Discovered: October 10, 2007 Updated: August 19, 2014 11:20:30 AM Type: Trojan Infection Length: 7,680 bytes Systems Affected: WindowsTrojan.FakeAV is a detection for Trojan horse programs that intentionally misrepresent the security status of a computer. These programs attempt to convince the user to purchase software in order to remove non-existent malware or security risks from the computer. The user is continually prompted to pay for the software using a credit card. Some programs employ tactics designed to annoy or disrupt the activities of the user until the software is purchased.ClonesTrojan.FakeAV detects one of the most prolific types of risks seen on the Internet today. Everyday many bogus antivirus and security applications are released and pushed to unsuspecting users through various delivery channels. Many of these programs turn out to be clones of each other. They are often created from the same code base but presented with a different name and look - achieved through the use of a 'skin'.
For example, ThinkPointis a recent example of a misleading application in circulation since October 2010.InfectionUsers may encounter this kind of threat when they visit Web sites that attempt to convince them to remove non-existent malware or security risks from their computers by installing the bogus software. The Trojan can also be installed by other malware, drive-by downloads, and when downloading and installing other software.Users may be directed to these sites by way of the following methods:. Spam emails that contain links or attachments.
En Iyi Trojan Temizleme Program I Download
Blogs and forums that are spammed with links to adult videos. User-generated content spam (e.g. Technical Description1. Prevention and avoidance1.1 User behavior and precautions1.2 Patch operating system and software2. Infection method2.1 Spam email2.2 Social networking2.3 Search engine poisoning3. Functionality3.1 Pop-up messages3.2 Fake antivirus scans3.3 Clones4. Additional functionality4.1 Fake loss of desktop4.2 Fake restarts4.3 Fake system errors4.4 Blocking execution of programs4.5 Mimicking well-known antivirus brands4.6 Bogus reviews and awards4.7 Professional looking product pages4.8 Multiple language user interface4.9 Live online support5.
Additional information5.1 Affiliates5.2 Resources1. PREVENTION AND AVOIDANCEThe following actions can be taken to avoid or minimize the risk from this threat.1.1 User behavior and precautionsUsers should be aware that email messages with malicious content may appear to have been sent by people known to them, and as such the fact that the sender is known does not guarantee the safety of any particular message.Spam emails may contain malicious links that have been disguised or otherwise made to appear benign. Users should exercise caution when following links in email messages, especially if:. The sender is not known. Given the sender, the characteristics of the email are unusual.
The link is to an unknown domain or an executable fileUsers should avoid opening email attachments unless their authenticity can be verified.The downloading of files using peer-to-peer file-sharing networks can lead to infection. Users should avoid downloading files from unknown or untrustworthy sources, including fake video Web sites that may serve the Trojan executable under the guise of it being a codec that is required to watch a streaming video.Users can mitigate the risk of infection by being careful about clicking links found on Web sites, such as blogs and forums where there is potentially little control or quality checks on the content. Basic checks such as hovering with the mouse pointer over the link will normally show where the link leads to. Users can also check online Web site rating services such asto see if the site is deemed safe to visit.When performing searches in search engines, users should treat any results returned with caution and double-check them before following the links. If pop-up advertisements are displayed, users should not click on them or follow any links within them.Users offered an unfamiliar security product by way of pop-up messages or other similar methods while browsing the Web, should exercise extreme caution and, if in doubt, not download and install the software. It is generally safer to buy from a well-known or trusted brand site or buy a product that can be physically bought from a local shop.The following file names are commonly used for the installer components of Trojan.FakeAV.
Users should avoid downloading and running programs with file names that are the same or similar to those listed below:. Av.exe. Ave.exe. Contract.exe. Ecard.exe.
Eticket.exe. Install.exe. Invoice.exe. Msa.exe. Msb.exe. Postcard.exe.
Settings.exe. Video1.exe1.2 Patch operating system and softwareUsers are advised to ensure that their operating systems and any installed software are fully patched, and that antivirus and firewall software is up to date and operational. Users should turn on automatic updates if available, so that their computers can receive the latest patches and updates when they are made available.2. INFECTION METHODThis threat is known to infect computers through a number of methods. We will examine each of these methods in more detail.2.1 Spam emailSpam email is one of the primary methods used to distribute programs of this nature. Contents of spam emails are frequently changed and updated.
The following are some representative samples of the types of emails that are used for propagation of these programs.SubjectUpdate for Microsoft Outlook / Outlook Express (KB910721)Attachmentofficexp-KB910721-FullFile-ENU.zipOrSubjectA new settings file for the EMAIL ADDRESS@ DOMAIN.com has just be releasedEmail bodyDear use of the DOMAIN.com mailing service!We are informing you that because of the security upgrade of the mailing service your mailbox EMAIL ADDRESS@ DOMAIN.com settings were changed. In order to apply the new set of settings open this file:NAME/settings.exeBest regards, DOMAIN.com Technical Support.OrSubjectConficker.B Infection AlertEmail bodyDear Microsoft Customer,Starting the 'Conficker' worm began infecting Microsoft customers unusually rapidly. Microsoft has been advised by your Internet provider that your network is infected.To counteract further spread we advise removing the infection using an antispyware program. We are supplying all effected Windows Users with a free system scan in order to clean any files infected by the virus.Please install attached file to start the scan.
