Trojan.FakeMS

By JubileeX in Backdoors

Translate To:

Threat Scorecard

Ranking:	9
Threat Level:	80 % (High)
Infected Computers:	1,676,523

First Seen:	May 18, 2012
Last Seen:	April 14, 2024
OS(es) Affected:	Windows

Table of Contents

What is Trojan.FakeMS?

Trojan.FakeMS is a threatening computer program that masquerades as a legitimate Microsoft application. It is designed to gain access to a user's system and collect sensitive information, such as passwords, financial data or other confidential information. The Trojan also can be used to install additional malware on the infected system, which can further compromise the security of the user's data and personal information. It is typically spread through malicious websites, email attachments, or instant messages. Once installed, it can be difficult to detect and remove from the system without specialized anti-malware software, which makes it even more threatening.

Why Trojan.FakeMS is Threatening

Trojan.FakeMS is difficult to detect and remove from the system without specialized anti-malware software, making it even more dangerous. It may be spread through peer-to-peer networks and removable media, such as USB drives, making it even easier for attackers to gain access to a user's

What Harm Trojan.FakeMS will Cause Once Inside a Computer?

Once inside a computer, Trojan.FakeMS can create various files, including corrupted executables, Registry entries, and other unsafe components. It also may create hidden folders or files to conceal its presence. Additionally, it may modify existing system files or install additional malware on the system to further compromise the security of the user's data and personal information.

Are There Other Threats Similar to Trojam.FakeMSs?

Yes, there are other threats similar to Trojan.FakeMS. These include Trojans such as Zeus, SpyEye, and Citadel; ransomware such as CryptoLocker and CryptoWall; and rootkits such as TDSS and ZeroAccess. All of these threatening programs can be used to gain access to a user's system without their knowledge or permission, collect sensitive information, or install additional malware on the infected system.

How a Computer Gets Infected with Trojan.FakeMS

A computer can get infected with Trojan.FakeMS through various means, such as downloading corrupted files from the Internet, opening suspicious email attachments, or visiting unsafe websites. Additionally, it can be spread through peer-to-peer networks and removable media such as USB drives. It is essential to practice safe browsing habits and use an up-to-date anti-malware program to protect your system from this threat.

Is Trojan.FakeMS Easily Detectable?

No, Trojan.FakeMS is not easily detectable. It can be difficult to detect and remove from the system without specialized anti-malware software. Additionally, it can masquerade as a legitimate Microsoft application, making it even harder to detect.

How Can I Get Rid of a Trojan.FakeMS Infection

To get rid of a Trojan.FakeMS infection, it is essential to use an up-to-date anti-malware program that is capable of detecting and removing the threat. Additionally, users should practice safe browsing habits and avoid downloading files from suspicious websites or opening email attachments from unknown sources. It also is recommended to regularly scan your system with an anti-malware program to detect any potential threats.

