Scareware targets users infected with industrial espionage worm
ACAD/Medre.A, a worm that steals AutoCAD drawings and sends them to remote servers, was recently discovered infecting a great number of computers in Peru and some other Latin American countries.
As interesting as the malware may be, its geographically limited eruption probably means that not a lot of people have heard or worried about it. Still, those who have and are searching for tools to remove it might be in for another nasty surprise, as ESET researchers have unearthed a website seemingly offering one such tool.
But bizarrely enough, the description the site gives of how the worm behaves and the damage it does on a computer is completely innacurate.
It says that the worm redirects searchers, changes the desktop image, slows down the computer and the Internet, makes unwanted windows pop up, corrupts the Windows registry, “contains” Trojans and keyloggers and, finally, that it “displays numerous fake infections of exaggerated security threats on your computer and then state that you should purchase the program in order to remove the infections.”
The site also says that the manual removal process for the malware is a “cumbersome procedure” that “does not always ensure complete deletion”, then continually prompts users to download a removal tool that would ease the process considerably.
The tool in question purports to be Spyware Doctor, by legitimate software manufacturer PC Tools, but it’s nothing of the sort. The downloaded executable installs three files on the computer: FixNCR.reg, “SpyHunter-Installer.exe, and SpeedyPC Pro Installer.exe.
The first one claims to delete the registry entries modified by ACAD/Medre.A, but does nothing of the kind. Instead, it deletes other, harmless ones.
The second one supposedly detects the worm on an infected systems. Not surprisingly, this tool also doesn’t work as advertised.
The third one seems to be doing a good job, as it detects all of 63 different malware installed on the system – including the aforementioned SpyHunter – but not ACAD/Medre.A.
For the umpteenth, the user is urged to buy the solution that will get rid of all this malware – a solution that will cost him $119 per year.
And in case he might still be unsure whether to do that, a working “Live Expert 24/7” chat service available from the site is there to try to lead him in the right direction.