Troj/FakeAV-DDV

Category: Viruses and SpywareProtection available since:05 Apr 2011 15:11:52 (GMT)
Type: TrojanLast Updated:05 Apr 2011 15:11:52 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/FakeAV-DDV exhibits the following characteristics:

File Information

Size
160K
SHA-1
1eb1476dd6be1d9c995a3539e6afe750765350c4
MD5
7b9b6f01298b57736fa27bc35b92921f
CRC-32
c3068a58
File type
application/x-ms-dos-executable
First seen
2010-09-08

Other vendor detection

Avira
TR/Dropper.Gen

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\algs.exe
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    c:\Documents and Settings\test user\Application Data\algs.exe
    c:\Documents and Settings\test user\Application Data\algs.exe:*:Enabled:Windows System Guard
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Windows System Guard
    c:\Documents and Settings\test user\Application Data\algs.exe
Processes Created
  • c:\documents and settings\support\application data\algs.exe
DNS Requests
  • leader.cegran.com