VirusHeat
It is proposed that this article be deleted because of the following concern:
If you can address this concern by improving, copyediting, sourcing, renaming, or merging the page, please edit this page and do so. You may remove this message if you improve the article or otherwise object to deletion for any reason. Although not required, you are encouraged to explain why you object to the deletion, either in your edit summary or on the talk page. If this template is removed, do not replace it. The article may be deleted if this message remains in place for seven days, i.e., after 14:53, 4 May 2024 (UTC). Find sources: "VirusHeat" – news · newspapers · books · scholar · JSTOR Nominator: Please consider notifying the author/project: {{subst:proposed deletion notify|VirusHeat|concern=Run-of-the-mill malware with no evidence of notability. Written like a manual with no inline references, and none of the sources discuss the topic in depth}} ~~~~ |
| Common name | VirusHeat |
|---|---|
| Technical name | VirusHeat |
| Aliases | Virus Heat, VirusHeat 3.9, VirusHeat 4.3, VirusHeat 4.4 |
| Classification | Rogue security software |
| Type | Microsoft Windows |
| Point of origin | Russian Federation |
VirusHeat is malware that disguises itself as a legitimate anti-virus program. VirusHeat tricks users into buying the full version of the program through repeated false alerts and popups, purporting to alert the user that there is a system error or they are infected, and must buy the full version to remove. It was launched on February 8, 2008.
Infection[edit]
VirusHeat is usually downloaded through a trojan, usually the Zlob trojan, that is bundled in fake Video codecs. It may also be downloaded from the malware's website. Once installed, VirusHeat will run a scan and report exaggerated results that the user's computer is infected. When the scan is complete, a warning message will pop up linking to VirusHeat's homepage where the user is prompted to buy the software.
Symptoms[edit]
VirusHeat displays false warning messages (e.g. imitating that you had downloaded e.g. an XXX video) followed by a realistic Virus removal pop up which launches to their web-site whether you select "Yes" or "No" button: Then uses exaggerated scan reports to mislead the user. VirusHeat repeatedly annoys the user with pop up warnings that prompt the user to purchase a full version of the program. VirusHeat may attempt to change the user's IE homepage to go to VirusHeat's homepage. VirusHeat may automatically launch on startup.
VirusHeat installs the following: Processes
- VirusHeat 3.9
- VirusHeat 3.9.exe
DLLs
- eeioq.dll
- iinqyl.dll
- wuuawkz.dll
Directories
- C:\Program Files\VirusHeat
Registry Keys
- HKEY_CLASSES_ROOT\clsid\{5b55c4e3-c179-ba0b-b4fd-f2db862d6202}
Known variants[edit]
VirusHeat behaves similar to other known rogue security software. SpywareQuake, VirusBurst, AntiVirGear, VirusProtect, VirusProtectPro are variants of VirusHeat.
Removal[edit]
![[icon]](/wiki/File:Wiki_letter_w_cropped.svg){kind=small} | This section needs expansion. You can help by adding to it. (March 2008) |
Various anti-spyware removal tools are known to remove VirusHeat. The latest definition file must be utilized in most anti-spyware programs to completely remove VirusHeat and any associated files.
See also[edit]
References[edit]
- Symantec.com - VirusHeat is a misleading application that may give exaggerated reports of threats on the computer
- research.sunbelt-software.com - VirusHeat is a rogue security program known for scaremongering, high-pressure advertising practices
- virusheat.com Web Safety Ratings from McAfee SiteAdvisor
 | This article includes a list of references, related reading, or external links, but its sources remain unclear because it lacks inline citations. (September 2018) |