Content
FakeAlert-AB.dldr.gen
- Type
- Trojan
- SubType
- Downloader Generic
- Discovery Date
- 08/15/2008
- Length
- Varies
- Minimum DAT
- 5362 (08/15/2008)
- Updated DAT
- 5380 (09/09/2008)
- Minimum Engine
- 5.2.00
- Description Added
- 08/15/2008
- Description Modified
- 09/04/2008 1:34 AM (PT)
Tab Navigation
Characteristics
This threat is a generic detection for the FakeAlert-AB.dldr.
The trojan gives the user a interface which enables them to Continue and install the FakeAlert-AB trojan or close the trojan. Clicking on the close button will also execute the download and the installation of the FakeAlert-AB trojan
It creates the following folder where it places the downloaded FakeAlert-AB trojan (The location may change) :
- \Program files\AV9
It creates the following registry key :
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "%Random sequence of numbers%" = \Program Files\AV9\av2009.exe
Upon installation of the FakeAlert-AB trojan, the FakeAlert-AB.dldr.gen trojan deletes itself
The trojan is known to download the FakeAlert-AB from the following locations (These may change) :
- download-a1.com
- antivirus-2009.com
- antivirusxp-08.net
- antivirus2009professional.com
- xpdownloadserver.com
Symptoms
The appearance of the above files and registry entries
Method of Infection
N/A. Downloaders are not viruses, and as such do not themselves contain any method to replicate. However they may themselves be downloaded by other viruses and/or Trojans to be installed on the user's system.
Many of these additionally are mass spammed by the author to entice people into double-clicking on them.
Alternatively they may be installed by visiting a malicious web page (either by clicking on a link, or by the website hosting a scripted exploit which installs the Downloader onto the user's system with no user interaction.
Removal
All Users:
Use specified engine and DAT files for detection and removal.
Variants
Variants
N/A
All Information
Overview -
This threat is a generic detection for the FakeAlert-AB.dldr.
The FakeAlert-AB.dldr.gen downloads the FakeAlert-AB trojan and installs it on the users machine
Characteristics
Characteristics -
This threat is a generic detection for the FakeAlert-AB.dldr.
The trojan gives the user a interface which enables them to Continue and install the FakeAlert-AB trojan or close the trojan. Clicking on the close button will also execute the download and the installation of the FakeAlert-AB trojan
It creates the following folder where it places the downloaded FakeAlert-AB trojan (The location may change) :
- \Program files\AV9
It creates the following registry key :
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "%Random sequence of numbers%" = \Program Files\AV9\av2009.exe
Upon installation of the FakeAlert-AB trojan, the FakeAlert-AB.dldr.gen trojan deletes itself
The trojan is known to download the FakeAlert-AB from the following locations (These may change) :
- download-a1.com
- antivirus-2009.com
- antivirusxp-08.net
- antivirus2009professional.com
- xpdownloadserver.com
Symptoms
Symptoms -
The appearance of the above files and registry entries
Method of Infection
Method of Infection -
N/A. Downloaders are not viruses, and as such do not themselves contain any method to replicate. However they may themselves be downloaded by other viruses and/or Trojans to be installed on the user's system.
Many of these additionally are mass spammed by the author to entice people into double-clicking on them.
Alternatively they may be installed by visiting a malicious web page (either by clicking on a link, or by the website hosting a scripted exploit which installs the Downloader onto the user's system with no user interaction.
Removal -
Removal -
All Users:
Use specified engine and DAT files for detection and removal.
Additional Windows ME/XP removal considerations
Variants
Variants -
N/A
