Rogue Turning Retrovirus

It's fairly well known that different types of malware can "kill" security products in various ways. These kinds of malware are known as retroviruses. In order to step things up a notch, some risks are utilizing legitimate software uninstallers to trick users into uninstalling legitimate security products. A new variant of the Trojan.FakeAV threat has been using this technique to install a newly released clone of the CoreGuard Antivirus security risk, called "AnVi Antivirus". In this case, the Trojan is utilizing this social engineering technique to trick users into uninstalling many well-known security products, including solutions by Symantec, Microsoft, AVG, Spyware Doctor, and Zone Labs, before installing AnVi Antivirus.
Upon executing the malicious file, the Trojan shows a message box asking the user to uninstall the legitimate antivirus program, if it is present on the computer:

Message box displayed by the Trojan.
In this example, a warning is displayed that the Symantec  antivirus software is “uncertified” and will hamper the computer's performance. The user is left with no other option than clicking OK, which initiates the uninstall process. Even if the user clicks the "close" button, the uninstaller of the antivirus product still executes:

Uninstall screen that will appear if the latest definitions are not installed and Trojan.FakeAV executes.
Upon (continue reading...)