Trojan.Fakeav.BC
MEDIUM
MEDIUM
162 to 632 KB
(Troj/FakeAle-GM, TR/FakeAV.BC.5, TROJ_FAKEAV.GG, TR/Fake.UltimaAV.bh
)
Symptoms
- An antivirus that you have not installed manually is running on your computer, showing multiple infections and asking you to register in order to get the infected files removed.
- The presence of the file C:\Program Files\AAV\aav.exe
- The presence of the file C:\Program Files\AAV\aav.exe
Removal instructions:
Please let BitDefender delete your infected files.
Analyzed By
Boeriu Laura, virus researcher
Technical Description:
The malware simulates an antivirus product that scans the computer, alerting the user that some threats were found but they cannot be removed unless the user registers (pays) for the full version of the product. In fact, all those infections are unreal, the only purpose of this fake antivirus being to determine the user to pay.The main window of this malware looks like the screenshot below:
If the user does not choose to pay for the full version, annoying popups will impede him working on the computer. This popups look like:
.jpg)
The malware will create a directory named Aav in the program files directory (c:\Program files\Aav) where it will drop the following files:
aav.cpl, aav.exe, aav.ooo, aav1.dat.
It will also create a shortcut link to the c:\Program files\Aav\aav.exe file and it will put it on the desktop.
SHARE
THIS ON