Microsoft automatically removed malicious adware from millions of computers this week. The adware is called Vonteera and was removed by Microsoft's Malicious Software Removal Tool (MSRT).
Vonteera was first detected in August 2013 but in recent months the number of systems infected by the adware rapidly increased. According to Microsoft the adware was detected 8 million times during the past six months. About 60% of the detections were in Saudi Arabia and United Arab Emirates.
The adware is distributed by software bundles with free games, video codecs and video players. Once Vonteera is installed it modifies Internet browser settings. It can prevent users from changing their browser homepage, search provider, and installed extensions. It also makes modifications to the PC that might prevent it from running security software.
More recent versions of Vonteera began adding legitimate certificates that belong to a number of security and antimalware products to the untrusted certificates list that the Windows operating system maintains, which forces Windows to not trust legitimate security and antimalware products. This means that if Vonteera is present on a PC, it might not be possible to run security software.
Users can remove certificates from the listed of untrusted certificates but a Vonteera background service called "Application Information Process" will automatically put them back.
