In addition to preventing the virus definition update, the Trojan redirects the user to fake banking websites.
A new malware created in Brazil is trying to prevent the Internet browsers from accessing the websites of various Anti-Virus companies and redirects the Internet users to fake banking websites, even when typing the correct address. In addition to that, the code was written to prevent the Antivirus software to download updates.
Fabio Assolini, analyst at Kaspersky Lab explains that the virus uses a technique called Man in the Browser (MitB). This type of infection works by changing/modifying the key “AutoConfigURL” in the Windows registry, making the browser to use the URL as a proxy (intermediate) in its web connection.
If the infected user attempts to access a Web site to download some antivirus software or its updates, then he’ll see the following message: “Service Temporarily Unavailable, try again later …”.
The viral code provides a list of servers used by Anti-Virus companies to distribute their virus definition updates to users. The intention is clear: stop trying to download antivirus updates and remain un-detected,” explains the analyst.
The malware changes the settings of Firefox and registers itself at windows startup. It also updates the malicious proxies in the system incase it is removed by the hosting services. “Thus, the criminal tries to ensure that the victim remain infected as long as possible.”
Easy to use FREE curing utility to clean your computer infected with viruses and various unwanted codes by the Dr.Web Anti-virus updated once or several times an hour. Dr.Web CureIt! is a FREE anti-virus and anti-spyware utility based on Dr.Web Anti-virus scanner, which will help you quickly scan and cure, if necessary, a computer operated by MS Windows 95OSR2/ 98/ Me/ NT 4.0/ 2000/ XP/ 2003/ Vista/ 2008/ Windows 7 without installation of the Dr.Web Anti-virus.
The utility contains the most up-to-date add-ons to the Dr.Web virus databases going up to twice per hour frequency at periods of high malware submissions. Dr.Web CureIt! detects and neutralizes viruses, rootkits, Trojan horses, spyware, and other malicious objects that have gone undetected by your anti-virus software. Dr.Web CureIt! does not require installation and is compatible with all known anti-virus software. You do not need to disable your anti-virus software to check your system with Dr.Web CureIt!
Detects and removes: * Rootkits * Mass-mailing worms * E-mail viruses * Peer-to-peer viruses * Internet worms * File viruses * Trojans * Stealth viruses* Polymorphic viruses * Bodiless viruses * Macro viruses * MS Office viruses * Script viruses * Spyware * Spybots * Password stealers * Keyloggers* Paid Dialers * Adware * Riskware* Hacktools * Backdoors * Joke programs * Malicious scripts
Dr.Web CureIt! automatically detects the language of the OS it is installed to and sets the scanner interface accordingly (if the local language is not supported, English is enabled). The utility supports the following 34 languages: Russian, Arabic, Armenian, Belarusian, Bulgarian, Chinese (Simpl.), Chinese (Trad.), Czech, Dutch, English, Esperanto, Estonian, Finnish, French, Georgian, German, Greek, Hungarian, Italian, Japanese, Korean, Latvian, Lithuanian, Norwegian, Persian (Farsi), Polish, Portuguese, Slovak, Slovenian, Spanish, Thai, Turkish, Ukrainian, Vietnamese.
This utility can quickly clean an infected system, but it is not a permanent tool to cure your computer in case of infection. Its distribution on our web-site is always armed with the hottest add-ons to the Dr.Web virus database, but it does not include the Dr.Web Automatic Updating utility. Dr.Web CureIt! stays actual until the next release of the add-on. To scan your computer with the most up-to-date Dr.Web virus databases next time you should download new Dr.Web CureIt! package.
Download:- (Direct Download From Dr. Web Server)