Troj/FakeAV-DVP

Category: Viruses and SpywareProtection available since:29 May 2011 07:24:44 (GMT)
Type: TrojanLast Updated:29 May 2011 07:24:44 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/FakeAV-DVP include:

Example 1

File Information

File type
application/x-ms-dos-executable

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\All Users\Application Data\UfQshXkFHeIUkQ.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\tmp2C80.tmp
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\Adobe_Flash_Player.exe
    Size
    216K
    SHA-1
    6bb53a94980de84ab5fdbd8518368e8f63cf6dbd
    MD5
    fd3a026f331022395753b56cc18592e1
    CRC-32
    3026854c
    File type
    application/x-ms-dos-executable
    First seen
    2011-05-27
Registry Keys Created
  • HKCU\Software
    75fa38b7-8b94-4995-ad32-52e938867954
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
    DisableTaskMgr
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
    SaveZoneInformation
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    DisableTaskMgr
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    UfQshXkFHeIUkQ
    C:\Documents and Settings\All Users\Application Data\UfQshXkFHeIUkQ.exe
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
    LowRiskFileTypes
    /{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:
  • HKCU\Software\Microsoft\Internet Explorer\Download
    CheckExeSignatures
    no
Processes Created
  • c:\documents and settings\all users\application data\ufqshxkfheiukq.exe
HTTP Requests
  • http://searchalice.org/404.php
  • http://searchatlantic.org/404.php
  • http://searchbread.org/pica1/483-direct
DNS Requests
  • searchalice.org
  • searchatlantic.org
  • searchbread.org

Example 2

File Information

Size
216K
SHA-1
6bb53a94980de84ab5fdbd8518368e8f63cf6dbd
MD5
fd3a026f331022395753b56cc18592e1
CRC-32
3026854c
File type
application/x-ms-dos-executable
First seen
2011-05-27

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\2143E8.tmp
Dropped Files
  • C:\WINDOWS\system32\beep.sys
  • C:\WINDOWS\system32\drivers\1453.sys
    Size
    114K
    SHA-1
    ee509ec15ac236f15417d7add6a5ec2fef568233
    MD5
    af33da8b6420e7f1f42025f13a4de57b
    CRC-32
    c6c76e01
    File type
    application/x-ms-dos-executable
    First seen
    2011-05-27
  • C:\WINDOWS\system32\drivers\2613E8.tmp
    Size
    114K
    SHA-1
    ee509ec15ac236f15417d7add6a5ec2fef568233
    MD5
    af33da8b6420e7f1f42025f13a4de57b
    CRC-32
    c6c76e01
    File type
    application/x-ms-dos-executable
    First seen
    2011-05-27
  • c:\Documents and Settings\test user\Local Settings\Temp\ldrceea.tmp
    Size
    335K
    SHA-1
    a7e58dc8dcedade6943b0f00476909439f0e6060
    MD5
    b6f7b44461816afcf9199f4844301647
    CRC-32
    76426da4
    File type
    application/x-ms-dos-executable
    First seen
    2011-03-24
  • c:\Documents and Settings\test user\Local Settings\Temp\1453E8.tmp
    Size
    64K
    SHA-1
    2b14b18fcc366795891ed803703ee45d9d0181dd
    MD5
    f1c8f029417e0a0ad65d92abef7bbb7f
    CRC-32
    3401b6db
    File type
    application/x-ms-dos-executable
    First seen
    2011-05-27
  • c:\Documents and Settings\test user\Local Settings\Temp\ldrceda.tmp
    Size
    64K
    SHA-1
    2b14b18fcc366795891ed803703ee45d9d0181dd
    MD5
    f1c8f029417e0a0ad65d92abef7bbb7f
    CRC-32
    3401b6db
    File type
    application/x-ms-dos-executable
    First seen
    2011-05-27
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\Spooler
    Start
    0x00000002
Processes Created
  • c:\windows\system32\spoolsv.exe