high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Included in our products from | July 2008 (4.31) |
| Protection available since | 16 May 2008 23:11:28 (GMT) |
| Last updated | 18 May 2008 16:07:35 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/FakeVir-BE pretends to scan the host computer and will always find infections. It then asks the user to pay before pretending to clean the infections that it found.
When Troj/FakeVir-BE is installed the following files and folders are created:
<Desktop>\XP-Shield.lnk
<Temp>\XPShieldSetup.exe
<Start Menu\Programs>\XPShield
<Start Menu\Programs>\XPShield\XP-Shield Web Site.lnk
<Start Menu\Programs>\XPShield\XP-Shield.lnk
<Program Files>\XPShield
<Program Files>\XPShield\INSTALL.LOG
<Program Files>\XPShield\UNWISE.EXE
<Program Files>\XPShield\XP-Shield Web Site.url
<Program Files>\XPShield\XP-Shield.exe
The following registry entry is created to run XP-Shield.exe on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
XPShield
<Program Files>\XPSHIELD\XP-SHI~1.EXE
Registry entries are created under:
HKCU\Software\XPShield
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XP-Shield
Troj/FakeVir-BE provides an uninstall option which can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "XP-Shield".
|
