NavaShield

Scan Page
NavaShield's scan page
Fake Deletion of the hard drive
NavaShield fakes deletion of the hard drive

NavaShield is a fake antivirus software. It fools users into downloading and installing malicious software ("malware") by giving them false alerts and running fake scans with exaggerated results. Using these results, it tries to fool the user into buying a "full" version of the product. However, all NavaShield really does is give false results in virus scans, download more malware and, for those fooled into buying the registered version of the fake product, commit identity theft.

Effects

NavaShield had its own website, navashield.com. It looked like a legitimate antivirus website, such as those by Symantec and McAfee. Because of this, many Windows users were fooled and decided that the program looked trustworthy enough to download.

Once downloaded, the user must manually install NavaShield, by clicking on a link. Upon the completion of the installation, the application first asked the user if they wanted to buy the full version right away, or if they wanted to get a 7-day trial key. Then, NavaShield would perform a scan. If the trial key was used, NavaShield would just tell the user that their system is protected. After the week had gone by, NavaShield would start its damage. It started with annoying "ticking" noises and a popup telling the user that their trial is over. This effect may happen for years after the infection date, but the user may not pay much attention to it. However, after a certain amount of time, the same popup appears, except a loud, annoying laughing sound begins playing through the computer's speakers, followed by an even more annoying higher pitched laughing sound. Then, the default internet browser will begin opening random pornographic sites and Windows Explorer will begin opening random folders. It also tries to email fake addresses, and Microsoft Sam starts swearing at the user as the status bar grows and shrinks rapidly.[1] During this, Task Manager is blocked to ensure that the process is not ended. This simulates a real malware infection, fooling users into thinking that they need to buy NavaShield to remove it. If the user actually did buy the antivirus software, the sound effects would stop, and NavaShield would fake removal of the malware. However, it isn't actually doing anything but using the user's credit card for further fraudulent activities.

The second, more rare effect is a fake format of the hard drive. A NavaShield "your computer is infected" popup appears in the corner. In the center of the screen a fake error message saying "Disk Drive C: is being deleted" slowly expands to cover the entire screen. Below this is a loading bar, showing how much time the user has to buy the software before their computer's hard drive is "deleted". The Internet Explorer information bar sound plays continuously and program execution is blocked. After the entire screen has been covered, and the loading bar has been filled, the computer displays a blank blue screen, but the sound effects continue until the computer is restarted. Upon rebooting the system the error message is activated again after several minutes.

System Changes

Files Created

%ProgramFiles%\Nava Labs\NavaShield\NavaUpdater.exe
%ProgramFiles%\Nava Labs\NavaShield\NavaBridge.exe
%ProgramFiles%\Nava Labs\NavaShield\NavaDebugger.exe
%ProgramFiles%\Nava Labs\NavaShield\NavaShield.exe
%UserProfile%\desktop\NavaShield.lnk

Folders Created

%ProgramFiles%\Nava Labs
%StartMenu%\Nava Shield
%StartMenu%\Programs\Nava Shield
%ApplicationData%\Programs\Nava Shield/del/

Registry Changes

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
NavaBridge
"C:\Program Files\Nava Labs\NavaShield\NavaBridge.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
NavaDebugger
"C:\Program Files\Nava Labs\NavaShield\NavaDebugger.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
NavaUpdater
"C:\Program Files\Nava Labs\NavaShield\NavaUpdater.exe"

Other websites

References

  1. He will also begin saying nonsensical things such as, "I am a robot from outer space."
This article is issued from Wikipedia - version of the 11/15/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.