When Fraudtool.AntivirusProtection is executed, it immediately disables all use of Portable Exectuable (PE) files. It prompts fake security alerts in order to scare the user into purchasing the trial version of the fake antivirus software application called Antivirus Protection.
It will drop the following file:
%temp%\Random Name folder\Random Name file.exe
It will also drop create/modify the following key:
HKU\Software\Microsoft\Windows\CurrentVersion\Run Random Name: "%temp%\Random Name folder\Random Name file.exe"
Below are a few samples screenshots of the installed Scareware:
Malware problems? We can help.
Evaluate Thirtyseven4 Antivirus Now
“Delight yourself in the Lord and he will give you the desires of your heart.” Psalm 37:4
