Malware.FakeMsMessage
Posted: November 11, 2015
Threat Metric
The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to
give every identifiable malware threat. Our Threat Meter includes several criteria based off of
specific malware threats to value their severity, reach and volume. The Threat Meter is able to give
you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count,
Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic
breakdown of how all threats are ranked within our own extensive malware database. The scoring for
each specific malware threat can be easily compared to other emerging threats to draw a contrast in
its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to
remove a threat or pursue additional analytical research for all types of computer users.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Ranking: | 10,029 |
---|---|
Threat Level: | 10/10 |
Infected PCs: | 48,207 |
First Seen: | November 11, 2015 |
---|---|
Last Seen: | October 12, 2023 |
OS(es) Affected: | Windows |
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%SYSTEMDRIVE%\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windows error.vbs
File name: windows error.vbsSize: 710B (710 bytes)
MD5: 9bdd4f6736a0dd80c5a06a9ff17dd660
Detection count: 162
Mime Type: unknown/vbs
Path: %SYSTEMDRIVE%\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windows error.vbs
Group: Malware file
Last Updated: July 28, 2020
%WINDIR%\zaid_070317\WinDefend.exe
File name: WinDefend.exeSize: 4.47 MB (4475904 bytes)
MD5: 9c87b1ac7f848a6e66b5eacf2898764b
Detection count: 122
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\zaid_070317
Group: Malware file
Last Updated: February 6, 2020
auto explore.bat
File name: auto explore.batSize: 1.22 KB (1229 bytes)
MD5: 35ff73e844218a7736a7407111ba284d
Detection count: 101
File type: Batch file
Mime Type: unknown/bat
Group: Malware file
Last Updated: September 19, 2023
MICROSOFT ALERT.exe
File name: MICROSOFT ALERT.exeSize: 36.86 KB (36864 bytes)
MD5: 541d647fbcb70dbbfcdd7297455f1514
Detection count: 80
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 10, 2019
%PROGRAMFILES(x86)%\MS Office Activation.exe
File name: MS Office Activation.exeSize: 28.67 KB (28672 bytes)
MD5: 1c3049d69b5eed868d89bdcb1c940fa2
Detection count: 75
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES(x86)%
Group: Malware file
Last Updated: December 23, 2016
FRONT 5.EXE
File name: FRONT 5.EXESize: 1.26 MB (1262080 bytes)
MD5: c0e6bc6a2e6fe9f967d92be70b4f4b7b
Detection count: 65
File type: Executable File
Mime Type: unknown/EXE
Group: Malware file
%LOCALAPPDATA%\Feeder\Feederup.exe
File name: Feederup.exeSize: 21.5 KB (21504 bytes)
MD5: f13dfcf495531f13ef381e32a1e8afbf
Detection count: 64
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Feeder
Group: Malware file
Last Updated: January 20, 2017
%WINDIR%\k4-pc_110317\WinDefend.exe
File name: WinDefend.exeSize: 4.47 MB (4475904 bytes)
MD5: c986a66b2c872c2c617c3b627aa7a229
Detection count: 61
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\k4-pc_110317
Group: Malware file
Last Updated: March 15, 2017
C:\Users\<username>\AppData\Local\Bheega\Bheega.exe
File name: Bheega.exeSize: 27.13 KB (27136 bytes)
MD5: 16bca35fd239198cc0389a36f96f2dc2
Detection count: 59
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Local\Bheega\Bheega.exe
Group: Malware file
