Home / malware

PDF

Trojan.FakeAlert.AAH

First posted on 21 November 2011.
Source: BitDefender

Aliases :

Trojan.FakeAlert.AAH is also known as Backdoor.Win32.Frauder.o, W32/FakeAle.CO!tr, Troj/FakeAle-FK, BDS/Frauder.O, Antivirus2008.DO.

Explanation :

When the process starts, it drops in %system% folder three files with random names. One of them is a .bmp file that is set as wallpaper, another one is a .scr and the last one is a executable file that is a copy of the virus.Then it is deletes itself from the original location. After that, it downloads a software named “Antivirus XP 2008”, that is installed in a random named folder from %programfiles% folder. After being installed, it starts scanning the system and warns about false infections detected on the system, recommending him to buy o license to get clean.



One of the dropped or downloaded files may be added on the following registry subkeys in order to ensure that the malware is executed at every system start-up (there could be too values of the following form) :


HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun “[random-value-name]”

Last update 21 November 2011

 

TOP