This is detection for a Trojan that displays misleading fake alerts to entice the user into buying a product to "repair" malware problems. This Trojan may masquerade its malicious behavior, and victims are likely to have installed it thinking it is an innocent Anti-Virus program.
Indication of Infection
On the infected machine when the user attempts to open the web browser the malware could block the browser from opening , and pop a screen like the one shown below. Upon closing this screen the victim can access the browser.
- Presence of previously mentioned registry entries
- Presence of previously mentioned files
- Presence of unexpected network connections to previously mentioned domains
Methods of Infection
Trojan does not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include spam emails, IRC, P2P networks, newsgroup postings, etc.