Home / malware SysinternalsAntivirus
First posted on 06 August 2010.
Source: SecurityHomeAliases :
SysinternalsAntivirus is also known as Trojan:Win32/FakeScanti (Microsoft), FakeAlert.SF (AVG), Mal/FakeAV-CZ (Sophos).
Explanation :
Sysinternals Antivirus is a variant of Win32/FakeScanti - a family of programs that claims to scan for malware and displays fake warnings of €œmalicious programs and viruses€. They then inform the user that they need to pay money to register the software in order to remove these non-existent threats.
Top
Sysinternals Antivirus is a variant of Win32/FakeScanti - a family of programs that claims to scan for malware and displays fake warnings of €œmalicious programs and viruses€. They then inform the user that they need to pay money to register the software in order to remove these non-existent threats. Installation Sysinternals Antivirus creates the following files and folder:Created folders: %ProgramFiles%\Sysinternals AntivirusCreated files: Shortcut files for its main executable: %USERPROFILE%\Start Menu\Programs\Sysinternals Antivirus\Sysinternals Antivirus.lnk %USERPROFILE%\Desktop\Sysinternals Antivirus.lnk Program components: %ProgramFiles%\Sysinternals Antivirus\Sysinternals Antivirus.exe %ProgramFiles%\svchost.exe %ProgramFiles%\adc_w32.dll %ProgramFiles%\alggui.exe %ProgramFiles%\wp4.dat %ProgramFiles%\wp3.dat %ProgramFiles%\skynet.dat Execution Sysinternals Antivirus may have the following shortcut icon: It may appear in the Windows startup folder as the following: When run, it may display the following user interface: Additional informationFor more information on this threat, refer to the Win32/FakeScanti description.
Analysis by Patrick NolanLast update 06 August 2010
