Tritax
Posted: February 14, 2014
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 1/10 |
|---|---|
| Infected PCs: | 40 |
| First Seen: | February 14, 2014 |
|---|---|
| Last Seen: | November 10, 2022 |
| OS(es) Affected: | Windows |
Tritax is a family of rogue anti-malware applications whose individual members are often referred to as 'NameChanger', based on the wide range of brand names that they may take. The Tritax family has been in distribution with several major branches developed from 2009 onwards and may be installed through attacks of corrupted advertisements, illegal websites and hacked-but-legitimate websites. Tritax's individual members often copy the appearances of legitimate anti-malware programs, and may attempt to make other attacks besides faking security features, such as blocking programs or redirecting your browser. Although blocking the installation of Tritax scamware always is safest for your PC, malware experts also would recommend the use of strenuous and in-depth anti-malware solutions when you find yourself needing to uninstall a Tritax product.
The Anti-Malware Scam that Uses Legitimate Sites to Get to You
Families like FakeRean, FakePAV and WinWebSec are noted for their frequent proliferation under different version names, but Tritax could very well be the chameleon's chameleon. With over two hundred separate names available for the members of three separate branches, most of which copy the looks of real anti-malware products, any casual PC user would be hard-pressed to tell Tritax from a real AV program. Individual members of Tritax's NameChanger.A, NameChanger.B and NameChanger.C have taken up such names as Windows Premium Shield, Windows Antivirus Release, Windows Proprietary Advisor, Windows Oversight Center, Windows Threats Destroyer, Windows Troubles Killer and Windows Safety Protection.
Tritax has achieved a certain level of attention for a recent campaign of website-hacking attacks, many of which have targeted traffic-heavy, popular sites like Dailymotion.com, Businessinsider.com or the Swedish tabloid, Aftonbladet.se. An advertising network for Skype also has been included in this recent list of victims forced to distribute Tritax. PC users who came into contact with these sites or advertisements found their browsers redirected to fake system warnings that were crafted to look like alerts from Microsoft Security Essentials. Installing the recommended security solution compromised their PCs, allowing the NameChanger variants of Tritax to begin their cons.
Tritax members use both pop-ups and fake system scans as parts of their hoaxes to imitate the superficial looks of legitimate anti-malware applications. Malware researchers also estimate that many victims may experience substantially restricted access to other programs, particularly security-oriented tools like the Task Manager or the Microsoft Security Essentials. Tritax programs recommend that you purchase a registered version of its software to disinfect your PC, but there are no advantages to this action, just as there are no real threat-detecting features from the 'free' Tritax products.
Stopping the Rapid Spread of Tritax Scams
Besides being linked to hundreds of fake AV brand names, Tritax is also tied to hundreds of different domains that seemingly were registered for the sole purpose of distributing its software. Besides all the normal browser-protecting features and behavior that malware experts would recommend, it's also notable that the Tritax campaign's recent attacks have focused on Internet Explorer users. In many circumstances, users of other browsers, such as Firefox or Opera, may be safe from redirects to Tritax.
Social engineering is both the key element of Tritax's strategies and its most visible means of distribution. PC users who habitually ignore 'security updates' that aren't confirmed to be from safe sources are at less risk than others of needing to deal with Tritax's NameChanger programs. However, the possibility of Tritax using non-consensual exploit kits that don't require your permission to infect your PC remains up in the air. As is true of any family of often-updated and sophisticated PC threats, disabling and removing Tritax is both recommended and necessary, but only with the help of updated anti-malware software.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.