FakeAlert-AVPSec.e

FakeAlert-AVPSec.e Description

FakeAlert-AVPSec.e is a Trojan that can silently install itself onto a user's computer. On penetrating a system, FakeAlert-AVPSec.e will simulate a fake system scan and report the detection of dangerous malware. This scare tactic is used to coerce users into purchasing rogue security software. FakeAlert-AVPSec.e will also make modifications to the system registry and create a start-up registry entry.

Technical Information

Registry Details

FakeAlert-AVPSec.e creates the following registry entry or registry entries:
RegistryKey
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Image File Execution
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer [IIL] Data: 00, 00, 00, 00
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer [PRS] Data: http://127.0.0.1:27777/?inj=%ORIGINAL%
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run [My Security Engine] Data: MSb45b.exe /s /d
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Firewall Policy\StandardProfile\AuthorizedApplications\List [MSb45b.ex] Data: MSb45b.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes [URL] Data: http://find[removed].com/?&uid=328&q={searchTerms}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer [ltTST] Data: A5, 81, 00, 00
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download [RunInvalidSignatures] Data: 01, 00, 00, 00
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\Firewall Policy\StandardProfile\AuthorizedApplications\List [MSb45b.exe] Data: MSb45b.exe
HKEY_CURRENT_USER\Software\3 HKEY_CLASSES_ROOT\MSb45b.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes [URLs] Data: http://find[removed].com/?&uid=328&q={searchTerms}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer [ltHI] Data: 00, 00, 00, 00
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation [MSCompatibilityMode] Data: 00, 00, 00, 00
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF} [(Default)] Data: Implements DocHostUIHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.