FakeAlert-SystemSecurity

This page shows details and results of our analysis on the malware FakeAlert-SystemSecurity

Download Current DAT: 6712

Threat Detail

Malware Type: Trojan

Malware Sub-type: Win32

Discovery Date: 2009-02-27

Next Steps:

Overview
Characteristics
Symptoms
Method of Infection
Removal

Overview

This is a detection for a trojan that displays misleading fake alerts to entice the user into buying a product.

Minimum DAT

5541 (2009-03-02)

Updated DAT

6395 (2011-07-02)

Minimum Engine

5.1.00

File Length

1,197,568 bytes

Description Added

2009-02-27

Description Modified

2009-03-03

Malware Proliferation

Characteristics

Upon installation, the host will present a window that appears to be a scan:

The following files are dropped:

%TrojDir%\1079560222.exe (file name may be random)
%TrojDir%\config.udb
%TrojDir%\init.udb
%TrojDir%\Langs.udb

(where %TrojDir% is the directory where the trojan was run from)

The shortcuts are created in desktop and start menu:

%USER_PROFILE% \Desktop\System Security.lnk
%USER_PROFILE% \Start Menu\Programs\System Security\System Security.lnk

(where %USER_PROFILE% is the default user profile folder, for example C:\Documents and Settings\Administrator if the current user is Administrator.)

The following registry key is added:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1079560222: ""%TrojDir%\1079560222.exe""

Symptoms

Presence of the afforementioned files and registry entries

Method of Infection

Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, etc.

FakeAlert-SystemSecur​ity