Scribd Logo
Upload

Welcome to Scribd!

  • Audpack (Aka Trojan - Win32.Fraudpack - GKJ) Is A Deceptive Malware

    Uploaded by

    James Lowey
    13 views3 pages
    Trojan.FraudPack is known to guide the malicious trialware of Antispyware Pro XP rogue into new host computers. Once inside, it will probably manifest itself through exaggerated alerts and fake scanners. It may open gateways for remote attackers to gain access to your system and implement their dirty thievish plans.

    Original Description:

    Original Title

    Rachel Laptop

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Trojan.FraudPack is known to guide the malicious trialware of Antispyware Pro XP rogue into new host computers. Once inside, it will probably manifest itself through exaggerated alerts and fake scanners. It may open gateways for remote attackers to gain access to your system and implement their dirty thievish plans.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    13 views3 pages

    Audpack (Aka Trojan - Win32.Fraudpack - GKJ) Is A Deceptive Malware

    Uploaded by

    James Lowey
    Trojan.FraudPack is known to guide the malicious trialware of Antispyware Pro XP rogue into new host computers. Once inside, it will probably manifest itself through exaggerated alerts and fake scanners. It may open gateways for remote attackers to gain access to your system and implement their dirty thievish plans.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    Trojan.FraudPack (AKA Trojan.Win32.FraudPack.

    gkj) is a deceptive malware


    developed to disrupt operating systems and install attendant fake anti-spyware.
    Trojan.FraudPack is known to guide the malicious trialware of Antispyware Pro
    XP rogue into new host computers. Trojan.FraudPack typically infiltrates using
    security software flaws, so its intrusion usually remains undetected. Once inside,
    Trojan.FraudPack will probably manifest itself through exaggerated alerts and
    fake scanners stating that your PC is in danger and should be protected using
    Antispyware Pro paid commercial version. Along with promoting the affiliated
    rogue anti-spyware, Trojan.FraudPack will also affect your overall system
    performance and make it vulnerable to outer threats. Trojan.FraudPack may
    open gateways for remote attackers to gain access to your PC and implement
    their dirty thievish plans. Remove Trojan.FraudPack as soon as you start
    suspecting its malicious activity in your system.
    Registry Modifications
    • The following Registry Keys were created:
    ◦ HKEY_LOCAL_MACHINE\SOFTWARE\avsoft
    ◦ HKEY_LOCAL_MACHINE\SOFTWARE\avsuite
    ◦ HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre
    ntVersion\Policies\Associations
    ◦ HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre
    ntVersion\Policies\Attachments
    ◦ HKEY_CURRENT_USER\Software\Microsoft\Windows
    Script
    ◦ HKEY_CURRENT_USER\Software\Microsoft\Windows
    Script\Settings
    ◦ HKEY_CURRENT_USER\Software\avsoft
    ◦ HKEY_CURRENT_USER\Software\avsuite
    • The newly created Registry Values are:
    ◦ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
    CurrentVersion\Run]
    ▪ ydortjqm = "%AppData
    %\wxalqtmwn\mlkekbltssd.exe"

    ◦ so that mlkekbltssd.exe runs every time Windows starts
    ◦ [HKEY_CURRENT_USER\Software\Microsoft\Internet
    Explorer\Download]
    ▪ RunInvalidSignatures = 0x00000001
    ◦ [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr
    entVersion\Policies\Associations]
    ▪ LowRiskFileTypes = ".exe"
    ◦ [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr
    entVersion\Policies\Attachments]
    ▪ SaveZoneInformation = 0x00000001
    ◦ [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr
    entVersion\Run]
    ▪ ydortjqm = "%AppData
    %\wxalqtmwn\mlkekbltssd.exe"

    ◦ so that mlkekbltssd.exe runs every time Windows starts
    ◦ [HKEY_CURRENT_USER\Software\Microsoft\Windows
    Script\Settings]
    ▪ JITDebug = 0x00000001
    • The following Registry Value was deleted:
    ◦ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
    NT\CurrentVersion\Windows]
    ▪ AppInit_DLLs = ""
    • The following Registry Value was modified:
    ◦ [HKEY_CURRENT_USER\Software\Microsoft\Internet
    Explorer\Download]
    ▪ CheckExeSignatures =
     

    Other details
    • Analysis of the file resources indicate the following possible
    country of origin:

    Russian
    Federation

    You might also like