high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Protection available since | 11 January 2009 15:46:40 (GMT) |
| Last updated | 10 September 2009 18:53:33 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/FakeAV-IJ is a Trojan for the Windows platform.
Troj/FakeAV-IJ includes functionality to download, install and run new software.
The following files are created:
<Desktop>\Internet Antivirus Pro.lnk
<Start Menu>Programs\Internet Antivirus Pro\Internet Antivirus Pro Home Page.lnk
<Start Menu>Programs\Internet Antivirus Pro\Internet Antivirus Pro.lnk
<Start Menu>Programs\Internet Antivirus Pro\Purchase License.lnk
<User>\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Antivirus Pro.lnk
<User>\Application Data\Microsoft\Windows\winlogon.exe
<User>\Application Data\Internet Antivirus Pro\db\config.cfg
<User>\Application Data\Internet Antivirus Pro\db\Urls.inf
<User>\Application Data\Internet Antivirus Pro\settings.ini
<User>\Application Data\Internet Antivirus Pro\uill.ini
<User>\Application Data\Internet Antivirus Pro\unins000.exe
<User>\Application Data\Internet Antivirus Pro\Uninstall Internet Antivirus Pro.lnk
<User>\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe
<User>\Local Settings\Application Data\Microsoft\Windows\log.txt
<User>\Local Settings\Application Data\Microsoft\Windows\pguard.ini
<User>\Local Settings\Application Data\Microsoft\Windows\services.exe
<Program Files>\Common Files\file.exe
<Program Files>\Common Files\InternetAntivirusPro.exe
<Program Files>\Internet Antivirus Pro\activate.ico
<Program Files>\Internet Antivirus Pro\db\DBInfo.ver
<Program Files>\Internet Antivirus Pro\db\ia080614.db
<Program Files>\Internet Antivirus Pro\Explorer.ico
<Program Files>\Internet Antivirus Pro\IAPro.exe
<Program Files>\Internet Antivirus Pro\Languages\IAEs.lng
<Program Files>\Internet Antivirus Pro\Languages\IAFr.lng
<Program Files>\Internet Antivirus Pro\Languages\IAGer.lng
<Program Files>\Internet Antivirus Pro\Languages\IAIt.lng
<Program Files>\Internet Antivirus Pro\unins000.dat
<Program Files>\Internet Antivirus Pro\uninstall.ico
<Program Files>\Internet Antivirus Pro\working.log
The following run keys are created in the registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Internet Antivirus Pro
<Program Files>\Internet Antivirus Pro\IAPro.exe" /s
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
iv
<User>\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Microsoft Windows logon process
<User>\Application Data\Microsoft\Windows\winlogon.exe
The file services.exe is registered as a service named "ITGrdEngine", with a display name of "Guard Service". Registry entries are created under:
HKLM\SYSTEM\CurrentControlSet\Services\ITGrdEngine
Registry entries are created under:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IAPro_is1
HKCU\Software\Microsoft\Internet Explorer
|
