Home Malware Programs Rogue Anti-Spyware Programs Onescan


Posted: December 13, 2011

Threat Metric

Ranking: 5,059
Threat Level: 8/10
Infected PCs: 1,323
First Seen: December 13, 2011
Last Seen: October 6, 2021
OS(es) Affected: Windows

Onescan Screenshot 1Onescan, also known as Rogue:Win32/Onescan or Win32/Onescan, is a subgroup of rogue anti-malware programs that are distributed on malicious websites of Korean origin. Although different members of the Onescan family may have different appearances and names, their primary functions are always the same: creating fake error message and scanner results to encourage you to purchase their fake products. Since Onescan products can't detect or delete any form of PC threat, SpywareRemove.com malware researchers suggest that you ignore any pop-ups from Onescan programs and remove your Onescan infection via suitable anti-malware software. Avoiding Onescan-affiliated sites should be considered a high priority for preventing Onescan-related infections, since sites that are linked to Onescan rogue anti-malware programs have been known to use exploits to install their software without permission.

Onescan – a Single Product with a Bundle of Advertising Names

Rogue anti-malware applications from the Onescan subgroup emerged as individual PC threats in 2010 and have been distributed by fraudulent websites since that time. Because Onescan scamware programs are designed to attack Korean computers, Onescan interfaces are mostly-presented in the Korean language and are hosted on Korean sites (which are identifiable by the .co.kr suffix). However, SpywareRemove.com malware researchers warn that any Windows PC can be infected and attacked by rogue anti-malware products from the Onescan. The primary symptom of this infection is the presence of inaccurate system alerts, infected-file pop-ups, scanner results and other forms of warnings that inaccurately-present information about supposed PC threats on your computer. However, it's safe to assume that undesired side effects that you may be experiencing are, in reality, caused by the Onescan infection.

Rogue security products in the Onescan subgroup consist of a large-and-growing number of titles, including the following: BoanKorea, BoanSupport, Bootcare, DASearch, DoubleVaccine, EnPrivacy, EveryGuard, HardScan, InfoData, InfoDoctor, InfoHelper, MyKeeper, MyVaccine, PCTrouble, Siren114, SmartVaccine, UProtect, UtilKorea, UtilMarket, VaccineCure, WindowVaccine, WiseVaccine and XProtect. Although all of these variants of Onescan will attempt to persuade you that you should spend money on their security features, this is, obviously, unwise to do and will not help you get rid of an Onescan infection.

Where Onescan Came from and What You Can Do About It

Onescan family-derived rogue anti-malware products are propagated by Korean websites that market them in the form of useful products. These sites may install any given variant of Onescan without your consent or use social engineering (such as presenting fake infection warnings) to mislead you into installing an Onescan product of your own free will. If your web browser has any contact with an Onescan-affiliated site, SpywareRemove.com malware experts caution you to scan your PC and make sure that browser exploits haven't been used to install malicious software without permission. Currently-known Onescan websites can always be identified by their usage of a '.co.kr' domain suffix and will usually have a domain name that references a specific version of Onescan scamware.

Using an up-to-date web browser, strict security settings and good anti-malware software can help to protect you from potential Onescan infections. Although Onescan scamware hasn't been noted to cause other attacks (such as redirecting your web browser or blocking software), SpywareRemove.com malware analysts still recommend that you remove any Onescan infection from your PC as soon as you can use an appropriate anti-malware application for the duty.


Generic5.MZK [AVG]Riskware/VirusCure [Fortinet]Win32.SuspectCrc [Ikarus]TR/Onescan.A.574 [AntiVir]Trojan.Fakealert.34883 [DrWeb]Win32.Trojan [eSafe]Win32:FakeAV-CZC [Trj] [Avast]Trojan.FakeAV [Symantec]Artemis!2A50A648D39D [McAfee]Generic.dx!bfgf [McAfee]Trj/Sponsor.A [Panda]PUP/Win32.SponsorKeyword [AhnLab-V3]Trojan.Fosniw-249 [ClamAV]SponsorKeyword [Symantec]PAK_Generic.001 [TrendMicro]
More aliases (48)

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Onescan may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%PROGRAMFILES%\sponsorkeyword\sponsorkeyword.exe File name: sponsorkeyword.exe
Size: 214.91 KB (214912 bytes)
MD5: 3ee761bd53527eaa3568a93869c5af42
Detection count: 536
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\sponsorkeyword\
Group: Malware file
Last Updated: April 14, 2016
%PROGRAMFILES(x86)%\VaccineStar\VaccineStar.exe File name: VaccineStar.exe
Size: 434.17 KB (434176 bytes)
MD5: 2a50a648d39de20d814e5c0313c4d569
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES(x86)%\VaccineStar\
Group: Malware file
Last Updated: May 22, 2013
%PROGRAMFILES%\bizvaccine\bizvaccineu.exe File name: bizvaccineu.exe
Size: 117.78 KB (117784 bytes)
MD5: 41b5c7374b53e8b5554b2f96011a3a4b
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\bizvaccine\
Group: Malware file
Last Updated: February 20, 2012
%PROGRAMFILES%\perfectcure\perfectcureu.exe File name: perfectcureu.exe
Size: 76.31 KB (76312 bytes)
MD5: 34364c80aa445acf38322762ab881857
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\perfectcure\
Group: Malware file
Last Updated: February 20, 2012
%Desktop%[program name].lnk File name: %Desktop%[program name].lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%StartMenu%[program name].lnk File name: %StartMenu%[program name].lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall [program name]MainHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [program name]MainHKEY_LOCAL_MACHINESOFTWARE\[program name]