Trojan.FraudPack is known to guide the malicious trialware of Antispyware Pro XP rogue into new host computers. Once inside, it will probably manifest itself through exaggerated alerts and fake scanners. It may open gateways for remote attackers to gain access to your system and implement their dirty thievish plans.
Trojan.FraudPack is known to guide the malicious trialware of Antispyware Pro XP rogue into new host computers. Once inside, it will probably manifest itself through exaggerated alerts and fake scanners. It may open gateways for remote attackers to gain access to your system and implement their dirty thievish plans.
Copyright:
Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOCX, PDF, TXT or read online from Scribd
Trojan.FraudPack is known to guide the malicious trialware of Antispyware Pro XP rogue into new host computers. Once inside, it will probably manifest itself through exaggerated alerts and fake scanners. It may open gateways for remote attackers to gain access to your system and implement their dirty thievish plans.
Copyright:
Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOCX, PDF, TXT or read online from Scribd
developed to disrupt operating systems and install attendant fake anti-spyware. Trojan.FraudPack is known to guide the malicious trialware of Antispyware Pro XP rogue into new host computers. Trojan.FraudPack typically infiltrates using security software flaws, so its intrusion usually remains undetected. Once inside, Trojan.FraudPack will probably manifest itself through exaggerated alerts and fake scanners stating that your PC is in danger and should be protected using Antispyware Pro paid commercial version. Along with promoting the affiliated rogue anti-spyware, Trojan.FraudPack will also affect your overall system performance and make it vulnerable to outer threats. Trojan.FraudPack may open gateways for remote attackers to gain access to your PC and implement their dirty thievish plans. Remove Trojan.FraudPack as soon as you start suspecting its malicious activity in your system. Registry Modifications • The following Registry Keys were created: ◦ HKEY_LOCAL_MACHINE\SOFTWARE\avsoft ◦ HKEY_LOCAL_MACHINE\SOFTWARE\avsuite ◦ HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Associations ◦ HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Attachments ◦ HKEY_CURRENT_USER\Software\Microsoft\Windows Script ◦ HKEY_CURRENT_USER\Software\Microsoft\Windows Script\Settings ◦ HKEY_CURRENT_USER\Software\avsoft ◦ HKEY_CURRENT_USER\Software\avsuite • The newly created Registry Values are: ◦ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\Run] ▪ ydortjqm = "%AppData %\wxalqtmwn\mlkekbltssd.exe" ◦ ◦ so that mlkekbltssd.exe runs every time Windows starts ◦ [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download] ▪ RunInvalidSignatures = 0x00000001 ◦ [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Policies\Associations] ▪ LowRiskFileTypes = ".exe" ◦ [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Policies\Attachments] ▪ SaveZoneInformation = 0x00000001 ◦ [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Run] ▪ ydortjqm = "%AppData %\wxalqtmwn\mlkekbltssd.exe" ◦ ◦ so that mlkekbltssd.exe runs every time Windows starts ◦ [HKEY_CURRENT_USER\Software\Microsoft\Windows Script\Settings] ▪ JITDebug = 0x00000001 • The following Registry Value was deleted: ◦ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] ▪ AppInit_DLLs = "" • The following Registry Value was modified: ◦ [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download] ▪ CheckExeSignatures =
Other details • Analysis of the file resources indicate the following possible country of origin: