeat may attempt to change the user's IE homepage to go to VirusHeat's homepage. VirusHeat may automatically launch on startup.VirusHeat installs the following:
Processes
- VirusHeat 3.9
- VirusHeat 3.9.exe
DLLs
- eeioq.dll
- iinqyl.dll
- wuuawkz.dll
Directories
- C:\Program Files\VirusHeat
Registry Keys
- HKEY_CLASSES_ROOT\clsid\{5b55c4e3-c179-ba0b-b4fd-f2db862d6202}
Known variants
VirusHeat behaves similar to other known rogue security software. SpywareQuakeSpywareQuake
SpywareQuake is a fake anti-malware program for Microsoft Windows. It is commonly installed by Trojan Horse programs, but can be manually installed.-Latest Update:...
, VirusBurst, AntiVirGear, VirusProtect, VirusProtectPro
VirusProtectPro
VirusProtectPro is a rogue malware program that claims to be a commercial anti-spyware, when in fact it is, itself, adware-advertised. The software installs itself, without consent, on the user's computers and registry...
are variants of VirusHeat.
Removal
Various anti-spyware removal tools are known to remove VirusHeat. The latest definition file must be utilized in most anti-spyware programs to completely remove VirusHeat and any associated files.See also
- MalwareMalwareMalware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
- SpywareSpywareSpyware is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's...
- AdwareAdwareAdware, or advertising-supported software, is any software package which automatically plays, displays, or downloads advertisements to a computer. These advertisements can be in the form of a pop-up. They may also be in the user interface of the software or on a screen presented to the user during...
- Rogue Security Software
- Wikipedia's Spyware removal category