12345

1/07/2011

Fake antivirus SW disguised Adobe Flash Player's installation file.

1. Introduction

Recently, fake anti-virus SW disguised as an "Adobe Flash Player" has been reported.
Upon installed this malicious program, it can show false infection information of normal file and induce user to pay for fix them.
To avoid from this malicious software, users need to be careful on using and downloading programs on internet.

2. Spreading path and symptoms of infection

Downloaded fake anti-virus program is masqueraded as an Adobe Flash Player's installation file and can induce user to recognize normal installation file.


Upon executed Adobe_FlashPlayer_10.1.305.31.exe, it will show fake diagnosis screen and warning screen looked like by Microsoft.

It induces user to click "Apply action" button for removing security threats, and to click "Apply action" button will install fake anti-virus software.


After completed installation, reboot is needed.


After rebooted, window desktop will be changed "Protected Mode" and it will perform system scan.
Currently, this program is designed to induce general users to recognize normal program with using its name "Windows Optimization Center".


After the system scan is completed, it will show fake result screen to user.


It induces user to buy license and pay for fixing fake diagnosed files.


<Screen for purchasing license>

<Screen for payment>

Executing Adobe_FlashPlayer_10.1.305.31.exe will create certain files on following path.

[Generated files]
(User account folder)C:\Documents and Settings\Administrator\Application Data\protect.exe

- (User account folder) is C:\Document and Settings\(User account)\Application Date on general.

Furthermore, it can fix registry value for running itself on boot.

[Register registry value for running on boot]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- Value name : "Windows Optimization Center"
- Value data : "C:\Document and Settings\Administrator\Application Data\protect.exe"

[HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon]
- Value name : "Shell"
- Value data : "C:\Document and Settings\Administrator\Application Data\protect.exe"

3. How to prevent

This kind of fake anti-virus program can show fake infected screen and induce user to pay for fixing them.
To use PC safely from security threats of these malicious files, we recommend following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.
5. Execute downloaded file after scan with anti-virus SW.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with “nProtect Anti-Virus/Spyware” for detecting such as malicious file stated above and runs responding system against various security threats.

Diagnosis name

 - Trojan/W32.FakeAV.2512384

21 comments:

  1. I do believe that we should not install free and fake antivirus software in our system. I would better suggest to go for some good anti spyware.

    ReplyDelete
  2. This is the place the main discharge is regularly an antivirus trial adapted to give selective clients an essence of the capacities before building the whole bundle. Think about these kind of antivirus trial programs as irregular examples or assessment forms that help clients separate and request advancement in those particular fields that really affect their business.https://purr-dev.lib.purdue.edu/members/1708/blog/2016/09/mcafee-antivirus-programs-for-business-or-personal-uses

    ReplyDelete
  3. I do believe that computer users should not use free antivirus software which doesn't come with full functionalities. Using a paid antivirus guarantees to protect your PC from unknown viruses, spyware and other internet threats.

    ReplyDelete
  4. If you dont like antiviruses, or prefer any other apps to antivirus, you should take a closer look at http://spying.ninja/how-to-detect-spyware-on-android/

    ReplyDelete
  5. I encourage you to try this hoverwatch app. It proved to be very efficient.

    ReplyDelete
  6. Adobe Flash Player is the good one which helps you to play video online
    Techubi

    ReplyDelete
  7. It is my first visit to your blog, and I am very impressed with the articles that you serve. Give adequate knowledge for me. Thank you for sharing useful material. I will be back for the more great post. fake college diploma

    ReplyDelete
  8. This article will furnish you with the means required to execution test any antivirus programming suites that you might be keen on obtaining to keep running on your PC.antivirus program

    ReplyDelete
  9. Excellent article. Very interesting to read. I really love to read such a nice article. Thanks! keep rocking. Download Webroot

    ReplyDelete

  10. We have a three-part technology to defend against chargebacks. Using our technology frees you up to concentrate on your business and keeps up your merchant account so that you can grow your business.
    chargeback management


    adobe support number – Adobe is an American multinational software company which is well known for its creation of multimedia and creativity software products.
    adobe support number

    www.mcafee.com/activate - Activate Your McAfee Retail card by simply visiting our website mcafee.com/activate and Get Started with McAfee Security.
    www.mcafee.com

    ReplyDelete
  11. The two test consequences of intrigue are the detection and removal comes about, visit my web site

    ReplyDelete
  12. If you are having one of such question and looking for an answer then do not worry. We are here to help you. You can call the Norton Support team and we will provide you with an on-call technician. The technician will take your issue and help you through by providing you troubleshooting steps.

    ReplyDelete
  13. Epson or Seiko Epson Corporation is a Japanese Company which is one of the world’s largest of Printers and imagining related equipment. With growing demand for a printing device, the technology around printing products is increasing too. This what Epson Printer deliver with their new and upgraded Printers.pson printer support

    ReplyDelete
  14. Norton – Norton Antivirus is a security software tool developed by the Symantec, it offers the next-gen security to the users. It has a wide range of products like Norton Internet Security, Norton 360, Norton Antivirus, Norton Utilities and many others. The company developed a complete tool which can be used as an Antivirus,

    ReplyDelete
  15. Brother is another popular Printer company which manufactures advanced printing device and accessories for both personal and business use. It is a Japanese company which sells their products both online and offline, from stores.

    ReplyDelete
  16. Norton Antivirus 1-800-384-0231 is one of the best Security Antivirus product which can completely protect your digital online life. This Antivirus has the highly strong strengthen and enhanced features like Email protection, a secure firewall, PC optimization tool and parental control that can help you in protecting from the internet spyware, viruses, and internet hackers. Now you can securely surf the internet with the Norton Antivirus. To activate Norton product, you can visit norton.com/activate.
    Norton.com/Setup

    ReplyDelete
  17. Norton has aptly earned the reputation of “King of Antivirus”. Millions of people across the globe rely on Norton products and services. This brand is widely recognized for providing the best of product and services to their esteemed consumers. Products offered by Norton are built with the high-quality security benefits which always result in better protection.
    Norton.com/setup

    ReplyDelete
  18. Founded in the year 1975 by Bill H. Gates and Paul Gardner Allen, Microsoft has become the leading tech business across the globe. Since it was established, the primary focus of this company has been software, however, with Surface tab, this has somewhat changed. Microsoft is most well-known for its Operating System - Windows. Also, its productivity suite- Office - is the most popular in the world. For decades, Microsoft has been leading the tech industry. However, in order to compete, it keeps on adding new features, tools, products to its Office suite. In the present world, Microsoft is well-aware about the need for small businesses and start-ups to grow. Therefore, it has launched Office suites for small and medium-sized companies as well. People from all work setups, students, teachers, freelancers, etc use Microsoft Office programs and services to do their day-to-day tasks. You can activate the product on office.com/setup.
    office.com/setup

    ReplyDelete
  19. Everybody who has a computer or knows how to work on one has used Microsoft Office at some point or the other. For most of the people, Microsoft office has been there to help them throughout their digital lives. From writing college essays to making presentations, to creating emails on outlook to calculating budget on Excel, Microsoft Office has been there. The popularity of Microsoft Office is so high that over a billion people use the Microsoft productivity suite.  Office 2016, Office 2013,Office 2010,Office 2007,and Office 2003 are some of the desktop versions of Microsoft Office.
    Office.com/setup

    ReplyDelete