Last Updated: June 6, 2021
C:\Users\<username>\AppData\Local\Bheega\Bheegaup.exe
File name: Bheegaup.exeSize: 14.33 KB (14336 bytes)
MD5: 1f4125dfb734f39305e69e8b5e02f07d
Detection count: 52
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Local\Bheega\Bheegaup.exe
Group: Malware file
Last Updated: June 6, 2021
file.exe
File name: file.exeSize: 508.41 KB (508416 bytes)
MD5: 6443d8351f5ed62836003f103d8de20e
Detection count: 40
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: June 26, 2017
%WINDIR%\laptop_100217\WinDefend.exe
File name: WinDefend.exeSize: 2.06 MB (2063360 bytes)
MD5: 0e01bf428df33d1a71dfb2f694447396
Detection count: 37
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\laptop_100217
Group: Malware file
Last Updated: February 11, 2020
file.exe
File name: file.exeSize: 214.01 KB (214016 bytes)
MD5: 950ea2a9ae5384ac24ffbe642bc86896
Detection count: 33
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 4, 2016
c:\Users\<username>\appdata\roaming\msqrt\e.bat
File name: e.batSize: 132B (132 bytes)
MD5: 142983e919799c3ce7a46e8de8f9d775
Detection count: 16
File type: Batch file
Mime Type: unknown/bat
Path: c:\Users\<username>\appdata\roaming\msqrt
Group: Malware file
Last Updated: May 27, 2019
call.vbs
File name: call.vbsSize: 120B (120 bytes)
MD5: f707cb5e45fc4626a26053fa28182374
Detection count: 12
Mime Type: unknown/vbs
Group: Malware file
Last Updated: December 13, 2019
Network Cleaner.hta
File name: Network Cleaner.htaSize: 1.88 KB (1881 bytes)
MD5: 9af26e733894c5d41fdaacdfc26c9122
Detection count: 12
Mime Type: unknown/hta
Group: Malware file
Last Updated: August 8, 2022
windows_update.exe
File name: windows_update.exeSize: 2.69 MB (2698321 bytes)
MD5: fa2d7fcb01836e68a386a652af5c0707
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: August 17, 2022
c:\Users\<username>\appdata\roaming\msqrt\sysuoi.exe
File name: sysuoi.exeSize: 1.02 MB (1024000 bytes)
MD5: ece03144ac1a19561544c659b333fc84
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: c:\Users\<username>\appdata\roaming\msqrt
Group: Malware file
Last Updated: May 16, 2019
c:\Users\<username>\desktop\ecfd75a2f55b3cacb535060cd88b88eb9048eb6b00f1220010371ace56375721.exe
File name: ecfd75a2f55b3cacb535060cd88b88eb9048eb6b00f1220010371ace56375721.exeSize: 1.17 MB (1174528 bytes)
MD5: 40c0f73c336771dadbaa7df2eb6e61c3
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: c:\Users\<username>\desktop
Group: Malware file
Last Updated: April 25, 2019
\\synology-esgbg\plamen folder\infections\ryanshankles@hotmail.com\quarantine\quarantine\msqrt\back1.exe
File name: back1.exeSize: 1.23 MB (1233920 bytes)
MD5: 3009c77b81be6c5b3c9b9143508ffbb3
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: \\synology-esgbg\plamen folder\infections\ryanshankles@hotmail.com\quarantine\quarantine\msqrt
Group: Malware file
Last Updated: May 16, 2019
\\synology-esgbg\plamen folder\infections\ryanshankles@hotmail.com\quarantine\quarantine\msqrt\sysui.exe
File name: sysui.exeSize: 1.01 MB (1012736 bytes)
MD5: 068f1381d99c0d3fedb3fdc56efe5929
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: \\synology-esgbg\plamen folder\infections\ryanshankles@hotmail.com\quarantine\quarantine\msqrt
Group: Malware file
Last Updated: May 16, 2019
More files
Registry Modifications
The following newly produced Registry Values are:
