Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

TROJAN.FAKEAV.MA (MILESTONE ANTIVIRUS)

 

 

 

Name:

Trojan.FakeAV.ma (Milestone Antivirus)

Added:

September 2, 2011

Type:

Trojan

Risk:

Low

Payload:

N/A

At risk systems:

Windows 95/98/ME/XP/NT/2003

 

 

Description:

 

When Trojan.FakeAV.ma is executed, it performs the following activities:

It installs a rouge security program called, "Milestone Antivirus".

After execution, it drops the following files:

%Program Files%\conhost.exe
%Program Files%\csrss.exe
%Program Files%\Milestone Antivirus\Milestone Antivirus.exe
%Program Files%\sh3.dat
%Program Files%\sh4.dat

It creates/modifies the following registry entries:

command =  "%Program Files%conhost.exe "%1" %*"
HKLM\Software\Classes\exefile\shell\open

DisplayName =  "Quicktime update"
ImagePath =  "%Program Files%csrss.exe"
HKLM\System\ControlSet001\Services\QTUpdate

Once Milestone Antivirus is installed, it will configures itself to run automatically when Windows starts. Once started, it will perform a system scan and display fake alerts. It will also prompt the user to purchase the software in order to remove the infections.

Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

 

 

 

 

 

 

 
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

Malware problems?
We can help.

Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

Evaluate Thirtyseven4 Antivirus Now

Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 - Industry Leading Endpoint Security Solution

“Delight yourself in the Lord and he will give you the desires of your heart.” Psalm 37:4