14 DAY TRIAL // A new version of the Vonteera adware family has been spotted using a new trick that employs digital certificates from security vendors and the Windows User Access Control (UAC) feature to block new antivirus installations.
Vonteera, a simple adware that has been around for years was always attaching itself to browsers and showing ads that led users to Web pages where they could download and install PUPs (Potentially Unwanted Programs).
According to security firm Malwarebytes, a recent version of this adware has now turned full-evil and will now be classified as a trojan because of its most recent "tricks."
Vonteera, after infecting users, now goes on to copy 13 digital certificates to the "Untrusted Certificates" section of Windows, which is used by the Windows UAC feature to block and warn users about potentially dangerous or harmful applications.
The sneaky part is that these 13 certificates all belong to security software and antivirus makers like Avast, AVG, Avira, Baidu, Bitdefender, ESET, ESS Distribution, Lavasoft, Malwarebytes, McAffee, Panda Security, TreatTrack Security, and Trend Micro.
Vonteera blocks new antivirus installations but can't disable currently software
If users want to install a new antivirus, their Windows operating system will block this action and show a UAC alert. The purpose of doing this is to prevent users from installing software that may lead to the adware's detection.
The adware is not capable of disabling current antivirus solutions running on the system, but if the adware passed through your existing defenses undetected, it may be time to search and install a new antivirus anyway.
Fortunately, Malwarebytes provides a few ways to get around Vonteera's Untrusted Certificates trick, either by removing the certificates manually, or using the Task Scheduler method.
As for Vonteera's other operations, the former adware, now trojan, continues to carry on with its old MO, injecting itself into Web browsers like Internet Explorer, Chrome, Safari, Opera, or Firefox, and using the Windows Task Scheduler to show ads at regular time intervals.
