web analytics

Vonteera Adware Can Disable Your Antivirus

Posted By

Be Safe Out There

Vonteera is a Trojan Horse which can destroy your Antivirus. Thought you were safe because you had Antivirus program on your computer and could visit any website you want? Even though it was suspicious?
Normally adwares is downloaded or installed on computers by the user themselves. By visiting sites which has bunch of intrusive ads and pop us. Or may be you are downloading something and you have this download a “software” to download a program. Well these are common ways to get malicious programs on your computer.

Vonteera can be hidden because it is possible to package it with some other “legit” programs. Vonteera adds a bunch of Scheduled Tasks on your computer. Some open new tab on your browser to show advertisement. A service is also installed. On the broswer a new “Browser Helper Object” is installed, which can be found on Internet Explorer. While you still may not use IE, it still can be installed on your computer, if you have installed.

R2 AppInf; C:\Users\{username}\AppData\Local\Hoffer\appinf.exe [242688 2015-11-19] () [File not signed]

The PUP, changes all shortcuts on your desktop, in your taskbar and start up menu.

  • Chrome
  • Firefox
  • Opera
  • Safari
  • Internet Explorer

 

Vonteera script

For Chrome, this PUP has “superpower” policy, extensions which are silently installed and cannnot be uninstalled by the user.

Specifies a list of apps and extensions that are installed silently, without user interaction, and which cannot be uninstalled by the user. All permissions requested by the apps/extensions are granted implicitly, without user interaction, including any additional permissions requested by future versions of the app/extension.

Vonteera installs 13 untrusted certificates in order. Which means the system will refuse to run any programs singed with these certificates.

Vonteera User control panel

 

 

 

 

 

 

 

 

  • “ESS Distribution”
  • AVAST Software a.s.
  • AVG Technologies CZ
  • Avira Operations GmbH & Co. KG
  • Baidu Online Network Technology (Beijing) Co.
  • Bitdefender SRL
  • ESET, spol. s r.o.
  • Lavasoft Limited
  • Malwarebytes Corporation
  • McAfee, Inc.
  • Panda Security S.L
  • ThreatTrack Security
  • Trend Micro

Remove Unwanted Certificates

  • Open the Run Box by Winkey + R
  • Type certmgr.msc then click ok
  • Select the Untrusted certificates > Certificates, then delete the unwanted certificates
  • Check back again if it has been deleted, because it can be installed again.
  • Run your anti virus program and you should be good.

Author: Shivniel Gounder

TheGeek : Writes about information security, privacy, cybersecurity and latest tech gadgets and more.

Share This Post On

Submit a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: