Palladium Pro – ThinkPoints successor in the wild

Last autumn was lead by ThinkPoint (or fake Microsoft essentials alerts) family of malware. Together with Security Tool Virus it was one of the biggest and the most promoted parasites. Most of other parasite families were divided in smallish, slower attacks that haven’t hit that huge amount of PCs. However, in late November ThinkPoints family went silent. Till now.

Meet Palladium PRO – a new fake antivirus related to ThinkPoint. The parasite is similar in many aspects to ThinkPoint: same infection scheme, almost same design, same scaring stragegy. Paladium Pro virus is introduced by faked Microsoft Security Essentials popups, saying that PC needs another internet security program to remove huge amounts of infections. After that, system reboots and users are greeted with Palladium Antivirus splash screen. The rogue uses Microsoft’s name to convince users that this antivirus is made by Windows makers themself. Its scan claims, that it managed remove some of infections, but others need special, paid, heuristical module which costs around 70 USD. Funnily enough, Heuristical modules are used for parasite identification mostly (in real antivirus) as it analyses behavior patterns of executables rather than helps in removal process. But most users infected with Palladium Pro do not know that.
Differently from its predecessor ThinkPoint, Palladium PRO uses a file in %APPDATA% folder to check if users have paid or not. If the file with specific name exists, it will claim that system is cleaned sucessfuly and most annoying popups will stop. However, trojans promoting scareware Palladium Antivirus will not be gone, and might hinder system work or download other versions of fake antiviruses. This means that if you are infected with rogue antiviruses, you need to scan system with decent anti-malware programs to remove all the Trojans and secure the system from similar intrusions.
How to get rid of Palladium Pro guide is available on 2-viruses.com