Troj/FakeAV-DVL

Category: Viruses and Spyware Protection available since:27 May 2011 23:32:20 (GMT)
Type: Trojan Last Updated:27 May 2011 23:32:20 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/FakeAV-DVL exhibits the following characteristics:

File Information

Size
466K
SHA-1
35787a15f8ac13e2004f69efc77423b40ee18cc0
MD5
67e9267a43c60dec7b33497b9e183aa3
CRC-32
20a5605d
File type
application/x-ms-dos-executable
First seen
2011-05-27

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\All Users\Application Data\xXjsKiNbkvU.exe
Registry Keys Created
  • HKCU\Software
    75fa38b7-8b94-4995-ad32-52e938867954
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    xXjsKiNbkvU
    C:\Documents and Settings\All Users\Application Data\xXjsKiNbkvU.exe
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    DisableTaskMgr
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
    DisableTaskMgr
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
    SaveZoneInformation
    0x00000001
Registry Keys Modified
  • HKCU\Software\Microsoft\Internet Explorer\Download
    CheckExeSignatures
    no
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
    LowRiskFileTypes
    /{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:
Processes Created
  • c:\documents and settings\all users\application data\xxjskinbkvu.exe
HTTP Requests
  • http://clickfer.org/pica1/461-direct
  • http://searchalice.org/404.php
DNS Requests
  • clickfer.org
  • searchalice.org