Full description

Virus:	TR/Fake.SecSui.O
Date discovered:	12/07/2010
Type:	Trojan
In the wild:	Yes
Reported Infections:	Low to medium
Distribution Potential:	Medium
Damage Potential:	Low
Static file:	Yes
File size:	293.632 Bytes
MD5 checksum:	29891f565c522214bec5ee4e5f635ceb
VDF version:	7.10.09.72

General Method of propagation:
   • Autorun feature

Aliases:
   • Kaspersky: Trojan.Win32.FraudPack.azkf
   • Microsoft: Trojan:Win32/FakeSpypro
   • Panda: Trj/CI.A
   • Eset: Win32/Adware.SpywareProtect2009
   • AhnLab: Trojan/Win32.FraudPack
   • DrWeb: Trojan.Fakealert.18283

Platform / OS:
   • Windows XP

Side effects:
   • Lowers security settings
   • Disable security applications
   • Registry modification

Files It copies itself to the following location:
• %HOME%\Local Settings\Application Data\lphcpmrpw\mvcecmptssd.exe

Registry The following registry keys are added in order to run the processes after reboot:

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • nehlqwro"="%HOME%\Local Settings\Application Data\lphcpmrpw\mvcecmptssd.exe

– [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
   • nehlqwro"="%HOME%\Local Settings\Application Data\lphcpmrpw\mvcecmptssd.exe

The following registry keys are added:

– [HKCU\Software\AVSS]
– [HKLM\Software\AVSS]
– [HKCU\Software\AVSuitE]
– [HKLM\Software\AVSuitE]
– [HKCU\Software\Microsoft\Internet Explorer\Download]
   • "CheckExeSignatures"="no"
   • "RunInvalidSignatures"=dword:00000001

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\
   Attachments]
   • "SaveZoneInformation"=dword:00000001

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\
   Associations]
   • "LowRiskFileTypes"=".exe"

The following registry key is changed:

Lower security settings from Internet Explorer:

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
   Old value:
   • "ProxyEnable"=dword:00000000
   New value:
   • "ProxyEnable"=dword:00000001
   • "ProxyServer"="http=127.0.0.1:5577"
   • "ProxyOverride"=""
   •

Description inserted by Florian Burlefinger on Wednesday, July 14, 2010
Description updated by Florian Burlefinger on Thursday, July 15, 2010

Back . . . .

Featured PC protection

Free products

Most popular

All products

Bundled Solutions

Workstation

Server

Bundled Solutions

Mail Gateways

Web Gateways

Collaboration Platforms

Home Products

Business Products

Virus Lab

More Support

Become an Avira Partner

Home Products

Business Products

Just want to evaluate a product?

Manuals and Tools