McAfee Labs: Lavians Inc. repackaging utilities programs with browser hijacker
A recent McAfee Labs analysis found that the browser hijacking malware Bing.vc was redirecting its victims to this anti-hijacking advertisement.
Software company Lavians Inc. is offering free utilities applications for download that actually infect users with the Bing.vc browser hijacker software, Intel Security's McAfee Labs warned in a blog post yesterday.
The malware purports to be legitimate driver utilities for computer brands including HP, Dell and Acer. Available on third-party sites, these once-clean applications have been repackaged to contain malware that controls the Internet Explorer, Firefox, and Chrome browsers, changing their home pages to a malicious URL and switching their default search engines to bing.vc (no relation to Microsoft's Bing).
McAfee's attempt to uninstall one of the samples failed – the malware only removed clean components while adding two more registry entries, including a shell extension handler for persistence. Even after restarting the computer, the home page remained changed – hosting a "FixBrowserRedirect" advertisement that linked to a website conveniently selling anti-hijacking software.
To restore the system, McAfee suggested removing the registry entries, deleting the malicious file IconOverlayEx.dll, and removing the malicious target in the properties of all browsers.