Troj/FakeAle-AW

Category: Viruses and Spyware Protection available since:14 Oct 2009 09:50:33 (GMT)
Type: Trojan Last Updated:14 Oct 2009 09:50:33 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/FakeAle-AW is a Trojan for the Windows platform.

When first run Troj/FakeAle-AW copies itself to <System>\sbwltbxa.exe and creates the file <System>\winfrun32.bin. The file winfrun32.bin is not malicious and may be deleted.

The Trojan may also drop corrupt files with the names of real adware components.

The following registry entries are changed to run sbwltbxa.exe on startup:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit
,<System>\sbwltbxa.exe,

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit
<System>\userinit.exe,<System>\sbwltbxa.exe,

The following registry entries are set, disabling system software:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableTaskMgr
1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
DisableTaskMgr
1

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy