Home / malware Program:Win32/Vakcune
First posted on 15 November 2011.
Source: SecurityHomeAliases :
Program:Win32/Vakcune is also known as Trojan.Fakealert.18496 (Dr.Web), FakeAlert.ck (McAfee).
Explanation :
Program:Win32/Vakcune is a program that may display or report misleading scan results. It may wrongly identify clean files as malicious.
Top
Program:Win32/Vakcune is a program that may display or report misleading scan results. It may wrongly identify clean files as malicious.
Its interface may appear similar to the following:
Program:Win32/Vakcune may create the following folder and all its subfolders:
- %ProgramFiles%\VIHunter
Program:Win32/Vakcune:
- %ProgramFiles%\VIHunter\etc\UpdateMgr.exe
- %ProgramFiles%\VIHunter\VIHunter.exe /Scan
Program:Win32/Vakcune creates the following registry keys:
- HKLM\SOFTWARE\VIHUNTER
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VIHUNTERMain
It also creates the following registry entries:
In subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Sets value: "UpdateMgr"
With data: "%ProgramFiles%\VIHunter\etc\UpdateMgr.exe"
Sets value: "VIHUNTERMain"
With data: "%ProgramFiles%\VIHunter\VIHunter.exe /Scan"
Analysis by Andrei Florin Saygo
Last update 15 November 2011
