high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Protection available since | 17 May 2008 14:24:13 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/FakeAle-BJ is a Trojan for the Windows platform.
Troj/FakeAle-BJ generates popup messages and balloons claiming that computer is infected, in an attempt to coerce the user into purchasing a fake anti-malware product.
Example warnings include:
Windows Alert
Critical System Warning! Windows Security System has detected active Zlob.PornAdvertiser.ba on your system. Zlob.PornAdvertiser.ba is an Adware that displays pop-up pop-under advertisements of pornographic or online gambling Web sites. It also opens the Web pages of partner Web sites when it sees certain keywords in search or shopping browser windows. Zlob.PornAdvertiser.ba can create some icons on user's Desktop that link to advertised websites (generally with hardcore pornographic content). Please keep children away from adult Web sites and harmful material advertised by Zlob.PornAdvertiser.ba. Protect your PC from this threats by downloading antivirus software.
Windows Alert
Critical System Warning! Your system is probably infected with version of Spyware.IEMonster.b. Spyware.IEMonster.b is spyware that attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs, including logins and passwords from online banking sessions, eBay, PayPal. It may also create special tracking files to log your activity and compromise your Internet privacy. Spyware.IEMonster then sends stolen passwords and other sensitive information to a php script at a pre-specified website where the stolen details are logged. Click here to protect your computer (recommended).
Windows Security System
Windows Security System has detected spyware infection! Spyware may compromise your privacy or damage your computer. It is recommended to use antispyware tool to prevent data loss and privacy information exposure. Click OK to proceed.
Windows Security System:
Spyware.IEMonster.b; Malicious Spyware.IEMonster.b detected. This program may damage your computer and steal your private information. Click here to download security program.
Windows Security System:
Zlob.PornAdvertiser.ba; Adware Zlob.PornAdvertiser.ba detected. This program advertises sites with explicit content. Please be attentive because advertised content could be illegal.
Windows Security System
Security errors detected. Remove these errors as soon as possible to prevent data loss and privacy information exposure.
Critical System Warning! Windows Security System has detected active Zlob.PornAdvertiser.ba on your system. Zlob.PornAdvertiser.ba is an Adware that displays pop-up pop-under advertisements of pornographic or online gambling Web sites. It also opens the Web pages of partner Web sites when it sees certain keywords in search or shopping browser windows. Zlob.PornAdvertiser.ba can create some icons on user's Desktop that link to advertised websites (generally with hardcore pornographic content). Please keep children away from adult Web sites and harmful material advertised by Zlob.PornAdvertiser.ba. Protect your PC from this threats by downloading antivirus software.
Windows Alert
Critical System Warning! Your system is probably infected with version of Spyware.IEMonster.b. Spyware.IEMonster.b is spyware that attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs, including logins and passwords from online banking sessions, eBay, PayPal. It may also create special tracking files to log your activity and compromise your Internet privacy. Spyware.IEMonster then sends stolen passwords and other sensitive information to a php script at a pre-specified website where the stolen details are logged. Click here to protect your computer (recommended).
Windows Security System
Windows Security System has detected spyware infection! Spyware may compromise your privacy or damage your computer. It is recommended to use antispyware tool to prevent data loss and privacy information exposure. Click OK to proceed.
Windows Security System:
Spyware.IEMonster.b; Malicious Spyware.IEMonster.b detected. This program may damage your computer and steal your private information. Click here to download security program.
Windows Security System:
Zlob.PornAdvertiser.ba; Adware Zlob.PornAdvertiser.ba detected. This program advertises sites with explicit content. Please be attentive because advertised content could be illegal.
Windows Security System
Security errors detected. Remove these errors as soon as possible to prevent data loss and privacy information exposure.
With links in the text to http://xpantivirussite.com.
When Troj/FakeAle-BJ is installed the following files are created:
<Desktop>\BDSM galleries.URL
<Desktop>\CP illegal content.URL
<Desktop>\Uncensored porn.URL
<System>\ntload.dll (detected separately as Troj/HideProc-M)
<System>\sex1.ico
<System>\sex2.ico
<System>\sex3.ico
<System>\winupdate.exe
<System>\wscmp.dll
The following registry entry is created to run winupdate.exe on startup:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
run
<System>\winupdate.exe
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
run
<System>\winupdate.exe
|
