AntiVirus2008

Download VIRUSfighter NOW
AntiVirus2008 Destructivity: Spreading: Overall risk:
  
• Detected by virus detection files published: 8/15/2008 • Type: Trojan
• Virus characteristics first published: 8/15/2008 • Spreading mechanism: Email, Webpage
• Virus characteristics latest update: 8/15/2008 • Overall risk: Medium
• Alias: FakeAlert • Payload: Downloads and installs malware

Virus type Spreading
mechanism 		Destructivity
and payload 		Additional
descriptions 		Detection
and removal

Changes to registry

"antivirus-2008pro.exe" in
"%root%\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe"

%randomname%.exe, e.g. "%root%\Program Files\rhc3u0j0ev77.exe" in
HKLM\Run\%randomname%, e.g. "HKLM\Run\SMrhc3u0j0ev77"

Ultimate Cleaner:

"UltimateCleaner.exe" in
"%root%\Program Files\Ultimate Cleaner\UltimateCleaner.exe"

Other changes:

"%root%\Program Files\Messenger\msmsgs.exe" /background
in "HKCU\Run\MSMGS"

%randomname%.exe, e.g. "%root%\Program Files\rhc3u0j0ev77.exe" in
HKLM\Run\%randomname%, f.ex. "HKLM\Run\SMrhc3u0j0ev77"

HKEY_CURRENT_USER\Software\Antivirus 2008 PRO

HKEY_CURRENT_USER\Software\Ultimate Cleaner

Value "HH:mm: VIRUS ALERT!" in "sTimeFormat" in subkey
HKEY_CURRENT_USER\Control Panel\International

Value "VIRUS ALERT!" in "ProductId" in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion

Value "HH:mm: VIRUS ALERT!" in "sTimeFormat" in
HKEY_USERS\S-1-5-21-751292930-501881172-
   1690843657-500\Control Panel\International

Value "ultimatecleaner.exe" in "000" in
HKEY_USERS\S-1-5-21-751292930-501881172-
   1690843657-500\Software\Microsoft\Search Assistant\ACMru\5603

Value "C:\Program Files\Ultimate Cleaner\UltimateCleaner.exe" hide in "Ultimate Cleaner" in
"HKEY_USERS\S-1-5-21-751292930-501881172-
   1690843657-500\Software\Microsoft\Windows\CurrentVersion\Run"

Value "AntivirXP08" in "AntivirXP08" in
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
   CurrentVersion\Internet Settings\User Agent\Post Platform"

Value "AntivirXP08" in "DisplayName" in subkey
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
   CurrentVersion\Uninstall\rhc3u0j0ev77"

Value "C:\Program Files\rhc3u0j0ev77\uninstall.exe" in "UninstallString" in subkey

Value "Ultimate Cleaner" in "DisplayName" in subkey
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
   CurrentVersion\Uninstall\Ultimate Cleaner"

Values
"C:\Program Files\rhc3u0j0ev77"
"67b16b273103ae910ef7ee6c9e70701d" in "ADVid"
"1" "AutomaticallyUpdates"
"antivirusxp08.net" in "domain" in
subkey "HKEY_LOCAL_MACHINE\SOFTWARE\rhc3u0j0ev77" %randomname%.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Ultimate Cleaner
HKEY_LOCAL_MACHINE\SOFTWARE\Ultimate Cleaner
(Yes, two duplicate entries)

Value "C:\Program Files\Ultimate Cleaner\com\ucsecuredelete.dll" in
"HKEY_CLASSES_ROOT\CLSID\{15BDE90D-32FD-4133-96DD-
   4F2B49FC0D45}\InProcServer32" %random clsid%

Value "http://trefotte.com:80" in
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\cc6f01f3"
 
# - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
To protect and serve, VirusFighter