Onescan
Posted: December 13, 2011
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 1,431 |
| First Seen: | December 13, 2011 |
|---|---|
| Last Seen: | January 31, 2023 |
| OS(es) Affected: | Windows |
Onescan, also known as Rogue:Win32/Onescan or Win32/Onescan, is a subgroup of rogue anti-malware programs that are distributed on malicious websites of Korean origin. Although different members of the Onescan family may have different appearances and names, their primary functions are always the same: creating fake error message and scanner results to encourage you to purchase their fake products. Since Onescan products can't detect or delete any form of PC threat, SpywareRemove.com malware researchers suggest that you ignore any pop-ups from Onescan programs and remove your Onescan infection via suitable anti-malware software. Avoiding Onescan-affiliated sites should be considered a high priority for preventing Onescan-related infections, since sites that are linked to Onescan rogue anti-malware programs have been known to use exploits to install their software without permission.
Onescan – a Single Product with a Bundle of Advertising Names
Rogue anti-malware applications from the Onescan subgroup emerged as individual PC threats in 2010 and have been distributed by fraudulent websites since that time. Because Onescan scamware programs are designed to attack Korean computers, Onescan interfaces are mostly-presented in the Korean language and are hosted on Korean sites (which are identifiable by the .co.kr suffix). However, SpywareRemove.com malware researchers warn that any Windows PC can be infected and attacked by rogue anti-malware products from the Onescan. The primary symptom of this infection is the presence of inaccurate system alerts, infected-file pop-ups, scanner results and other forms of warnings that inaccurately-present information about supposed PC threats on your computer. However, it's safe to assume that undesired side effects that you may be experiencing are, in reality, caused by the Onescan infection.
Rogue security products in the Onescan subgroup consist of a large-and-growing number of titles, including the following: BoanKorea, BoanSupport, Bootcare, DASearch, DoubleVaccine, EnPrivacy, EveryGuard, HardScan, InfoData, InfoDoctor, InfoHelper, MyKeeper, MyVaccine, PCTrouble, Siren114, SmartVaccine, UProtect, UtilKorea, UtilMarket, VaccineCure, WindowVaccine, WiseVaccine and XProtect. Although all of these variants of Onescan will attempt to persuade you that you should spend money on their security features, this is, obviously, unwise to do and will not help you get rid of an Onescan infection.
Where Onescan Came from and What You Can Do About It
Onescan family-derived rogue anti-malware products are propagated by Korean websites that market them in the form of useful products. These sites may install any given variant of Onescan without your consent or use social engineering (such as presenting fake infection warnings) to mislead you into installing an Onescan product of your own free will. If your web browser has any contact with an Onescan-affiliated site, SpywareRemove.com malware experts caution you to scan your PC and make sure that browser exploits haven't been used to install malicious software without permission. Currently-known Onescan websites can always be identified by their usage of a '.co.kr' domain suffix and will usually have a domain name that references a specific version of Onescan scamware.
Using an up-to-date web browser, strict security settings and good anti-malware software can help to protect you from potential Onescan infections. Although Onescan scamware hasn't been noted to cause other attacks (such as redirecting your web browser or blocking software), SpywareRemove.com malware analysts still recommend that you remove any Onescan infection from your PC as soon as you can use an appropriate anti-malware application for the duty.
Aliases
More aliases (48)
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%PROGRAMFILES%\sponsorkeyword\sponsorkeyword.exe
File name: sponsorkeyword.exeSize: 214.91 KB (214912 bytes)
MD5: 3ee761bd53527eaa3568a93869c5af42
Detection count: 536
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\sponsorkeyword
Group: Malware file
Last Updated: April 14, 2016
%PROGRAMFILES(x86)%\VaccineStar\VaccineStar.exe
File name: VaccineStar.exeSize: 434.17 KB (434176 bytes)
MD5: 2a50a648d39de20d814e5c0313c4d569
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES(x86)%\VaccineStar
Group: Malware file
Last Updated: May 22, 2013
%PROGRAMFILES%\bizvaccine\bizvaccineu.exe
File name: bizvaccineu.exeSize: 117.78 KB (117784 bytes)
MD5: 41b5c7374b53e8b5554b2f96011a3a4b
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\bizvaccine
Group: Malware file
Last Updated: February 20, 2012
%PROGRAMFILES%\perfectcure\perfectcureu.exe
File name: perfectcureu.exeSize: 76.31 KB (76312 bytes)
MD5: 34364c80aa445acf38322762ab881857
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\perfectcure
Group: Malware file
Last Updated: February 20, 2012
%Desktop%[program name].lnk
File name: %Desktop%[program name].lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%StartMenu%[program name].lnk
File name: %StartMenu%[program name].lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
Registry Modifications
HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall [program name]MainHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [program name]MainHKEY_LOCAL_MACHINESOFTWARE\[program name]
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.