SecurityHome.eu Trojan.FakeAlert.AAF

Home / malware PDF

Trojan.FakeAlert.AAF

First posted on 21 November 2011.
Source: BitDefender
Aliases :
Trojan.FakeAlert.AAF is also known as Trojan-Downloader.Win32.FraudLoad.vbds, Trojan.Blusod, FakeAlert-AB.dldr, TROJ_FAKEALER.DX.
Explanation :
The malware drops 2 files to the system directory:

1) C:WINDOWSsystem32lphc9pvj0e1ac.scr - which is the bluescreen screenserver joke from Sysinternals. This is intended to scare the user that something went wrong with his computer and a bluescreen occured.
It does no damage to the computer.

2) C:WINDOWSsystem32phc9pvj0e1ac.bmp - this is the image containing the security warning displayed on the desktop.

After dropping these two files, the malware will set phc9pvj0e1ac.bmp as the current desktop wallpaper, will create the following registry key (to ensure that it will run at every system reboot)

HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun
lphc9pvj0e1ac -> C:WINDOWSsystem32lphc9pvj0e1ac.exe

and it will execute the joke screenserver.
Last update 21 November 2011

TOP

Malware :

Last 20