Home Malware Programs Trojans Troj/FakeAV-GNL

Troj/FakeAV-GNL

Posted: April 26, 2013

Threat Metric

Threat Level: 9/10
Infected PCs: 4
First Seen: April 26, 2013
OS(es) Affected: Windows

Troj/FakeAV-GNL is a Trojan that is a part of a spam malware campaign. Troj/FakeAV-GNL is distributed via malicious fax and email messages. The spam email that spreads Troj/FakeAV-GNL declares to have been sent by an online fax service called 'DuoFax'. However, the sender's email address has been forged, and 'DuoFax' is not associated with these messages. Attached to the unsolicited emails is a file called 'fax[random number].zip', which itself includes an executable file called 'fax01001_DIGIT[5]_.exe'. The .EXE file is detected as Troj/FakeAV-GNL. If an affected PC user opens a harmful file, a computer is infected with Troj/FakeAV-GNL.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



fax[RANDOM NUMBER].zip File name: fax[RANDOM NUMBER].zip
Mime Type: unknown/zip
Group: Malware file
fax01001_DIGIT[5]_.exe File name: fax01001_DIGIT[5]_.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Loading...