SpyHunter Detects & Remove Trojan.FakeMS

File System Details

Trojan.FakeMS may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	CheckUpdate.exe	a1de3affe5d4abbfee86b3151ca91c66	608
Name: CheckUpdate.exe MD5: a1de3affe5d4abbfee86b3151ca91c66 Size: 1.17 MB (1174984 bytes) Detections: 608 Type: Executable File Path: %WINDIR%\SysWOW64\CheckUpdate.exe Group: Malware file Last Updated: December 14, 2022
2.	printui.exe	24ae321e8f573320e3956ca139b12934	237
Name: printui.exe MD5: 24ae321e8f573320e3956ca139b12934 Size: 317.61 KB (317613 bytes) Detections: 237 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\appdata\roaming\drpsu\programs\printui.exe Group: Malware file Last Updated: August 5, 2020
3.	svchostsw.exe	d59e944bb5a4116240d192923348e10b	218
Name: svchostsw.exe MD5: d59e944bb5a4116240d192923348e10b Size: 3.46 MB (3463680 bytes) Detections: 218 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\appdata\roaming\microsoft\windows\start menu\programs\startup Group: Malware file Last Updated: December 12, 2019
4.	DA6F.tmp.exe	a3dc08d765e92c1148bad891ab226744	128
Name: DA6F.tmp.exe MD5: a3dc08d765e92c1148bad891ab226744 Size: 4.95 MB (4950528 bytes) Detections: 128 Type: Executable File Path: C:\Windows.old.000\Users\<username>\AppData\Local\Temp\DA6F.tmp.exe Group: Malware file Last Updated: May 24, 2022
5.	refhostMonitorcommonHostCrt.exe	0db7ad191d4abeb532538025b8cd5593	128
Name: refhostMonitorcommonHostCrt.exe MD5: 0db7ad191d4abeb532538025b8cd5593 Size: 2.15 MB (2157056 bytes) Detections: 128 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\refhostMonitorcommonHostCrt.exe Group: Malware file Last Updated: March 29, 2022
6.	prevhost.exe	35474c7f26e8b6a21e2fdc447e0d119f	121
Name: prevhost.exe MD5: 35474c7f26e8b6a21e2fdc447e0d119f Size: 6.33 MB (6339072 bytes) Detections: 121 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Hosts\prevhost.exe Group: Malware file Last Updated: July 22, 2023
7.	prevhost.exe	f46f8f30ce0dcfeb7640a34e3b969f06	96
Name: prevhost.exe MD5: f46f8f30ce0dcfeb7640a34e3b969f06 Size: 2.88 MB (2880000 bytes) Detections: 96 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Hosts\prevhost.exe Group: Malware file Last Updated: October 9, 2023
8.	prevhost.exe	5c1a02c3402263330a0ff357a4da8813	91
Name: prevhost.exe MD5: 5c1a02c3402263330a0ff357a4da8813 Size: 6.34 MB (6346240 bytes) Detections: 91 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Hosts\prevhost.exe Group: Malware file Last Updated: February 15, 2024
9.	explore.exe	a8c10a968795762ce899809cddb3cf34	52
Name: explore.exe MD5: a8c10a968795762ce899809cddb3cf34 Size: 169.47 KB (169472 bytes) Detections: 52 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\AppData\Local\Microsoft\explore.exe Group: Malware file Last Updated: June 26, 2020
10.	prevhost.exe	acc42683b97341967abd29bac76c9096	52
Name: prevhost.exe MD5: acc42683b97341967abd29bac76c9096 Size: 6.35 MB (6352384 bytes) Detections: 52 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Hosts\prevhost.exe Group: Malware file Last Updated: March 28, 2024
11.	prevhost.exe	73ad8e88e265e5fb04867a05d3820ac5	50
Name: prevhost.exe MD5: 73ad8e88e265e5fb04867a05d3820ac5 Size: 7.07 MB (7074816 bytes) Detections: 50 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Hosts\prevhost.exe Group: Malware file Last Updated: April 29, 2023
12.	prevhost.exe	bf599d1612d5de7ca8fdea16632a63b1	46
Name: prevhost.exe MD5: bf599d1612d5de7ca8fdea16632a63b1 Size: 2.77 MB (2778624 bytes) Detections: 46 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Hosts\prevhost.exe Group: Malware file Last Updated: February 14, 2024
13.	prevhost.exe	bf7103a1533b7320d3cb162e997f669c	44
Name: prevhost.exe MD5: bf7103a1533b7320d3cb162e997f669c Size: 2.81 MB (2812416 bytes) Detections: 44 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Hosts\prevhost.exe Group: Malware file Last Updated: March 3, 2024
14.	prevhost.exe	c16e90c7f2c9765d0ba552dde5568ce2	32
Name: prevhost.exe MD5: c16e90c7f2c9765d0ba552dde5568ce2 Size: 7.07 MB (7073280 bytes) Detections: 32 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Hosts\prevhost.exe Group: Malware file Last Updated: April 7, 2023
15.	svchostsw.exe	ea72378936fea79a06acf816fd8e79b2	25
Name: svchostsw.exe MD5: ea72378936fea79a06acf816fd8e79b2 Size: 4.15 MB (4155847 bytes) Detections: 25 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\appdata\roaming\microsoft\windows\start menu\programs\startup Group: Malware file Last Updated: July 10, 2019
16.	TSTheme.exe	bc6c04a9d6dd8f9387f0615bf91f6811	25
Name: TSTheme.exe MD5: bc6c04a9d6dd8f9387f0615bf91f6811 Size: 7.07 MB (7078912 bytes) Detections: 25 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\Microsoft\Windows\tstheme\TSTheme.exe Group: Malware file Last Updated: December 5, 2022
17.	svehost.exe	59fab2d31ab0ef21322a6fb39c0c5184	11
