Adware, the breed of unwanted software that plasters your screen with spammy advertising, has long been seen as more of a nuisance than a threat. That was until the Vonteera adware gained the potentially destructive ability to disable even some of the best antivirus software on Windows.
Vonteera does this by tricking your system into distrusting software from a dozen reputable antivirus companies. Malwarebytes, on of the firms affected, reported this news in a blog post that explains how the Vonteera adware edits system files to stop users from removing the adware, making the user even more vulnerable to real malware.
Modern computer operating systems, including mobile OS's, use digital files known as certificates to verify where software originates. Each certificate contains secret encryption keys, known only to the legitimate software maker, that certify that a piece of software, for example, come from Microsoft rather than from Crazy Ivan's Malware Bazaar.
But sometimes certificates are stolen or compromised, leading to the possibility that Crazy Ivan might use them to trick computers into installing malicious software. In such cases, a software maker will revoke a certificate, pushing out a software update that puts the certificate into an "untrusted" folder.
According to Malwarebytes, Vonteera pulls a very dirty trick indeed: It adds certificates belonging to Avast, AVG, Avira, Baidu, Bitdefender, ESET, Lavasoft, Malwarebytes, McAfee, Panda, ThreatTrack and Trend Micro to the Untrusted Certificates folder.
Once that's been done, a Windows system will refuse to open, run or update any software signed with certificates listed in the Untrusted Certificates folder. If you run antivirus software from any of the affected vendors, it will simply stop working, leaving you open to all sorts of dangerous attacks.
Vonteera has a few other tricks up its sleeve: It changes shortcuts on the Windows user desktop and in the Windows taskbar, and redirects the home pages of the Chrome, Firefox, Internet Explorer, Opera and Safari Web browsers so that the browsers open on an ad website. (If your browser has been hijacked by adware, here are instructions to reset Chrome, Firefox, IE and Safari.)
Most adware distributors operate entirely legally, and some have even sued antivirus companies that block adware. We're not quite sure who distributes Vonteera, but disabling antivirus software may cross the line into illegality.
If you are getting hit by adware, and your anti-malware software won't run, Malwarebytes has provided instructions to show you how to clean your certificates folder. Users will need to open the certificate manager, remove each antivirus or anti-malware company's certificates from the Unwanted Certificates folder and run anti-malware software to remove Vonteera's software.