[Summary]

Adware/Rogueware.MediCom.A is downloaded and installed without the user's knowledge.  A list is shown with false adware or spyware detections and payment is induced in order to repair the malware.

[Propagation]

Adware/Rogueware.MediCom.A is downloaded and installed through other malware.

[Symptoms]

1. Creates files in the following path.

- (Program Folder)\medicom\launcher.exe 
- (Program Folder)\medicom\medicom.exe  
- (Program Folder)\medicom\medicomblk.dll
- (Program Folder)\medicom\medicomfnc.dll
- (Program Folder)\medicom\medicomres.dll
- (Program Folder)\medicom\medicomup.exe
- (Program Folder)\medicom\searced.log  
- (Program Folder)\medicom\uninstall.exe

2. The following registry key is created in order to run automatically upon Windows startup.

- HKEY_LOCAL_MACHINE\
    SOFTWARE\
      Microsoft\
        Windows\
          CurrentVersion\
            Run

- Name: medicom
- Data: "(Program Folder)\medicom\launcher.exe (Program Folder)\medicom\medicomup.exe"

3. The registry created by Adware/Rogueware.MediCom.A is shown below.

- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\medicom
- HKCU\Software\medicom

[Reference Information]

- In Windows, (Program Folder) generally refers to C:\Program Files

[Repairing with nProtect Netizen / nProtect Personal]

1. Run the product and clik on the ON-SCAN button by the top.
2. Check on all the files in Settings and click on the Scan Now button.
3. If a malware is detected through the scan, click on the Yes button in the Treatment Option Window.
4. Check if the malware has been successfully repaired.

[Repairing with nProtect Anti-Virus/Spyware 2007 / nProtect GameGuard Personal 2007]

1. Run the product and update the engine and patch file to the latest version. (Using the main window, tray icon, or start menu)
2. Select the Virus/Spyware tab and click on the Scan Now button.
3. If a malware is detected through the scan, click on the Repair button.
4. Check if the malware has been successfully repaired.