My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Trojan.FakeAlert.BRG

LOW
LOW
1208893
(Trojan.Win32.FraudPack)

Symptoms

Displays a fake Anti-Virus window showing multiple infections.

When first run, it displays a message box:


After clicking OK, the main window is displayed:


The warning window is displayed after the fake scanning:


When trying to remove the threats:


In the system tray, two 2 icons appear (the white icon and the shield) and periodical warning messages are issued:


It also displays periodically an update window:


When trying to activate the tool, a full-screen window is displayed, which has a button for getting a new license, and displays one of the following sites, trying to convince the user to buy a license:
    remotepaybill.com
    thebillingaol.com
    www.onlinebillingsolution.net





Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

Iulian Muntean, virus researcher

Technical Description:

Once started, it moves itself to C:\Documents and Settings\All Users\Application Data\xxxxxxxx\xxxxxxxx.exe, where xxxxxxxx is a 8 letter name containing only numerical digits, and starts from this location.

Adds an entry in the registry, in key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, with the name xxxxxxxx, and containing the path where it has moved. This makes it run at Windows startup.