Trojan.FakeAlert.BRG
LOW
LOW
1208893
(Trojan.Win32.FraudPack)
Symptoms
Displays a fake Anti-Virus window showing multiple infections.
When first run, it displays a message box:
After clicking OK, the main window is displayed:
The warning window is displayed after the fake scanning:
When trying to remove the threats:
In the system tray, two 2 icons appear (the white icon and the shield) and periodical warning messages are issued:
It also displays periodically an update window:
When trying to activate the tool, a full-screen window is displayed, which has a button for getting a new license, and displays one of the following sites, trying to convince the user to buy a license:
remotepaybill.com
thebillingaol.com
www.onlinebillingsolution.net
When first run, it displays a message box:
After clicking OK, the main window is displayed:
The warning window is displayed after the fake scanning:
When trying to remove the threats:
In the system tray, two 2 icons appear (the white icon and the shield) and periodical warning messages are issued:
It also displays periodically an update window:
When trying to activate the tool, a full-screen window is displayed, which has a button for getting a new license, and displays one of the following sites, trying to convince the user to buy a license:
remotepaybill.com
thebillingaol.com
www.onlinebillingsolution.net
Removal instructions:
Please let BitDefender disinfect your files.
Analyzed By
Iulian Muntean, virus researcher
Technical Description:
Once started, it moves itself to C:\Documents and Settings\All Users\Application Data\xxxxxxxx\xxxxxxxx.exe, where xxxxxxxx is a 8 letter name containing only numerical digits, and starts from this location.Adds an entry in the registry, in key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, with the name xxxxxxxx, and containing the path where it has moved. This makes it run at Windows startup.
SHARE
THIS ON