My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Trojan.FakeAV.OT

MEDIUM
MEDIUM
~700 KB
(Trojan:Win32/Winwebsec, Trojan.Fakealert.4509, Win32:Preald-D)

Symptoms

A rogue antivirus scanner named "System Security" is installed on your computer telling you that your computer is badly infected and you need to pay for its activation to secure your system:


fake scanner window



Conclusion - warning window



* no actual infections were present on the computer where these images were taken from

Removal instructions:

Please let BitDefender delete the infected file.

Analyzed By

Marius Vanta, virus researcher

Technical Description:

When first run it only creates a copy of itself and registers it at start-up, after which it deletes itself (by using the batch self-delete technique).

This newly created file is named by using a sequence of digits followed by an .exe file extension (like 17522964.exe) and is located in a sub-folder of %appdata% named in the same manner (for example C:\Documents and Settins\All Users\Application Data\17522964).

Being registered under SOFTWARE\Microsoft\Windows\CurrentVersion\Run, this copy will be executed at every system start-up, mimicing a full system scan and displaying scary (and also fake) results - like the ones from the pictures above,  trying to make you pay for the product activation.