Home Malware Programs Trojans ‘Attn! System Files Corrupted’ Fake Message

‘Attn! System Files Corrupted’ Fake Message

Posted: September 24, 2008

'Attn! System Files Corrupted' fake message should not be taken literally but it is a warning and clear indication that you have a Trojan infection currently on your system. 'Attn! System Files Corrupted' fake message is not a legitimate alert although your system files could be corrupted if the Trojan infection causing the 'Attn! System Files Corrupted' fake message is left on your computer.

'Attn! System Files Corrupted' fake message is a serious threat as it may lead to the download and installation of a rogue anti-spyware program such as Micro Antivirus 2009 or Vista Antivirus 2008. The "Attn! System Files Corrupted" fake message reads as follows:

"Attn! System Files Corrupted
Windows system files have been compromiced. Probable cause: Malware infection. Replace modifield files with backup
Copies and perform a scan for malware?"

The 'Attn! System Files Corrupted' fake message is malicious in it's intentions and the Trojan causing it should be removed from your system before major damage is caused. It is best to take action to scan your system with a spyware scan tool to identify and remove the Trojan causing the 'Attn! System Files Corrupted' fake message.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %CurrentFolder%\smmain.exe
    2 %CurrentFolder%\smmon.exe
    3 %CurrentFolder%\smunst.exe
    4 %CurrentFolder%\splug.dll
    5 %CurrentFolder%\spunst.exe
    6 %ProgramFiles%\Video ActiveX Access\iesmin.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{F0993251-2512-4710-AF6E-0A13EA199D02}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0993251-2512-4710-AF6E-0A13EA199D02}HKEY_CURRENT_USER\Software\Protection Tools\"65005" = "1"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{F0993251-2512-4710-AF6E-0A13EA199D02}HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\CLSID\{F0993251-2512-4710-AF6E-0A13EA199D02}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\"rare" = "%CurrentFolder%\smmain.exe"
Loading...