Name: svehost.exe MD5: 59fab2d31ab0ef21322a6fb39c0c5184 Size: 885.76 KB (885760 bytes) Detections: 11 Type: Executable File Path: C:\WINDOWS\SysWOW64 Group: Malware file Last Updated: February 25, 2020
18.	msupdate.exe	72dffcc28ee645887c10b1a94b6bf7d0	8
Name: msupdate.exe MD5: 72dffcc28ee645887c10b1a94b6bf7d0 Size: 57.34 KB (57344 bytes) Detections: 8 Type: Executable File Path: c:\windows\system32 Group: Malware file Last Updated: February 24, 2020
19.	NTKernel.exe	9221b095e34bfd26f8d61b21d940ca03	7
Name: NTKernel.exe MD5: 9221b095e34bfd26f8d61b21d940ca03 Size: 303.1 KB (303104 bytes) Detections: 7 Type: Executable File Path: C:\Windows\SysWOW64\NT Kernel Group: Malware file Last Updated: August 3, 2020
20.	TSTheme.exe	6442a4e5aaeeebcc97c49605a3d49cfb	7
Name: TSTheme.exe MD5: 6442a4e5aaeeebcc97c49605a3d49cfb Size: 7.09 MB (7094784 bytes) Detections: 7 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\Microsoft\Windows\tstheme\TSTheme.exe Group: Malware file Last Updated: October 11, 2022
21.	svchostsw.exe	3a06a9e14f6e83a201d4b7801d6ab951	6
Name: svchostsw.exe MD5: 3a06a9e14f6e83a201d4b7801d6ab951 Size: 4.15 MB (4155847 bytes) Detections: 6 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\appdata\roaming\microsoft\windows\start menu\programs\startup Group: Malware file Last Updated: July 10, 2019
22.	svchostsw.exe	41e42df02c4169c48b2f139e7a9684dc	3
Name: svchostsw.exe MD5: 41e42df02c4169c48b2f139e7a9684dc Size: 4.15 MB (4155847 bytes) Detections: 3 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\appdata\roaming\microsoft\windows\start menu\programs\startup Group: Malware file Last Updated: July 10, 2019
23.	svchostsw.exe	2d1206e2589812951e7eb8ae4e21481c	3
Name: svchostsw.exe MD5: 2d1206e2589812951e7eb8ae4e21481c Size: 5.02 MB (5028807 bytes) Detections: 3 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\appdata\roaming\microsoft\windows\start menu\programs\startup Group: Malware file Last Updated: July 10, 2019
24.	svchostsw.exe	940dadcd9dfea071bafcc265f8487920	2
Name: svchostsw.exe MD5: 940dadcd9dfea071bafcc265f8487920 Size: 3.04 MB (3048367 bytes) Detections: 2 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\appdata\roaming\microsoft\windows\start menu\programs\startup Group: Malware file Last Updated: July 10, 2019
25.	svchostsw.exe	d9eff430c527528c6fae31e9c47e2ade	2
Name: svchostsw.exe MD5: d9eff430c527528c6fae31e9c47e2ade Size: 4.07 MB (4071367 bytes) Detections: 2 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\appdata\roaming\microsoft\windows\start menu\programs\startup Group: Malware file Last Updated: July 10, 2019
26.	svchostsw.exe	935001434eed29a93b51eb7aae39df74	1
Name: svchostsw.exe MD5: 935001434eed29a93b51eb7aae39df74 Size: 3.95 MB (3952583 bytes) Detections: 1 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\appdata\roaming\microsoft\windows\start menu\programs\startup Group: Malware file Last Updated: July 10, 2019
27.	svchostsw.exe	55458176a635a89a699276aff5713b57	1
Name: svchostsw.exe MD5: 55458176a635a89a699276aff5713b57 Size: 7.07 MB (7073280 bytes) Detections: 1 Type: Executable File Path: c:\Users\<username>\desktop\recuva Group: Malware file Last Updated: July 10, 2019
28.	%programfiles\Trojan.FakeMS.kd\uninstall.exe
Name: %programfiles\Trojan.FakeMS.kd\uninstall.exe Type: Executable File Group: Malware file
29.	%desktop%\Trojan.FakeMS.kd.lnk
Name: %desktop%\Trojan.FakeMS.kd.lnk Type: Shortcut Group: Malware file
30.	%programfiles\Trojan.FakeMS.kd\activate.ico
Name: %programfiles\Trojan.FakeMS.kd\activate.ico Group: Malware file
31.	%commonprograms%\Trojan.FakeMS.kd\Trojan.FakeMS.kd support.lnk
Name: %commonprograms%\Trojan.FakeMS.kd\Trojan.FakeMS.kd support.lnk Type: Shortcut Group: Malware file
32.	%desktop%\Trojan.FakeMS.kd support.lnk
Name: %desktop%\Trojan.FakeMS.kd support.lnk Type: Shortcut Group: Malware file
33.	%programfiles\Trojan.FakeMS.kd\about.ico
Name: %programfiles\Trojan.FakeMS.kd\about.ico Group: Malware file
34.	%commonprograms%\Trojan.FakeMS.kd\about.lnk
Name: %commonprograms%\Trojan.FakeMS.kd\about.lnk Type: Shortcut Group: Malware file
35.	%commonprograms%\Trojan.FakeMS.kd\Trojan.FakeMS.kd.lnk
Name: %commonprograms%\Trojan.FakeMS.kd\Trojan.FakeMS.kd.lnk Type: Shortcut Group: Malware file
36.	%appdata%\microsoft\internet explorer\quick launch\Trojan.FakeMS.kd.lnk
Name: %appdata%\microsoft\internet explorer\quick launch\Trojan.FakeMS.kd.lnk Type: Shortcut Group: Malware file
37.	%programfiles\Trojan.FakeMS.kd\update.ico
Name: %programfiles\Trojan.FakeMS.kd\update.ico Group: Malware file
38.	%programfiles\Trojan.FakeMS.kd\virus.mp3
Name: %programfiles\Trojan.FakeMS.kd\virus.mp3 Group: Malware file
39.	%commonprograms%\Trojan.FakeMS.kd\update.lnk
Name: %commonprograms%\Trojan.FakeMS.kd\update.lnk Type: Shortcut Group: Malware file

