Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

TROJAN.FAKEAV.NZ (SECURITY SOLUTION 2011)

 

 

 

Name:

Trojan.FakeaAV.nz

Added:

June 2, 2011

Type:

Trojan

Risk:

Low

Payload:

N/A

At risk systems:

Windows 95/98/ME/XP/NT/2003

 

 

Description:

 

When Trojan.FakeaAV.nz is executed, it installs the fake security application called, “Security Solution 2011”. It then performs the following activities:

It creates the following folders:

%Userprofile%\Application Data\Security_Solution_2011
%Userprofile%\Start Menu\Programs\Security_Solution_2011

It drops the following files:

%Temp%\{Random Name}.exe
%Userprofile%\Application Data\Security_Solution_2011\
Security Solution.exe
%Userprofile%\Application Data\Security_Solution_2011\
securityhelper.exe
%Userprofile%\Application Data\Security_Solution_2011\
securitymanager.exe
%Userprofile%\Start Menu\Programs\Security_Solution_2011\
Activate Security_Solution_2011.lnk
%Userprofile%\Start Menu\Programs\Security_Solution_2011\
Help Security_Solution_2011.lnk
%Userprofile%\Start Menu\Programs\Security_Solution_2011\
How to Activate Security_Solution_2011.lnk
%Userprofile%\Start Menu\Programs\Security_Solution_2011\
Security_Solution_2011.lnk
%Userprofile%\Start Menu\Programs\Security_Solution_2011.lnk

It creates/modifies the following registry entries:

Security_Solution_2011 = ""%Userprofile%\Application Data\
Security_Solution_2011\Security Solution.exe" /STARTUP"

Security Solution 2011: "%Userprofile%\Application Data\
Security_Solution_2011\securitymanager.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

DisplayName = "Security_Solution_2011"

UninstallString = ""%Userprofile%\Application Data\
Security_Solution_2011\securityhelper.exe" /UNINSTALL"

DisplayIcon = ""%Userprofile%\Application Data\
Security_Solution_2011\securityhelper.exe",1"

HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\
Security_Solution_2011

After execution it displays fake threat messages and forces users to
purchase the software in order to remove the fake threats:

Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

 

 

 

 

 

 

 
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

Malware problems?
We can help.

Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

Evaluate Thirtyseven4 Antivirus Now

Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 - Industry Leading Endpoint Security Solution

“Delight yourself in the Lord and he will give you the desires of your heart.” Psalm 37:4