Name:

Windows Efficiency Console: FAKEAV

Descr. Added:

December 19, 2013

Type:

Fake AV

Risk:

Low

Payload:

N/A

At risk systems:

Windows 95/98/ME/XP/NT/2003

Malware problems?   We can help.  Free Removal Tools.

Description:

When Trojan.FakeAV.gen is executed, it performs the following activities:

The Scareware program installs the fake security application “Windows Efficiency Console”.




The installed program can also be categorized as Randomware, as once it is installed it locks the screen and doesn't allow the infected user to perform any further operations. 

Once installed, it will display a fake alert showing that the system is badly infected and forces a user to purchase the bogus program in order to clean it up.






It drops the following files on to the system:

- "%appdata%\guard-knyy.exe" [copy of itself]
- "%appdata%\result1.db"

The guard-knyy.exe is the roguewares main file which is responsible for generating the fake alerts, etc.

It drops the following registry entry in order to execute each time the system is restarted:

- "HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon"

Thirtyseven4 customers are fully protected against this malware. Thirtyseven4 also has proactive detection for this type of Ransomeware within the Memory scan, the GUI Scanner, Online Protection, and Native Scan.  In addition, we have the path based detection as well.