Immunizr Description

Immunizr is a clone of the popular rogue security application SpyShield. This fake security tool is part of a well-known computer scam, which involves convincing gullible computer users to purchase fake security programs. Immunizr has been known to infect computer systems located in Germany, displaying windows, error messages, fake security alerts and an interface that are entirely in German. However, underneath its exterior, Immunizr is no different than the majority of rogue security programs that exist in the present. ESG PC security researchers recommend treating an Immunizr infection as you would remove any other rogue security program. A fully-updated anti-malware application, while running Windows in Safe Mode, will usually take care of most Immunizr infections. However, Immunizr may be associated with other malware attackers. It is important to scan your computer completely and to be on the watch for any suspicious behavior, immediately after an Immunizr infection was removed.

How the Immunizr Scam Works

As was mentioned before, Immunizr is part of a well-known computer scam. Programs like Immunizr are known as rogue security programs. Rogue security programs are malware infections that do the complete opposite of what they advertise. These fake security programs claim that they can fix malware problems on your computer system, while, in reality, are malware themselves. An Immunizr infection will often involve other Trojans and even rootkit infections on the victim’s computer system which, by working together, can quickly cripple an otherwise healthy computer system. Immunizr, then, displays a large number of alarming messages and fake system alerts. These will try to convince the victim that a full-scale malware infection is present and that Immunizr can remove it, as long as the victim purchases a “full version” of this useless application. Immunizr will also run a fake system scan which, after a fake progress bar (which is nothing more than an animation done for show), will claim that the victim’s computer is in dire straits. In fact, the victim’s computer is under attack, but from Immunizr itself. According to ESG PC security researchers, Immunizr is little more than a collection of dangerous scripts and associated Trojans, which act together to take control of a computer system . Knowing this, you can avoid becoming a victim of Immunizr. ESG security researchers strongly advise to ignore all messages displayed by this fake security application and use a real, reliable anti-malware program that is fully up-to-date to remove Immunizr for good.

Type: Rogue AntiSpyware Programs

How Can You Detect Immunizr?

Immunizr Technical Report

As new Immunizr details are reported by our customers and findings from our Threat Research Center, we will update this section.

The following Immunizr files with its MD5s were created in the system:

Immunizr Removal Details

Immunizr has typically the following processes in memory:

• immunizrsetup.exe
• %PROGRAM_FILES%\immunizr\immunizr3.dll
• %PROGRAM_FILES%\immunizr\immunizr.exe
• %PROGRAM_FILES%\immunizr\immunizr1.dll
• %PROGRAM_FILES%\immunizr\uninstall.exe
• %PROGRAM_FILES%\immunizr\immunizr0.dll

Immunizr creates the following files in the system:

• %PROGRAM_FILES%\immunizr\immunizr0.im
• %PROGRAM_FILES%\immunizr\immunizr.lic
• %PROGRAM_FILES%\immunizr\immnuizr1.im
• %PROGRAM_FILES%\immunizr\immunizr1.im

Immunizr created the following directories, files, paths:

• %ProgramFiles%\Immunizr

Immunizr creates the following registry entries:

• HKEY_CURRENT_USER\Software\immunizr automaticstartup
• HKEY_CURRENT_USER\Software\immunizr hscheduledscan
• HKEY_CURRENT_USER\Software\immunizr uninstall
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run immunizr
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\immunizr displayname
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\immunizr uninstallstring
• HKEY_CURRENT_USER\Software\immunizr\system security
• HKEY_CURRENT_USER\Software\immunizr previousmark
• HKEY_CURRENT_USER\Software\immunizr enablescheduledscan
• HKEY_CURRENT_USER\Software\immunizr\updates
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\immunizr helplink
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\immunizr urlinfoabout
• HKEY_CURRENT_USER\Software\immunizr
• HKEY_CURRENT_USER\Software\immunizr previous
• HKEY_CURRENT_USER\Software\immunizr mscheduledscan
• HKEY_CURRENT_USER\Software\immunizr\scan automaticdeletion
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\immunizr
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\immunizr displayicon

Important Article Disclaimer