McAfee > Theat Center > Virus Detail Page

Overview

Aliases

• Adware.IeDefender [ClamAV]

• Application/IEDefender [Panda]

• FraudTool.Win32.IeDefender.dn [Kaspersky]

• IEAntivirus [Symantec]

• Trojan.Fakealert.1057 [DrWeb]

• Win32/Adware.IeDefender.NFP [NOD32v2]

Characteristics

When executed, this trojan creates the following folder:

• C:\Program Files\IEAntiVirus

It then drops files into this folder. The names of the files dropped in this folder differ from one version of the malware to another.

This trojan will also attempt to create the following registry entry to ensure its execution at system startup:

• Hkey_Current_User\Software\IEAntiVirus
  Path = "C:\Program Files\IEAntiVirus
• Hkey_Current_User\Software\Microsoft\Windows\CurrentVersion\Run
  antispy = "C:\Program Files\IEAntiVirus\Antivir.exe"

The trojan will then run an exaggerated scan on the machine and generate false detection alerts. This is done to persuade the user into purchasing a full version of the software to clean the malware that the trojan falsely detected.

Symptoms

Presence of folders and registry entries mentioned earlier.

Method of Infection

Trojans do not self-replicate. They spread manually, often under the premise that the executable is something beneficial.

Trojans may also be received as a result of poor security practices, or un-patched machines and vulnerable systems.
Distribution channels include IRC, peer-to-peer networks, email, newsgroups postings, etc.

Removal

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.

Additional Windows ME/XP removal considerations

Variants

Variants

N/A

All Information

Overview -

This description is for malware that shows false error messages, misleading spyware scan results, and uses aggressive advertising to persuade the user to purchase it.

Aliases

• Adware.IeDefender [ClamAV]

• Application/IEDefender [Panda]

• FraudTool.Win32.IeDefender.dn [Kaspersky]

• IEAntivirus [Symantec]

• Trojan.Fakealert.1057 [DrWeb]

• Win32/Adware.IeDefender.NFP [NOD32v2]

Characteristics

Characteristics -

When executed, this trojan creates the following folder:

• C:\Program Files\IEAntiVirus

It then drops files into this folder. The names of the files dropped in this folder differ from one version of the malware to another.

This trojan will also attempt to create the following registry entry to ensure its execution at system startup:

• Hkey_Current_User\Software\IEAntiVirus
  Path = "C:\Program Files\IEAntiVirus
• Hkey_Current_User\Software\Microsoft\Windows\CurrentVersion\Run
  antispy = "C:\Program Files\IEAntiVirus\Antivir.exe"

The trojan will then run an exaggerated scan on the machine and generate false detection alerts. This is done to persuade the user into purchasing a full version of the software to clean the malware that the trojan falsely detected.

Symptoms

Symptoms -

Presence of folders and registry entries mentioned earlier.

Method of Infection

Method of Infection -

Trojans do not self-replicate. They spread manually, often under the premise that the executable is something beneficial.

Trojans may also be received as a result of poor security practices, or un-patched machines and vulnerable systems.
Distribution channels include IRC, peer-to-peer networks, email, newsgroups postings, etc.

Removal -

Removal -

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.

Additional Windows ME/XP removal considerations

Variants

Variants -

N/A