Home Malware Programs Rogue Anti-Spyware Programs VirusSecurity

VirusSecurity

Posted: November 28, 2011

Threat Metric

Ranking: 16,738
Threat Level: 8/10
Infected PCs: 663
First Seen: November 28, 2011
Last Seen: September 2, 2023
OS(es) Affected: Windows

VirusSecurity Screenshot 1VirusSecurity is a rogue anti-virus scanner that imitates the alerts of a normal AV product, to present fake information about infections on your PC. This scheme is purely to waylay you into spending money on the full version of VirusSecurity, which claims that VirusSecurity can remove any high-level infections, such as rootkits or Trojans, that might be plaguing your computer. Despite its marketing, SpywareRemove.com malware researchers have found a complete absence of real anti-virus features in VirusSecurity, which should be treated as just as malicious as other forms of rogue security software. If your PC displays any symptoms of the presence of VirusSecurity, you should immediately remove VirusSecurity from your computer with a full system scan from a respectable anti-malware product.

VirusSecurity: A Pretense of Security Wrapped Around an Actual Danger to Your PC

VirusSecurity may look like a competent anti-virus program, but its competence is all on the exterior – even a quick glance at its interior will show that VirusSecurity can neither find nor remove viruses. However, as a rogue AV program from Korea, most of VirusSecurity's interface isn't in English, and non-Korean speakers may be unable to decipher VirusSecurity's warning messages and other pop-ups in the first place. Other forms of rogue security programs from the FakeVimes family that bear a strong resemblance to VirusSecurity include

Besides its fake warning pop-ups, VirusSecurity may also utilize attacks such as:

  • Launching itself automatically when Windows starts.
  • Pretending to scan your PC and always returning a list of infection-riddled results.
  • Redirecting your web browser to a VirusSecurity website or away from PC security websites.
  • Blocking your security software, including anti-virus, anti-malware and anti-spyware programs.

The purpose of all of these attacks is to make you so desperate that you pay money to VirusSecurity to stop these attacks, but this isn't recommended, since it both wastes your finances and gives your financial information away to the criminals behind VirusSecurity's scam.

What You Can Do About VirusSecurity and Its Poor Showing of Anti-Virus Features

Most VirusSecurity infections are caused by web-surfers who are inadvertently exposed to unsafe websites that use malicious scripts to install VirusSecurity and other forms of rogue anti-virus applications. As long as you keep Java and Flash up-to-date, use strong security settings for your browser and keep an activate anti-malware program, your chances of being infected by VirusSecurity should be low.

However, SpywareRemove.com malware researchers don't recommend removing VirusSecurity by yourself, if your PC does become infected. Because VirusSecurity has been known to alter the Windows Registry and similarly-baseline Windows components, improper deletion of VirusSecurity could damage your operating system. Instead, allow an anti-malware product to handle VirusSecurity's removal and be prepared to use Safe Mode, if necessary, to shut VirusSecurity down beforehand.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%ProgramFiles%\VirusSecurity File name: %ProgramFiles%\VirusSecurity
Group: Malware file
%StartMenu%\VirusSecurity File name: %StartMenu%\VirusSecurity
Group: Malware file
C:\Program Files\VirusSecurity\VirusSecurityLaunch.exe File name: C:\Program Files\VirusSecurity\VirusSecurityLaunch.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\VirusSecurityHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusSecurityUp.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusSecurityHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Related Posts

Loading...