More files

Registry Details

Trojan.FakeMS may create the following registry entry or registry entries:

File name without path

1saas.exe

1sass.exe

adobe update.com

chorme.exe

Chrome updater.exe

Chrome updaters.exe

code new.exe

collectchromefingerprint.exe

conhst.exe

covid.exe

crrcs.exe

crss.vbs

cspsvc.exe

d1lhots.exe

default.vbe

Dfnder windows.exe

DispleyService.exe

dllhost.vbs

dllhostn.exe

dllwindefender.exe

doc.vbs

drf.url

drfhost.url

EXPL0RER.exe

explerer.exe

google chorme.vbs

google chrome.vbs

Google Crash Handler.exe

google.com.exe

Isasss.exe

Microsoft Edge.exe

microsoft onedrive.exe

Microsoft Startup.lnk

microsoft windows protocol services host.exe

Microsoft-Windows-Update.exe

Microsoft.vbe

microsofthost.exe

MicrosoftStores.exe

Mozilla.vb

Mozilla.vbs

mssecsvr.exe

mstsc.vbs

mvlc.vbs

NetworkConfigurationSvc.exe

notepad.vbs

One Drive Up-Date.exe

outlook.vbs

payment invoice.exe

r.vbe

RecoveryDriveDel.exe

registeryfixer.vbs

rundll3.0.exe

Runtime Broker.exe

scmvhosts.exe

script.vbs

scrss.exe

scvrrv.exe

Security Protection Windows.pif

Service Host Network Service.exe

servisc.exe

sihost64.exe

spolsv.exe

spoolsvc.exe

spoolsvc.url

srchost.exe

start bot.js

svcchost.exe

svchcst.exe

svchoct.exe

svchosst.exe

svchost..exe

svchost.exe.exe

svchost_.exe

svchost_ms.exe

svchoste.exe

svchostt.exe

svchostwindows.vbs

svchots.exe

svchtisks.exe

svchоst.exe

svcpool.exe

svcpool.vbs

svcsystem.vbs

svhosts.exe

svсhоst.com

System-Registry.exe

system32_.exe

taskmqr.exe

taskost.exe

virtualhostsupdate.exe

Wiindows.exe

windefender.exe

WinDefenderSrvc.vbs

Windows 32.vbs

windows defender update.vbs

Windows host service .exe

Windows Host Sync.exe

windows host.exe

Windows Modules Installer Worker.exe

windows search activity.exe

Windows Security Health Service.exe

Windows Security Shell.exe

Windows Security Update.pif

windows security.exe

Windows Update Registry.exe

windows update.exe

windows updates service.vbe

windows.bat

windows.networking.hostname.exe

Windows.Shell.Search.UriHandler.exe

windows.system.exe

Windows10Update.vbe

Windows32.exe

WindowsAutoUpdate.exe

WindowsSecurityService.exe

windowssupportdll32.dll

WindowsSystemczx.exe

windowsupdate.vbs

windowsvc.exe

winhlp.exe

winmain64.exe

WMPDMC.url

wocualts.exe

wrshost.exe

Regexp file mask

%allusersprofile%\application data\soft.exe

%ALLUSERSPROFILE%\Application Data\taskhost.exe

%allusersprofile%\application data\windows\dlhosts.exe

%ALLUSERSPROFILE%\Microsoft System Diagnostic.exe

%ALLUSERSPROFILE%\Microsoft\Client\rundll32.exe

%ALLUSERSPROFILE%\NetFramework\mscore.exe

%allusersprofile%\ntoskrnl.exe

%ALLUSERSPROFILE%\ProgramData.exe

%allusersprofile%\soft.exe

%allusersprofile%\sql.exe

%ALLUSERSPROFILE%\Start Menu\Programs\Startup\sysdll.exe

%allusersprofile%\svchoste.exe

%ALLUSERSPROFILE%\taskhost.exe

%ALLUSERSPROFILE%\taskmanager.exe

%allusersprofile%\windows\dlhosts.exe

%ALLUSERSPROFILE%\windows\profile\dllhostn.exe

%ALLUSERSPROFILE%\windows\profile\host.exe

%ALLUSERSPROFILE%\Windows\Profile\winlogin.exe

