Troj/FakeAV-XR

Category:	Viruses and Spyware	Protection available since:	18 Aug 2009 23:10:22 (GMT)
Type:	Trojan	Last Updated:	18 Aug 2009 23:10:22 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/FakeAV-XR is a Trojan for the Windows platform.

When run Troj/FakeAV-XR creates the files:
<System>\cru629.dat - detected as Mal/EncPk-A
<Windows>\braviax.exe - detected as Troj/Dloadr-CSH
<System>\braviax.exe - detected as Troj/Dloadr-CSH

Troj/FakeAV-XR also overwrites the file <System>\beep.sys with a malicious copy of <System>\beep.sys which will actively look for security software applications and terminates it on logon. The malicious file beep.sys is detected as Mal/FakeAle-C.

Troj/FakeAV-XR sets the following registry entries:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs
<System>\cru629.dat

HKCU\Software\Microsoft\Internet Explorer\Download
CheckExeSignatures
no

HKCU\Software\Microsoft\Internet Explorer\Download
RunInvalidSignatures
1

HKCU\Software\Microsoft\Internet Explorer\Main
Enable Browser Extensions
yes

Try Sophos products for free
Download now

Troj/FakeAV-XR

Free Mac Anti-Virus

Popular topics