Troj/FakeAV-AYZ

Category: Viruses and Spyware Protection available since:06 Mar 2010 19:02:04 (GMT)
Type: Trojan Last Updated:06 Mar 2010 19:02:04 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/FakeAV-AYZ is a Trojan for the Windows platform.

Troj/FakeAV-AYZ includes functionality to access the internet and communicate with a remote server via HTTP.

Troj/FakeAV-AYZ communicates via HTTP with the following locations:

asertunadovk . com


When Troj/FakeAV-AYZ is installed it creates the file <User>\Local Settings\Application Data\av.exe.

The following registry entries are set, affecting internet security:

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy
DomainProfile
DoNotAllowExceptions

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy
DomainProfile
DisableNotifications

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy
StandardProfile
DoNotAllowExceptions

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy
StandardProfile
DisableNotifications

Registry entries are created under:

HKCU\Software\Classes\.exe
HKCU\Software\Classes\secfile
HKCU\Software\Classes
HKCU\Software\Microsoft

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy