MacroVirus On-call

Posted: August 2, 2011

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	19

First Seen:	May 13, 2010
Last Seen:	January 10, 2019
OS(es) Affected:	Windows

Although the availability of independent anti-virus programs has been growing of late, so has the availability of fake anti-virus applications like MacroVirus On-call. In spite of looking and acting like a real anti-virus scanner, MacroVirus On-call can't detect or remove viruses from your PC; however, SpywareRemove.com malware analysts have found that MacroVirus On-call makes up for this deficit, by creating fake system scan results and warning messages that try to delude you about what types of infections are on your computer. Don't take MacroVirus On-call at its word and don't spend money on its nonexistent security features; instead, delete MacroVirus On-call by using a good security program to scan your PC for all MacroVirus On-call components.

Putting Blockades Between MacroVirus On-call and Your PC

Protecting your computer from MacroVirus On-call entails guarding against the typical Trojan-based distribution methods that many other rogue security programs, such as Microsoft Security Center 2011 and Alfa Defender Pro also use. Trojans like Zlob and Fake Microsoft Security Essentials Alert usually install these rogue security programs as part of a fake online scan, but MacroVirus On-call can also be installed without interaction via drive-by-download script exploits.

Use the following methods to defend yourself against any possible MacroVirus On-call attack:

Avoid contact with the macrovirus.com website, which SpywareRemove.com malware researchers have found to be directly linked to MacroVirus On-call. Any similar website that's linked to the MacroVirus.com company should also be considered dangerous. If you accidentally visit one of these websites, immediately scan your computer with anti-virus program, since some malicious script exploits don't need your interaction or consent to install MacroVirus On-call and other PC threats.
Be cautious about enabling Flash or JavaScript for websites that you don't trust. Malicious websites and even advertisements can automatically install MacroVirus On-call and similar rogue security programs by exploiting vulnerabilities in Flash or Java.
Avoid installing anti-virus program from websites with poor security until you've found independent sources that verify the program's safety. Many rogue security programs, including MacroVirus On-call, will flood websites with phony reviews and other misleading forms of marketing information. SpywareRemove.com malware analysts have also seen MacroVirus On-call on cnet.com, in addition to its own macrovirus.com website.

Behind MacroVirus On-call's Snazzy Interface Lies Fake Info and False Security

MacroVirus On-call uses multiple ways to trick you into spending money on its valueless virus protection features, which are nothing more than tidbits fake data dolled up to look like the real thing. Although MacroVirus On-call looks like a real anti-virus scanner, trying to scan your PC with MacroVirus On-call will create farcical results that are boiling over with supposed infections. If you try to verify the existence of these infections with other anti-virus scanners, you'll notice that MacroVirus On-call is inaccurate on every single count.

MacroVirus On-call will also display warning messages at random moments that alert you to more nonexistent virus, worm, Trojan or spyware infections. Since the only reason MacroVirus On-call is creating these fake errors is to force you to buy MacroVirus On-call to make them stop, you shouldn't fall for this scam or give the MacroVirus On-call website your credit card information. If you've purchased MacroVirus On-call by mistake, canceling your credit card is the only way to insure that other fake charges aren't added on in the future.

Even though MacroVirus On-call's file structure mimics the structure of a normal program, trying to uninstall MacroVirus On-call in a normal way will not work and may even damage your PC. The use of Safe Mode and a high-quality AV program can help you delete MacroVirus On-call conveniently and safely.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

MacroVirus.exe

File name: MacroVirus.exe
Size: 11.97 MB (11973872 bytes)
MD5: 9ebe6955c2cf6c783864ea42b4728956
Detection count: 62
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: June 15, 2010

Launcher.exe

File name: Launcher.exe
Size: 529.64 KB (529648 bytes)
MD5: b10e17557a69f61f3915570ff652e374
Detection count: 61
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: June 15, 2010

macrovirus[1].exe

File name: macrovirus[1].exe
Size: 3.81 MB (3817984 bytes)
MD5: 5caa655182e2d5a53da23e846459e4a6
Detection count: 60
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: August 17, 2022

