TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
TROJ_FAKEALE.BG
Overview
Solution

Malware type: Trojan

Aliases: Trojan-Ransom.Win32.Fixer.a (Kaspersky), Ransom (McAfee), FileFixProfessional (Symantec), SPR/Fake.ffx.26 (Avira), Program:Win32/Fakecorr (Microsoft)

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 Low

Description: 

Trend Micro has received multiple samples of this Trojan from multiple, independent sources, including customer reports and internal sources. These indicate that this Trojan poses a high risk to users due to the increased possibility of infection.

To get a one-glance comprehensive view of its behavior, refer to the Behavior Diagram shown below.

TROJ_FAKEALE.BG Behavior Diagram

Malware Overview

TROJ_FAKEALE.BG is a form of ransomware, which requires the user to buy the product in order to restore files that it claims have been corrupted. In reality, the said files have been encrypted by the Trojan itself.

Once users buy the product, the said program can then be used to decrypt the encrypted files.

The purchase of the program as a requirement to decrypt the said files can be considered as a form of ransom. These encrypted files are currently being analyzed in order to create a solution to restore the said files.

For additional information about this threat, see:
Solution
Technical Details

Description created: Mar. 20, 2009 8:39:10 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.