Trojan.FakeAlert.AAF
LOW
LOW
180-200 KB
(Trojan-Downloader.Win32.FraudLoad.vbds, Trojan.Blusod, FakeAlert-AB.dldr trojan, TROJ_FAKEALER.DX
)
Symptoms
A security warning on the desktop that looks like:
The presence of the following files:
C:\WINDOWS\system32\blphc9pvj0e1ac.scr
C:\WINDOWS\system32\phc9pvj0e1ac.bmp
Removal instructions:
Please let BitDefender delete the infected files.
Analyzed By
Boeriu Laura, virus researcher
Technical Description:
The malware drops 2 files to the system directory:
1) C:\WINDOWS\system32\blphc9pvj0e1ac.scr - which is the bluescreen screenserver joke from Sysinternals. This is intended to scare the user that something went wrong with his computer and a bluescreen occured.
It does no damage to the computer.
2) C:\WINDOWS\system32\phc9pvj0e1ac.bmp - this is the image containing the security warning displayed on the desktop.
After dropping these two files, the malware will set phc9pvj0e1ac.bmp as the current desktop wallpaper, will create the following registry key (to ensure that it will run at every system reboot)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
lphc9pvj0e1ac -> C:\WINDOWS\system32\lphc9pvj0e1ac.exe
and it will execute the joke screenserver.
SHARE
THIS ON