14 DAY TRIAL // Most people who follow information security news are aware of ACAD/Medre.A, the piece of malware which made headlines after stealing AutoCAD files from organizations in Peru and neighboring countries. As it turns out, scammers are relying on its reputation to convince users into buying all sorts of shady removal products.
ESET researchers, the ones who first identified the threat, reported to have seen a website that advertises anti-Medre software.
However, all the information provided by the website regarding the malware is inaccurate. For instance, the owners of the site claim that Medre hijacks computers, brings up unwanted pop-ups, corrupts registries and changes the desktop wallpaper.
The dangers presented by the malicious element and ways of removing it are also erroneous.
The removal tool, advertised as Symantec’s PC Tools, is actually comprised of three different files: FixNRC.reg, SpeedyPC Pro Installer.exe, and SpyHunter-installer.exe.
Experts have put these so-called anti-malware applications to the test and the results are not surprising at all. The .reg file clears a set of registries usually used by malicious code, but in this case, none of the entries actually used by Medre are cleaned.
Furthermore, SpyHunter, which should be an application specifically designed to remove Medre, failed to detect it, even though the researchers planted a variant of the malware on the test system.
Finally, SpeedyPC Pro identified 63 issues, but none of them was the Trojan in question and, of course, none of the problems were actually real.
At this point, the user is urged to register the apps in order to address all the bugs that affect the system. The site which serves the bogus security solutions also advertises 24/4 live tech support.
Those who try to benefit from the 24/7 support – which is actually closed during the weekends – are met by an individual called James who attempts to offer malware-removal services for $119 (€95).
As always, we advise users to steer clear of such scams and rely only on trusted products to secure their computers.