My Bitdefender
  • 0 Shopping Cart


Facebook Twitter Google Plus




Displays a fake Anti-Virus window showing multiple infections.

When first run, it displays a message box:

After clicking OK, the main window is displayed:

The warning window is displayed after the fake scanning:

When trying to remove the threats:

In the system tray, two 2 icons appear (the white icon and the shield) and periodical warning messages are issued:

It also displays periodically an update window:

When trying to activate the tool, a full-screen window is displayed, which has a button for getting a new license, and displays one of the following sites, trying to convince the user to buy a license:

Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

Iulian Muntean, virus researcher

Technical Description:

Once started, it moves itself to C:\Documents and Settings\All Users\Application Data\xxxxxxxx\xxxxxxxx.exe, where xxxxxxxx is a 8 letter name containing only numerical digits, and starts from this location.

Adds an entry in the registry, in key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, with the name xxxxxxxx, and containing the path where it has moved. This makes it run at Windows startup.