TrustNinja (also known as Trust Ninja) is a fake optimization tool presented as a useful program in order to gain the trust of the user. TrustNinja that is a member of the FakeSmoke family, must be installed manually, and once active, begins display fake infection results in order to trick the user into believing that the computer has been compromised. The user is then prompted to purchase the commercial version of TrustNinja in order to combat these threats or fix the various problems.
The family of TrustNinja has various members, all of them clones of TrustNinja. These members include WiniFighter , WiniShield , SaveKeep , SaveKeeper , SoftSafeness , TrustWarrior , WiniGuard , SecurityFighter , Security Soldier , SecureVeteran , Secure Warrior , Trust Cop , Safe Fighter , Trust Soldier , Virus Protector , BlockDefense , Security Soldier , SaveDefense , SystemCop .
SpyHunter Detects & Remove TrustNinja
File System Details
TrustNinja may create the following file(s):
#
File Name
MD5
Detections i
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
1.
%ProgramFiles%\TrustNinja Software\TrustNinja\uninstall.exe
+
Name:
%ProgramFiles%\TrustNinja Software\TrustNinja\uninstall.exe
Type:
Executable File
Group:
Malware file
2.
%ProgramFiles%\TrustNinja Software\TrustNinja\TrustNinjaSvc.exe
+
Name:
%ProgramFiles%\TrustNinja Software\TrustNinja\TrustNinjaSvc.exe
Type:
Executable File
Group:
Malware file
3.
%Temp%\nsm2.tmp\nsSCM.dll
+
Name:
%Temp%\nsm2.tmp\nsSCM.dll
Type:
Dynamic link library
Group:
Malware file
4.
%ProgramFiles%\TrustNinja Software\TrustNinja\TrustNinja.exe
+
Name:
%ProgramFiles%\TrustNinja Software\TrustNinja\TrustNinja.exe
Type:
Executable File
Group:
Malware file
5.
%Temp%\nsm2.tmp\nsProcess.dll
+
Name:
%Temp%\nsm2.tmp\nsProcess.dll
Type:
Dynamic link library
Group:
Malware file
6.
%ProgramFiles%\TrustNinja Software\TrustNinja\data.bin
+
Name:
%ProgramFiles%\TrustNinja Software\TrustNinja\data.bin
Type:
Binary File
Group:
Malware file
7.
%Documents and Settings%\All Users\Start Menu\Programs\TrustNinja\2 Homepage.lnk
+
Name:
%Documents and Settings%\All Users\Start Menu\Programs\TrustNinja\2 Homepage.lnk
Type:
Shortcut
Group:
Malware file
8.
TrustNinja
+
Name:
TrustNinja
Group:
Malware file
9.
%ProgramFiles%\TrustNinja Software\TrustNinja
+
Name:
%ProgramFiles%\TrustNinja Software\TrustNinja
Group:
Malware file
10.
%Documents and Settings%\All Users\Start Menu\Programs\TrustNinja\1 TrustNinja.lnk
+
Name:
%Documents and Settings%\All Users\Start Menu\Programs\TrustNinja\1 TrustNinja.lnk
Type:
Shortcut
Group:
Malware file
11.
%Program Files%\TrustNinja Software
+
Name:
%Program Files%\TrustNinja Software
Group:
Malware file
12.
%Documents and Settings%\All Users\Desktop\TrustNinja.lnk
+
Name:
%Documents and Settings%\All Users\Desktop\TrustNinja.lnk
Type:
Shortcut
Group:
Malware file
13.
%ProgramFiles%\TrustNinja Software\TrustNinja\license.txt
+
Name:
%ProgramFiles%\TrustNinja Software\TrustNinja\license.txt
Group:
Malware file
14.
%Documents and Settings%\All Users\Start Menu\Programs\TrustNinja\3 Uninstall.lnk
+
Name:
%Documents and Settings%\All Users\Start Menu\Programs\TrustNinja\3 Uninstall.lnk
Type:
Shortcut
Group:
Malware file
15.
%ProgramFiles%\TrustNinja Software
+
Name:
%ProgramFiles%\TrustNinja Software
Group:
Malware file
16.
TrustNinja.exe
c9f6764aede6c4384af2d50bf00e6da8
0
+
Name:
TrustNinja.exe
MD5:
c9f6764aede6c4384af2d50bf00e6da8
Size:
724.99 KB (724992 bytes)
Detections:
0
Type:
Executable File
Group:
Malware file
Last Updated:
April 30, 2010
17.
TrustNinjaSvc.exe
e92f901fb0a487d9aac6ae40b8e05d56
0
+
Name:
TrustNinjaSvc.exe
MD5:
e92f901fb0a487d9aac6ae40b8e05d56
Size:
65.53 KB (65536 bytes)
Detections:
0
Type:
Executable File
Group:
Malware file
Last Updated:
April 30, 2010
Registry Details
TrustNinja may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\TrustNinja
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “TrustNinja”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TRUSTNINJASVC\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrustNinjaSvc\Security
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrustNinjaSvc\Enum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TrustNinja
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrustNinjaSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TRUSTNINJASVC\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TRUSTNINJASVC\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrustNinjaSvc\Security
HKEY_CURRENT_USER\Software\TrustNinja
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrustNinjaSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TRUSTNINJASVC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TRUSTNINJASVC\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrustNinjaSvc\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TRUSTNINJASVC
URLs
TrustNinja may call the following URLs:
akeoqpxcer.com
probanitos.com
trustninja.com