Trojan.FakeMS
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Ranking: | 9 |
Threat Level: | 80 % (High) |
Infected Computers: | 1,676,523 |
First Seen: | May 18, 2012 |
Last Seen: | April 14, 2024 |
OS(es) Affected: | Windows |
Table of Contents
What is Trojan.FakeMS?
Trojan.FakeMS is a threatening computer program that masquerades as a legitimate Microsoft application. It is designed to gain access to a user's system and collect sensitive information, such as passwords, financial data or other confidential information. The Trojan also can be used to install additional malware on the infected system, which can further compromise the security of the user's data and personal information. It is typically spread through malicious websites, email attachments, or instant messages. Once installed, it can be difficult to detect and remove from the system without specialized anti-malware software, which makes it even more threatening.
Why Trojan.FakeMS is Threatening
Trojan.FakeMS is difficult to detect and remove from the system without specialized anti-malware software, making it even more dangerous. It may be spread through peer-to-peer networks and removable media, such as USB drives, making it even easier for attackers to gain access to a user's
What Harm Trojan.FakeMS will Cause Once Inside a Computer?
Once inside a computer, Trojan.FakeMS can create various files, including corrupted executables, Registry entries, and other unsafe components. It also may create hidden folders or files to conceal its presence. Additionally, it may modify existing system files or install additional malware on the system to further compromise the security of the user's data and personal information.
Are There Other Threats Similar to Trojam.FakeMSs?
Yes, there are other threats similar to Trojan.FakeMS. These include Trojans such as Zeus, SpyEye, and Citadel; ransomware such as CryptoLocker and CryptoWall; and rootkits such as TDSS and ZeroAccess. All of these threatening programs can be used to gain access to a user's system without their knowledge or permission, collect sensitive information, or install additional malware on the infected system.
How a Computer Gets Infected with Trojan.FakeMS
A computer can get infected with Trojan.FakeMS through various means, such as downloading corrupted files from the Internet, opening suspicious email attachments, or visiting unsafe websites. Additionally, it can be spread through peer-to-peer networks and removable media such as USB drives. It is essential to practice safe browsing habits and use an up-to-date anti-malware program to protect your system from this threat.
Is Trojan.FakeMS Easily Detectable?
No, Trojan.FakeMS is not easily detectable. It can be difficult to detect and remove from the system without specialized anti-malware software. Additionally, it can masquerade as a legitimate Microsoft application, making it even harder to detect.
How Can I Get Rid of a Trojan.FakeMS Infection
To get rid of a Trojan.FakeMS infection, it is essential to use an up-to-date anti-malware program that is capable of detecting and removing the threat. Additionally, users should practice safe browsing habits and avoid downloading files from suspicious websites or opening email attachments from unknown sources. It also is recommended to regularly scan your system with an anti-malware program to detect any potential threats.
SpyHunter Detects & Remove Trojan.FakeMS
File System Details
# | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|---|
1. | CheckUpdate.exe | a1de3affe5d4abbfee86b3151ca91c66 | 608 |
2. | printui.exe | 24ae321e8f573320e3956ca139b12934 | 237 |
