• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

MyAntiSpyware

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

SpamThru Trojan – malware who detects and removes another malware

Myantispyware team October 26, 2006    

Like many viruses and trojans, SpamThru attempts to prevent installed anti-virus software from downloading updates by adding entries into the %sysdir%\drivers\etc\hosts file pointing the AV update sites to the localhost address. In the past, we’ve also seen malware which tries to uproot other competing malware on an infected system by killing its processes, removing its registry keys, or setting up mutexes which fool the other malware into thinking it is already running and then exiting at start.

SpamThru takes the game to a new level, actually using an antivirus engine against potential rivals. At startup, SpamThru requests and loads a DLL from the control server. This DLL in turn downloads a pirated copy of Kaspersky AntiVirus for WinGate from the control server into a concealed directory on the infected system. It patches the license signature check in-memory in the Kaspersky DLL in order to avoid having Kaspersky refuse to run due to an invalid or expired license. Ten minutes after the download of the DLL, it begins to scan the system for malware, skipping files which it detects are part of its own installation. Any other malware found on the system is then set up to be deleted by Windows at the next reboot.

Read more about SpamThru Trojan : SpamThru Trojan Analysis


Malware Trojan

 Previous Post

Found new rogue antispyware – PestCapture / how to remove

Next Post 

More fake codec sites or story continue…

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply

New Guides

Jezidexp.com MrBeast $1111? Fake Promo Code Scams Exposed
scam alert
Feastax.com Review, FREE $3,000 Scam, Fake MrBeast Promo Codes
Anchomoross.com Virus Removal Guide
scam alert
Fake or Real? You Visited Some Hacked Websites With Exploit Email Scam Explained
scam alert
Spotify Can’t Process Your Payment Scam Alert: A Phishing Email to Avoid

Follow Us

Search

Useful Guides

How to reset Google Chrome settings to default
adwcleaner
AdwCleaner – Review, How to use, Comments
Best free malware removal tools
Best Free Malware Removal Tools 2025
How to remove pop-up ads [Chrome, Firefox, IE, Opera, Edge]
Smart Captcha Virus redirect
What is a Virus that Redirects Web Pages? A Comprehensive Guide

Recent Guides

Found new rogue antispyware – PestCapture / how to remove
New version Comodo Free Firewall
Found new vulnerability in the Internet Explorer / how to protect
MSN Worm Used to install Backdoor | How to remove
More fake codec sites

Myantispyware.com

Myantispyware has been a trusted source for computer security and technology advice since 2004. Our mission is to provide reliable tech guidance and expert, practical solutions to help you stay safe online and protect your digital life.

Social Links

Pages

About Us
Contact Us
Privacy Policy

Copyright © 2004 - 2024 MASW - Myantispyware.com.