FakeAlert-SpyPro.gen.bb!B5D8E1878EFA
FakeAlert-SpyPro.gen.bb!B5D8E1878EFA is a malicious Trojan which comes bundled with malicious domain Softwareea.com which promotes the notorious rogue program Antivirus Scan. FakeAlert-SpyPro.gen.bb!B5D8E1878EFA downloads and installs Antivirus Scan onto your system with little consent. Your computer keep getting frequent fake alerts that your system is in danger and won't let you go anywhere except Antivirus Scan purchase page. This is a trap to push you to pay money for a fake useless product.
File System Modifications
- The following files were created in the system:
# File Name 1 %Temp%\[random]\ 2 %Temp%\[random]\[random].exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = '1'HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter ?Enabled? = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = 'http=127.0.0.1:59274'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '.exe'HKEY_CURRENT_USER\Software\[random]HKEY..\..\..\..{RegistryKeys}HKEY_CURRENT_USER\Softwae\Microsoft\Windows\CurrentVersion\Run "[random].exe"
I observed an infection of this malware which in addition to the Registry entries and randomly-named executable in the Temp folder described above, also set a proxy server entry into the Internet Explorer Internet Options, redirecting all web traffic for port 80 to 127.0.0.1 on a port in the 8000 range. If you have trouble accessing the Web after cleaning the malware, check your proxy settings under Internet Explorer's Tools menu, Internet Options, Connections, LAN Settings.
We are a group of volunteers and starting a brand new scheme in our community. Your website offered us with helpful information to work on. You have performed an impressive task and our whole group can be grateful to you.