Multi-Device Licenses (Volume Discounts)

Change Region

English Español Português
Threat Database Trojans FakeAlert-AVPSec.e

FakeAlert-AVPSec.e

By ZulaZuza in Trojans
Translate To:
English

FakeAlert-AVPSec.e is a Trojan that can silently install itself onto a user's computer. On penetrating a system, FakeAlert-AVPSec.e will simulate a fake system scan and report the detection of dangerous malware. This scare tactic is used to coerce users into purchasing rogue security software. FakeAlert-AVPSec.e will also make modifications to the system registry and create a start-up registry entry.

File System Details

FakeAlert-AVPSec.e may create the following file(s):
Expand All | Collapse All
# File Name Detections
1. C:\Documents and Settings\\Local Settings\Temp\packupdate_build107_328.exe
2. C:\Documents and Settings\\Application Data\b45b499\MSb45b.exe
3. C:\Documents and Settings\\Application Data\My Security Engine
4. C:\Documents and Settings\\Application Data\b45b499\BackUp\Adobe Reader Speed Launch.lnk
5. C:\Documents and Settings\\Application Data\Microsoft\Internet Explorer\Quick Launch\My Security Engine.lnk
6. C:\Documents and Settings\\Start Menu\My Security Engine.lnk
7. C:\Documents and Settings\\Application Data\MSTLDEE
8. C:\Documents and Settings\\Application Data\b45b499\MSE.ico
9. C:\Documents and Settings\\Application Data\MSTLDEE\MSHIBFFJWSE.cfg
10. C:\Documents and Settings\\Desktop\My Security Engine.lnk
11. C:\Documents and Settings\\Application Data\b45b499
12. C:\Documents and Settings\\Application Data\b45b499\3411.mof
13. C:\Documents and Settings\\Application Data\b45b499\MSESys\vd952342.bd
14. C:\Documents and Settings\\Application Data\My Security Engine\Instructions.ini
15. C:\Documents and Settings\\Start Menu\Programs\My Security Engine.lnk

Registry Details

FakeAlert-AVPSec.e may create the following registry entry or registry entries:
HKEY..\..\..\..{RegistryKeys}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Image File Execution
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer [IIL] Data: 00, 00, 00, 00
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer [PRS] Data: http://127.0.0.1:27777/?inj=%ORIGINAL%
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run [My Security Engine] Data: MSb45b.exe /s /d
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Firewall Policy\StandardProfile\AuthorizedApplications\List [MSb45b.ex] Data: MSb45b.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes [URL] Data: http://find[removed].com/?&uid=328&q={searchTerms}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer [ltTST] Data: A5, 81, 00, 00
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download [RunInvalidSignatures] Data: 01, 00, 00, 00
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\Firewall Policy\StandardProfile\AuthorizedApplications\List [MSb45b.exe] Data: MSb45b.exe
HKEY_CURRENT_USER\Software\3 HKEY_CLASSES_ROOT\MSb45b.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes [URLs] Data: http://find[removed].com/?&uid=328&q={searchTerms}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer [ltHI] Data: 00, 00, 00, 00
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation [MSCompatibilityMode] Data: 00, 00, 00, 00
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF} [(Default)] Data: Implements DocHostUIHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

Trending

Most Viewed

Loading...