Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

FAKEAV.DEFENDER2013

 

 

Name:

FakeAV.Defender2013

Descr. Added:

October 5, 2012

Type:

Rogueware

Risk:

Low

Payload:

N/A

At risk systems:

Windows /XP/Vista/Windows 7/NT/2003

 

 

Malware problems?   We can help.  Free Removal Tools.

 

 

Description:

 

When FakeAlert.Defender2013 is executed, it performs the following activities:

It installs one of the following fake security applications, "XP Defender 2013", "Vista Defender 2013", or "Windows 7 Defender 2013".

Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware


Once installed, it will display a fake alert showing that the system is badly infected.

Example screenshots below.

Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware


The fake security application will create a copy of itself under the following locations:

- %UserProfile%\Local Settings\Application Data\[random 3 letters].exe [For Windows XP]

- %LOCALAPPDATA%\[random 3 letters].exe  [For Windows Vista/7]


It modifies the following registry entry:

HKEY_CURRENT_USER\software\classes\.exe\shell\open\command

Modifies Value: (Default)
With Data: "%UserProfile%\Local Settings\Application Data \[random 3 letters].exe " -a "%1" %*

This modification allows the Scareware to execute everytime an executable file is launched. 

 

 

 

 

 

 

 
Thirtyseven4 - Industry Leading Endpoint Security Solution

“Delight yourself in the Lord and he will give you the desires of your heart.” Psalm 37:4