Troj/FakeAle-AH

Category: Viruses and Spyware Protection available since:11 Dec 2006 00:00:00 (GMT)
Type: Trojan Last Updated:11 Dec 2006 00:00:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/FakeAle-AH is a Trojan for the Windows platform.

Troj/FakeAle-AH includes functionality to access the internet and communicate with a remote server via HTTP.

The Trojan displays fake spyware alerts for trying to lure the user into installing software from a remote location.

Troj/FakeAle-AH watches for genuine security alert messages and dismisses them immediately in order to prevent the user from seeing them.

Troj/FakeAle-AH may attempt to change the infected computer's Desktop wallpaper. Troj/FakeAle-AH is a Trojan for the Windows platform.

Troj/FakeAle-AH includes functionality to access the internet and communicate with a remote server via HTTP.

The Trojan displays fake spyware alerts for trying to lure the user into installing software from a remote location.

Troj/FakeAle-AH watches for genuine security alert messages and dismisses them immediately in order to prevent the user from seeing them.

When first run Troj/FakeAle-AH copies itself to <Windows>\xpupdate.exe.

The following registry entries are created to run Troj/FakeAle-AH on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Windows update loader
<Windows>\xpupdate.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
con
<pathname of the Trojan executable>

Troj/FakeAle-AH attempts to download a file from a remote website to the file <User>\Application Data\Install.dat.

Troj/FakeAle-AH may attempt to set various registry entries to change the infected computer's Desktop wallpaper.

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy