Tuesday, June 2, 2009

UnVirex Rogue

UnVirex is a new fake malware cleaner (rogue).



HijackThis symptoms:
O2 - BHO: StatusBarPane - {CCB5551D-8594-4999-85F9-1E3EABCB95AC} - C:\Program Files\UnVirex\IEAddon.dll
O4 - HKLM\..\Run: [UnVirex] C:\Program Files\UnVirex\UnVirex.exe
O10 - Unknown file in Winsock LSP: c:\program files\unvirex\siglsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\unvirex\siglsp.dll

Notice the LSP Hijack. Removing siglsp.dll file without restoring the LSP chain will break Internet connexion.

unvirex.com (195.2.253.43)
Registrant: andy (zaxarsoftware@gmail.com)

Thanks to Malware Database