Anti-Malware software can be disabled by Vonteera Adware

Vonteera – the name of big adware applications family. It’s not new – adware viruses from this family are well known for cyber security experts. However, this malware is not like all other ones, because of hefty changes made on the systems infected with adware from Vonteera family. That’s why some of well-known anti-malware programs classify it as a Trojan virus.

Most recent addition to Vonteera malware is ability to use system certificates in order to disable anti-virus software. The concept of this tactic is not very complicated itself – once inside Vonteera will schedule various tasks on your system. Here’s a simple example – at a certain time new tab with advertisement on it will be opened on your web browser.

Moreover, this malware can create and install new service on your system (look at the example below):

R2 AppInf; C:\Users\{username}\AppData\Local\Hoffer\appinf.exe [242688 2015-11-19] () [File not signed]

This potentially unwanted program (PUP) affects all most common web browsers (Opera, Internet Explorer, Safari, Mozilla Firefox) by adding specific url  in the target field. Usually this url contains information (several lines of code) that is responsible for redirecting users to various websites.

Untrusted Certificates flaw

As we have mentioned above, Vonteera is manipulating system certificates. That’s where it gets extremely dangerous – there are 13 certificates that can be listed as “Untrusted Certificates”. Here’s a full list:

  • “ESS Distribution”
  • AVAST Software a.s.
  • AVG Technologies CZ
  • Avira Operations GmbH & Co. KG
  • Baidu Online Network Technology (Beijing) Co.
  • Bitdefender SRL
  • ESET, spol. s r.o.
  • Lavasoft Limited
  • Malwarebytes Corporation
  • McAfee, Inc.
  • Panda Security S.L
  • ThreatTrack Security
  • Trend Micro

As you can see, all those certificates belong to various anti-virus or anti-malware applications. And this means that you will be unable to open any of these apps – that’s a huge risk. Moreover, it won’t let you download neither enter websites that use these certificates.

Now if you want to remove those certificates from “Untrusted Certificates” list, you will have to operate really fast – this malware notices if one of them is removed and puts it back to the same blacklist.

The best option in this situation is to use Certificate Manager and remove those certifications from “Untrusted Certificates” list. Look below at our step-by-step Vonteera certificates flaw fix.

How to remove anti-malware applications’ certificates from “Untrusted Certificates” list

  • Open “Run Box”. You can click Windows key + R at the same time to open Run Box.
  • Copy and paste ‘certmgr.msc’ into Run Box field.
  • Execute the command. Simply click OK or enter key on your keyboard. Now you should see Certification Manager Window.
  • Remove certificates from Untrusted Certificates list. On the left navigation bar select ‘Untrusted Certificates’ tab. Now you should see a full list of untrusted certificates. Right-click on ones you want to restore and choose ‘Delete’.
 

About the author

 - Main Editor
I have started 2-viruses.com in 2007 after wanting to be more or less independent from single security program maker. Since then, we kept working on this site to make internet better and safer place to use.
 
 
 
 

Leave a Reply

Your email address will not be published. Required fields are marked *