The RocketPC Performance Monitor Malware is a dangerous weapon used against computer users worldwide. It infects mainly via phishing email messages. Our article gives an overview of its behavior according to the collected samples and available reports, also it may be helpful in attempting to remove the virus.
|Name||RocketPC Performance Monitor|
|Short Description||The RocketPC Performance Monitor Malware is a scam program that is designed to infiltrate computer systems.|
|Symptoms||The victims may not experience any apparent symptoms of infection.|
|Distribution Method||Phishing Messages, Freeware Installations, Bundled Packages, Scripts and others.|
|Detection Tool|| See If Your System Has Been Affected by RocketPC Performance Monitor |
Malware Removal Tool
|User Experience||Join Our Forum to Discuss RocketPC Performance Monitor.|
RocketPC Performance Monitor Malware – Distribution Methods
The RocketPC Performance Monitor malware is a dangerous application that is being spread across the Internet posing as a legitimate system utility application. Even though a legitimate version might exist from a quality vendor most of the captured samples have been found to be dangerous.
Threats of this type can be spread using different mechanisms, usually several of them are used at once in order to raise the number of affected clients. There is no information known about the attackers as well, it is probable that they are an experienced team of criminals as the threat has been positioned through various channels.
Some of the typical mechanisms are the following:
- Phishing Email Messages — The criminals will craft email messages that impersonate well-known companies, products and services. Stolen multimedia content of all types is used in order to coerce the recipients into thinking that they are receiving notifications about software products. The typical case involves messages that state that the recipient’s computer is under risk and that they need to apply a software or security update. The RocketPC Performance Monitor malware can be either linked or directly attached to the emails. Any interaction with content like in-text links, images and videos can lead to the infection.
- Malicious Sites — The other widespread mechanism is the creation of fake sites that impersonate download portals, search engines, news sites and other Internet pages which are usually used by computer end users in order to find new software products. They are hosted on similar sounding domain names and use self-signed security certificates in order to appear as legitimate sources.
- Infected Documents — Malicious macros can be the cause of many malware infections. They can be inserted into all popular document formats: presentations, spreadsheets, rich text documents and databases. As soon as they are opened by the victims a prompt will appear asking the users to enable the interactive content. The quoted reason is to correctly view the contents of the files. When the macros are run the virus infection will happen.
- Application Installers — The other popular strategy is to insert the relevant code into the setup files of software that is commonly installed by end users. The hackers typically choose targets such as system utilities, creativity suites, productivity and office applications as well. The way this is done is by taking the legitimate files from their official sources and modifying them with the necessary code.
- File Sharing Networks — Peer-to-peer networks which are widely used by end users in order to share both legitimate and pirate content are one of the most common places where RocketPC Performance Monitor malware can be acquired. At the moment the most popular software is BitTorrent.
- Browser Hijackers — Another technique which is used by the criminals is to cause large campaigns via malicious browser redirects. They are mostly uploaded to the relevant browser repositories with fake user reviews and developer credentials. The posted descriptions promise new feature additions and performance optimizations. As soon as they are installed the RocketPC Performance Monitor malware will be deployed. Other changes that the victims can expect include modifications to the browser settings — this is done in order to redirect the victims to a hacker-controlled page.
Over time other mechanisms can be utilized.
RocketPC Performance Monitor Malware – Detailed Description
The signatures associated with the RocketPC Performance Monitor malware confirm that this is a case of an infected application. The vendor name quoted in the software’s description and installation package is “Solvusoft”. The infections happen as soon as the package is executed. In order to coerce the victims into believing that they are installing a legitimate application as it includes a logo image containing a “Gold Microsoft Partner”.
When the installation has completed it will automatically start the application which will start scanning the computer system for any “issues”. Various warning, including pop-ups and prompts will be shown stating that their security is under threat. In order to fix their computers the users are coerced into paying for a paid license. This is done by “registering” their installed service. In order to register the programs the hackers behind the malware will request information such as the following: personal information, banking card information, address details and etc.
The analysis of the captured samples has revealed that as soon as the application is installed it will also interact with the Windows operating system by setting up a scheduled task. This will automatically start the program as soon as the operating system is booted. In many cases this also disables access to the recovery boot options, menus and other mechanisms which are used by the victims via the manual user removal guides. Intrusive advertising is also shown which is a clear sign fraudulent software. They can entice the users into installing other threats. Other behavior that can follow after the RocketPC Performance Monitor malware has been installed is the following:
- Information Tracking — The victims can be tracked interactively via software and scripts which are installed by the application. Common malware of this category are programmed to directly expose the identity of the victims. This is made possible by searching for strings such as a person’s name, address, phone number, interests and account credentials. If it interacts with the Windows Volume Manager it can also access any removable storage devices and available network shares.
- Machine Identification — The engine can craft an unique ID which is assigned to each individual machine. It is generated via an algorithm that uses information such as the installed hardware components, user settings and certain operating system environment values.
- Windows Registry Changes — By accessing the Windows Registry the relevant engine can create new strings for itself or modify existing ones. This is especially dangerous as the made changes can practically render the compromised computers non-working due to performance issues. Certain services, program features and expected output can fail to start and loss of data is often reported.
- Security Bypass — The virus engine can search for any installed security software that can interfere with the proper virus execution. This includes the likes of anti-virus software, firewalls, intrusion detection systems and virtual machine hosts.
- Additional Payload Delivery — One of the most common tactics employed by hackers is to send out virus files via infections like this one. This is done so because the engine may have already bypassed the relevant security mechanisms that are installed in place.
We anticipate that future versions might include other options as well, including newer design and distribution tactics.
Remove RocketPC Performance Monitor Malware Completely
To remove RocketPC Performance Monitor Malware manually from your computer, follow the step-by-step removal tutorial written down below. In case this manual removal does not get rid of the miner malware completely, you should search for and remove any leftover items with an advanced anti-malware tool. Such software can keep your computer secure in the future.