TROJ_FAKEAV.EKH
Trojan:Win32/FakeSysdef (Microsoft), UltraDefragFraud!gen9 (Symantec), Trojan.Win32.FakeAV.isst (Kaspersky)
Windows 2000, Windows XP, Windows Server 2003
![](/vinfo/imgFiles/legend.jpg)
Threat Type: Trojan
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It deletes itself after execution.
TECHNICAL DETAILS
424,184 bytes
EXE
No
23 Nov 2011
Arrival Details
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Other System Modifications
This Trojan adds the following registry entries:
HKEY_CURRENT_USER\Control Panel
5761b2dc-ce77-4bfa-b965-6f33b1867cf2 = ""
Other Details
This Trojan connects to the following possibly malicious URL:
- http://{BLOCKED}rezers.com/up.php?{random characters}
- http://{BLOCKED}advanta.com/up.php?{random characters}
It deletes itself after execution.