Thirtyseven4 AntiVirus, AntiMalware, AntiRootkitProtects Against XP Home Security 2012

Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware


	ROGUE.FAKEREAN.KL

Name:

Rogue.FakeRean.kl

Added:

July 22, 2011

Type:

Fraudtool

Risk:

Low

Payload:

N/A

At risk systems:

Windows 95/98/ME/XP/NT/2003

Description:

When Rogue.FakeRean.kl is executed, it performs the following activities:

It runs as the polymorphic security software "XP Internet Security2012", "XP AntiVirus2012" or "XP HomeSecurity 2012", etc. It is configured to run automatically whenever the computer starts. It will run a quick scan of your computer and post misleading messages stating that there are malware infections and these infections can only be removed after you purchase a full version of the software.

It also injects its own entry in the Windows Security center:

Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

It drops the following files:

%ALLUSERSPROFILE%\Application Data\{Random alphanumeric characters}
%APPDATA%\{Random alphanumeric characters}
%APPDATA%\{Random alphanumeric characters}.DAT
%Temp%\{Random alphanumeric characters}

It creates/modifies the following registry entries:

= "Application"
HKU\Software\Classes\exefile

= "%1"
HKU\Software\Classes\exefile\DefaultIcon

= ""%APPDATA%\dys.exe" -a "%1" %*"
HKU\Software\Classes\exefile\shell\open\command

IsolatedCommand = ""%1" %*"
HKU\Software\Classes\exefile\shell\open\command

= ""%1" %*"
HKU\Software\Classes\exefile\shell\runas\command

IsolatedCommand = ""%1" %*"
HKU\Software\Classes\exefile\shell\runas\command

Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware




		Malware problems? We can help.



		Evaluate Thirtyseven4 Antivirus Now

“Delight yourself in the Lord and he will give you the desires of your heart.” Psalm 37:4