C:\Program Files\MacroVirus

File name: C:\Program Files\MacroVirus
Group: Malware file

C:\Documents and Settings\<username>\Start Menu\Programs\MacroVirus

File name: C:\Documents and Settings\<username>\Start Menu\Programs\MacroVirus
Group: Malware file

C:\Documents and Settings\<username>\Application Data\MacroVirus

File name: C:\Documents and Settings\<username>\Application Data\MacroVirus
Group: Malware file

C:\Documents and Settings\<username>\Application Data\MacroVirus\Settings

File name: C:\Documents and Settings\<username>\Application Data\MacroVirus\Settings
Group: Malware file

C:\Documents and Settings\<username>\Application Data\MacroVirus\Log

File name: C:\Documents and Settings\<username>\Application Data\MacroVirus\Log
Group: Malware file

C:\Documents and Settings\<username>\Application Data\MacroVirus\Quarantine

File name: C:\Documents and Settings\<username>\Application Data\MacroVirus\Quarantine
Group: Malware file

C:\Documents and Settings\<username>\Application Data\MacroVirus\Registry Backups

File name: C:\Documents and Settings\<username>\Application Data\MacroVirus\Registry Backups
Group: Malware file

C:\Documents and Settings\<username>\Start Menu\Programs\MacroVirus\MacroVirus on the Web.lnk

File name: C:\Documents and Settings\<username>\Start Menu\Programs\MacroVirus\MacroVirus on the Web.lnk
Size: 1.35 KB (1359 bytes)
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file

C:\Documents and Settings\<username>\Start Menu\Programs\MacroVirus\Uninstall MacroVirus.lnk

File name: C:\Documents and Settings\<username>\Start Menu\Programs\MacroVirus\Uninstall MacroVirus.lnk
Size: 1.43 KB (1430 bytes)
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file

C:\Documents and Settings\<username>\Start Menu\Programs\MacroVirus\MacroVirus.lnk

File name: C:\Documents and Settings\<username>\Start Menu\Programs\MacroVirus\MacroVirus.lnk
Size: 622B (622 bytes)
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file

C:\Documents and Settings\<username>\Application Data\MacroVirus\Settings\CustomScan.stg

File name: C:\Documents and Settings\<username>\Application Data\MacroVirus\Settings\CustomScan.stg
Mime Type: unknown/stg
Group: Malware file

C:\Documents and Settings\<username>\Application Data\MacroVirus\Settings\IgnoreList.stg

File name: C:\Documents and Settings\<username>\Application Data\MacroVirus\Settings\IgnoreList.stg
Mime Type: unknown/stg
Group: Malware file

C:\Documents and Settings\<username>\Application Data\MacroVirus\Settings\ScanInfo.stg

File name: C:\Documents and Settings\<username>\Application Data\MacroVirus\Settings\ScanInfo.stg
Mime Type: unknown/stg
Group: Malware file

C:\Documents and Settings\<username>\Application Data\MacroVirus\Settings\Settings.stg

File name: C:\Documents and Settings\<username>\Application Data\MacroVirus\Settings\Settings.stg
Mime Type: unknown/stg
Group: Malware file

C:\Documents and Settings\<username>\Application Data\MacroVirus\Settings\ScanResults.stg

File name: C:\Documents and Settings\<username>\Application Data\MacroVirus\Settings\ScanResults.stg
Size: 66.68 KB (66683 bytes)
Mime Type: unknown/stg
Group: Malware file

C:\Documents and Settings\<username>\Application Data\Microsoft\Internet Explorer\Quick Launch\MacroVirus.lnk

File name: C:\Documents and Settings\<username>\Application Data\Microsoft\Internet Explorer\Quick Launch\MacroVirus.lnk
Size: 608B (608 bytes)
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file

C:\Documents and Settings\<username>\Application Data\MacroVirus\Settings\SelectedFolders.stg

File name: C:\Documents and Settings\<username>\Application Data\MacroVirus\Settings\SelectedFolders.stg
Mime Type: unknown/stg
Group: Malware file

desktop+\MacroVirus.lnk

File name: desktop+\MacroVirus.lnk
Size: 646B (646 bytes)
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file

C:\Program Files\MacroVirus\MacroVirus.exe

File name: C:\Program Files\MacroVirus\MacroVirus.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

