VirusHeal is the last rogue antivirus software built by the creators of SpyFalcon, SpyAxe, SpywareStrike and SpywareQuake. It is said that this program is the successor of the popular SpywareQuake rogue and security researchers expect that the impact of this bogus AV software on casual users` PCs will be quite big.
Cyber-criminals use various techniques to implant this parasite into victims' machines. In our research, we were able to find two attack vectors: infected sites and fake software updates. We isolated 4 different websites (offline at the moment of writing this article) which were using java drive by download exploit to plant VirusHeal virus onto user's computer. The other method of infection was fake Adobe Reader updates via spam email messages that distributed the rogue.
Once installed on victim's machine, VirusHeal makes immediate registry and system changes in order to ensure that it will auto-start every time the infected computer is rebooted. Next, it starts showing fake alerts on the Taskbar stating that your system is infected with malware, and you need to run special software in order to clean it. This so called "special software" appears to be the imaginary commercial version of VirusHeal. In the meanwhile, the rogue auto-initiates security scans. At the end of these scans, you will receive a big list with spyware and malware supposedly found on your computer, and alerts saying that you need to remove these infections as soon as possible. Of course, you need to pay for the full version of VirusHeal to do that. Please remember! All the scan results, all the Taskbar messages and alerts, are FAKE! This software is FAKE! It has nothing to do with a real security program – it is made just to steal your money. Instead of paying for VirusHeal, you must remove it as soon as possible from your computer.
Once you remove VirusHeal it is a good practice to run a full scan of your computer with a legitimate anti-spyware software. That way you will get sure that there are no parasites left on the computer and that the private data is safe.