McAfee Labs: Lavians Inc. repackaging utilities programs with browser hijacker

Software company Lavians Inc. is offering free utilities applications for download that actually infect users with the browser hijacker software, Intel Security's McAfee Labs warned in a blog post yesterday.

The malware purports to be legitimate driver utilities for computer brands including HP, Dell and Acer. Available on third-party sites, these once-clean applications have been repackaged to contain malware that controls the Internet Explorer, Firefox, and Chrome browsers, changing their home pages to a malicious URL and switching their default search engines to (no relation to Microsoft's Bing).

McAfee's attempt to uninstall one of the samples failed – the malware only removed clean components while adding two more registry entries, including a shell extension handler for persistence. Even after restarting the computer, the home page remained changed – hosting a "FixBrowserRedirect" advertisement that linked to a website conveniently selling anti-hijacking software.

To restore the system, McAfee suggested removing the registry entries, deleting the malicious file IconOverlayEx.dll, and removing the malicious target in the properties of all browsers.

prestitial ad