high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Included in our products from | June 2008 (4.30) |
| Protection available since | 24 April 2008 07:26:46 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/FakeAle-BC is a fraudulent anti-spyware application for the Windows platform.
Troj/FakeAle-BC finds non-existent malware on the computer and then offers to remove the malware only if the user pays for the full version.
Troj/FakeAle-BC sets the Desktop wallpaper to display the following bogus message:
"Your computer has several fatal errors due to spyware activity. It is strongly recommended to install an antispyware software to close all security vulnerabilities. Antispyware software helps protect your PC against spyware and other security threats.
CLICK HERE TO SCAN YOUR PC FOR SPYWARE..."
In order to trick the user into paying, Troj/FakeAle-BC typically creates the following files and folders:
<Desktop>\EditorFKWP1.5.exe
<Desktop>\EditorFKWP2.0.exe
<Desktop>\filemanagerclient.exe
<Desktop>\fkwp1.5.exe
<Desktop>\fkwp2.0.exe
<Desktop>\fwebd.exe
<Desktop>\FWebdEditor.exe
<Desktop>\Trojan.Win32.BlackBird.exe
<Desktop>\virii\Trojan-Downloader.Win32.Agent.bl.exe
<Desktop>\virii\Trojan-Downloader.Win32.Agent.p.exe
<Desktop>\virii\Trojan-Downloader.Win32.Agent.r.exe
<Desktop>\virii\Trojan-Downloader.Win32.Agent.t.exe
<Desktop>\virii\Trojan-Downloader.Win32.Agent.v.exe
<Program Files>\akl\akl.dll
<Program Files>\akl\akl.exe
<Program Files>\akl\uninstall.exe
<Program Files>\akl\unsetup.exe
<Program Files>\Inet Delivery\inetdl.exe
<Program Files>\Inet Delivery\intdel.exe
<Windows>\a.bat
<Windows>\bdn.com
<Windows>\FVProtect.exe
<Windows>\iTunesMusic.exe
<Windows>\mssecu.exe
<Windows>\userconfig9x.dll
<Windows>\winsystem.exe
<Windows>\mslagent\2_mslagent.dll
<Windows>\mslagent\mslagent.exe
<Windows>\mslagent\uninstall.exe
<System>\akttzn.exe
<System>\anticipator.dll
<System>\awtoolb.dll
<System>\bdn.com
<System>\bsva-egihsg52.exe
<System>\dpcproxy.exe
<System>\emesx.dll
<System>\h@tkeysh@@k.dll
<System>\hoproxy.dll
<System>\hxiwlgpm.dat
<System>\hxiwlgpm.exe
<System>\medup012.dll
<System>\medup020.dll
<System>\msgp.exe
<System>\msnbho.dll
<System>\mssecu.exe
<System>\msvchost.exe
<System>\mtr2.exe
<System>\mwin32.exe
<System>\netode.exe
<System>\newsd32.exe
<System>\ps1.exe
<System>\psof1.exe
<System>\psoft1.exe
<System>\regc64.dll
<System>\regm64.dll
<System>\Rundl1.exe
<System>\sncntr.exe
<System>\ssurf022.dll
<System>\ssvchost.com
<System>\ssvchost.exe
<System>\sysreq.exe
<System>\taack.dat
<System>\taack.exe
<System>\temp#01.exe
<System>\thun.dll
<System>\thun32.dll
<System>\VBIEWER.OCX
<System>\vbsys2.dll
<System>\vcatchpi.dll
<System>\winlogonpc.exe
<System>\winsystem.exe
<System>\WINWGPX.EXE
<System>\smp\msrc.exe
<Windows>\Web\def.htm
These files are benign and only contain random data.
The following registry entry is set, disabling system software:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableTaskMgr
1
Registry entries are set as follows:
HKCU\Software\Microsoft\Internet Explorer\Toolbar
{0e1230f8-ea50-42a9-983c-d22abc2eeb4c}
0
HKCU\Software\Microsoft\Internet Explorer\Desktop\General
Wallpaper
<Windows>\Web\def.htm
|
