|
Description:
Trend Micro threat researchers post findings and analyses on various threats in real-time at the Malware Blog. Users can find more information about this specific threat here. |
To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.
Malware Overview
This Trojan may be downloaded from remote sites by TROJ_FRAUDLOA.WN. It may be downloaded from a remote site.
It installs itself as a fake antivirus application named ANTIVIRUS 2009. It shows fake alert pop-ups stating that the affected system is infected with several malware. The following images are some of the fake pop-up alerts this malware display:
It then leads the user to the following spoofed antivirus application window:
When the user tries to remove the viruses, it prompts the user to pay for the service before cleaning the infection:
It creates registry entries to enable its automatic execution at every system startup. It registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run. It does this by creating registry keys/entries. It drops copies of itself in the Windows Common Startup folder to enable its automatic execution at every system startup.
It drops files, one of which is detected as TROJ_RENOS.ACG. It also accesses Web sites to download file(s). As a result, malicious routines of the downloaded files are exhibited on the affected system.
For additional information about this threat, see:
Solution
Technical Details
Description created: Aug. 14, 2008 6:57:24 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
