high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Included in our products from | February 2007 (4.14) |
| Protection available since | 12 December 2006 04:25:16 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/FakeAle-AH is a Trojan for the Windows platform.
Troj/FakeAle-AH includes functionality to access the internet and communicate with a remote server via HTTP.
The Trojan displays fake spyware alerts for trying to lure the user into installing software from a remote location.
Troj/FakeAle-AH watches for genuine security alert messages and dismisses them immediately in order to prevent the user from seeing them.
Troj/FakeAle-AH may attempt to change the infected computer's Desktop wallpaper. Troj/FakeAle-AH is a Trojan for the Windows platform.
Troj/FakeAle-AH includes functionality to access the internet and communicate with a remote server via HTTP.
The Trojan displays fake spyware alerts for trying to lure the user into installing software from a remote location.
Troj/FakeAle-AH watches for genuine security alert messages and dismisses them immediately in order to prevent the user from seeing them.
When first run Troj/FakeAle-AH copies itself to <Windows>\xpupdate.exe.
The following registry entries are created to run Troj/FakeAle-AH on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Windows update loader
<Windows>\xpupdate.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
con
<pathname of the Trojan executable>
Troj/FakeAle-AH attempts to download a file from a remote website to the file <User>\Application Data\Install.dat.
Troj/FakeAle-AH may attempt to set various registry entries to change the infected computer's Desktop wallpaper.
|
