What is VirusResponse Lab 2009?
- Type: Spyware
- Category: Rogue Programs
- Discovered: 15 September 2008
- Removal tools: Malwarebytes' Anti-Malware, Spyware Doctor
1. Introduction
It is rogue computer security program that should not be trusted. VirusResponse Lab 2009 is installed onto user’s machine by Trojan.Zlob which pretends to be as a codec needed to play a video. In sum, after trying to play video from some malicious website, you will be asked you to download special codec needed to play that video. Since codec is bundled with Trojan.Zlob, your computer system will be supplemented with VirusResponse Lab 2009, which will start computer scan for malicious objects immediately, generating report in the end, that contains assumed threats. The program will start every time "Windows" is booted up prompting user to buy licensed software version in order to clean computer from threats:
In fact, VirusResponse Lab 2009 is not able to remove spyware, viruses and other malware, it is only a way to make user scared and persuade him to buy commercial program version.
VirusResponse Lab 2009 fake alert:
Related threats: Virus Trigger, Antivirus Trigger
In fact, VirusResponse Lab 2009 is not able to remove spyware, viruses and other malware, it is only a way to make user scared and persuade him to buy commercial program version.
VirusResponse Lab 2009 fake alert:
Related threats: Virus Trigger, Antivirus Trigger
2. VirusResponse Lab 2009 removal tools:
- Malwarebytes' Anti-Malware (for the installation guide click here)
- Spyware Doctor (for the installation guide click here)
3. Screenshot:
4. VirusResponse Lab 2009 files:
bcxjqr.dll, duzakwq.dll, dvxwfz.dll, ebmkdz.dll, oanlvs.dll, obicx.dll, qfrmwmq.dll, teoga.dll, vimhx.dll, zgyhw.dllvirlab_install.exe (setup file), VirusResponseLab2009.exe, VirRL2009.exe, ViRsLab.exe
5. Hijackthis entries:
O4 Entries:
O4 - HKCU\..\Run: [ViRsLab] "C:\Program Files\ViRsLab\ViRsLab.exe"
O4 - HKCU\..\Run: [VirRL2009] "C:\Program Files\VirRL2009\VirRL2009.exe"
O4 - HKCU\..\Run: [VirusResponseLab2009] "C:\Program Files\VirusResponseLab2009\VirusResponseLab2009.exe"
O22 Entries:
O22 - SharedTaskScheduler: hypoch - {2f199d0e-f3e7-41a7-a060-816c24cceea0} - C:\ WINDOWS\system32\zgyhw.dll
O22 - SharedTaskScheduler: headstock - {e517b912-2c97-4a94-8b15-e7fe902b8d86 } - C:\WINDOWS\system32\dvxwfz.dll
O22 - SharedTaskScheduler: emaa - {2f199d0e-f3e7-41a7-a060-816c24cceea0} - C:\WINDOWS\system32\teoga.dll
O22 - SharedTaskScheduler: bisque - {fb357e54-83f1-4a3c-80a2-319201ed6c17} - C:\ WINDOWS\system32\obicx.dll
O22 - SharedTaskScheduler: impetuousities - {0ba3e00d-b660-46e6-a2db- 2672ee82dc98} - C:\WINDOWS\system32\oanlvs.dll
O22 - SharedTaskScheduler: hemielytron - {7ca07c92-0ab2-4346-b119-a076695d46ed} - C:\WINDOWS\system32\duzakwq.dll
O22 - SharedTaskScheduler: bismuthiferous - {d04bbe06-7ce7-405e-8730- cd56d9531cbb} - C:\WINDOWS\system32\vimhx.dll
O22 - SharedTaskScheduler: displume - {d54f12f7-4d76-4c39-a096-e51ef5d33f2b} - C :\WINDOWS\system32\qfrmwmq.dll
O22 - SharedTaskScheduler: awash - {e3623691-f85d-48d8-8e4d-abe79077f841} - C:\ WINNT\system32\bcxjqr.dll
O22 - SharedTaskScheduler: cypselomorphae - {6b9a461b-893f-45ee-8c59- 06d3a2223b24} - C:\WINDOWS\system32\ebmkdz.dll
O4 - HKCU\..\Run: [ViRsLab] "C:\Program Files\ViRsLab\ViRsLab.exe"
O4 - HKCU\..\Run: [VirRL2009] "C:\Program Files\VirRL2009\VirRL2009.exe"
O4 - HKCU\..\Run: [VirusResponseLab2009] "C:\Program Files\VirusResponseLab2009\VirusResponseLab2009.exe"
O22 Entries:
O22 - SharedTaskScheduler: hypoch - {2f199d0e-f3e7-41a7-a060-816c24cceea0} - C:\ WINDOWS\system32\zgyhw.dll
O22 - SharedTaskScheduler: headstock - {e517b912-2c97-4a94-8b15-e7fe902b8d86 } - C:\WINDOWS\system32\dvxwfz.dll
O22 - SharedTaskScheduler: emaa - {2f199d0e-f3e7-41a7-a060-816c24cceea0} - C:\WINDOWS\system32\teoga.dll
O22 - SharedTaskScheduler: bisque - {fb357e54-83f1-4a3c-80a2-319201ed6c17} - C:\ WINDOWS\system32\obicx.dll
O22 - SharedTaskScheduler: impetuousities - {0ba3e00d-b660-46e6-a2db- 2672ee82dc98} - C:\WINDOWS\system32\oanlvs.dll
O22 - SharedTaskScheduler: hemielytron - {7ca07c92-0ab2-4346-b119-a076695d46ed} - C:\WINDOWS\system32\duzakwq.dll
O22 - SharedTaskScheduler: bismuthiferous - {d04bbe06-7ce7-405e-8730- cd56d9531cbb} - C:\WINDOWS\system32\vimhx.dll
O22 - SharedTaskScheduler: displume - {d54f12f7-4d76-4c39-a096-e51ef5d33f2b} - C :\WINDOWS\system32\qfrmwmq.dll
O22 - SharedTaskScheduler: awash - {e3623691-f85d-48d8-8e4d-abe79077f841} - C:\ WINNT\system32\bcxjqr.dll
O22 - SharedTaskScheduler: cypselomorphae - {6b9a461b-893f-45ee-8c59- 06d3a2223b24} - C:\WINDOWS\system32\ebmkdz.dll