Beware of browser hijacker that comes bundled with legitimate software
Lavians, a “small software vendor team,” is packaging its offerings with a variant of browser-hijacking malware Bing.vc.
The company sells and offers for free different types of software (drivers and other kinds of utilities) on their own website, but also on popular download sites.
Unfortunately, most of them come bundled with the aforementioned malware, which installs itself into Internet Explorer, Firefox, and Chrome without the user’s consent.
Ad-injectors and browser hijackers are definitely a nuisance, and more often than not, a danger for less tech savvy users. It is unfortunate, then, that this type of users are also more likely to get saddled with them.
Bing.vc, in particular, is a difficult-to-get-rid-of nuisance. Once the user installs a piece of software offered by the company, the installer also silently delivers and installs Bing.vc.
And when the malware hijacks their browser’s home page and starts redirecting them to unexpected sites, they won’t know why that happens, or what to do about it.
Luckily for them, the bing.vc website to which they are redirected sports a prominent ad for a solution that will supposedly help them solve this problem. Clicking on the ad leads them to this (or a similar) site, and some of them might be tricked into paying for the software:
This particular website has already been pulled down, but there is no doubt that similar ones will soon be created, and the link in the ad changed to point to them. Needless to say, victims are advised not to buy the software.
Users who manage to figure out what triggered the browser hijacking will maybe try to uninstall the application, but the option won’t provide relief – the file responsible for redirection will remain on the computer, and two entries will be added to the Windows registry to ensure that the browser hijacker keeps running and doing its thing.
Users will have to remove that file manually, delete the two registry entries, and clean up the browsers’ shorcut (in the browser’s “Properties”). For more detailed info about restoring the system back to normal, check out Intel Security’s blog post.