Follow:

 

Rogue:Win32/Vakcune


This is a program that can display or report misleading scan results. It might wrongly identify clean files as malicious.

Some versions of this program were detected by signatures prior to 1.145.273.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors. Microsoft has released signature 1.145.273.0, which no longer detects this program.



What to do now

Threat behavior

Rogue:Win32/Vakcune is a program that can display or report misleading scan results. It might wrongly identify clean files as malicious.

Its interface may appear similar to the following:

Rogue:Win32/Vakcune might create the following folder and all its subfolders:

  • %ProgramFiles% \VIHunter
  • %ProgramFiles%\VIHunter\etc\UpdateMgr.exe
  • %ProgramFiles%\VIHunter\VIHunter.exe /Scan

Rogue:Win32/Vakcune creates the following registry keys:

  • HKLM\SOFTWARE\VIHUNTER
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VIHUNTERMain

It also creates the following registry entries:

In subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Sets value: "UpdateMgr"
With data: "%ProgramFiles%\VIHunter\etc\UpdateMgr.exe"
Sets value: "VIHUNTERMain"
With data: "%ProgramFiles%\VIHunter\VIHunter.exe /Scan"

Analysis by Michael Johnson


Symptoms

The following could indicate that you have this threat on your PC:

  • You have these files:

    %ProgramFiles%\VIHunter\etc\UpdateMgr.exe
    %ProgramFiles%\VIHunter\VIHunter.exe

  • You see these entries or keys in your registry:

    HKLM\SOFTWARE\VIHUNTER
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VIHUNTERMai
    In subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Sets value: "UpdateMgr"
    With data: "%ProgramFiles%\VIHunter\etc\UpdateMgr.exe"
    Sets value: "VIHUNTERMain"
    With data: "%ProgramFiles%\VIHunter\VIHunter.exe /Scan"
  • You see the following image:

Prevention


Alert level: Severe
First detected by definition: 1.145.277.0
Latest detected by definition: 1.173.2181.0 and higher
First detected on: Feb 22, 2013
This entry was first published on: Aug 26, 2011
This entry was updated on: Aug 06, 2014

This threat is also detected as:
  • Trojan.Fakealert.18496 (Dr.Web)
  • FakeAlert.ck (McAfee)