Search
Keyword: usoj_fakeav.smp7
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. However, as of this writing, the said sites are
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It contains errors in its code. This stops it from
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It disables Task Manager, Registry Editor, and Folder
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It executes then deletes itself afterward. Arrival
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details This
This Trojan modifies registry entries to disable the Windows Firewall settings. This action allows this malware to perform its routines without being deteted by the Windows Firewall. It executes the
Name}.exe - if operating system is Windows 7 (Note: %System Root% is the root folder, which is usually C:\. It is also where the operating system is located.) It drops the following files: %Desktop%
Name}.exe - if operating system is Windows 7 (Note: %System Root% is the root folder, which is usually C:\. It is also where the operating system is located.) It drops the following files: %Desktop%
\Identities\{341F68BA-C841-4200-A7B4-3D5CFF202166}\ Software\Microsoft\Outlook Express\ 5.0 Settings Upgraded = "7" HKEY_CURRENT_USER\Identities\{341F68BA-C841-4200-A7B4-3D5CFF202166}\ Software\Microsoft
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It does not have any propagation routine. It does not
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It connects to certain URLs. It may do this to remotely
This FAKEAV malware disguises itself as an antivirus specifically made for the Windows 8 operating system. This particular FAKEAV variant was seen in October 2012, which is the same month Windows 8
\ Windows\CurrentVersion\Policies\ Explorer\DisallowRun 7 = avgfrw.exe HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Policies\ Explorer\DisallowRun 8 = avgui.exe HKEY_CURRENT_USER\Software
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It connects to certain URLs. It may do this to remotely
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
following URL to notify the malicious user that the FAKEAV is installed: http://{BLOCKED}.{BLOCKED}.29.181/api/stats/install/?ts=94ad74262c96e18686cb9435b9d812703ec86dd4&token=fya14oiYU http://{BLOCKED}.