The process takes under a minute and will prevent your files from being compromised. We appreciate your prompt cooperation.Regards,Microsoft Windows Agent #2 (Hollis)Microsoft Windows Computer Safety DivisionAttachmentopen.zipKnown topics usedSymantec has observed the following topics used in spam emails used to distribute variants of this threat family:. Security upgrades. The Conficker (Downadup) worm2.2 Social networkingWith the use of social networking sites growing at such an explosive rate, it was inevitable that malware authors would attempt to utilize these services as a way to reach a wider audience.
Facebook and Twitter profiles have been hacked in order to post updates pointing to sites that host misleading applications. The lure in these cases may include popular videos or content of a pornographic nature.2.3 Search engine poisoningVendors of these programs can often take advantage of high profile news items or events that may be commanding considerable interest on the Internet and in the media. In fact, it is an unfortunate and now repetitive trend that whenever a newsworthy story breaks, it is inevitably followed by malware surfing the crest of information lust surrounding such stories. Recent examples include:Icelandic volcano (search results)Rozlyn Papa (sample video link)Chilean earthquake (search results)Californian earthquake (search results)Hawaii tsunami (search results)Tiger Woods motoring accidentVendors of fake security software often take advantage of interest generated by major events on the world stage, such as major disasters, sporting events, celebrity scandals, and so on.When such events occur, the interest is often mirrored on the Internet by way of increased Web searches for keywords relating to those events. For example, during the Tiger Woods incident in November 2009, search terms related to the event – including the names of the people involved in the incident and the area where they lived – became some of the top terms searched for in well-known search engines.
The authors of the misleading applications wasted no time to take advantage by poisoning the search engine results.When a user searches for these terms, results containing malicious links may be returned. When clicked on, they may be redirected to a site that hosts a misleading application.The most popular search terms at any given time are recordedby Google.
These terms may result in poisoned search engine results that may ultimately lead to sites that host these misleading applications.A poisoned search engine link may present the user with the option of watching a video that relates to the topic they have searched for. However, this video will not play immediately.Instead, the user will be instructed to download and run a file in order to watch the video. This file may be portrayed as a codec, a Flash installer file, or an ActiveX control, when in fact it is a copy of a misleading application.In other cases, the poisoned search result will redirect the browser to a Web site that hosts a fake online security scanner, which attempts to perform a fake scan within the browser window. The fake scan is designed to look like a legitimate Windows operating system window.
Media Review'IObit Malware Fighter is a security & privacy software package that is designed to protect casual web users and corporations from online attacks. Use it to prevent malware such as Petya and GoldenEye from ransoming the use of your PC.' SoftonicUser Review'Some years ago somebody drew my attention to IObit Malware Fighter. First I was sceptic.
But after installing it, it became my favourite anti-malware program. It is very easy to use. Through the years it already has detected several threats and removed it. In cooperation with the other IObit programs, like for example ASC, I have a good PC protection. I now recommend these programs to all my friends and family.'
Peter Stoffers2016User Review'As a result of using several of the IObit computer software products & being very impressed with the innovation & results obtained with these products, I can recommend the IObit Malware Fighter product. IObit Malware Fighter runs quietly in the background with minimal user input required. I am confident that IObit Malware Fighter is able to monitor malware & prevent malware from reaching my computer. I recommend IObit Malware Fighter for all computer users.' Whittington2017User Review'I'm using Iobit Malware Fighter PRO for quite a some time now.
I must say I'm impressed with a fact, how littlere sources IMF uses during scan and in general all together. I like it's interface becouse it's simple and efficient.
I own DELL PC with OEM WIN8 upgraded to WIN8.1 as soon it launches. After some time IE11 stoped working and METRO apps starts miss behave. I tryed to solve issue with Windows defender, but without success. I decided to try IMF Free and I'm glad I did. I was able to clean my system and restore all vital function without reseting it to factory level. Thank you IMF.
Thumbs up, keep the good work.' Robert Kajin2015User ReviewLook no further, use IObit malware fighter v6 and enjoy safe surfing! I have used IObits products for a long time and they have kept my PC running smoothly, updated and safe for years to my full satisfaction. IObit's intuitive and smart user interface design is simple to use and does the job with a minimal time spent - great! Recently I downloaded a YTD video downloader from Cnet and got a lot of malicious malware as a “bonus gift”! All my browsers went out of order as a result of the installation. My Norton failed to catch it, but IObits malware fighter 6 Free did the job and restored order on my PC!
Peter Ostergaard2018.