There’s a dangerous fake antivirus software making its way around the internet. That software claims to protect your system from virus problems – but in reality, it infects your system with dangerous malware.
Antivirus programs are supposed to protect your computer. Unfortunately for victims of an exploit called AVGater, the opposite happened. These users downloaded and installed antivirus software thinking that it would make them safe from threats, but quickly found that wasn’t the case.
The AVGater exploit isn’t linked to any specific antivirus software: instead, it can be used to exploit many major antivirus programs.
Austria-based PC security expert Florian Bogner discovered the vulnerability. He’s the one who named it AVGater.
Essentially, the antivirus-based-virus works by relocating malware from an antivirus quarantine folder to a sensitive location on the victim’s system.
Typically, antivirus software deposits dangerous malware into a “quarantine” zone on your computer. This quarantine consists of a protected folder that the virus cannot escape from. The virus is analyzed in this quarantine zone, then possibly deleted.
Instead of deleted quarantined antivirus software, this latest exploit takes a different approach. It deliberates releases that quarantined antivirus software, relocating it from a quarantine folder to a critical system folder.
Antivirus Companies Have Already Released Updates
Fortunately, most major antivirus companies have already released updates to address this issue. Those companies include Emisoft, Kaspersky, Malwarebytes, Trend Micro, ZoneAlarm, and Ikarus.
SpyRemover Pro, meanwhile, was totally unaffected by the vulnerability.
AVGater Requires Physical Access to a Machine
Ultimately, this latest virus problem isn’t expected to have a major impact on the community – especially since it has already been patched by most major antivirus companies.
AVGater also requires attackers to have physical access to a machine in order for the exploit to work. That means an average user at home is likely protected from this issue – although users on shared networks or in shared workplaces may be susceptible.
After gaining physical access to the machine, the attacker needs to abuse a Windows feature called NTFS file junction point, which allows the attacker to relay a quarantined file to the directory of their choice – like a critical Windows folder. At this point, the malware can be run with full privileges.
In layman’s terms, this attack manipulates the “restore” process. The restore process is used to ensure that a critical Windows file isn’t accidentally quarantined by antivirus software, then unable to be restored. However, attackers can abuse this feature to restore a real virus problem.
Conclusion: Download SpyRemover Pro to Maximize Protection and Value
SpyRemover Pro is an award-winning antivirus program designed to safeguard your computer against dangerous online threats. The software also optimizes PC performance, clears up hard drive space, and performs other crucial tasks.
Discover how the world’s leading antivirus software can improve the performance of your PC. Download SpyRemover Pro today.