%allusersprofile%\windows\takshost.exe

%allusersprofile%\windows\windows defender.exe

%allusersprofile%\windows\windows search activity.exe

%ALLUSERSPROFILE%\wuauclt.exe

%appdata%\.minecraft\assets\virtual\legacy\dllhost.exe

%appdata%\.minecraft\assets\virtual\legacy\music\igfxtray.exe

%appdata%\[RANDOM CHARACTERS].cpl

%appdata%\cexplorer.exe

%APPDATA%\cftmon.exe

%APPDATA%\defenderupdater.vbs

%APPDATA%\Discord.exe

%APPDATA%\dll.vbs

%appdata%\drivers\drivers.exe

%appdata%\hkcmd.exe

%appdata%\java\svchost.exe

%APPDATA%\JetBrains\PrivacyPolicy\dllhost.exe

%APPDATA%\Media Center Programs\[RANDOM CHARACTERS]host.exe

%APPDATA%\Media Center Programs\vbs.vbs

%appdata%\media\svchost.exe

%appdata%\microsoft onedrive.exe

%appdata%\microsoft\config.ini

%appdata%\microsoft\intel\intel.exe

%APPDATA%\microsoft\microsoft.vbs

%APPDATA%\Microsoft\office\svchost.exe

%appdata%\microsoft\securedata\ushell.exe

%APPDATA%\Microsoft\SetingSync64.exe

%appdata%\microsoft\soundmodule\soundmodule.exe

%APPDATA%\microsoft\windows\ctfmon.exe

%APPDATA%\Microsoft\Windows\Driver\cuda\crss.exe

%appdata%\microsoft\windows\helpers.exe

%APPDATA%\microsoft\windows\lsass.exe

%appdata%\microsoft\windows\runtime\csrss.exe

%appdata%\microsoft\windows\start menu\conhost.exe

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\1svhost.exe

%appdata%\microsoft\windows\start menu\programs\startup\[RANDOM CHARACTERS].cpl

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\[RANDOM CHARACTERS].vbs

%appdata%\microsoft\windows\start menu\programs\startup\[RANDOM CHARACTERS]service.exe

%appdata%\microsoft\windows\start menu\programs\startup\chrome updater.exe

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\crypt[RANDOM CHARACTERS].vbs

%APPDATA%\microsoft\windows\start menu\programs\startup\crypted.vbs

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Desktop.vbs

%appdata%\microsoft\windows\start menu\programs\startup\empty.pif

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\intel.exe

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Api.vbs

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft[RANDOM CHARACTERS].vbs

%APPDATA%\microsoft\windows\start menu\programs\startup\ms_office.exe

%appdata%\microsoft\windows\start menu\programs\startup\mscorsvw.exe

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\officeupdate.lnk

%appdata%\microsoft\windows\start menu\programs\startup\run.vbs

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\smss.exe

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\system.exe

%appdata%\microsoft\windows\start menu\programs\startup\taskhost.exe

%appdata%\microsoft\windows\start menu\programs\startup\taskmgr.exe

%appdata%\microsoft\windows\start menu\programs\startup\updates.vbs

%appdata%\microsoft\windows\start menu\programs\startup\url.url

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\vbs.vbs

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\wina.exe

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Windows Services.url

%appdata%\microsoft\windows\start menu\programs\startup\windowssrv[RANDOM CHARACTERS].exe

