Mal/FakeAV-OY
Posted: January 16, 2013
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 7/10 |
|---|---|
| Infected PCs: | 91 |
| First Seen: | January 16, 2013 |
|---|---|
| Last Seen: | April 18, 2020 |
| OS(es) Affected: | Windows |
Mal/FakeAV-OY is a rogue anti-virus program that currently is being distributed by spam e-mail messages. These messages use templates that make them look like update notifications from ADP, a prominent payroll/tax management company. Since installing Mal/FakeAV-OY is done under the pretense of installing a security patch, victims may think that they're making their PCs safer – when what they actually are doing is subjecting their PC to fake pop-up alerts, blocked software usage and other problems that are common to scamware like Mal/FakeAV-OY. Since anti-malware software can detect both Mal/FakeAV-OY and its Trojan dropper, SpywareRemove.com malware researchers suggest that you scan any e-mail-based file attachments before trusting them, although deleting Mal/FakeAV-OY, itself, also is a viable security solution if your PC already is infected.
Mal/FakeAV-OY: Why Protecting Your PC Entails Suspicion for its Would-Be 'Protectors'
Although public awareness about the importance of security patches has been on the rise, many canny malware coders are finding more and more time to use that awareness against the average PC user. Neatly exemplifying this is the e-mail campaign for Mal/FakeAV-OY, which is sent out as a graphics-heavy message that's formatted to look like a security notice from ADP (Automatic Data Processing Inc). Besides exploiting the ADP logo, these messages include step-by-step instructions on how to download a fake security update that actually installs Mal/FakeAV-OY through a ZIP archive. The archive file, itself, most likely is used for preventing simple anti-malware scanners from detecting its malicious payload and is a tactic that SpywareRemove.com malware experts have seen many times in similar spam-based attacks.
Mal/FakeAV-OY, as a fake anti-virus product, can't protect your PC from viruses or other malware. Mal/FakeAV-OY installations may be accompanied by symptoms such as:
- The presence of unusual brands of dysfunctional anti-virus scanners that include inaccurate system scanner results.
- Unusual pop-up alerts.
- Browser redirects to sites that promote Mal/FakeAV-OY or away from genuine PC security sites.
- Blocked access to unrelated applications, which can be solved by terminating or blocking Mal/FakeAV-OY and any PC threats that are related to Mal/FakeAV-OY.
Solving Mal/FakeAV-OY's Fake Security Software with the Genuine Article
Although Mal/FakeAV-OY's delivery method would be especially convincing for corporate targets, SpywareRemove.com malware analysts emphasize that Mal/FakeAV-OY, once installed, can be a danger to any Windows PC. Non-Windows PCs, such as Linux and Mac, remain unaffected by Mal/FakeAV-OY, although they are still in danger from other forms of fake anti-virus programs.
If you experience any problems in removing Mal/FakeAV-OY from your computer, SpywareRemove.com malware research team recommends that you boot your PC into Safe Mode or launch your OS from an uninfected HD device. This will disable Mal/FakeAV-OY and allow you to delete Mal/FakeAV-OY with the real anti-malware product of your choice.
This isn't the only time fake ADP e-mails have been used to install malicious software. Other examples that SpywareRemove.com malware experts have run across include Troj/JSRedir-H and Troj/Dloadr-DPB (Trojans that are designed to install additional malware automatically).