3. | svchostsw.exe | d59e944bb5a4116240d192923348e10b | 218 |
4. | DA6F.tmp.exe | a3dc08d765e92c1148bad891ab226744 | 128 |
5. | refhostMonitorcommonHostCrt.exe | 0db7ad191d4abeb532538025b8cd5593 | 128 |
6. | prevhost.exe | 35474c7f26e8b6a21e2fdc447e0d119f | 121 |
7. | prevhost.exe | f46f8f30ce0dcfeb7640a34e3b969f06 | 96 |
8. | prevhost.exe | 5c1a02c3402263330a0ff357a4da8813 | 91 |
9. | explore.exe | a8c10a968795762ce899809cddb3cf34 | 52 |
10. | prevhost.exe | acc42683b97341967abd29bac76c9096 | 52 |
11. | prevhost.exe | 73ad8e88e265e5fb04867a05d3820ac5 | 50 |
12. | prevhost.exe | bf599d1612d5de7ca8fdea16632a63b1 | 46 |
13. | prevhost.exe | bf7103a1533b7320d3cb162e997f669c | 44 |
14. | prevhost.exe | c16e90c7f2c9765d0ba552dde5568ce2 | 32 |
15. | svchostsw.exe | ea72378936fea79a06acf816fd8e79b2 | 25 |
16. | TSTheme.exe | bc6c04a9d6dd8f9387f0615bf91f6811 | 25 |
17. | svehost.exe | 59fab2d31ab0ef21322a6fb39c0c5184 | 11 |
18. | msupdate.exe | 72dffcc28ee645887c10b1a94b6bf7d0 | 8 |
19. | NTKernel.exe | 9221b095e34bfd26f8d61b21d940ca03 | 7 |
20. | TSTheme.exe | 6442a4e5aaeeebcc97c49605a3d49cfb | 7 |
21. | svchostsw.exe | 3a06a9e14f6e83a201d4b7801d6ab951 | 6 |
22. | svchostsw.exe | 41e42df02c4169c48b2f139e7a9684dc | 3 |
23. | svchostsw.exe | 2d1206e2589812951e7eb8ae4e21481c | 3 |
24. | svchostsw.exe | 940dadcd9dfea071bafcc265f8487920 | 2 |
25. | svchostsw.exe | d9eff430c527528c6fae31e9c47e2ade | 2 |
26. | svchostsw.exe | 935001434eed29a93b51eb7aae39df74 | 1 |
27. | svchostsw.exe | 55458176a635a89a699276aff5713b57 | 1 |
28. | %programfiles\Trojan.FakeMS.kd\uninstall.exe | ||
29. | %desktop%\Trojan.FakeMS.kd.lnk | ||
30. | %programfiles\Trojan.FakeMS.kd\activate.ico | ||
31. | %commonprograms%\Trojan.FakeMS.kd\Trojan.FakeMS.kd support.lnk | ||
32. | %desktop%\Trojan.FakeMS.kd support.lnk | ||
33. | %programfiles\Trojan.FakeMS.kd\about.ico | ||
34. | %commonprograms%\Trojan.FakeMS.kd\about.lnk | ||
35. | %commonprograms%\Trojan.FakeMS.kd\Trojan.FakeMS.kd.lnk | ||
36. | %appdata%\microsoft\internet explorer\quick launch\Trojan.FakeMS.kd.lnk | ||
37. | %programfiles\Trojan.FakeMS.kd\update.ico | ||
38. | %programfiles\Trojan.FakeMS.kd\virus.mp3 | ||
39. | %commonprograms%\Trojan.FakeMS.kd\update.lnk |
Registry Details
Directories
Trojan.FakeMS may create the following directory or directories:
%ALLUSERSPROFILE%\Application Data\Update |
%ALLUSERSPROFILE%\ComponentPackageSupport |
%ALLUSERSPROFILE%\ComponentUpdater |
%ALLUSERSPROFILE%\FileManagerIME |
%ALLUSERSPROFILE%\GatherNetlinkInfo |
%ALLUSERSPROFILE%\Loosger |
%ALLUSERSPROFILE%\Microsoft Essentials |
%ALLUSERSPROFILE%\NetFrameworkSvc |
%ALLUSERSPROFILE%\PrintDialogHostwmiprop |
%ALLUSERSPROFILE%\Program Files (x86) |
%ALLUSERSPROFILE%\SmartScreen |
%ALLUSERSPROFILE%\SystemAppsSpeech |
%ALLUSERSPROFILE%\SystemInfoConfig |
%ALLUSERSPROFILE%\SystemInformation |
%ALLUSERSPROFILE%\SystemModuleInformation |
%ALLUSERSPROFILE%\Update |
%ALLUSERSPROFILE%\Updates |
%ALLUSERSPROFILE%\WMI Provider Host |
%ALLUSERSPROFILE%\Windows Apps Certification Kit |
%ALLUSERSPROFILE%\WindowsLogs |
%ALLUSERSPROFILE%\application services |
%ALLUSERSPROFILE%\hdcphandlerdll |
%ALLUSERSPROFILE%\intelcore |
%ALLUSERSPROFILE%\microsoft host |
%ALLUSERSPROFILE%\microsoft\microsofttaskmanager |
%ALLUSERSPROFILE%\msconfig |
%ALLUSERSPROFILE%\ntspecd |
%ALLUSERSPROFILE%\searchdata |
%ALLUSERSPROFILE%\searchfiles |
%ALLUSERSPROFILE%\searchreplace |
%ALLUSERSPROFILE%\searchstrain |
%ALLUSERSPROFILE%\systemconfiginfo |
%ALLUSERSPROFILE%\tmploog |
%ALLUSERSPROFILE%\win32 |
%ALLUSERSPROFILE%\windowscomponent |
%ALLUSERSPROFILE%\windowstools |
%ALLUSERSPROFILE%\windowsystemagent2.0 |
