FakeAlert-PL
FakeAlert-PL is a malicious computer Trojan which poses a severe threat to PC security. FakeAlert-PL attempts to establish a connection with the remote host and requests other files from Internet. FakeAlert-PL also creates a startup registry entry to make sure the corrupt program runs every time the PC is turned on. Use an updated malware remover to make sure your PC is free of all threats, including FakeAlert-PL.
Aliases
Rogue:Win32/FakeVimes (Microsoft)
File System Modifications
- The following files were created in the system:
# File Name 1 %AppData%\hotfix.exe 2 [file and pathname of the sample #1] 737,280 bytes MD5: 0x414DF2C09DBC801AE83A0A76F9949C31 3 packed with UPX [Kaspersky Lab] 2 %AppData%\jsfhjjsd.bat 177 bytes MD5: 0x9B816FDFFAD9F9D670C9D7533D332086 4 SHA-1: 0x053121300F09E52FC7280B5BA2AAA49D01820249 (not available) 15 %Windir%\Tasks\At20.job 404 bytes MD5: 0xA3086F8D2241FAA5581C9738D26292C1 5 SHA-1: 0x19B5003701C43360BEF89A5AB2DA6C624A94045F (not available) 20 %Windir%\Tasks\At3.job 404 bytes MD5: 0x6881A16C8C58EEF47F7C1C58A52748A8 6 SHA-1: 0x3761F6F8AC7E54F309A55B1D22452107C381732E (not available) 5 %Windir%\Tasks\At11.job 404 bytes MD5: 0x92661693F7F4E07F70498E0E65517243 7 SHA-1: 0x41B2F8BAA7F4BFFDB5BAD41BED99CFCE9D45F827 8 SHA-1: 0x46C18DA4C149CE564E74B4B680734A815E3E2872 (not available) 18 %Windir%\Tasks\At23.job 404 bytes MD5: 0xAD3C47E520FE6BE21AB49C3E90B3E579 9 SHA-1: 0x50FCE91B7033D18BAC602A6CB0840BAAA915C353 (not available) 8 %Windir%\Tasks\At14.job 404 bytes MD5: 0xFC2929CCFDA047D19952E753B596E454 10 SHA-1: 0x5267105062E60553211D30381098C49355152AC7 (not available) 9 %Windir%\Tasks\At15.job 404 bytes MD5: 0x1D321A503782ED348270472A23A8B58F 11 SHA-1: 0x577DB45EE77A6714A0B88BDB679DDFFCFE5BBB26 (not available) 12 %Windir%\Tasks\At18.job 404 bytes MD5: 0xED7599C1E2FB271ECCF7D319CEE43B3E 12 SHA-1: 0x5A010D2C629C09E7E1396614CC61B7767C1E5EB9 (not available) 23 %Windir%\Tasks\At6.job 404 bytes MD5: 0x3DDD5DE0CC40AFFF8C2338535EC2D206 13 SHA-1: 0x6345E04476CD865CEB2017BB6091EEE2B80759F6 (not available) 19 %Windir%\Tasks\At24.job 404 bytes MD5: 0x610C921EB1A69621F844F5C7C6AC5E79 14 SHA-1: 0x6568F33BD98D0BAE131644FE0B264792F3BBD093 (not available) 10 %Windir%\Tasks\At16.job 404 bytes MD5: 0x6D3CE808B9E0250A29FEF611A1739479 15 SHA-1: 0x6EBA8D6AEA22EB90E807321A8166EDB75D45878D (not available) 24 %Windir%\Tasks\At7.job 404 bytes MD5: 0x02C92CE2850B2363C5A89089E973274F 16 SHA-1: 0x6F45871601AB4A13FC933BE121FFA3D7A19DD3ED (not available) 6 %Windir%\Tasks\At12.job 404 bytes MD5: 0x857E8181375D303FD1BD8EB673F60FC6 17 SHA-1: 0x7D4EF99A972B7AE22661A2B4339962D2FDD0F11F (not available) 17 %Windir%\Tasks\At22.job 404 bytes MD5: 0x74976AB4413C2CDC3CE8A46F87D88FED 18 SHA-1: 0x968FC35BFF6B037ADB88347B0BC5B73B69085F9F (not available) 16 %Windir%\Tasks\At21.job 404 bytes MD5: 0xE5A0608AB7610C56EB0E1940D8CC9049 19 SHA-1: 0xA0DADF84A50F527F516000E408C448456678EF3E (not available) 7 %Windir%\Tasks\At13.job 404 bytes MD5: 0x1BC8F55331A889EDEED1C7794CB0FEEF 20 SHA-1: 0xC2DDB15DFDAD044BDD015D6B94DDE296508F9354 (not available) 3 %Windir%\Tasks\At1.job 404 bytes MD5: 0x282227689DBB0FC9248D7E01D044B7B2 21 SHA-1: 0xC81D9C5C0393723DFFF66D9A919E37D4BE4BA7A3 (not available) 21 %Windir%\Tasks\At4.job 404 bytes MD5: 0xB07FB69F4BB399D1BFF9CC29C4C10B79 22 SHA-1: 0xD3CE762AFEA4B26AB420617D7F3CFB7FC7E83BF2 (not available) 4 %Windir%\Tasks\At10.job 404 bytes MD5: 0x7F4110C9524CA539C5F5E8FE7C0A443D 23 SHA-1: 0xDB31462F556A6DF736F1B29070126CDA3536763F SecurityEssentialFraud [Symantec] 24 SHA-1: 0xDB89256677ED4BDD75BAE69E8F307F23B104C679 (not available) 22 %Windir%\Tasks\At5.job 404 bytes MD5: 0x6A2801EDD6CBAECDAA39C96A91508F18 25 SHA-1: 0xDE1D98B24C8A75A9A95629846774B9EEAE2A0E3D (not available) 11 %Windir%\Tasks\At17.job 404 bytes MD5: 0xECBA5C85B9223404EAAD01B2D4CDB9A7 26 SHA-1: 0xEC0E018E03278C0B2C37DABA158E3440D89D8026 (not available) 25 %Windir%\Tasks\At8.job 404 bytes MD5: 0x047B9DFF02F7E561D2B005F51192DC2F 27 SHA-1: 0xEC9558837515E84AE941E3F3137F99069E9AD233 (not available) 26 %Windir%\Tasks\At9.job 404 bytes MD5: 0x5859BE524296F093FC82FB3D1E143A3C 28 SHA-1: 0xF37D7681227D0B3A47928B558D1205C8382FC080 (not available) 14 %Windir%\Tasks\At2.job 404 bytes MD5: 0x96B6C12CEE6FB5F18B015CB62E15B490 29 SHA-1: 0xFA09692C1D293CC0674D4B920909C6118C6917FF (not available) 13 %Windir%\Tasks\At19.job 404 bytes MD5: 0xCD2F0F951FEF2205633E387F2E6B139B
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.