TrustNinja (also known as Trust Ninja) is a fake optimization tool presented as a useful program in order to gain the trust of the user. TrustNinja that is a member of the FakeSmoke family, must be installed manually, and once active, begins display fake infection results in order to trick the user into believing that the computer has been compromised. The user is then prompted to purchase the commercial version of TrustNinja in order to combat these threats or fix the various problems.
The family of TrustNinja has various members, all of them clones of TrustNinja. These members include WiniFighter , WiniShield , SaveKeep , SaveKeeper , SoftSafeness , TrustWarrior , WiniGuard , SecurityFighter , Security Soldier , SecureVeteran , Secure Warrior , Trust Cop , Safe Fighter , Trust Soldier , Virus Protector , BlockDefense , Security Soldier , SaveDefense , SystemCop .
TrustNinja may create the following file(s):
#
File Name
MD5
Detections i
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
1.
%ProgramFiles%\TrustNinja Software\TrustNinja\uninstall.exe
+
Name:
%ProgramFiles%\TrustNinja Software\TrustNinja\uninstall.exe Type:
Executable File Group:
Malware file
2.
%ProgramFiles%\TrustNinja Software\TrustNinja\TrustNinjaSvc.exe
+
Name:
%ProgramFiles%\TrustNinja Software\TrustNinja\TrustNinjaSvc.exe Type:
Executable File Group:
Malware file
3.
%Temp%\nsm2.tmp\nsSCM.dll
+
Name:
%Temp%\nsm2.tmp\nsSCM.dll Type:
Dynamic link library Group:
Malware file
4.
%ProgramFiles%\TrustNinja Software\TrustNinja\TrustNinja.exe
+
Name:
%ProgramFiles%\TrustNinja Software\TrustNinja\TrustNinja.exe Type:
Executable File Group:
Malware file
5.
%Temp%\nsm2.tmp\nsProcess.dll
+
Name:
%Temp%\nsm2.tmp\nsProcess.dll Type:
Dynamic link library Group:
Malware file
6.
%ProgramFiles%\TrustNinja Software\TrustNinja\data.bin
+
Name:
%ProgramFiles%\TrustNinja Software\TrustNinja\data.bin Type:
Binary File Group:
Malware file
7.
%Documents and Settings%\All Users\Start Menu\Programs\TrustNinja\2 Homepage.lnk
+
Name:
%Documents and Settings%\All Users\Start Menu\Programs\TrustNinja\2 Homepage.lnk Type:
Shortcut Group:
Malware file
8.
TrustNinja
+
Name:
TrustNinja Group:
Malware file
9.
%ProgramFiles%\TrustNinja Software\TrustNinja
+
Name:
%ProgramFiles%\TrustNinja Software\TrustNinja Group:
Malware file
10.
%Documents and Settings%\All Users\Start Menu\Programs\TrustNinja\1 TrustNinja.lnk
+
Name:
%Documents and Settings%\All Users\Start Menu\Programs\TrustNinja\1 TrustNinja.lnk Type:
Shortcut Group:
Malware file
11.
%Program Files%\TrustNinja Software
+
Name:
%Program Files%\TrustNinja Software Group:
Malware file
12.
%Documents and Settings%\All Users\Desktop\TrustNinja.lnk
+
Name:
%Documents and Settings%\All Users\Desktop\TrustNinja.lnk Type:
Shortcut Group:
Malware file
13.
%ProgramFiles%\TrustNinja Software\TrustNinja\license.txt
+
Name:
%ProgramFiles%\TrustNinja Software\TrustNinja\license.txt Group:
Malware file
14.
%Documents and Settings%\All Users\Start Menu\Programs\TrustNinja\3 Uninstall.lnk
+
Name:
%Documents and Settings%\All Users\Start Menu\Programs\TrustNinja\3 Uninstall.lnk Type:
Shortcut Group:
Malware file
15.
%ProgramFiles%\TrustNinja Software
+
Name:
%ProgramFiles%\TrustNinja Software Group:
Malware file
16.
TrustNinja.exe
c9f6764aede6c4384af2d50bf00e6da8
0
+
Name:
TrustNinja.exe MD5:
c9f6764aede6c4384af2d50bf00e6da8 Size:
724.99 KB (724992 bytes) Detections:
0
Type:
Executable File Group:
Malware file Last Updated:
April 30, 2010
17.
TrustNinjaSvc.exe
e92f901fb0a487d9aac6ae40b8e05d56
0
+
Name:
TrustNinjaSvc.exe MD5:
e92f901fb0a487d9aac6ae40b8e05d56 Size:
65.53 KB (65536 bytes) Detections:
0
Type:
Executable File Group:
Malware file Last Updated:
April 30, 2010
TrustNinja may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\TrustNinja
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “TrustNinja”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TRUSTNINJASVC\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrustNinjaSvc\Security
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrustNinjaSvc\Enum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TrustNinja
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrustNinjaSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TRUSTNINJASVC\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TRUSTNINJASVC\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrustNinjaSvc\Security
HKEY_CURRENT_USER\Software\TrustNinja
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrustNinjaSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TRUSTNINJASVC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TRUSTNINJASVC\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrustNinjaSvc\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TRUSTNINJASVC
TrustNinja may call the following URLs:
akeoqpxcer.com
probanitos.com
trustninja.com
