Thirtyseven4 Detects and Removes Avasoft Antivirus


	Trojan.Fake.AV (AVAsoft Professional Antivirus


Name:	Trojan.FAKE.AV
Descr. Added:	April 2, 2013
Type:	Trojan
Risk:	Low
Payload:	N/A
At risk systems:	Windows 95/98/ME/XP/NT/2003

Malware problems? We can help. Free Removal Tools.

Description:
When Trojan.FakeAV.gen is executed, it performs the following activities: It installs the fake security application “Avasoft Professional Antivirus”. Once installed, it will display a fake alert showing that the system is badly infected. It will drop the following files: C:\Documents and Settings\All Users\Application Data\E4092D4FD709F64D0000E408494DFCBC\ E4092D4FD709F64D0000E408494DFCBC.exe C:\Documents and Settings\All Users\Application Data\E4092D4FD709F64D0000E408494DFCBC\ E4092D4FD709F64D0000E408494DFCBC.ico C:\Documents and Settings\All Users\Application Data\E4092D4FD709F64D0000E408494DFCBC\Thumbs.db The following registry entries are created: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce E4092D4FD709F64D0000E408494DFCBC C:\Documents and Settings\All Users\Application Data\E4092D4FD709F64D0000E408494DFCBC\ E4092D4FD709F64D0000E408494DFCBC.exe HKEY_USERS\S-1-5-21-507921405-2049760794-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce E4092D4FD709F64D0000E408494DFCBC C:\Documents and Settings\All Users\Application Data\E4092D4FD709F64D0000E408494DFCBC\ E4092D4FD709F64D0000E408494DFCBC.exe It will then prompt the user to purchase the bogus software. Thirtyseven4 customers are fully protected against this malware.

“Delight yourself in the Lord and he will give you the desires of your heart.” Psalm 37:4