Upon installed this malicious program, it can show false infection information of normal file and induce user to pay for fix them.
To avoid from this malicious software, users need to be careful on using and downloading programs on internet.
2. Spreading path and symptoms of infection
Downloaded fake anti-virus program is masqueraded as an Adobe Flash Player's installation file and can induce user to recognize normal installation file.
Upon executed Adobe_FlashPlayer_10.1.305.31.exe, it will show fake diagnosis screen and warning screen looked like by Microsoft.
After completed installation, reboot is needed.
After rebooted, window desktop will be changed "Protected Mode" and it will perform system scan.
Currently, this program is designed to induce general users to recognize normal program with using its name "Windows Optimization Center".
After the system scan is completed, it will show fake result screen to user.
It induces user to buy license and pay for fixing fake diagnosed files.
<Screen for purchasing license>
<Screen for payment>
Executing Adobe_FlashPlayer_10.1.305.31.exe will create certain files on following path.
Furthermore, it can fix registry value for running itself on boot.
3. How to prevent
This kind of fake anti-virus program can show fake infected screen and induce user to pay for fixing them.
To use PC safely from security threats of these malicious files, we recommend following "Security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with “nProtect Anti-Virus/Spyware” for detecting such as malicious file stated above and runs responding system against various security threats.