C:\Program Files\MacroVirus\zlib.pyd

File name: C:\Program Files\MacroVirus\zlib.pyd
Size: 69.63 KB (69632 bytes)
Mime Type: unknown/pyd
Group: Malware file

C:\Program Files\MacroVirus\_tst.pyd

File name: C:\Program Files\MacroVirus\_tst.pyd
Size: 147.45 KB (147456 bytes)
Mime Type: unknown/pyd
Group: Malware file

C:\Program Files\MacroVirus\unicodedata.pyd

File name: C:\Program Files\MacroVirus\unicodedata.pyd
Size: 405.5 KB (405504 bytes)
Mime Type: unknown/pyd
Group: Malware file

C:\Program Files\MacroVirus\bz2.pyd

File name: C:\Program Files\MacroVirus\bz2.pyd
Size: 77.82 KB (77824 bytes)
Mime Type: unknown/pyd
Group: Malware file

C:\Program Files\MacroVirus\mav.db

File name: C:\Program Files\MacroVirus\mav.db
Size: 4.95 MB (4955136 bytes)
Mime Type: unknown/db
Group: Malware file

C:\Program Files\MacroVirus\sqlite3.dll

File name: C:\Program Files\MacroVirus\sqlite3.dll
Size: 250.36 KB (250368 bytes)
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file

C:\Program Files\MacroVirus\_sqlite.pyd

File name: C:\Program Files\MacroVirus\_sqlite.pyd
Size: 299 KB (299008 bytes)
Mime Type: unknown/pyd
Group: Malware file

C:\Program Files\MacroVirus\mav.db.version

File name: C:\Program Files\MacroVirus\mav.db.version
Size: 10B (10 bytes)
Mime Type: unknown/version
Group: Malware file

C:\Program Files\MacroVirus\Launcher.exe

File name: C:\Program Files\MacroVirus\Launcher.exe
Size: 517.61 KB (517616 bytes)
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

C:\Program Files\MacroVirus\mavapi.pyd

File name: C:\Program Files\MacroVirus\mavapi.pyd
Size: 114.68 KB (114688 bytes)
Mime Type: unknown/pyd
Group: Malware file

C:\Program Files\MacroVirus\MacroVirus.url

File name: C:\Program Files\MacroVirus\MacroVirus.url
Size: 51B (51 bytes)
Mime Type: unknown/url
Group: Malware file

C:\Program Files\MacroVirus\python24.zip

File name: C:\Program Files\MacroVirus\python24.zip
Size: 788.55 KB (788557 bytes)
Mime Type: unknown/zip
Group: Malware file

C:\Program Files\MacroVirus\mav.log

File name: C:\Program Files\MacroVirus\mav.log
Size: 1.86 MB (1867776 bytes)
Mime Type: unknown/log
Group: Malware file

C:\Program Files\MacroVirus\msvcr71.dll

File name: C:\Program Files\MacroVirus\msvcr71.dll
Size: 348.16 KB (348160 bytes)
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{RegistryKeys}HKEY_CURRENT_USER\SOFTWARE\MacroVirusHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MacroVirusHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MacroVirus_is1

Additional Information

The following directories were created:

%AppData%\MacroVirus%PROGRAMFILES%\MacroVirus

3 Comments

Steve says:

August 10, 2011 at 10:34 am

MacroVirus On-call is absolutely scandalous. Just so you know, it wont let you surf the net. It wont even let you open up some programs on your PC. Good info BTW and great solution i downloaded. Worth the price and saved my butt from reformatting my hard drive.
Kari Condon says:

February 15, 2012 at 8:20 pm

Took me at least 5min of my time... These people who create such programs really are NO-LIVERS! THanx for the instructions
Jed Truesdale says:

April 12, 2012 at 2:44 pm

I also got scammed today. I was linked through another site also. However on their home page it said "JOIN FREE". So being stupid I did and listed my info and credit card # ( thinking it would be like ebay , which I've never had any problem) I have sent numerous emails and finally found the phone # that says the mailbox is full and you cannot even leave a message!!!!! The good news we have an excellent credit card and called them and they said when the charge comes through they will take of it. So people if you got burned try to work it out with your credit card. It's your only hope.