Troj/FakeAV-IK

Category: Viruses and Spyware Protection available since:13 Jan 2009 01:01:47 (GMT)
Type: Trojan Last Updated:13 Jan 2009 01:01:47 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/FakeAV-IK is a Windows platform trojan.

When Troj/FakeAV-IK is first run, it attempts to download an executable from a remote host and save the file under <Program Files>\Antivirus 2009\av2009.exe

Troj/FakeAV-IK creates the following registry entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
random number
<Program Files>\Antivirus 2009\av2009.exe

HKLM\SOFTWARE\Microsoft\Internet Explorer
UserSession
random number

Troj/FakeAV-IK also modifies the following registry entry:

HKLM\SOFTWARE\CurrentControlSet\Services\SharedAccess\Epoch
Epoch
Old value: 238
New value: 244

After Troj/FakeAV-IK finishes executing, it will display a window informing the user their computer has been infected with multiple malwares and asked the user to remove these malwares from their computers. When the user clicks on the remove button, it prompts the user to buy a license key to activate this product.

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy