Friday, September 4, 2009

Contraviro

Contraviro is a new fake malware cleaner (rogue). The GUI and name has changed, but it is the same code as Unvirex rogue.



The engine is from Clam AntiVirus (ClamAV), an open source (GPL) and free anti-virus toolkit.

HijackThis symptoms:
O2 - BHO: StatusBarPane - {CCB5551D-8594-4999-85F9-1E3EABCB95AC} - C:\Program Files\Contraviro\IEAddon.dll
O4 - HKLM\..\Run: [Contraviro] C:\Program Files\Contraviro\Contraviro.exe
O10 - Unknown file in Winsock LSP: c:\program files\contraviro\siglsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\contraviro\siglsp.dll
Notice the LSP Hijack. Removing siglsp.dll file without restoring the LSP chain will break Internet connexion.