- Jan 24, 2011
- 9,379
As more and more users have become accustomed to the usual look of rogue or fake anti-viruses, cybercriminals thought that it would be a good idea to tweak the style of their progenies a bit. One of the latest new entries, which my colleagues in the labs âgrabbedâ these days, purports to pertain to none other than the Microsoft® defensive suite, as you can see in the image below.
Trojan.FakeAV.LHS attempts to dupe the user into installing it as a legitimate application. Once onto the unprotected machine, it creates and launches its clone from the current userâs Application Data folder and deletes the initial file that infected the computer. Moreover, it scrounges the registry settings under HKCU\Software\Microsoft\Windows NT\Winlogon\Shell, in order to be launched before the explorer.exe process.
Additionally, FakeAV.LHS mimics a system scan and issues multiple annoying warnings about a gazillion of imaginary infections and other e-threats, while also requiring the gullible user to install a so-called âWindows Optimization Center" for maintenance and disinfection purposes, as depicted in the following screenshot.
After the installation of the malicious center, the rogue continuously bugs the user to purchase a so-called license that will complete the disinfection process. To be even more credible, the Trojan kills any process/application that the user launches/opens, reminding him or her to buy that useless license.
Read more
Trojan.FakeAV.LHS attempts to dupe the user into installing it as a legitimate application. Once onto the unprotected machine, it creates and launches its clone from the current userâs Application Data folder and deletes the initial file that infected the computer. Moreover, it scrounges the registry settings under HKCU\Software\Microsoft\Windows NT\Winlogon\Shell, in order to be launched before the explorer.exe process.
Additionally, FakeAV.LHS mimics a system scan and issues multiple annoying warnings about a gazillion of imaginary infections and other e-threats, while also requiring the gullible user to install a so-called âWindows Optimization Center" for maintenance and disinfection purposes, as depicted in the following screenshot.
After the installation of the malicious center, the rogue continuously bugs the user to purchase a so-called license that will complete the disinfection process. To be even more credible, the Trojan kills any process/application that the user launches/opens, reminding him or her to buy that useless license.
Read more
