Home / malwarePDF  

Trojan.Fakeav.BC


First posted on 21 November 2011.
Source: BitDefender

Aliases :

Trojan.Fakeav.BC is also known as Troj/FakeAle-GM, TR/FakeAV.BC.5, TROJ_FAKEAV.GG, TR/Fake.UltimaAV.bh.

Explanation :

The malware simulates an antivirus product that scans the computer, alerting the user that some threats were found but they cannot be removed unless the user registers (pays) for the full version of the product. In fact, all those infections are unreal, the only purpose of this fake antivirus being to determine the user to pay.

The main window of this malware looks like the screenshot below:



If the user does not choose to pay for the full version, annoying popups will impede him working on the computer. This popups look like:



The malware will create a directory named Aav in the program files directory (c:Program filesAav) where it will drop the following files:
aav.cpl, aav.exe, aav.ooo, aav1.dat.
It will also create a shortcut link to the c:Program filesAavaav.exe file and it will put it on the desktop.

Last update 21 November 2011

 

TOP