Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

Fraudtool.AntiSpyware2012

 

 

 

Name:

Fraudtool.AntiSpyware2012

Added:

July 1, 2011

Type:

Fraudtool

Risk:

Low

Payload:

N/A

At risk systems:

Windows 95/98/ME/XP/NT/2003

 

 

Description:

 

When Fraudtool.AntiSpyware2012 is executed, it immediately disables all use of Portable Exectuable (PE) files. It prompts fake security alerts in order to scare the user into purchasing the trial version of the fake antivirus software application called "XP Antispyware 2012".   

It will drop the following file:

%temp%\Random Name folder\Random Name file.exe

It will also drop create/modify the following keys:

HKEY_CLASSES_ROOT\.exe\shell\open\command\(default)

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\
Run\[random 9 characters (ie. 500863312)]

Below are a few samples screenshots of the installed Scareware:

Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

 

 

 

 

 

 

 
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

Malware problems?
We can help.

Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

Evaluate Thirtyseven4 Antivirus Now

Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 - Industry Leading Endpoint Security Solution

“Delight yourself in the Lord and he will give you the desires of your heart.” Psalm 37:4