Virus:TR/FakeAV.RK
Date discovered:01/10/2009
Type:Trojan
Subtype:Downloader
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
Static file:Yes
File size:13.824 Bytes
MD5 checksum:7ef9340F26e732fd67debf038663ae41
IVDF version:7.01.06.61 - Thursday, October 1, 2009

 Important information • The write up for this analysis is currently in progress. Please check again later for more details.
 General Method of propagation:
   • No own spreading routine


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Downloads a malicious file


 Files It copies itself to the following locations:
   • %home%\Application Data\seres.exe
   • %home%\Application Data\svcst.exe




It tries to download a file:

– The location is the following:
   • http://**********/apw1f1Vj0K3F0vdR4Ew7Xl
It is saved on the local hard drive under: %home%\Application Data\lizkavd.exe Furthermore this file gets executed after it was fully downloaded. Further investigation pointed out that this file is malware, too. Detected as: TR/Dldr.Fraudload.CV

Description inserted by Lutz Koch on Thursday, October 1, 2009
Description updated by Lutz Koch on Thursday, October 1, 2009

Back . . . .