SecurityHome.eu Trojan.FakeAV.OT

Home / malware PDF

Trojan.FakeAV.OT

First posted on 21 November 2011.
Source: BitDefender
Aliases :
Trojan.FakeAV.OT is also known as Trojan:Win32/Winwebsec, Trojan.Fakealert.4509, Win32:Preald-D.
Explanation :
When first run it only creates a copy of itself and registers it at start-up, after which it deletes itself (by using the batch self-delete technique).

This newly created file is named by using a sequence of digits followed by an .exe file extension (like 17522964.exe) and is located in a sub-folder of %appdata% named in the same manner (for example C:Documents and SettinsAll UsersApplication Data17522964).

Being registered under SOFTWAREMicrosoftWindowsCurrentVersionRun, this copy will be executed at every system start-up, mimicing a full system scan and displaying scary (and also fake) results - like the ones from the pictures above, trying to make you pay for the product activation.
Last update 21 November 2011

TOP

Malware :

Backdoor.WinCE.Brador.A
WinCE.Dust.A
Backdoor:WinCE/PhoneCreeper.A
Dialer:WinCE/Terdial.A
Trojan:WinCE/Terdial

Last 20