Content
FakeAlert-M
- Type
- Trojan
- SubType
- Discovery Date
- 07/26/2007
- Length
- Varies
- Minimum DAT
- 5084 (07/26/2007)
- Updated DAT
- 5108 (08/29/2007)
- Minimum Engine
- 4.4.00
- Description Added
- 07/26/2007
- Description Modified
- 08/30/2007 11:30 PM (PT)
Tab Navigation
Characteristics
This trojan will fake a system alert pop up warning about active spyware programs and open an url using Internet Explorer.
The trojan DLL will run only if it is loaded in explorer.exe.
It will then create a fake system alert pop.
"System has detected a number of active spyware applications that may impact the performance of your computer. Click the icon to get rid of unwanted spyware by downloading an up-to-date antispyware solution."
When you click on the alert, it will read the following registry key to check if VirusProtectPro is installed.
- SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusProtectPro 3.4
If the correct version of this program is found, it will run the program indicated by this registry key, otherwise, it will open iexplore.exe (Internet Explorer) to this site which allow download of the software:
- http://www.virusprotectpro.com/?aff=1012
(VirusProtectPro is a potentially unwanted program.)
This DLL contains an exported function which can be called by another program to download and install vpp_install.exe from:
- http://www.kornilion.biz/get.php?partner=
Symptoms
Presence of the following(s):
- system alerts warning of active spyware program as mentioned in the Characteristics section.
- Internet Explorer opening url to previously mentioned website after clicking on the alert
Method of Infection
The trojan does not spread by itself, however, it may be dropped and injected by other malware.
Removal
AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.
Variants
Variants
N/A
All Information
Overview -
This trojan will fake a system alert pop up warning about active spyware programs and open an url using Internet Explorer.
Characteristics
Characteristics -
This trojan will fake a system alert pop up warning about active spyware programs and open an url using Internet Explorer.
The trojan DLL will run only if it is loaded in explorer.exe.
It will then create a fake system alert pop.
"System has detected a number of active spyware applications that may impact the performance of your computer. Click the icon to get rid of unwanted spyware by downloading an up-to-date antispyware solution."
When you click on the alert, it will read the following registry key to check if VirusProtectPro is installed.
- SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusProtectPro 3.4
If the correct version of this program is found, it will run the program indicated by this registry key, otherwise, it will open iexplore.exe (Internet Explorer) to this site which allow download of the software:
- http://www.virusprotectpro.com/?aff=1012
(VirusProtectPro is a potentially unwanted program.)
This DLL contains an exported function which can be called by another program to download and install vpp_install.exe from:
- http://www.kornilion.biz/get.php?partner=
Symptoms
Symptoms -
Presence of the following(s):
- system alerts warning of active spyware program as mentioned in the Characteristics section.
- Internet Explorer opening url to previously mentioned website after clicking on the alert
Method of Infection
Method of Infection -
The trojan does not spread by itself, however, it may be dropped and injected by other malware.
Removal -
Removal -
AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.
Additional Windows ME/XP removal considerations
Variants
Variants -
N/A
