Home Malware Programs Rogue Anti-Spyware Programs Tritax


Posted: February 14, 2014

Threat Metric

Ranking: 9,634
Threat Level: 1/10
Infected PCs: 12
First Seen: February 14, 2014
Last Seen: December 2, 2021
OS(es) Affected: Windows

Tritax is a family of rogue anti-malware applications whose individual members are often referred to as 'NameChanger', based on the wide range of brand names that they may take. The Tritax family has been in distribution with several major branches developed from 2009 onwards and may be installed through attacks of corrupted advertisements, illegal websites and hacked-but-legitimate websites. Tritax's individual members often copy the appearances of legitimate anti-malware programs, and may attempt to make other attacks besides faking security features, such as blocking programs or redirecting your browser. Although blocking the installation of Tritax scamware always is safest for your PC, malware experts also would recommend the use of strenuous and in-depth anti-malware solutions when you find yourself needing to uninstall a Tritax product.

The Anti-Malware Scam that Uses Legitimate Sites to Get to You

Families like FakeRean, FakePAV and WinWebSec are noted for their frequent proliferation under different version names, but Tritax could very well be the chameleon's chameleon. With over two hundred separate names available for the members of three separate branches, most of which copy the looks of real anti-malware products, any casual PC user would be hard-pressed to tell Tritax from a real AV program. Individual members of Tritax's NameChanger.A, NameChanger.B and NameChanger.C have taken up such names as Windows Premium Shield, Windows Antivirus Release, Windows Proprietary Advisor, Windows Oversight Center, Windows Threats Destroyer, Windows Troubles Killer and Windows Safety Protection.

Tritax has achieved a certain level of attention for a recent campaign of website-hacking attacks, many of which have targeted traffic-heavy, popular sites like Dailymotion.com, Businessinsider.com or the Swedish tabloid, Aftonbladet.se. An advertising network for Skype also has been included in this recent list of victims forced to distribute Tritax. PC users who came into contact with these sites or advertisements found their browsers redirected to fake system warnings that were crafted to look like alerts from Microsoft Security Essentials. Installing the recommended security solution compromised their PCs, allowing the NameChanger variants of Tritax to begin their cons.

Tritax members use both pop-ups and fake system scans as parts of their hoaxes to imitate the superficial looks of legitimate anti-malware applications. Malware researchers also estimate that many victims may experience substantially restricted access to other programs, particularly security-oriented tools like the Task Manager or the Microsoft Security Essentials. Tritax programs recommend that you purchase a registered version of its software to disinfect your PC, but there are no advantages to this action, just as there are no real threat-detecting features from the 'free' Tritax products.

Stopping the Rapid Spread of Tritax Scams

Besides being linked to hundreds of fake AV brand names, Tritax is also tied to hundreds of different domains that seemingly were registered for the sole purpose of distributing its software. Besides all the normal browser-protecting features and behavior that malware experts would recommend, it's also notable that the Tritax campaign's recent attacks have focused on Internet Explorer users. In many circumstances, users of other browsers, such as Firefox or Opera, may be safe from redirects to Tritax.

Social engineering is both the key element of Tritax's strategies and its most visible means of distribution. PC users who habitually ignore 'security updates' that aren't confirmed to be from safe sources are at less risk than others of needing to deal with Tritax's NameChanger programs. However, the possibility of Tritax using non-consensual exploit kits that don't require your permission to infect your PC remains up in the air. As is true of any family of often-updated and sophisticated PC threats, disabling and removing Tritax is both recommended and necessary, but only with the help of updated anti-malware software.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Tritax may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.