TROJ_FAKEAV.EHM
Posted: November 2, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 9/10 |
|---|---|
| Infected PCs: | 265 |
| First Seen: | November 2, 2012 |
|---|---|
| Last Seen: | July 16, 2022 |
| OS(es) Affected: | Windows |
TROJ_FAKEAV.EHM is a technical identification for Win 8 Security System, a new variant of rogue anti-malware software from the FakeRean family, which now is developing ransomware Trojans for the new Windows 8 OS. While TROJ_FAKEAV.EHM isn't capable of distributing itself, SpywareRemove.com malware researchers' current analyses point to TROJ_FAKEAV.EHM being installed automatically by exploits hosted on malicious sites. Besides pretending to be designed especially for Windows 8, TROJ_FAKEAV.EHM is identical to other members of its family and cannot provide actual anti-malware or security features – instead, TROJ_FAKEAV.EHM displays fake system alerts and scans to promote itself. Because TROJ_FAKEAV.EHM will resist normal deletion techniques and may include security-degrading attacks, you should use tried-and-tested anti-malware software and solutions to remove TROJ_FAKEAV.EHM whenever TROJ_FAKEAV.EHM is installed on your PC.
Just in Time for Windows 8: TROJ_FAKEAV.EHM's Scamware Attacks to Pilfer Your Pockets
TROJ_FAKEAV.EHM is a recently-developed label for some of the newest members of FakeRean that claim to be designed for the Windows 8 OS. However, like older members than Win 8 Security System (such as Win 7 Home Security 2012, Win 7 Antispyware 2012, XP Home Securit 2011 or XP Internet Security 2012), TROJ_FAKEAV.EHM still displays inaccurate system information in an attempt to make you purchase its registration key.
Some of TROJ_FAKEAV.EHM's major (and entirely fraudulent) features include:
- System scans that will display numerous infections on your PC that can't be corroborated by real anti-malware programs.
- Pop-up alerts in various formats, including Windows dialog boxes and Taskbar notifications. These alerts may warn you about specific attacks (Registry changes, spyware attacks, etc.) or point out a range of different types of malware that supposedly are on your computer.
- TROJ_FAKEAV.EHM launches without your consent and displays the above 'features' automatically. Even if you try to terminate TROJ_FAKEAV.EHM, code injection techniques allow TROJ_FAKEAV.EHM to remain open in your computer's memory.
Why a Shell of an Actual Security Program is More of a Problem Than the Dangers that TROJ_FAKEAV.EHM Detects
Close relatives of TROJ_FAKEAV.EHM Trojans also have been found to show other attack functions. SpywareRemove.com malware analysts have spied TROJ_FAKEAV.EHM injecting malicious code into unrelated processes, blocking programs arbitrarily and even redirecting browsers to fake warning pages. These issues shove TROJ_FAKEAV.EHM up from being a mere annoyance into being a very real and significant problem for your PC's safety, and deleting TROJ_FAKEAV.EHM ASAP is advised.
High quality anti-malware programs should be able to detect TROJ_FAKEAV.EHM and remove TROJ_FAKEAV.EHM, although you may need to take additional steps to disable TROJ_FAKEAV.EHM so that TROJ_FAKEAV.EHM can't block your system scans. SpywareRemove.com malware researchers particularly recommend using Safe Mode or a system boot from a USB drive as easy solutions to TROJ_FAKEAV.EHM's attacks.
Even though TROJ_FAKEAV.EHM can't distribute itself, PC threats that have been found associated with TROJ_FAKEAV.EHM's family, like Blackhole Exploit Kits, are noted for their widespread distribution and compatibility with many different configurations of PCs.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%Application Data%\{RANDOM CHARACTERS}.exe
File name: %Application Data%\{RANDOM CHARACTERS}.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%Desktop%\Buy Win 8 Security System.lnk
File name: %Desktop%\Buy Win 8 Security System.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%Start Menu\Programs\Win 8 Security System\Launch Win 8 Security System.lnk
File name: %Start Menu\Programs\Win 8 Security System\Launch Win 8 Security System.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%Start Menu\Programs\Win 8 Security System\Buy Win 8 Security System.lnk
File name: %Start Menu\Programs\Win 8 Security System\Buy Win 8 Security System.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%System%\drivers\{RANDOM CHARACTERS 2}.sys
File name: %System%\drivers\{RANDOM CHARACTERS 2}.sysFile type: System file
Mime Type: unknown/sys
Group: Malware file
Registry Modifications
HKEY..\..\{CLSID Path}HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\ LEGACY_{RANDOM CHARACTERS 2}HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run {RANDOM CHARACTERS}.exe = "%Application Data%\{RANDOM CHARACTERS}.exe"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1* = "1"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet SettingsGlobalUserOffline = "0"HKEY_CURRENT_USER\Software\Microsoft\Windows NT BuildNumber = "0"HKEY_CURRENT_USER\Software\Microsoft\Windows NT BuildVersion = "0"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1:Range = "127.0.0.1"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_{RANDOM CHARACTERS 2}\0000Service = "RANDOM CHARACTERS 2"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_{RANDOM CHARACTERS 3}\0000DeviceDesc = "{RANDOM CHARACTERS}.exe"HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{RANDOM CHARACTERS 2}HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_{RANDOM CHARACTERS 3}
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.