Aliases
More aliases (159)
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:vt-upload-VZ7J9
File name: vt-upload-VZ7J9Size: 63.48 KB (63488 bytes)
MD5: 8f60c2dd18945811b315d430f0cea485
Detection count: 55
Group: Malware file
Last Updated: January 17, 2013
vt-upload-1kf4Y
File name: vt-upload-1kf4YSize: 63.48 KB (63488 bytes)
MD5: 9756fce36f22c0f31cdade3f48ab9643
Detection count: 54
Group: Malware file
Last Updated: January 17, 2013
vt-upload-rETka
File name: vt-upload-rETkaSize: 60.92 KB (60928 bytes)
MD5: 83ef1298e16845896c3ec95653e33dc0
Detection count: 52
Group: Malware file
Last Updated: January 17, 2013
vt-upload-SEfHc
File name: vt-upload-SEfHcSize: 109.05 KB (109056 bytes)
MD5: f72b5e642e1bac0a7f7aa785f9eefa9e
Detection count: 45
Group: Malware file
Last Updated: January 17, 2013
%WINDIR%\Installer\{0FFBC29D-1EB4-7319-58EB-D0E938B597C1}\syshost.exe
File name: syshost.exeSize: 77.31 KB (77312 bytes)
MD5: 5e052a45be0d57ac2773527cffce53cf
Detection count: 23
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\Installer\{0FFBC29D-1EB4-7319-58EB-D0E938B597C1}
Group: Malware file
Last Updated: January 21, 2013
%USERPROFILE%\Local Settings\Application Data\elpvfryz.exe
File name: elpvfryz.exeSize: 335.87 KB (335872 bytes)
MD5: 9d40748f2857fc4cdac5d3cc2909eff7
Detection count: 21
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Local Settings\Application Data
Group: Malware file
Last Updated: January 31, 2013
%WINDIR%\Temp\temp14.exe
File name: temp14.exeSize: 822.27 KB (822272 bytes)
MD5: c852e49b1522e6d133d2b167dda13d6f
Detection count: 16
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\Temp
Group: Malware file
Last Updated: April 16, 2013
%WINDIR%\Temp\temp51.exe
File name: temp51.exeSize: 766.97 KB (766976 bytes)
MD5: 96fe140aa5f043cf444ed09b5b68a06e
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\Temp
Group: Malware file
Last Updated: February 6, 2013
%SystemDrive%\Users\<username>\AppData\Roaming\skype.dat
File name: skype.datSize: 167.93 KB (167936 bytes)
MD5: 5ee7d9868882bde05a1959dfca1c5cc7
Detection count: 12
File type: Data file
Mime Type: unknown/dat
Path: %SystemDrive%\Users\<username>\AppData\Roaming
Group: Malware file
Last Updated: April 18, 2020
%SystemDrive%\Users\<username>\AppData\Roaming\skype.dat
File name: skype.datSize: 98.3 KB (98304 bytes)
MD5: ed3dff7d175b5e63a9e91a1342fb5ed1
Detection count: 10
File type: Data file
Mime Type: unknown/dat
Path: %SystemDrive%\Users\<username>\AppData\Roaming
Group: Malware file
Last Updated: May 13, 2013
%APPDATA%\skype.dat
File name: skype.datSize: 95.74 KB (95744 bytes)
MD5: 8e8d0b99bdc661f184066530fd350458
Detection count: 9
File type: Data file
Mime Type: unknown/dat
Path: %APPDATA%
Group: Malware file
Last Updated: February 6, 2013
%SystemDrive%\Users\<username>\AppData\Roaming\skype.dat
File name: skype.datSize: 85.5 KB (85504 bytes)
MD5: 546e94e145adb806390bd026f5d1fc77
Detection count: 5
File type: Data file
Mime Type: unknown/dat
Path: %SystemDrive%\Users\<username>\AppData\Roaming
Group: Malware file
Last Updated: March 21, 2013
2013 Anti-Fraud Secure Update.zip
File name: 2013 Anti-Fraud Secure Update.zipMime Type: unknown/zip
Group: Malware file
C:\WINDOWS\system32\drivers\npf.sys
File name: C:\WINDOWS\system32\drivers\npf.sysFile type: System file
Mime Type: unknown/sys
Group: Malware file
C:\WINDOWS\system32\wpcap.dll
File name: C:\WINDOWS\system32\wpcap.dllFile type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
C:\WINDOWS\system32\Packet.dll
File name: C:\WINDOWS\system32\Packet.dllFile type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Registry Modifications
HKEY..\..\{Value}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run NextInstance = 0x00000001HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPF TimestampMode = 0x00000000
Additional Information
| # | Message |
|---|---|
| 1 | ALERT! 2013 Anti-Fraud Secure Update Dear Valued ADP Client, We are pleased to announce that ADP Payroll System released secure upgrades to your computer. A new version of secure update is available. Our development division strongly recommends you to download this software update. It contains new features: The certificate will be attached to the computer of the account holder, which disables any fraud activity Any irregular activity on your account is detected by our safety centre Download the attachment. Update will be automatically installed by double click. We value our partnership with you and take pride in the confidence that you place in us to process payroll on your behalf. As always, your ADP Service Team is happy to assist with any questions you may have. |
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.