What is VirusResponse Lab 2009?
It is rogue computer security program that should not be trusted. VirusResponse Lab 2009 is installed onto user’s machine by Trojan.Zlob which pretends to be as a codec needed to play a video. In sum, after trying to play video from some malicious website, you will be asked you to download special codec needed to play that video. Since codec is bundled with Trojan.Zlob, your computer system will be supplemented with VirusResponse Lab 2009, which will start computer scan for malicious objects immediately, generating report in the end, that contains assumed threats. The program will start every time "Windows" is booted up prompting user to buy licensed software version in order to clean computer from threats:
In fact, VirusResponse Lab 2009 is not able to remove spyware, viruses and other malware, it is only a way to make user scared and persuade him to buy commercial program version.
VirusResponse Lab 2009 fake alert:
Related threats: Virus Trigger, Antivirus Trigger
In fact, VirusResponse Lab 2009 is not able to remove spyware, viruses and other malware, it is only a way to make user scared and persuade him to buy commercial program version.
VirusResponse Lab 2009 fake alert:
Related threats: Virus Trigger, Antivirus Trigger
VirusResponse Lab 2009 removal tool:
- Spyware Doctor (see here for the installation guide)
Screenshot:
VirusResponse Lab 2009 Entries:
The following dll files are created: bcxjqr.dll, duzakwq.dll, dvxwfz.dll, ebmkdz.dll, oanlvs.dll, obicx.dll, qfrmwmq.dll, teoga.dll, vimhx.dll, zgyhw.dll
The following files are created:
virlab_install.exe (setup file), VirusResponseLab2009.exe, VirRL2009.exe, ViRsLab.exe
Hijackthis Entries:
O4 Entries:
O4 - HKCU\..\Run: [ViRsLab] "C:\Program Files\ViRsLab\ViRsLab.exe"
O4 - HKCU\..\Run: [VirRL2009] "C:\Program Files\VirRL2009\VirRL2009.exe"
O4 - HKCU\..\Run: [VirusResponseLab2009] "C:\Program Files\VirusResponseLab2009\VirusResponseLab2009.exe"
O22 Entries:
O22 - SharedTaskScheduler: hypoch - {2f199d0e-f3e7-41a7-a060-816c24cceea0} - C:\ WINDOWS\system32\zgyhw.dll
O22 - SharedTaskScheduler: headstock - {e517b912-2c97-4a94-8b15-e7fe902b8d86 } - C:\WINDOWS\system32\dvxwfz.dll
O22 - SharedTaskScheduler: emaa - {2f199d0e-f3e7-41a7-a060-816c24cceea0} - C:\WINDOWS\system32\teoga.dll
O22 - SharedTaskScheduler: bisque - {fb357e54-83f1-4a3c-80a2-319201ed6c17} - C:\ WINDOWS\system32\obicx.dll
O22 - SharedTaskScheduler: impetuousities - {0ba3e00d-b660-46e6-a2db- 2672ee82dc98} - C:\WINDOWS\system32\oanlvs.dll
O22 - SharedTaskScheduler: hemielytron - {7ca07c92-0ab2-4346-b119-a076695d46ed} - C:\WINDOWS\system32\duzakwq.dll
O22 - SharedTaskScheduler: bismuthiferous - {d04bbe06-7ce7-405e-8730- cd56d9531cbb} - C:\WINDOWS\system32\vimhx.dll
O22 - SharedTaskScheduler: displume - {d54f12f7-4d76-4c39-a096-e51ef5d33f2b} - C :\WINDOWS\system32\qfrmwmq.dll
O22 - SharedTaskScheduler: awash - {e3623691-f85d-48d8-8e4d-abe79077f841} - C:\ WINNT\system32\bcxjqr.dll
O22 - SharedTaskScheduler: cypselomorphae - {6b9a461b-893f-45ee-8c59- 06d3a2223b24} - C:\WINDOWS\system32\ebmkdz.dll
O4 - HKCU\..\Run: [ViRsLab] "C:\Program Files\ViRsLab\ViRsLab.exe"
O4 - HKCU\..\Run: [VirRL2009] "C:\Program Files\VirRL2009\VirRL2009.exe"
O4 - HKCU\..\Run: [VirusResponseLab2009] "C:\Program Files\VirusResponseLab2009\VirusResponseLab2009.exe"
O22 Entries:
O22 - SharedTaskScheduler: hypoch - {2f199d0e-f3e7-41a7-a060-816c24cceea0} - C:\ WINDOWS\system32\zgyhw.dll
O22 - SharedTaskScheduler: headstock - {e517b912-2c97-4a94-8b15-e7fe902b8d86 } - C:\WINDOWS\system32\dvxwfz.dll
O22 - SharedTaskScheduler: emaa - {2f199d0e-f3e7-41a7-a060-816c24cceea0} - C:\WINDOWS\system32\teoga.dll
O22 - SharedTaskScheduler: bisque - {fb357e54-83f1-4a3c-80a2-319201ed6c17} - C:\ WINDOWS\system32\obicx.dll
O22 - SharedTaskScheduler: impetuousities - {0ba3e00d-b660-46e6-a2db- 2672ee82dc98} - C:\WINDOWS\system32\oanlvs.dll
O22 - SharedTaskScheduler: hemielytron - {7ca07c92-0ab2-4346-b119-a076695d46ed} - C:\WINDOWS\system32\duzakwq.dll
O22 - SharedTaskScheduler: bismuthiferous - {d04bbe06-7ce7-405e-8730- cd56d9531cbb} - C:\WINDOWS\system32\vimhx.dll
O22 - SharedTaskScheduler: displume - {d54f12f7-4d76-4c39-a096-e51ef5d33f2b} - C :\WINDOWS\system32\qfrmwmq.dll
O22 - SharedTaskScheduler: awash - {e3623691-f85d-48d8-8e4d-abe79077f841} - C:\ WINNT\system32\bcxjqr.dll
O22 - SharedTaskScheduler: cypselomorphae - {6b9a461b-893f-45ee-8c59- 06d3a2223b24} - C:\WINDOWS\system32\ebmkdz.dll