English 
Deutsch
Español
Français
Portuguese
TrustFighter TrustFighter
By
JubileeX in Rogue Anti-Spyware Program |
0 views
(1 votes, average: 4.00 out of 5)
Loading ...
TrustFighter Description
TrustFighter is the latest descendant from the rogueware family of Trust Soldier, Trust Cop and SecuritySoldier. TrustFighter presents itself as a legitimate malware detection and removal tool in order to trick users into installing it. On entering a system, TrustFighter makes changes to some system files and registry entries to ensure that it runs with every Windows start up. Additionally, TrustFighter is able to modify your web browser settings to redirect you to a malicious third-party website.
Fake system scans, constant malware alerts and bothersome pop-ups are all part of TrustFighter’s strategy to get gullible users to purchase it. We recommend that you install a recognized anti-spyware program and remove TrustFighter from your computer at your earliest convenience.
Type: Rogue AntiSpyware Programs
How Can You Detect TrustFighter?
TrustFighter Technical Report
As new TrustFighter details are reported by our customers and findings from our Threat Research Center, we will update this section.
The following TrustFighter files with its MD5s were created in the system:
| File Name | File Size | MD5 |
|---|
| TrustFighter.exe | 831488 | 12ed4ae5fff0a10ff4f29fa48802ed70 |
| setup[1].exe | 915442 | 7ac0bd5296c4049693badd6732c4f388 |
TrustFighter has typically the following processes in memory:
- C:\Program Files\TrustFighter Software\TrustFighter\uninstall.exe
- C:\WINDOWS\system32\lil6.tmp.exe
- C:\WINDOWS\z9815spy765.dll
- C:\Program Files\TrustFighter Software\TrustFighter\TrustFighter.exe
- C:\WINDOWS\system32\f85a9dware256z.exe
- C:\WINDOWS\system32\d3d550c.dll
- %Temp%\lil6.tmp.exe
- C:\WINDOWS\za23d9wnload5r515.exe
- C:\WINDOWS\system32\d98thi5f2122z.ocx
- TrustFighter.exe
TrustFighter created the following directories, files, paths:
- %ProgramFiles%\TrustFighter Software\TrustFighter
- %AllUsersProfile%\Start Menu\Programs\TrustFighter
TrustFighter creates the following registry entries:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchost.exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “TrustFighter”
- TrustFighter
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TrustFighter
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “lil6.tmp.exe”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchost.exe “VerifierDlls” = “d3d550c.dll”
- HKEY_CURRENT_USER\Software\TrustFighter
- HKEY_LOCAL_MACHINE\SOFTWARE\TrustFighter
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchost.exe “GlobalFlag” “0×02000100″
Important Article Disclaimer
