For Home

Virus Profile: Generic FakeAlert!bgq

Threat Search
Print
   
Virus Profile information details
Risk Assessment: Home Low | Corporate Low
Date Discovered: 10/9/2012
Date Added: 10/9/2012
Origin: Unknown
Length: Varies
Type: Trojan
Subtype: Win32
DAT Required: 6835
Removal Instructions
   
 
 
   

Description

This is a Trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Aliases

  • avira    - TR/Winwebsec.A.284
  • msmp  - Rogue:Win32/Winwebsec
  • nod32  -  Win32/Kryptik.AMZW trojan (variant) 
  • avast  - Win32:Trojan-gen

Indication of Infection

  • Presence of above mentioned files and registry keys
  • Presence unexpected network connection to the above mentioned IP Address.

Methods of Infection

Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, email spam, etc.
   

Virus Characteristics

"Generic FakeAlert!bgq" is a malicious Trojan that may represent security risk for the compromised system and/or its network environment.

Some attacks are extremely almost certainly for getting bundled in any " Generic FakeAlert!bgq" infection, which consists of browser hijacks, Fake Data recovery programs, blocked protection programs, fake method error messages along using the presence of disreputable anti-virus apps that ask for finances to fix your computer.

Upon execution, Trojan connects to the following IP Addresses

178.[Removed].114

In order to make a connection to the below URL through the remote port 80.

Wun[Removed].com

After execution, it creates the following files in below location:

  • %allusersprofile%\Application \ C00F07A01F455B86000CC00EFAECB70C\C00F07A01F455B86000CC00EFAECB70C.exe
  • %allusersprofile%\Application\6F638C2D02DCFD1D226FC6F0E56C3425\ C00F07A01F455B86000CC00EFAECB70C\C00F07A01F455B86000CC00EFAECB70C

And creates directories in the below location to the system:
    

       %allusersprofile%\Application Data\ C00F07A01F455B86000CC00EFAECB70C


   

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).