Wolfram Antivirus

By | August 18, 2011 | 0 Comment

Without a doubt, Wolfram Antivirus is a symbol of another useless application hiding inside an attractive designed console of a copied legitimate antivirus application. This rogue is not in any way correlated to authentic security software, in fact, copying the genuine one is part of its deceiving routine. Providing unfamiliar name (Wolfram) for this rogue product is another approach to propel user into visiting website once a search is done. Not for long, looking for the phrase ‘Wolfram Antivirus’ on Internet makes you discover that it is nothing but a senseless program made to scam computer owners.  Valid security web sites clearly explain in detail why Wolfram Antivirus was dubbed as superfluous antivirus software.

First, it attempts to invade target computer seeking the help of a dangerous Trojan known to many as Rootkit. Having the skill of penetrating system and evading installed AV application make Rootkit Trojan a mighty tool to load Wolfram Antivirus inside target computer without being spotted.

Second, Wolfram Antivirus will disguise as a required multimedia coder/decoder on sites that offers movies, mostly are adult and explicit. It insists a download of said player to proceed with the video. Without hesitation, being eager to watch wanted movie, user may not notice that it is actually a copy of Wolfram Antivirus being installed and not the so called required codec.
Finally, this malware alone is adequate to perform damages that entire family of threats can execute. Wolfram Antivirus kills any running anti-virus application to avoid interference with its undertaking. Computers will be left useless, locking the desktop and blocking execution of locally available programs.

Type Rogue
Sub-Type FakeAV
OS Affected Windows XP, Windows Vista, Windows 7

What are the Symptoms of Wolfram Antivirus Infection?

It will modify Windows Registry and add the following entry:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\Current Version\Windows “load”=”%Temp%\csrss.exe”

The threat will drop the following malicious files:
%StartMenu%\Programs\Startup\csrss.exe
%UserProfile%\Application Data\Wolfram Antivirus\csrss.exe
%UserProfile%\Application Data\Wolfram Antivirus\wf.conf
%UserProfile%\Application Data\Wolfram Antivirus\Wolfram Antivirus.exe
%UserProfile%\Desktop\Wolfram Antivirus.lnk

Leave a Reply

Your email address will not be published. Required fields are marked *