Mal/FakeAV-AY
Mal/FakeAV-AY is a mailcious Trojan that hijacks the desktop background with an image alerting the user that the computer has been infected with spyware. Mal/FakeAV-AY also changes Windows settings and sets the active desktop to display corrupt web content. It is usually installed in conjunction with a rogue anti-spyware application that displays false warnings and attempts to persuade users to download a rogue security software program. Mal/FakeAV-AY should not be given any leeway to create mayhem on any computer. Once detected it should immediately be removed.
File System Modifications
- The following files were created in the system:
# File Name 1 %System%\sshnas.dll 2 %Temp%\a.dat 3 %Temp%\a.exe 4 %Temp%\b.exe 5 %Temp%\c.exe 6 %Temp%\sshnas.dll 7 %Windir%\msa.exe 8 %Windir%\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job 9 %Windir%\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}[HKEY_CURRENT_USER\Software\MailBlocker][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run][HKEY_CURRENT_USER\Software\Minisoft][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]HKEY..\..\..\..{RegistryKeys}[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSHNAS\Parameters][HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSHNAS\Security][HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSHNAS][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSHNAS\Parameters][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSHNAS\Security][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSHNAS]
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.