| Visit ThreatExpert web site | | | Close Report |
[Symantec] [Kaspersky Lab]| What's been found | Severity Level |
| Downloads/requests other files from Internet. |  |
| Creates a startup registry entry. |  |
| Registers a 32-bit in-process server DLL. | |
| Contains characteristics of an identified security risk. |  |
NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.
 | Possible Security Risk |
| Security Risk | Description |
| RogueAntiSpyware.VirusProtect_Pro |
VirusProtect Pro is a Rogue AntiSpyware product which comes bundled along with a malicious downloader. It is downloaded and installed without the users consent. It also uses deceptive advertising to convince users to purchase their product. |
 | File System Modifications |
| # | Filename(s) | File Size | File Hash | Alias |
| 1 |
%DesktopDir%\VirusHeat 4.3.lnk
%StartMenu%\VirusHeat 4.3.lnk |
744 bytes | MD5: 0x30313BA5488DC54DB02417E4CE64E73F SHA-1: 0x6AF5A6624254EBD1F00782AD9AE883D1E2769EC9 |
(not available) |
| 2 | %Temp%\vht.dat | 125 bytes | MD5: 0x7C5F5A68051F6B0C0E9A2AD33C40D415 SHA-1: 0x120865765927A61AF83F02B83DC297EEDE61EC41 |
(not available) |
| 3 | %Programs%\VirusHeat 4.3\Uninstall VirusHeat 4.3.lnk | 541 bytes | MD5: 0xD8D48334BFA3A21D6B3BCA17F4D58E48 SHA-1: 0x8E49695EF0FF4FF158CF39988ADE6605A2FC6395 |
(not available) |
| 4 | %Programs%\VirusHeat 4.3\VirusHeat 4.3 Website.lnk | 555 bytes | MD5: 0x8843AEC7280C6154FFC5BF0C697C2D95 SHA-1: 0xD5B9B6218663DD48808A1C7836ABA64E15B546D5 |
(not available) |
| 5 | %Programs%\VirusHeat 4.3\VirusHeat 4.3.lnk | 756 bytes | MD5: 0xE4237B93EA2C3A33A6B8397BA65AFD00 SHA-1: 0x1E7D10D4C469D3547A672DE29F6555F92CF2EE4B |
(not available) |
| 6 | %ProgramFiles%\VirusHeat 4.3\blacklist.txt | 50,527 bytes | MD5: 0x00372593B3438D9E475AF653E582A4C6 SHA-1: 0xB3B73A2D55D41ED9743D10B1D58D66CF49E0BBD2 |
(not available) |
| 7 | %ProgramFiles%\VirusHeat 4.3\Lang\English.ini | 32,738 bytes | MD5: 0xE6141A8192372E7B135265DAA2A5A8FE SHA-1: 0x9C0E865EC7AEEE14F1CC008A1C16D75DB14EC376 |
(not available) |
| 8 |
%ProgramFiles%\VirusHeat 4.3\msvcp71.dll
|
499,712 bytes | MD5: 0x561FA2ABB31DFA8FAB762145F81667C2 SHA-1: 0xC8CCB04EEDAC821A13FAE314A2435192860C72B8 |
(not available) |
| 9 |
%ProgramFiles%\VirusHeat 4.3\msvcr71.dll
|
348,160 bytes | MD5: 0x86F1895AE8C5E8B17D99ECE768A70732 SHA-1: 0xD5502A1D00787D68F548DDEEBBDE1ECA5E2B38CA |
(not available) |
| 10 |
%ProgramFiles%\VirusHeat 4.3\uninst.exe
|
41,209 bytes | MD5: 0x5B46B97A73432A25D43E6948AB729336 SHA-1: 0x3A43B9FEDF253E4EBF33615189299560A2C3B950 |
(not available) |
| 11 | %ProgramFiles%\VirusHeat 4.3\vht.dat | 351,696 bytes | MD5: 0x229A4C028DA4BF9D25384C9A868B7049 SHA-1: 0xAD88837E72646C54A0C54342C00698697A470BF0 |
(not available) |
| 12 | %ProgramFiles%\VirusHeat 4.3\VirusHeat 4.3.exe | 1,757,184 bytes | MD5: 0x9500DE7AD3E1F18201ADFC1857894437 SHA-1: 0x268643FBEE42D10D63E4063A958513B6D21A2201 |
VirusHeat [Symantec] not-a-virus:FraudTool.Win32.VirusProtectPro.ad [Kaspersky Lab]FakeAlert-AF [McAfee]Program:Win32/SpyAxe [Microsoft] |
| 13 | %ProgramFiles%\VirusHeat 4.3\VirusHeat 4.3.url | 50 bytes | MD5: 0x268CD62E3F4B09EC84D2FAA3EE428D2E SHA-1: 0x91CA588A5DDBA13401CEEB618ED2FECB53B98092 |
(not available) |
| 14 | [file and pathname of the sample #1] | 2,167,502 bytes | MD5: 0x88FCBFEAF0F3068CB0D758C1FCFB96BA SHA-1: 0xCCF4D02097EF239E8FFB2BCD8633B031B962907A |
VirusHeat [Symantec] not-a-virus:FraudTool.Win32.VirusProtectPro.ad [Kaspersky Lab] |
 | Memory Modifications |
| Process Name | Process Filename | Main Module Size |
| VirusHeat 4.3.exe | %ProgramFiles%\VirusHeat 4.3\VirusHeat 4.3.exe | 4,042,752 bytes |
| [filename of the sample #1] | [file and pathname of the sample #1] | 204,800 bytes |
 | Registry Modifications |
 | Other details |
 |
Russian Federation |
| Server Name | Server Port | Connect as User | Connection Password |
| www.virusheat.com | 80 | (null) | (null) |
All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.
The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.
Copyright © 2010 ThreatExpert. All rights reserved.