Trojan.FakeAV.OT( Trojan:Win32/Winwebsec, Trojan.Fakealert.4509, Win32:Preald-D )
SYMPTOMS: A rogue antivirus scanner named "System Security" is installed on your computer telling you that your computer is badly infected and you need to pay for its activation to secure your system:   * no actual infections were present on the computer where these images were taken from TECHNICAL DESCRIPTION: When first run it only creates a copy of itself and registers it at start-up, after which it deletes itself (by using the batch self-delete technique).This newly created file is named by using a sequence of digits followed by an .exe file extension (like 17522964.exe) and is located in a sub-folder of %appdata% named in the same manner (for example C:\Documents and Settins\All Users\Application Data\17522964). Being registered under SOFTWARE\Microsoft\Windows\CurrentVersion\Run, this copy will be executed at every system start-up, mimicing a full system scan and displaying scary (and also fake) results - like the ones from the pictures above, trying to make you pay for the product activation. Removal instructions: Please let BitDefender delete the infected file.ANALYZED BY: Marius Vanta, virus researcher |
