Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Adware program Vonteera blocks security products with simple Windows UAC trick

Lucian Constantin | Nov. 24, 2015
The program turns digital code signatures against anti-malware products.

Affected users have several options to bypass Vonteera's changes to the Windows certificate blacklist so they can install an antivirus product. They could disable UAC entirely, but this is not recommended because it reduces the system's security.

They could also manually remove the certificates from the "Untrusted Certificates" store by using the Windows Certificate Manager tool, but then they have to act fast before Vonteera puts them back. This can be done by hitting the windows key + r to open a Run prompt then typing certmgr.msc. In the left panel they can browse to Untrusted certificates > Certificates and remove certificates that have an antivirus vendor's name.

Finally, they could use a trick that uses scheduled tasks to bypass UAC prompts in order to install their desired antivirus tool, use it to remove Vonteera, then manually remove the blacklisted certificates, the Malwarebytes researchers said.

Because of this intrusive behavior, Malwarebytes has changed Vonteera's classification from a potentially unwanted application to a clearly malicious application, detecting it as a Trojan. Other antivirus products including Bitdefender and ESET also have detection routines for it.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.