Home / malware Trojan.FakeAv.QF
First posted on 21 November 2011.
Source: BitDefenderAliases :
There are no other names known for Trojan.FakeAv.QF.
Explanation :
This is a generic detection for a series of Rogue AV programs called "Total Security 2009" (a play on one of Bitdefender's product names).
When first run, the malware copies itself to c:Documents and SettingsAll UsersApplication Data[Rnd8][Rnd8].exe and executes a batch script to delete the original file.
A registry key HKLMSOFTWAREMicrosoftWindowsCurrentVersion Run[Rnd8] is created to ensure that it runs at system startup.
A pseudo-scan starts and the same hardcoded detections are presented to the user, regardless of the state of the system.
The user needs to pay in order to clean the so called "infections".
.
"Total Security 2009" is quite aggressive in forcing the user to register. New processes are declared to be infected and killed instantly.Last update 21 November 2011