Onescan

Onescan Image

Onescan is a family of rogue security programs that are targeted towards a Korean audience. However, computers from all around the world have become infected by malware belonging to this family of fake security programs. Like most rogue security programs, malware in the Onescan family will stay on your computer and pester you with fake scans and error messages until you agree to purchase a useless 'full version' of the particular fake program infecting your system.

How Malware in the Onescan Family Enters Your Computer System

Most rogue security programs in the Onescan family are distributed through websites located in Korean servers. It is obvious that the criminals behind these rogue security programs have taken care to design convincing interfaces and logos for all members of this malicious group of programs. In fact, according to ESG security researchers, most members of the Onescan family can pass as real security software when judged on their interface and external appearance alone. Websites known to be active in distributing malware in the Onescan family include any [Removed].com, pri[Removed]yn.com, vac[Removed]com.com, and wba[Removed].com. If your security software is fully updated, it should be able to block these websites and their dangerous download. Most non-Korean users will usually become infected through other means, such as other Trojan infections or through spam email attachments. However, Korean victims will often be duped into believing that malware in the Onescan family is legitimate. Some examples of malware in the Onescan family include rogue security programs named: BoanKorea, BoanSupport, Bootcare, DASearch, DoubleVaccine, EnPrivacy, EveryGuard, HardScan, InfoData, InfoDoctor, InfoHelper, MyKeeper, MyVaccine, One Scan, PCTrouble, Siren114, SmartVaccine, UProtect, UtilKorea, UtilMarket, VaccineCure, WindowVaccine, WiseVaccine and XProtect.As of the writing of this article, there are dozens of versions of the Onescan, all of which are practically identical except for the different programs' names and designs.

The Onescan Infection Process

Rogue security programs in the Onescan family will use an authentic-looking installer. They will create a folder in your Program Files folder much like a legitimate program. The folder and file names have been known to appear in English and in Korean. As part of their installation process, malware in the Onescan family will make dangerous changes to the Windows registry allowing them to run automatically when Windows is launched. These changes also allow these rogue security programs to connect to remote websites located on Korean servers in order to download updates and upload your confidential information, display fake error messages and pop-up notifications and alter the way your computer system functions.