Troj/FakeAV-AZS

Category: Viruses and Spyware Protection available since:11 Mar 2010 16:02:27 (GMT)
Type: Trojan Last Updated:11 Mar 2010 16:02:27 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/FakeAV-AZS is a Trojan for the Windows platform.

Troj/FakeAV-AZS includes functionality to:

 - run automatically
 - steal confidential information
 - access the internet and communicate with a remote server via HTTP

Troj/FakeAV-AZS communicates via HTTP with the following locations:

   protectsoft . net

When Troj/FakeAV-AZS is installed it creates the file <User>\Local Settings
\Application Data\blvmpj\pucrsftav.exe.

The following registry entries are created to run pucrsftav.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
npvjqytc
<User>\Local Settings\Application Data\blvmpj\pucrsftav.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
npvjqytc
<User>\Local Settings\Application Data\blvmpj\pucrsftav.exe

Registry entries are set as follows:

HKCU\Software\Microsoft\Internet Explorer\Download
RunInvalidSignatures
0x00000001

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
SaveZoneInformation
0x00000001

HKCU\Software\Microsoft\Internet Explorer\Download
CheckExeSignatures
no

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
LowRiskFileTypes
.exe

Registry entries are created under:

HKLM\SOFTWARE\avsoft
HKCU\Software\Microsoft\Windows Script
HKCU\Software\avsoft

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy