McAfee > Theat Center > Virus Detail Page

Overview

Characteristics

Characteristics -

McAfee® Avert® Labs recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.aspx for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

ErrorKiller is a security program that is designed to scan and detect errors on a computer. The results of a scan are simple anomalies in a system, such as references to registry keys which have no data, references to files which do not exist, etc. The detections serve as "Scare Tactics" to trick the user into believing their system state is unstable, enticing the user to purchase their products.

The following image shows the interface of ErrorKiller:

The following image shows the software requesting user registration:

The following are some installation details.

("%InstallationDir%" is the installation directory)

Registry modified to stay persistent on reboot:

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ErrorKiller: ""%InstallationDir%ErrorKiller\ErrorKiller.exe" -boot"

At the time of testing, the following keys were added to the system:

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ErrorKiller_is1
• HKEY_LOCAL_MACHINE\SOFTWARE\ErrorKiller
• HKEY_LOCAL_MACHINE\SOFTWARE\ErrorKiller\ErrorKiller
• HKEY_LOCAL_MACHINE\SOFTWARE\ErrorKiller\ErrorKiller\Settings

At the time of testing, the following files were added to the system:

• %USER_PROFILE%\Application Data\ErrorKiller\Log\[removed].log
• %USER_PROFILE%\Desktop\ErrorKiller.lnk
• %USER_PROFILE%\Start Menu\Programs\ErrorKiller\ErrorKiller on the Web.lnk
• %USER_PROFILE%\Start Menu\Programs\ErrorKiller\ErrorKiller.lnk
• %USER_PROFILE%\Start Menu\Programs\ErrorKiller\Uninstall ErrorKiller.lnk
• %InstallationDir%\ErrorKiller\DataBase.ref
• %InstallationDir%\ErrorKiller\ErrorKiller.exe
• %InstallationDir%\ErrorKiller\ErrorKiller.url
• %InstallationDir%\ErrorKiller\license.rtf
• %InstallationDir%\ErrorKiller\RegCleaner.dll
• %InstallationDir%\ErrorKiller\TCL.dll
• %InstallationDir%\ErrorKiller\unins000.dat
• %InstallationDir%\ErrorKiller\unins000.exe
• %InstallationDir%\ErrorKiller\zlib.dll
• %Windir%\Tasks\ErrorKiller Scheduled Scan.job

Though the software installation provides an uninstaller, an application uninstall does not remove all installed components.

Symptoms

Method of Infection

Removal

Instructions on Enabling/Disabling Detection and Removal of Potentially Unwanted Programs

Variants

Variants

N/A

All Information

Overview -

Characteristics

Characteristics -

Characteristics -

McAfee® Avert® Labs recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.aspx for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

ErrorKiller is a security program that is designed to scan and detect errors on a computer. The results of a scan are simple anomalies in a system, such as references to registry keys which have no data, references to files which do not exist, etc. The detections serve as "Scare Tactics" to trick the user into believing their system state is unstable, enticing the user to purchase their products.

The following image shows the interface of ErrorKiller:

The following image shows the software requesting user registration:

The following are some installation details.

("%InstallationDir%" is the installation directory)

Registry modified to stay persistent on reboot:

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ErrorKiller: ""%InstallationDir%ErrorKiller\ErrorKiller.exe" -boot"

At the time of testing, the following keys were added to the system:

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ErrorKiller_is1
• HKEY_LOCAL_MACHINE\SOFTWARE\ErrorKiller
• HKEY_LOCAL_MACHINE\SOFTWARE\ErrorKiller\ErrorKiller
• HKEY_LOCAL_MACHINE\SOFTWARE\ErrorKiller\ErrorKiller\Settings

At the time of testing, the following files were added to the system:

• %USER_PROFILE%\Application Data\ErrorKiller\Log\[removed].log
• %USER_PROFILE%\Desktop\ErrorKiller.lnk
• %USER_PROFILE%\Start Menu\Programs\ErrorKiller\ErrorKiller on the Web.lnk
• %USER_PROFILE%\Start Menu\Programs\ErrorKiller\ErrorKiller.lnk
• %USER_PROFILE%\Start Menu\Programs\ErrorKiller\Uninstall ErrorKiller.lnk
• %InstallationDir%\ErrorKiller\DataBase.ref
• %InstallationDir%\ErrorKiller\ErrorKiller.exe
• %InstallationDir%\ErrorKiller\ErrorKiller.url
• %InstallationDir%\ErrorKiller\license.rtf
• %InstallationDir%\ErrorKiller\RegCleaner.dll
• %InstallationDir%\ErrorKiller\TCL.dll
• %InstallationDir%\ErrorKiller\unins000.dat
• %InstallationDir%\ErrorKiller\unins000.exe
• %InstallationDir%\ErrorKiller\zlib.dll
• %Windir%\Tasks\ErrorKiller Scheduled Scan.job

Though the software installation provides an uninstaller, an application uninstall does not remove all installed components.

Symptoms

Symptoms -

Method of Infection

Method of Infection -

Removal -

Removal -

Instructions on Enabling/Disabling Detection and Removal of Potentially Unwanted Programs

Variants

Variants -

N/A