%ALLUSERSPROFILE%\windowsystemdrivers |
%ALLUSERSPROFILE%\winhost |
%ALLUSERSPROFILE%\winkernel |
%ALLUSERSPROFILE%\winnmgr |
%ALLUSERSPROFILE%\wmi services |
%APPDATA%\ActiveX |
%APPDATA%\AppReadiness |
%APPDATA%\Host Process for Windows Services |
%APPDATA%\InExplor |
%APPDATA%\MSBuildF |
%APPDATA%\Microsoft Drivers |
%APPDATA%\Microsoft\ApiMM1M0 |
%APPDATA%\MsLibs |
%APPDATA%\PrintDialog |
%APPDATA%\SlideToShutDown |
%APPDATA%\System Volume Information |
%APPDATA%\W1ndows |
%APPDATA%\WinRAR (x86) |
%APPDATA%\Winbooterr |
%APPDATA%\Windows Apps Certification Kit |
%APPDATA%\Windows Defender |
%APPDATA%\Windows Objects |
%APPDATA%\Windows10Update |
%APPDATA%\WindowsAPI |
%APPDATA%\Winlog |
%APPDATA%\Winlogon |
%APPDATA%\audiodgg |
%APPDATA%\interneexplore |
%APPDATA%\interneexplorer |
%APPDATA%\kernelwindows |
%APPDATA%\localadmin |
%APPDATA%\memory32 |
%APPDATA%\microsoft office |
%APPDATA%\microsoft office update |
%APPDATA%\msnetsys |
%APPDATA%\swchost |
%APPDATA%\systemoswin |
%APPDATA%\taskdrive |
%APPDATA%\virtual disk service |
%APPDATA%\windows folder |
%APPDATA%\windows media player |
%APPDATA%\windows media video |
%APPDATA%\windowssecurity |
%APPDATA%\winmediaplay |
%APPDATA%\winrar-services |
%APPDATA%\winrarx86 |
%APPDATA%\winreg |
%Appdata%\winservhost |
%COMMONPROGRAMFILES%\rundll |
%COMMONPROGRAMFILES(x86)%\rundll |
%HOMEDRIVE%\systemx86x |
%HOMEDRIVE%\win32system |
%LOCALAPPDATA%\DesktopPathWinsock |
%LOCALAPPDATA%\MicroSoft Updatea |
%LOCALAPPDATA%\Microsoft Conhost |
%LOCALAPPDATA%\Microsoft Console |
%LOCALAPPDATA%\Windows Host |
%LOCALAPPDATA%\microsoft.securitykl |
%LOCALAPPDATA%\viphost |
%PROGRAMFILES%\apppatch |
%PROGRAMFILES%\microsoft windows service |
%PROGRAMFILES%\microsoft windows update utility |
%PROGRAMFILES%\microsoft windows updatingh |
%PROGRAMFILES%\sysconfig |
%PROGRAMFILES%\system32 |
%PROGRAMFILES(x86)%\Microsoft-System |
%PROGRAMFILES(x86)%\apppatch |
%PROGRAMFILES(x86)%\microsoft windows service |
%PROGRAMFILES(x86)%\microsoft windows update utility |
%PROGRAMFILES(x86)%\microsoft windows updatingh |
%PROGRAMFILES(x86)%\sysconfig |
%PROGRAMFILES(x86)%\system32 |
%PUBLIC%\music\microsoft\windows |
%TEMP%\Micromedia |
%TEMP%\SCVHOST |
%TEMP%\csrss.off |
%TEMP%\svchost.exe |
%USERPROFILE%\AppReadiness |
%USERPROFILE%\Favorites\Microsoft\Windows |
%USERPROFILE%\PrintDialog |
%USERPROFILE%\SlideToShutDown |
%UserProfile%\Local Settings\Application Data\Windows Host |
%UserProfile%\Local Settings\Application Data\microsoft.securitykl |
%UserProfile%\Local Settings\Application Data\viphost |
%WINDIR%\Fonts\Mysql |
%WINDIR%\IME\Microsoft\Crypt |
%WINDIR%\SysWOW64\WMIScriptingAPI |
%WINDIR%\SysWOW64\windefence |
%WINDIR%\System32\WMIScriptingAPI |
%WINDIR%\System32\windefence |
%WINDIR%\microsoft windows service |
%WINDIR%\system32\Winbooterr |
%WINDIR%\windowslogszero |
%WINDIR%\winevrst |
%appdata%\$recycle.bin |
%appdata%\Microsoft Management Console |
%appdata%\ProgramFiIes |
%appdata%\Windows SDK Services |
%appdata%\WindowsFolder |
%appdata%\WindowsSearch |
%appdata%\ZSSDVol |
%appdata%\drf |
%appdata%\drfhost |
%appdata%\microsoft.com |
%appdata%\microsoft\svchost1 |
%appdata%\microsoft\windows\screentogif |
%appdata%\pathwin |
%appdata%\runtimebroker |
%appdata%\spoolsvc |
%appdata%\svcp |
%appdata%\url |
%appdata%\windows services |
%appdata%\windowslogs |
%appdata%\windowsncpx86 |
%appdata%\windowsystem |
%appdata%\winm |
%localappdata%\Internet Explorer Browser |
%localappdata%\Windows Security |
%localappdata%\folder name |
%userprofile%\LocationNotificationWindows |
%userprofile%\WMPDMC |
%windir%\system32\mutantw |
%windir%\syswow64\pluginmanager |