Troj/FakeAV-IJ

Category: Viruses and Spyware Protection available since:10 Sep 2009 16:19:59 (GMT)
Type: Trojan Last Updated:10 Sep 2009 16:19:59 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/FakeAV-IJ is a Trojan for the Windows platform.

Troj/FakeAV-IJ includes functionality to download, install and run new software.

The following files are created:

<Desktop>\Internet Antivirus Pro.lnk
<Start Menu>Programs\Internet Antivirus Pro\Internet Antivirus Pro Home Page.lnk
<Start Menu>Programs\Internet Antivirus Pro\Internet Antivirus Pro.lnk
<Start Menu>Programs\Internet Antivirus Pro\Purchase License.lnk
<User>\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Antivirus Pro.lnk
<User>\Application Data\Microsoft\Windows\winlogon.exe
<User>\Application Data\Internet Antivirus Pro\db\config.cfg
<User>\Application Data\Internet Antivirus Pro\db\Urls.inf
<User>\Application Data\Internet Antivirus Pro\settings.ini
<User>\Application Data\Internet Antivirus Pro\uill.ini
<User>\Application Data\Internet Antivirus Pro\unins000.exe
<User>\Application Data\Internet Antivirus Pro\Uninstall Internet Antivirus Pro.lnk
<User>\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe
<User>\Local Settings\Application Data\Microsoft\Windows\log.txt
<User>\Local Settings\Application Data\Microsoft\Windows\pguard.ini
<User>\Local Settings\Application Data\Microsoft\Windows\services.exe
<Program Files>\Common Files\file.exe
<Program Files>\Common Files\InternetAntivirusPro.exe
<Program Files>\Internet Antivirus Pro\activate.ico
<Program Files>\Internet Antivirus Pro\db\DBInfo.ver
<Program Files>\Internet Antivirus Pro\db\ia080614.db
<Program Files>\Internet Antivirus Pro\Explorer.ico
<Program Files>\Internet Antivirus Pro\IAPro.exe
<Program Files>\Internet Antivirus Pro\Languages\IAEs.lng
<Program Files>\Internet Antivirus Pro\Languages\IAFr.lng
<Program Files>\Internet Antivirus Pro\Languages\IAGer.lng
<Program Files>\Internet Antivirus Pro\Languages\IAIt.lng
<Program Files>\Internet Antivirus Pro\unins000.dat
<Program Files>\Internet Antivirus Pro\uninstall.ico
<Program Files>\Internet Antivirus Pro\working.log

The following run keys are created in the registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Internet Antivirus Pro
<Program Files>\Internet Antivirus Pro\IAPro.exe" /s

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
iv
<User>\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Microsoft Windows logon process
<User>\Application Data\Microsoft\Windows\winlogon.exe

The file services.exe is registered as a service named "ITGrdEngine", with a display name of "Guard Service". Registry entries are created under:

HKLM\SYSTEM\CurrentControlSet\Services\ITGrdEngine

Registry entries are created under:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IAPro_is1

HKCU\Software\Microsoft\Internet Explorer

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy