Home / malware Trojan.FakeAlert.BKD
First posted on 21 November 2011.
Source: BitDefenderAliases :
Trojan.FakeAlert.BKD is also known as Trojan:Win32/Winwebsec, Win32/Adware.SystemSecurity, Win32:FakeAlert-CR.
Explanation :
Once executed, it copies itself to
%c_appdata%[random number][random number].exe
and deletes the original file. It also creates a file in the same directory with the name
pc[random number]ins
and a registry key that will allow the application to run on system startup in
HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun[random number]
It creates a registry key in
HKLMSOFTWARE[random number]pc[random number]ins
and sets its value to 1.
This rogue antivirus claims to scan your computer, but it only displays false infections in order to trick the user into buying the full version of the software. As a new addition to the increasing arsenal of ways to trick the user, this rogue will close any new application started except for Internet Explorer so the user might buy the product.
This rogue antivirus is detected by our engines as Trojan.FakeAlert.BKD but it is possible that we detect it with different names since it is packed with different packers.
%c_appdata% translates to C:Documents and SettingsAll UsersApplication Data on a PC running Windows XPLast update 21 November 2011
