Troj/FakeAV-BRW

Category: Viruses and Spyware Protection available since:04 Sep 2010 10:41:17 (GMT)
Type: Trojan Last Updated:04 Sep 2010 10:41:17 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Summary

Troj/FakeAV-BRW is a Trojan.

Related whitepaper : https://secure.sophos.com/security/whitepapers/sophos-what-is-fakeav-wpna

Troj/FakeAV-BRW is a webpage used by FakeAV to trick users into downloading and installing FakeAV.

Troj/FakeAV-BRW will display a page that mimics the look and feel of Windows Explorer. The webpage will then pretend to perform a scan and discover many non-existent threats.

The user is then encouraged to download and install the FakeAV to remove these threats.

The executable that Troj/FakeAV-BRW attempts to make the user download is typically detected by Sophos as Mal/FakeAV-BW, Mal/FakeAV-CZ or Mal/FakeAV-EA.

Users are frequently directed to pages hosting Troj/FakeAV-BRW through poisoned SEO links that target current trending search terms in popular search engines.

Examples of Troj/FakeAV-BRW include:

Example 1

File Information

Size
63K
SHA-1
2ffd635767e34f68b40ac8c241cf96243cd0d7fe
MD5
07c7cf1ea6a5694946d9b5d52f574a1f
CRC-32
bf450aa7
File type
application/octet-stream
First seen
2010-09-08

Example 2

File Information

Size
63K
SHA-1
e338d1ead10d64b09d4085bdd22ceff39311665b
MD5
89d47f2a2ba00cacd400ffab571a2b9b
CRC-32
bb2c6853
File type
application/octet-stream
First seen
2010-09-03

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy