Search
Keyword: usoj_fakeav.blr
{All User's Profile}\Application Data\pcdfdata\vl.bin - encrypted FAKEAV file. The decrypted file is detected as TROJ_FAKEAV.BUTH %ProgramData%\pcdfdata\vl.bin (Windows Vista and 7 only) - encrypted
This Trojan may be dropped by other malware. It does not have any propagation routine. It does not have any backdoor routine. When users agree to buy the software, it connects to a certain URL. It
This Trojan may be dropped by other malware. Arrival Details This Trojan may be dropped by the following malware: TROJ_FAKEAV family NOTES: It is an encrypted configuration file that is used by the
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It modifies files, disabling programs and applications
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It modifies files, disabling programs and applications
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It modifies files, disabling programs and applications
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It connects to a website to send and receive
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It modifies the Internet Explorer Zone Settings. It
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. When users agree to buy the software, it connects to a
characters} http://{BLOCKED}eredir.com/up.php?{random characters} http://{BLOCKED}irtaca.com/up.php?{random characters} NOTES: This is a component of FAKEAV malware. Trojan:Win32/FakeSysdef (Microsoft);
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It connects to certain URLs. It may do this to remotely
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes the initially executed copy of itself.
This Trojan may be downloaded from remote sites by other malware. It displays fake alerts that warn users of infection. It also displays fake scanning results of the affected system. It then asks for
It saves the downloaded file, which is detected as TROJ_FAKEAV.GXX in a specific folder. This Trojan may be dropped by other malware. It may be unknowingly downloaded by a user while visiting
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It installs a fake antivirus/antispyware software. It
Similar to other FAKEAV variants, TROJ_FAKEAV.BSM also displays several graphical users interfaces (GUIs) to users in an attempt to convince them of system infection and to purchase this purported cleaning
This Trojan executes then deletes itself afterward. Installation This Trojan drops the following file(s)/component(s): %User Temp%\AUTMGR32.EXE - detected as TROJ_FAKEAV.SMEV %User Temp%