Trojan.FakeAlert.UM
HIGH
MEDIUM
108kb
(Trojan.Downloader.WinAntivirus)
Symptoms
The desktop background color is changed to blue, and the the desktop image is altered to display the following message:
The screensaver is changed to the Sysinternals BlueScreen screensaver.
The screensaver is changed to the Sysinternals BlueScreen screensaver.
Removal instructions:
Please let BitDefender disinfect your files.
Analyzed By
Petrea Ruslan, virus researcher
Technical Description:
This is a typical scareware (also known as WinFixer or WinAntivirus).When executed, the trojan changes the desktop image and the system screensaver in order to mislead the user into believing that their computer is infected with spyware.
The trojan collects system information such as the processor model, OS version and list of installed programs, and uploads it to the winifixer.com site.
Downloads from the antivirxp08.com site a fake antivirus, detected as Adware.XpAntivirus.AL, which gives exaggerated reports of existing threats, and prompts the user to purchase it in order to remove the alleged threats.
Drops a Visual Basic script, detected as Application.CleanSystemRestore.A, which uses System Restore to save the current system state as the "Last good restore point".
SHARE
THIS ON