Onescan

Onescan Description

ScreenshotOnescan is a family of rogue security programs that are targeted towards a Korean audience. However, computers from all around the world have become infected by malware belonging to this family of fake security programs. Like most rogue security programs, malware in the Onescan family will stay on your computer and pester you with fake scans and error messages until you agree to purchase a useless 'full version' of the particular fake program infecting your system.

How Malware in the Onescan Family Enters Your Computer System

Most rogue security programs in the Onescan family are distributed through websites located in Korean servers. It is obvious that the criminals behind these rogue security programs have taken care to design convincing interfaces and logos for all members of this malicious group of programs. In fact, according to ESG security researchers, most members of the Onescan family can pass as real security software when judged on their interface and external appearance alone. Websites known to be active in distributing malware in the Onescan family include any [Removed].com, pri[Removed]yn.com, vac[Removed]com.com, and wba[Removed].com. If your security software is fully updated, it should be able to block these websites and their dangerous download. Most non-Korean users will usually become infected through other means, such as other Trojan infections or through spam email attachments. However, Korean victims will often be duped into believing that malware in the Onescan family is legitimate. Some examples of malware in the Onescan family include rogue security programs named: BoanKorea, BoanSupport, Bootcare, DASearch, DoubleVaccine, EnPrivacy, EveryGuard, HardScan, InfoData, InfoDoctor, InfoHelper, MyKeeper, MyVaccine, One Scan, PCTrouble, Siren114, SmartVaccine, UProtect, UtilKorea, UtilMarket, VaccineCure, WindowVaccine, WiseVaccine and XProtect.As of the writing of this article, there are dozens of versions of the Onescan, all of which are practically identical except for the different programs' names and designs.

The Onescan Infection Process

Rogue security programs in the Onescan family will use an authentic-looking installer. They will create a folder in your Program Files folder much like a legitimate program. The folder and file names have been known to appear in English and in Korean. As part of their installation process, malware in the Onescan family will make dangerous changes to the Windows registry allowing them to run automatically when Windows is launched. These changes also allow these rogue security programs to connect to remote websites located on Korean servers in order to download updates and upload your confidential information, display fake error messages and pop-up notifications and alter the way your computer system functions.

Technical Information

Registry Details

Onescan creates the following registry entry or registry entries:
RegistryKey
HKEY_LOCAL_MACHINESOFTWARE\[program name]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [program name]Main
HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall [program name]Main

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.