HOME / CONTACT
 
  Home > Malware Cyclopedia > Malware Info.
 Malware Info.
FAQ
Download

 Trojan@W32.FraudPa...
 Trojan@W32.Obfusca...
 Trojan@W32.Zbot.34
 Virus@W32.Sality
 Trojan@W32.Zbot.26
Malware Info. Malware Cyclopedia
Trojan@W32.FraudPack.52
FraudPack.52 is disguised as Anti-Virus software and replace security center.

FraudPack.52 is disguised as Anti-Virus software. After executing it, the firewall and security center are disable. it will also replace icon of security center.
Aliases : Trojan.Win32.FraudPack.amoz [Kaspersky Lab]
Type : Trojan
Date Discovered : 2010/03/19
System Affected : Windows 95/98/ME, Windows NT/2000/XP/2003/Vista
 Risk Assessment
Distribution : High
Damage : Medium
 Character

None

  Description

  ●The firewall disable.

  ●The security center disable.

  ●It replace icon of security center.

  ●After executing virus, it will create following files to the folder:
   C:\Documents and Settings\[User Name]\Local Settings\Application Data\5431nbKhXK
   C:\Documents and Settings\[User Name]\Local Settings\Application Data\av.exe

  ●Add following value to the registry, then virus will run while you start Windows:
   HKEY_USERS\S-1-5-21-1123561945-1659004503-839522115-1003\Software\
   Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\
   [User Name]\Local Settings\Application Data\av.exe: "av"
   HKEY_USERS\S-1-5-21-1123561945-1659004503-839522115-1003\Software\Classes\.exe\
   shell\open\command\: ""C:\Documents and Settings\
   [User Name]\Local Settings\Application Data\av.exe" /START "%1" %*"

  ●Modify the following registry file, and firewall service will be clesed:
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify=0x00000001
 solution None
<Back
Copyright ©2009 SumWinTek Corp., Powered by GGreat.
Tel:886-3-5820616 Fax:886-3-5820617 E-mail: support@sumwintek.com 		  
Visitor:136444