Troj/FakeAV-IK

Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


How it spreads	Web downloads
Affected operating systems	Windows
Characteristics	Installs itself in the registry
Protection available since	13 January 2009 03:54:24 (GMT)
Detected by	All Sophos products

Free virus scan
Download the Threat Detection Test

Free virus, spyware, and adware scan
Test your existing anti-virus protection
Find threats your anti-virus missed

Action

Summary
Action
More Information

Please follow the instructions for removing Trojans.

More Information

Summary
Action
More Information

Troj/FakeAV-IK is a Windows platform trojan.

When Troj/FakeAV-IK is first run, it attempts to download an executable from a remote host and save the file under <Program Files>\Antivirus 2009\av2009.exe

Troj/FakeAV-IK creates the following registry entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
random number
<Program Files>\Antivirus 2009\av2009.exe

HKLM\SOFTWARE\Microsoft\Internet Explorer
UserSession
random number

Troj/FakeAV-IK also modifies the following registry entry:

HKLM\SOFTWARE\CurrentControlSet\Services\SharedAccess\Epoch
Epoch
Old value: 238
New value: 244

After Troj/FakeAV-IK finishes executing, it will display a window informing the user their computer has been infected with multiple malwares and asked the user to remove these malwares from their computers. When the user clicks on the remove button, it prompts the user to buy a license key to activate this product.

Get reports about the latest virus and spyware threats delivered to your computer

In this section

Troj/FakeAV-IK

Summary

Action

More Information