%appdata%\microsoft\windows\start menu\programs\startup\windowsupdater.exe

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\winupdsvcs.exe

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\wuauclt.exe

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\x[RANDOM CHARACTERS].vbs

%appdata%\microsoft\windows\svchost.exe

%appdata%\microsoft\windows\templates\wincontroler.exe

%appdata%\microsoft\windows\templates\wincontroller.exe

%APPDATA%\microsoft\windows\themes\win64.exe

%APPDATA%\microsoft\windows\winupmgr.exe

%APPDATA%\microsoft\windows\wkernelcrash.exe

%APPDATA%\mstwain32.exe

%appdata%\msvc\msvc.vbs

%APPDATA%\MyFolder\WindowsExplorers.exe

%appdata%\nvidia.exe

%APPDATA%\nvidiadrive\svchost.exe

%APPDATA%\offices.exe

%appdata%\public.exe

%APPDATA%\services.exe

%appdata%\smss.exe

%APPDATA%\svc\svcsvchost.dll

%appdata%\svchost.dll

%appdata%\svchost.exe

%APPDATA%\svchostt.exe

%appdata%\svmost.exe

%APPDATA%\sys.exe

%APPDATA%\system[RANDOM CHARACTERS].exe

%APPDATA%\SystemCPU.exe

%appdata%\view\view.exe

%APPDATA%\win[RANDOM CHARACTERS].exe

%appdata%\windows host process.exe

%appdata%\windows host.exe

%appdata%\windowsact.exe

%APPDATA%\WinRAR\sihost.exe

%APPDATA%\WinUpdat.vbs

%APPDATA%\winupmgr.exe

%appdata%\wlan.exe

%commonprogramfiles%\system\msadc\svchost.exe

%commonprogramfiles(x86)%\system\msadc\svchost.exe

%HOMEDRIVE%\winces.exe

%homedrive%\winlogon.exe

%localappdata%\[RANDOM CHARACTERS]svchost.exe

%Localappdata%\App\csrss.exe

%LOCALAPPDATA%\App\svchost.exe

%localappdata%\chrome.exe

%LOCALAPPDATA%\defenderupdater.vbs

%LOCALAPPDATA%\local.vbs

%localappdata%\macromedia\scvhost.exe

%localappdata%\microsoft\spoolsvc.exe

%localappdata%\microsoft\windows\lsass.exe

%LOCALAPPDATA%\system.vbs

%LOCALAPPDATA%\system32 \system32.exe

%localappdata%\taskhandler\microsofttaskhandler.exe

%LOCALAPPDATA%\Temp.exe

%LOCALAPPDATA%\Tempsvchost.exe

%localappdata%\winx.exe

%programfiles%\services.exe

%PROGRAMFILES%\Windows Updater\windefend.exe

%public%\svchost.exe

%PUBLIC%\svchost.vbs

%PUBLIC%\svchosts.exe

%PUBLIC%\taskmgr.exe

%PUBLIC%\window.bat

%public%\wininit.exe

%temp%\[NUMBERS].exe

%temp%\[RANDOM CHARACTERS].doc.exe

%TEMP%\appone.exe

%TEMP%\bat.bat

%TEMP%\csrss.exe

%temp%\csrss\scheduled.exe

%TEMP%\firefox\firefox[RANDOM CHARACTERS]

