Troj/FakeAV-AHM

Category: Viruses and Spyware Protection available since:10 Nov 2009 21:21:26 (GMT)
Type: Trojan Last Updated:10 Nov 2009 21:21:26 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/FakeAV-AHM is a Trojan for the Windows platform.

When Troj/FakeAV-AHM is installed it creates the file <User>\Local Settings\Application Data\<random letters>\<random letters>sysguard.exe.

The following registry entry is set to run Troj/FakeAV-AHM on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\<random letters>
<path listed above>

Registry entries are set as follows:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
LowRiskFileTypes
.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
SaveZoneInformation
0x00000001

HKCU\Software\Microsoft\Internet Explorer\Download
RunInvalidSignatures
0x00000001

HKCU\Software\Microsoft\Internet Explorer\Download
CheckExeSignatures
no

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy