MaCatte Antivirus 2009 Description

 

 

[+] Click Image to Enlarge

 

 

CartCartCart

MaCatte Antivirus 2009 is a bogus anti-spyware application that mimics the McAfee security program. MaCatte Antivirus 2009 is not able to detect or remove computer parasites. If you have MaCatte Antivirus 2009 installed on your system, then you may notice the many parasites that it supposedly finds during system scans. Each of these parasites are nonexistent. MaCatte Antivirus 2009 is not a trusted security program.

MaCatte Antivirus 2009 is designed to load at startup where it will display multiple misleading threat alerts and asks you to update the application which can redirect you to a site to purchase a full version of MaCatte Antivirus 2009. In addition, MaCatte Antivirus 2009 has the ability to block any installed security applications which can make MaCatte Antivirus 2009 difficult to successfully remove.

Type: Rogue AntiSpyware Programs

How Can You Detect MaCatte Antivirus 2009?

MaCatte Antivirus 2009 Technical Report

As new MaCatte Antivirus 2009 details are reported by our customers and findings from our Threat Research Center, we will update this section.

The following MaCatte Antivirus 2009 files with its MD5s were created in the system:

MaCatte Antivirus 2009 has typically the following processes in memory:

• mstdl.exe
• C:\Documents and Settings\All Users\Start Menu\Programs\msca\mstdl.exe
• MaCatte[1].exe
• C:\Program Files\msca\msc.exe
• WPtect.dll

MaCatte Antivirus 2009 created the following directories, files, paths:

• %AllUsersProfile%\Start Menu\Programs\ MaCatte

MaCatte Antivirus 2009 creates the following registry entries:

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A73890FC-177F-4198-AE3D-C64F7D9E69D8}
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{459b6bf8-5320-4c41-8833-85baedf31086}
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce “msca”
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPost “0″
• HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{459b6bf8-5320-4c41-8833-85baedf31086}
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{459b6bf8-5320-4c41-8833-85baedf31086}
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “msc”
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\msca
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnonBadCertRecving “0″
• HKEY_CURRENT_USER\Software\msca
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{459b6bf8-5320-4c41-8833-85baedf31086}
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkNeighborhood\NameSpace\{459b6bf8-5320-4c41-8833-85baedf31086}
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “wsc”
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect “0″

Important Article Disclaimer