Content
FakeAlert-BY
- Type
- Trojan
- SubType
- Win32
- Discovery Date
- 03/06/2009
- Length
- Minimum DAT
- 5545 (03/06/2009)
- Updated DAT
- 5761 (10/04/2009)
- Minimum Engine
- 5.2.00
- Description Added
- 03/06/2009
- Description Modified
- 04/08/2009 2:55 PM (PT)
Tab Navigation
Characteristics
This is a detection for a trojan that displays misleading fake alerts to entice the user into buying a product to "repair spyware or malware problems". This trojan may masquerade its malicious behavior, and victims are likely to have installed it thinking it is an innocent antispyware program.
It displays a window like this displaying a fake system scan:
It creates the following registry keys:
- HKEY_CURRENT_USER\Software\CrucialSoft Ltd\MS AntiSpyware 2009
- HKEY_CURRENT_USER\Software\CrucialSoft Ltd\upd
It drops its files in the "C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd". (The prefix to "\Application Data" may vary from system to system.)
Symptoms
Presence of the files and registry keys mentioned above.
Method of Infection
This trojan may masquerade its malicious behavior, and victims are likely to have installed it thinking it is an innocent antispyware program.
Removal
All Users:
Use current engine and DAT files for detection and removal.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
Variants
Variants
N/A
All Information
Overview -
This trojan may masquerade its malicious behavior, and victims are likely to have installed it thinking it is an innocent antispyware program.
Characteristics
Characteristics -
This is a detection for a trojan that displays misleading fake alerts to entice the user into buying a product to "repair spyware or malware problems". This trojan may masquerade its malicious behavior, and victims are likely to have installed it thinking it is an innocent antispyware program.
It displays a window like this displaying a fake system scan:
It creates the following registry keys:
- HKEY_CURRENT_USER\Software\CrucialSoft Ltd\MS AntiSpyware 2009
- HKEY_CURRENT_USER\Software\CrucialSoft Ltd\upd
It drops its files in the "C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd". (The prefix to "\Application Data" may vary from system to system.)
Symptoms
Symptoms -
Presence of the files and registry keys mentioned above.
Method of Infection
Method of Infection -
This trojan may masquerade its malicious behavior, and victims are likely to have installed it thinking it is an innocent antispyware program.
Removal -
Removal -
All Users:
Use current engine and DAT files for detection and removal.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
Additional Windows ME/XP removal considerations
Variants
Variants -
N/A
