English 
Deutsch
Español
Français
Portuguese
Contraviro Contraviro
By
Sumo3000 in Rogue Anti-Spyware Program |
191 views
(No Ratings Yet)
Loading ...
Contraviro Description
Contraviro is a rogue anti-spyware application originating from the same group as the fake spyware remover Unvirex. Through insecure online downloads or security exploits on a computer, Contraviro installs itself onto a system and begins bombarding the computer with numerous frustrating pop-up advertisements and false security alerts, stating that the system is infected. Fake system scans depict the same outcame. All of these so-called threats, however, are in fact legitimate programs that once deleted, will cause serious damage for the Windows system. These scare tactics are employed in order to intimidate the user into purchasing the full version of Contraviro.
Contraviro tends to install a specific dll known as Layered Service Provider (LSP) in your system. LSP is a program that controls outbound traffic to secure your online activities. The bad thing is that deleting Contraviro rogue anti-spyware the wrong way is likely to uninstall the LSP as well, which will definitely result in loss of network access.
Type: Rogue AntiSpyware Programs
How Can You Detect Contraviro?
Contraviro Technical Report
As new Contraviro details are reported by our customers and findings from our Threat Research Center, we will update this section.
The following Contraviro files with its MD5s were created in the system:
| File Name | File Size | MD5 |
|---|
| hjengine.dll | 626688 | 5577eb75c0930130cb8abe729ca6a8ba |
| ContraviroInstall[1].exe | 1708629 | 1c6198e446371b8cafc5f10ad402173a |
| Contraviro.exe | 16187392 | a6570eb1a6377fa68b5f065e06fc65f7 |
| Contraviro.exe | 17350656 | 80c46c57ef21d652587222ececc751cb |
| Contraviro.exe | 17350656 | 575ac6029988ff40d7ee06b291baa054 |
Contraviro has typically the following processes in memory:
- %Program Files%\Contraviro\hjengine.dll
- %Program Files%\Contraviro\MFC71ENU.DLL
- %Program Files%\Contraviro\pthreadVC2.dll
- %Program Files%\Contraviro\uninstall.exe
- Contraviro.exe
- %Program Files%\Contraviro\Drvfltip.sys
- %Program Files%\Contraviro\MFC71.dll
- %Program Files%\Contraviro\msvcr71.dll
- %Program Files%\Contraviro\siglsp.dll
- ContraviroInstall[1].exe
- %Program Files%\Contraviro\Contraviro.exe
- %Program Files%\Contraviro\IEAddon.dll
- %Program Files%\Contraviro\msvcp71.dll
- %Program Files%\Contraviro\shellext.dll
- hjengine.dll
Contraviro created the following directories, files, paths:
- %ProgramFiles%\Contraviro
- %AllUsersProfile%\Start Menu\Programs\Contraviro
Contraviro creates the following registry entries:
- HKEY_CLASSES_ROOT\AppID\IEAddon.DLL
- HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\antivirus_contextscan
- HKEY_CLASSES_ROOT\Interface\{5B184B9D-B7BD-4FEA-8D1F-5E27182206A5}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform “Contraviro”
- HKEY_CLASSES_ROOT\AppID\{C0E56AC2-9F72-436E-B6E7-AEC28AF9E4EB}
- HKEY_CLASSES_ROOT\CLSID\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}
- HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\antivirus_contextscan
- HKEY_LOCAL_MACHINE\SOFTWARE\Contraviro
- HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell”
- Contraviro
- HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\antivirus_contextscan
- HKEY_CLASSES_ROOT\CLSID\{08EEC6AD-7486-487F-89B7-5A3716DDAE14}
- HKEY_CLASSES_ROOT\Drives\shellex\ContextMenuHandlers\antivirus_contextscan
- HKEY_CLASSES_ROOT\TypeLib\{3ED0E410-5C8E-47B6-A75D-D10B886E903C}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Contraviro
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Contraviro”
Important Article Disclaimer