Regexp file mask%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\DefenderUpdater.vbs%APPDATA%\System Monitor\sm.exe%LOCALAPPDATA%\feeder\feeder.exe%PROGRAMFILES(x86)%\Microsoft Corporation\NotificationWindow.dll%PROGRAMFILES(x86)%\Microsoft Corporation\SystemAlert.[RANDOM CHARACTERS]%PROGRAMFILES(x86)%\Microsoft Corporation\SystemAlert.exe%PUBLIC%\Documents\updator.exe%PUBLIC%\Documents\VinCE\BRN.log%PUBLIC%\Documents\WIN32\WBCRP.exe%WINDIR%\microsoft.exe%WINDIR%\System32\Tasks\VinCEHKEY..\..\..\..{RegistryKeys}SOFTWARE\Microsoft\Tracing\nerta_RASAPI32SOFTWARE\Microsoft\Tracing\nerta_RASMANCSSOFTWARE\Microsoft\Tracing\Wiindows_RASAPI32SOFTWARE\Microsoft\Tracing\Wiindows_RASMANCSSOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\MICROSOFT ALERT.exeSOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\Nerta.lnkSOFTWARE\Microsoft\Windows\CurrentVersion\Run\AppUpdatorSoftware\Microsoft\Windows\CurrentVersion\Run\WinkavexeSOFTWARE\Wow6432Node\Microsoft\Tracing\Wiindows_RASAPI32SOFTWARE\Wow6432Node\Microsoft\Tracing\Wiindows_RASMANCSSOFTWARE\Wow6432Node\windowsactivateHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}{926D6550-DCF2-423B-9830-7D67F45DBAB9}_is1
Regexp file mask%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\DefenderUpdater.vbs%APPDATA%\System Monitor\sm.exe%LOCALAPPDATA%\feeder\feeder.exe%PROGRAMFILES(x86)%\Microsoft Corporation\NotificationWindow.dll%PROGRAMFILES(x86)%\Microsoft Corporation\SystemAlert.[RANDOM CHARACTERS]%PROGRAMFILES(x86)%\Microsoft Corporation\SystemAlert.exe%PUBLIC%\Documents\updator.exe%PUBLIC%\Documents\VinCE\BRN.log%PUBLIC%\Documents\WIN32\WBCRP.exe%WINDIR%\microsoft.exe%WINDIR%\System32\Tasks\VinCEHKEY..\..\..\..{RegistryKeys}SOFTWARE\Microsoft\Tracing\nerta_RASAPI32SOFTWARE\Microsoft\Tracing\nerta_RASMANCSSOFTWARE\Microsoft\Tracing\Wiindows_RASAPI32SOFTWARE\Microsoft\Tracing\Wiindows_RASMANCSSOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\MICROSOFT ALERT.exeSOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\Nerta.lnkSOFTWARE\Microsoft\Windows\CurrentVersion\Run\AppUpdatorSoftware\Microsoft\Windows\CurrentVersion\Run\WinkavexeSOFTWARE\Wow6432Node\Microsoft\Tracing\Wiindows_RASAPI32SOFTWARE\Wow6432Node\Microsoft\Tracing\Wiindows_RASMANCSSOFTWARE\Wow6432Node\windowsactivateHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}{926D6550-DCF2-423B-9830-7D67F45DBAB9}_is1
Additional Information
The following directories were created:
%APPDATA%\Tune_Updater%APPDATA%\msqrt%LOCALAPPDATA%\Dynamation%LOCALAPPDATA%\WinDan%LOCALAPPDATA%\WinKav%LOCALAPPDATA%\Windowactivation%LOCALAPPDATA%\clicktwo%LOCALAPPDATA%\winmas%LOCALAPPDATA%\winone%PROGRAMFILES%\Power Update%PROGRAMFILES(x86)%\Active Pro%PROGRAMFILES(x86)%\DrivePro%PROGRAMFILES(x86)%\Error Finder%PROGRAMFILES(x86)%\July Power Update%PROGRAMFILES(x86)%\Productkeyupdate%PROGRAMFILES(x86)%\Registry Cleaner\Registry Cleaner%PROGRAMFILES(x86)%\Stlr\nerta%PROGRAMFILES(x86)%\WindowsActivationError%PROGRAMFILES(x86)%\WindowsActivationUpdate%PROGRAMFILES(x86)%\Windows\Error file remover%PROGRAMFILES(x86)%\windowsactivate%PUBLIC%\Documents\drivepro%USERPROFILE%\Local Settings\Application Data\WinKav
The following URL's were detected:
//smart-screen.hosterror-error.azurewebsites.netfast-online-virus-scanner.infomicrosoftstoers.comnwtzz1.nbtrk0.comtom007.sitewin-help14.s3-accelerate.amazonaws.com
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.