Content

FakeAlert-H

Type
Trojan
SubType
Win32
Discovery Date
01/30/2007
Length
Minimum DAT
4952 (01/30/2007)
Updated DAT
4952 (01/30/2007)
Minimum Engine
5.1.00
Description Added
01/30/2007
Description Modified
03/31/2007 6:56 AM (PT)
Risk Assessment
Corporate User
Low
Home User
Low

Tab Navigation

Characteristics

File:   Install.exe
Hash: 4b368fade9d1f20b8c757a1e6fd4a8eb

Upon execution trojan adds tray icon and displays fake alert balloon message as shown below.

If user clicks on fake alert message then confirmation message box shown below is displayed.

If user clicks on "Yes" button then "RegistryCleaner" software is installed on user's system from sysregistry.com domain.

Symptoms

Symptoms are as follows:

  • Display of balloon messages as shown.
  • Display of confirmation message box for RegistryCleaner software.

Method of Infection

Method of infected may be due to following:

  • Poor security practices.
  • Un-patched machines and vulnerable systems.

Infection requires user's manual interaction with malware.

Removal

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.

Additional Windows ME/XP removal considerations

Variants

Variants

    N/A

All Information

Overview -

It's a trojan detection that displays fake alert messages on user's system.

Aliases

  • Adware/RegistryCleaner (Panda)
  • Downloader (Symantec)
  • Trojan-Clicker.Win32.Agent.is (Kaspersky Lab)
  • Trojan.Fakealert.243 (Doctor Web)

Characteristics

Characteristics -

File:   Install.exe
Hash: 4b368fade9d1f20b8c757a1e6fd4a8eb

Upon execution trojan adds tray icon and displays fake alert balloon message as shown below.

If user clicks on fake alert message then confirmation message box shown below is displayed.

If user clicks on "Yes" button then "RegistryCleaner" software is installed on user's system from sysregistry.com domain.

Symptoms

Symptoms -

Symptoms are as follows:

  • Display of balloon messages as shown.
  • Display of confirmation message box for RegistryCleaner software.

Method of Infection

Method of Infection -

Method of infected may be due to following:

  • Poor security practices.
  • Un-patched machines and vulnerable systems.

Infection requires user's manual interaction with malware.

Removal -

Removal -

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.

Additional Windows ME/XP removal considerations

Variants

Variants -

    N/A