Home / malware Trojan:Win32/FakeYak
First posted on 17 May 2010.
Source: SecurityHomeAliases :
Trojan:Win32/FakeYak is also known as TR/FakeYak.A (Avira), Trojan.Fakealert.14374 (Dr.Web), Win32/Adware.AntimalwareDoctor.AA (ESET), Trojan.Win32.FakeYak (Ikarus), Generic FakeAlert!gz (McAfee), Adware/AntimalwareDoctor (Panda), CoreGuardAntivirus2009 (Symantec), TROJ_FAKEAV.EWZ (Trend Micro), Antimalware Doctor (other).
Explanation :
Trojan:Win32/FakeYak is the detection for a family of fake antivirus products that use the name "Antimalware Doctor". These programs claim to scan for malware and display fake warnings of malicious files. They then inform the user that they need to pay money to register the software in order to remove these non-existent threats.
Top
Trojan:Win32/FakeYak is the detection for a family of fake antivirus products that use the name "Antimalware Doctor". These programs claim to scan for malware and display fake warnings of malicious files. They then inform the user that they need to pay money to register the software in order to remove these non-existent threats. Installation Trojan:Win32/FakeYak arrives in the computer with different file names. It drops the following file in the current folder:hookdll.dll It creates an autostart entry to ensure that it is run automatically whenever Windows starts: Adds value: "<malware file name>" With data: "<malware file name>" In subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ It may also create the following subkeys: HKCU\Software\Antimalware Doctor Inc\Antimalware Doctor\ HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor\ Payload Displays fake alerts and fake scan results Trojan:Win32/FakeYak displays a fake security status that the computer is insecure and has vulnerabilities. When the "System Scan" is performed, it displays a list of fake threats, even on a newly-installed Windows computer. When the user tries to remove any of these fake threats, he or she is urged to purchase and register the fake antivirus program. Note that the program's low quality is made obvious with the typographical and grammatical errors in its user interface.
Analysis by Daniel RaduLast update 17 May 2010