Fake Alert : Desktop Security 2010

Fake Alert : Desktop Security 2010

ไฟลฺ์ที่ใช้ทดสอบ : SecurityInstall.exe

5.09 MB (5,341,184 bytes)

MD5: 14C54DC822A59CCBD436EF226DDB648B

SHA-1: 87D620EDF59390371066DAEBB86E0CC081B38C2D

=======================================================

Antivirus	Version	Last Update	Result
a-squared	4.5.0.50	2010.02.21	Trojan.Win32.Mespam!IK
AhnLab-V3	5.0.0.2	2010.02.20	-
AntiVir	8.2.1.172	2010.02.22	TR/FakeAV.CD.1
Antiy-AVL	2.0.3.7	2010.02.19	-
Authentium	5.2.0.5	2010.02.21	-
Avast	4.8.1351.0	2010.02.21	-
AVG	9.0.0.730	2010.02.21	-
BitDefender	7.2	2010.02.22	-
CAT-QuickHeal	10.00	2010.02.19	-
ClamAV	0.96.0.0-git	2010.02.21	-
Comodo	4017	2010.02.22	ApplicUnsaf.Win32.FraudTool.DS.~CRSA
DrWeb	5.0.1.12222	2010.02.21	-
eSafe	7.0.17.0	2010.02.21	Win32.TrojanHorse
eTrust-Vet	35.2.7315	2010.02.20	-
F-Prot	4.5.1.85	2010.02.21	-
F-Secure	9.0.15370.0	2010.02.19	-
Fortinet	4.0.14.0	2010.02.21	-
GData	19	2010.02.22	-
Ikarus	T3.1.1.80.0	2010.02.21	Trojan.Win32.Mespam
Jiangmin	13.0.900	2010.02.21	-
K7AntiVirus	7.10.979	2010.02.20	-
Kaspersky	7.0.0.125	2010.02.17	-
McAfee	5899	2010.02.21	-
McAfee+Artemis	5899	2010.02.21	Artemis!14C54DC822A5
McAfee-GW-Edition	6.8.5	2010.02.22	Trojan.FakeAV.CD.1
Microsoft	1.5406	2010.02.21	-
NOD32	4885	2010.02.21	-
Norman	6.04.08	2010.02.21	-
nProtect	2009.1.8.0	2010.02.21	-
Panda	10.0.2.2	2010.02.21	-
PCTools	7.0.3.5	2010.02.22	RogueAntiSpyware.DeskSecurity
Prevx	3.0	2010.02.22	-
Rising	22.34.01.03	2010.02.11	-
Sophos	4.50.0	2010.02.22	-
Sunbelt	5691	2010.02.21	Win32.Malware!Drop
Symantec	20091.2.0.41	2010.02.22	Suspicious.Insight
TheHacker	6.5.1.6.203	2010.02.22	-
TrendMicro	9.120.0.1004	2010.02.21	-
VBA32	3.12.12.2	2010.02.21	-
ViRobot	2010.2.19.2194	2010.02.19	-
VirusBuster	5.0.27.0	2010.02.21	-

-------------------------------------------------------------------------------

ถ้าเปิด Task Manager จะเห็นว่ามี infected เพิ่มขึ้นมา

--------------------------------------------------------------------------

Files Created

C:\Program Files\Desktop Security 2010\Desktop Security 2010.exe

C:\Program Files\Desktop Security 2010\securitycenter.exe

C:\Program Files\Desktop Security 2010\MFC71ENU.DLL

C:\Program Files\Desktop Security 2010\hjengine.dll

C:\Program Files\Desktop Security 2010\mfc71.dll

C:\Program Files\Desktop Security 2010\msvcp71.dll

C:\Program Files\Desktop Security 2010\msvcr71.dll

C:\Program Files\Desktop Security 2010\pthreadVC2.dll

Keys Added

HKLM\SOFTWARE\Desktop Security 2010

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Desktop Security 2010

Values Added

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\desktop security 2010

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\

frkbtjvruufl = C:\WINDOWS\system32\frkbtjvruufl.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\

securitycenter = C:\Program Files\Desktop Security 2010\Desktop Security 2010.exe

Values Modified

HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Start = 0x00000004

HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Epoch\Epoch = 0x000003D0

HKLM\SYSTEM\ControlSet001\Services\wscsvc\Start = 0x00000004

HKLM\SYSTEM\ControlSet001\Services\wuauserv\Start = 0x00000004

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Start = 0x00000004

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\Epoch = 0x000003D0

HKLM\SYSTEM\CurrentControlSet\Services\wscsvc\Start = 0x00000004

HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\Start = 0x00000004

HKCU\Microsoft\Windows NT\CurrentVersion\Winlogon\

Shell = "C:\Program Files\Desktop Security 2010\Desktop Security 2010.exe"

--------------------------------------------------------------------------

วิธีกำจัด Fake Alert : Desktop Security 2010

--------------------------------------------------------------------------

Download Remove Tool

1. Malwarebytes's Anti-Malware (update database)

or

2. a-squared 4.5 (Update database)

---------------------------------------------------------------------------

ส่วน SUPERAntiSpyware Free (Update database 22/02/2010)

ลองทดสอบแล้ว ยังกำึจัดไม่ได้ครับ (not found)