%temp%\msctfmonitor.dll

%TEMP%\mssecsvr.exe

%TEMP%\schost.exe

%TEMP%\svnhost.exe

%TEMP%\syscheck[RANDOM CHARACTERS].exe

%temp%\sysupdate.exe

%temp%\wi[RANDOM CHARACTERS]ndows.exe

%temp%\win64.exe

%useprofile%\downloads\[RANDOM CHARACTERS].doc.exe

%USERPROFILE%\Documents\chrome.exe

%USERPROFILE%\Documents\documents.exe

%USERPROFILE%\Downloads\svchost.exe

%UserProfile%\Local Settings\Application Data\Tempsvchost.exe

%userprofile%\svchost.exe

%USERPROFILE%\Videos\Captures\WindowsMediaPlayer.exe

%userprofile%\windows.bat

%userprofile%\windows.exe

%USERPROFILE%\windows[RANDOM CHARACTERS].exe

%windir%\chromesvc.exe

%windir%\dell\svchost.exe

%windir%\explorer .exe

%WINDIR%\fonts\data\smss.exe

%windir%\fonts\lsass.exe

%windir%\fonts\smss.exe

%windir%\fonts\spoolsv.exe

%WINDIR%\help\help\helpdb.dat

%WINDIR%\help\hlp11.dat

%WINDIR%\Help\svchost.exe

%WINDIR%\help\winlogon.exe

%WINDIR%\IME\Microsoft\MaintenancesServices.dll

%WINDIR%\IME\Microsoft\spoolsv.exe

%WINDIR%\IME\Microsoft\svchost.exe

%windir%\ime\svchost.exe

%windir%\inf\cluster\svchost.exe

%windir%\localsys.exe

%windir%\microsecurity.exe

%windir%\networksys.exe

%WINDIR%\resources\themes\explorer.exe

%WINDIR%\smsvchost.exe

%WINDIR%\system32.exe

%WINDIR%\System32\clientmon.exe

%windir%\system32\devicesys.exe

%WINDIR%\system32\drivers\system32.exe

%windir%\system32\inf\svchost.exe

%windir%\system32\resmon\csvc.exe

%WINDIR%\System32\spool\roaming\svchost.exe

%WINDIR%\System32\system3[RANDOM CHARACTERS].exe

%WINDIR%\System32\Tasks\csrss

%WINDIR%\System32\Tasks\services update

%windir%\system32\windows nt\svchost.exe

%windir%\system\winsma32.exe

%WINDIR%\SysWOW64\clientmon.exe

%windir%\syswow64\csrs.exe

%windir%\syswow64\devicesys.exe

%WINDIR%\SysWOW64\drivers\system32.exe

%windir%\syswow64\microsoft.com

%WINDIR%\syswow64\svchosts.exe

%windir%\syswow64\windows services\win32.exe

%WINDIR%\temp\svvosts.exe

%WINDIR%\temp\terminal.dll

%WINDIR%\temp\termsvc.dll

%windir%\wdms\wlan.exe

HKEY..\..\..\..{RegistryKeys}

hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trojan.FakeMS.kd

hkcr\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}

hkcu\Software\Microsoft\Windows\CurrentVersion\Run "Trojan.FakeMS.kd"

hklm\SOFTWARE\Trojan.FakeMS.kd

SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows-SecureOS

Software\Microsoft\WindowsUpdater

Software\Microsoft\WindowsUpdater\multishare

Software\Microsoft\WindowsUpdater\pushbot

Software\Microsoft\WindowsUpdater\svchost

Software\pushbot2

Directories

Trojan.FakeMS may create the following directory or directories:

%ALLUSERSPROFILE%\Application Data\Update

%ALLUSERSPROFILE%\ComponentPackageSupport

%ALLUSERSPROFILE%\ComponentUpdater

%ALLUSERSPROFILE%\FileManagerIME

%ALLUSERSPROFILE%\GatherNetlinkInfo

%ALLUSERSPROFILE%\Loosger

%ALLUSERSPROFILE%\Microsoft Essentials

%ALLUSERSPROFILE%\NetFrameworkSvc

%ALLUSERSPROFILE%\PrintDialogHostwmiprop

%ALLUSERSPROFILE%\Program Files (x86)

%ALLUSERSPROFILE%\SmartScreen

%ALLUSERSPROFILE%\SystemAppsSpeech

%ALLUSERSPROFILE%\SystemInfoConfig

%ALLUSERSPROFILE%\SystemInformation

%ALLUSERSPROFILE%\SystemModuleInformation

%ALLUSERSPROFILE%\Update

%ALLUSERSPROFILE%\Updates

%ALLUSERSPROFILE%\WMI Provider Host

%ALLUSERSPROFILE%\Windows Apps Certification Kit

%ALLUSERSPROFILE%\WindowsLogs

%ALLUSERSPROFILE%\application services

%ALLUSERSPROFILE%\hdcphandlerdll

%ALLUSERSPROFILE%\intelcore

%ALLUSERSPROFILE%\microsoft host

%ALLUSERSPROFILE%\microsoft\microsofttaskmanager

%ALLUSERSPROFILE%\msconfig

%ALLUSERSPROFILE%\ntspecd

%ALLUSERSPROFILE%\searchdata

%ALLUSERSPROFILE%\searchfiles

%ALLUSERSPROFILE%\searchreplace

%ALLUSERSPROFILE%\searchstrain

%ALLUSERSPROFILE%\systemconfiginfo

%ALLUSERSPROFILE%\tmploog

%ALLUSERSPROFILE%\win32

%ALLUSERSPROFILE%\windowscomponent

%ALLUSERSPROFILE%\windowstools

%ALLUSERSPROFILE%\windowsystemagent2.0

%ALLUSERSPROFILE%\windowsystemdrivers

%ALLUSERSPROFILE%\winhost

%ALLUSERSPROFILE%\winkernel

%ALLUSERSPROFILE%\winnmgr

%ALLUSERSPROFILE%\wmi services

%APPDATA%\ActiveX

%APPDATA%\AppReadiness

%APPDATA%\Host Process for Windows Services

%APPDATA%\InExplor

%APPDATA%\MSBuildF

%APPDATA%\Microsoft Drivers

%APPDATA%\Microsoft\ApiMM1M0

%APPDATA%\MsLibs

%APPDATA%\PrintDialog

%APPDATA%\SlideToShutDown

%APPDATA%\System Volume Information

%APPDATA%\W1ndows

%APPDATA%\WinRAR (x86)

