McAfee > Theat Center > Virus Detail Page

Overview

--- Update September 15, 2009 --
The risk assessment of this threat was updated to Low-Profiled due to media attention at: http://www.theregister.co.uk/2009/09/14/nyt_scareware_ad_hack/

---

This is a detection for a Trojan that displays misleading fake alerts to entice the user into buying a product to "repair" malware problems. This trojan may masquerade its malicious behavior.

Characteristics

--- Update September 15, 2009 --
The risk assessment of this threat was updated to Low-Profiled due to media attention at: http://www.theregister.co.uk/2009/09/14/nyt_scareware_ad_hack/

---

Downloaders are designed to pull files from a remote website and execute the files that have been downloaded.

This Trojan consists of malicious Javascript embedded in another Web page. When run, the user would see the following bogus message in their Web browser:

Next the user would see an image of their system labeled with bogus malware detections, as shown:

The user is prompted download "Personal Antivirus" -- a FakeAlert trojan detected as Generic FakeAlert!ck, FakeAlert-IO, or other names.

Symptoms

The appearence of the screens and messages shown above in the user's Web browser.

Method of Infection

A user would have to visit a Web site rigged to serve this malware for infection to occur.

Removal

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants

N/A

All Information

Overview -

--- Update September 15, 2009 --
The risk assessment of this threat was updated to Low-Profiled due to media attention at: http://www.theregister.co.uk/2009/09/14/nyt_scareware_ad_hack/

---

This is a detection for a Trojan that displays misleading fake alerts to entice the user into buying a product to "repair" malware problems. This trojan may masquerade its malicious behavior.

Characteristics

Characteristics -

--- Update September 15, 2009 --
The risk assessment of this threat was updated to Low-Profiled due to media attention at: http://www.theregister.co.uk/2009/09/14/nyt_scareware_ad_hack/

---

Downloaders are designed to pull files from a remote website and execute the files that have been downloaded.

This Trojan consists of malicious Javascript embedded in another Web page. When run, the user would see the following bogus message in their Web browser:

Next the user would see an image of their system labeled with bogus malware detections, as shown:

The user is prompted download "Personal Antivirus" -- a FakeAlert trojan detected as Generic FakeAlert!ck, FakeAlert-IO, or other names.

Symptoms

Symptoms -

The appearence of the screens and messages shown above in the user's Web browser.

Method of Infection

Method of Infection -

A user would have to visit a Web site rigged to serve this malware for infection to occur.

Removal -

Removal -

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants -

N/A