• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Malware › Trojan › SpamThru Trojan – malware who detects and removes another malware

SpamThru Trojan – malware who detects and removes another malware

Myantispyware team October 26, 2006     No Comment    

Like many viruses and trojans, SpamThru attempts to prevent installed anti-virus software from downloading updates by adding entries into the %sysdir%\drivers\etc\hosts file pointing the AV update sites to the localhost address. In the past, we’ve also seen malware which tries to uproot other competing malware on an infected system by killing its processes, removing its registry keys, or setting up mutexes which fool the other malware into thinking it is already running and then exiting at start.

SpamThru takes the game to a new level, actually using an antivirus engine against potential rivals. At startup, SpamThru requests and loads a DLL from the control server. This DLL in turn downloads a pirated copy of Kaspersky AntiVirus for WinGate from the control server into a concealed directory on the infected system. It patches the license signature check in-memory in the Kaspersky DLL in order to avoid having Kaspersky refuse to run due to an invalid or expired license. Ten minutes after the download of the DLL, it begins to scan the system for malware, skipping files which it detects are part of its own installation. Any other malware found on the system is then set up to be deleted by Windows at the next reboot.

Read more about SpamThru Trojan : SpamThru Trojan Analysis


Malware Trojan

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply




New Guides

Defense-fordesktop.com Click Allow Scam
Defense-fordesktop.com Virus Removal Guide
Searches.today Google Search results
How to get rid of Searches.today redirect from Chrome, Firefox, IE, Edge
Helllomedias.com Click Allow Scam
Helllomedias.com Virus Removal Guide
AccessibleSearchGuide mac app adware
How to uninstall AccessibleSearchGuide app/extension from Mac (Virus removal guide)
Link 2captcha Virus Click Allow Scam
Link 2captcha Virus (removal guide)

Follow Us

Search

Useful Guides

Tech Support Scam
Remove Tech Support Scam pop-up virus [Microsoft & Apple Scam]
How to remove pop-up ads [Chrome, Firefox, IE, Opera, Edge]
remove android virus
How to remove virus from Android phone
Malwarebytes won’t install, run or update – How to fix it
Files encrypted by ransomware become useless
How To Recover Encrypted Files (Ransomware file recovery)

Recent Posts

Found new rogue antispyware – PestCapture / how to remove
New version Comodo Free Firewall
Found new vulnerability in the Internet Explorer / how to protect
MSN Worm Used to install Backdoor | How to remove
More fake codec sites

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2022 Myantispyware.com - Free antispyware programs and Spyware Removal Instructions.