%APPDATA%\Winbooterr

%APPDATA%\Windows Apps Certification Kit

%APPDATA%\Windows Defender

%APPDATA%\Windows Objects

%APPDATA%\Windows10Update

%APPDATA%\WindowsAPI

%APPDATA%\Winlog

%APPDATA%\Winlogon

%APPDATA%\audiodgg

%APPDATA%\interneexplore

%APPDATA%\interneexplorer

%APPDATA%\kernelwindows

%APPDATA%\localadmin

%APPDATA%\memory32

%APPDATA%\microsoft office

%APPDATA%\microsoft office update

%APPDATA%\msnetsys

%APPDATA%\swchost

%APPDATA%\systemoswin

%APPDATA%\taskdrive

%APPDATA%\virtual disk service

%APPDATA%\windows folder

%APPDATA%\windows media player

%APPDATA%\windows media video

%APPDATA%\windowssecurity

%APPDATA%\winmediaplay

%APPDATA%\winrar-services

%APPDATA%\winrarx86

%APPDATA%\winreg

%Appdata%\winservhost

%COMMONPROGRAMFILES%\rundll

%COMMONPROGRAMFILES(x86)%\rundll

%HOMEDRIVE%\systemx86x

%HOMEDRIVE%\win32system

%LOCALAPPDATA%\DesktopPathWinsock

%LOCALAPPDATA%\MicroSoft Updatea

%LOCALAPPDATA%\Microsoft Conhost

%LOCALAPPDATA%\Microsoft Console

%LOCALAPPDATA%\Windows Host

%LOCALAPPDATA%\microsoft.securitykl

%LOCALAPPDATA%\viphost

%PROGRAMFILES%\apppatch

%PROGRAMFILES%\microsoft windows service

%PROGRAMFILES%\microsoft windows update utility

%PROGRAMFILES%\microsoft windows updatingh

%PROGRAMFILES%\sysconfig

%PROGRAMFILES%\system32

%PROGRAMFILES(x86)%\Microsoft-System

%PROGRAMFILES(x86)%\apppatch

%PROGRAMFILES(x86)%\microsoft windows service

%PROGRAMFILES(x86)%\microsoft windows update utility

%PROGRAMFILES(x86)%\microsoft windows updatingh

%PROGRAMFILES(x86)%\sysconfig

%PROGRAMFILES(x86)%\system32

%PUBLIC%\music\microsoft\windows

%TEMP%\Micromedia

%TEMP%\SCVHOST

%TEMP%\csrss.off

%TEMP%\svchost.exe

%USERPROFILE%\AppReadiness

%USERPROFILE%\Favorites\Microsoft\Windows

%USERPROFILE%\PrintDialog

%USERPROFILE%\SlideToShutDown

%UserProfile%\Local Settings\Application Data\Windows Host

%UserProfile%\Local Settings\Application Data\microsoft.securitykl

%UserProfile%\Local Settings\Application Data\viphost

%WINDIR%\Fonts\Mysql

%WINDIR%\IME\Microsoft\Crypt

%WINDIR%\SysWOW64\WMIScriptingAPI

%WINDIR%\SysWOW64\windefence

%WINDIR%\System32\WMIScriptingAPI

%WINDIR%\System32\windefence

%WINDIR%\microsoft windows service

%WINDIR%\system32\Winbooterr

%WINDIR%\windowslogszero

%WINDIR%\winevrst

%appdata%\$recycle.bin

%appdata%\Microsoft Management Console

%appdata%\ProgramFiIes

%appdata%\Windows SDK Services

%appdata%\WindowsFolder

%appdata%\WindowsSearch

%appdata%\ZSSDVol

%appdata%\drf

%appdata%\drfhost

%appdata%\microsoft.com

%appdata%\microsoft\svchost1

%appdata%\microsoft\windows\screentogif

%appdata%\pathwin

%appdata%\runtimebroker

%appdata%\spoolsvc

%appdata%\svcp

%appdata%\url

%appdata%\windows services

%appdata%\windowslogs

%appdata%\windowsncpx86

%appdata%\windowsystem

%appdata%\winm

%localappdata%\Internet Explorer Browser

%localappdata%\Windows Security

%localappdata%\folder name

%userprofile%\LocationNotificationWindows

%userprofile%\WMPDMC

%windir%\system32\mutantw

%windir%\syswow64\pluginmanager

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Trojan.FakeMS

Threat Scorecard

EnigmaSoft Threat Scorecard

What is Trojan.FakeMS?

Why Trojan.FakeMS is Threatening

What Harm Trojan.FakeMS will Cause Once Inside a Computer?

Are There Other Threats Similar to Trojam.FakeMSs?

How a Computer Gets Infected with Trojan.FakeMS

Is Trojan.FakeMS Easily Detectable?

How Can I Get Rid of a Trojan.FakeMS Infection

SpyHunter Detects & Remove Trojan.FakeMS

File System Details

Registry Details

Directories

Submit Comment

Related Posts

Trojan.Fakemsc.A

Trending

WinUpdatesDisabler Ransomware

Capcheck.co.in

Synctechopt.com

Most Viewed

Discord Shows Black Screen when Sharing Screen

How To Fix 'Printer Driver is Unavailable' Error

What is Msedge.exe?