Software company Lavians Inc. is offering free utilities applications for download that actually infect users with the Bing.vc browser hijacker software, Intel Security’s McAfee Labs warned in a blog post yesterday.
The malware purports to be legitimate driver utilities for computer brands including HP, Dell and Acer. Available on third-party sites, these once-clean applications have been repackaged to contain malware that controls the Internet Explorer, Firefox, and Chrome browsers, changing their home pages to a malicious URL and switching their default search engines to bing.vc (no relation to Microsoft’s Bing).
McAfee’s attempt to uninstall one of the samples failed – the malware only removed clean components while adding two more registry entries, including a shell extension handler for persistence. Even after restarting the computer, the home page remained changed – hosting a “FixBrowserRedirect” advertisement that linked to a website conveniently selling anti-hijacking software.
To restore the system, McAfee suggested removing the registry entries, deleting the malicious file IconOverlayEx.dll, and removing the malicious target in the properties of all browsers.