F-Secure
Tools
Rogue:W32/Antivirus2008
| Name : | Rogue:W32/Antivirus2008 |
| Category: | Riskware |
| Type: | Rogue |
| Platform: | W32 |
Summary
Dishonest antivirus software which tricks users into buying or installing it, usually by infecting a user's computer, or by pretending the computer is infected.
Additional Details
Rogue:W32/Antivirus2008 is a rogue that tries to dupe the user into purchasing a version of the product that can supposedly "remove" all the malware that it reports to the user.
The presence of this rogue in the system is evident when a window similar to this one appears:
All the supposedly "malicious" files that are displayed don't exist in the system. These are just meant to spook the user into purchasing the product.
Then it will display this after scanning:
And when you select "Remove all threats now", it will show this window:
Where you have to input the necessary activation key.
If you select "Continue Unprotected", it will show this balloon:
This rogue may also create this folder and drop itself in it:
Then it will create a corresponding autorun key here. A sample entry would be:
And the following keys:
The presence of this rogue in the system is evident when a window similar to this one appears:
All the supposedly "malicious" files that are displayed don't exist in the system. These are just meant to spook the user into purchasing the product.
Then it will display this after scanning:
And when you select "Remove all threats now", it will show this window:
Where you have to input the necessary activation key.
If you select "Continue Unprotected", it will show this balloon:
This rogue may also create this folder and drop itself in it:
• C:\Program Files\Antivirus 2008
Then it will create a corresponding autorun key here. A sample entry would be:
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Antivirus = "C:\Program Files\Antivirus 2008\Antvrs.exe"
Antivirus = "C:\Program Files\Antivirus 2008\Antvrs.exe"
And the following keys:
• HKEY_CURRENT_USER\Software\Antivirus
• HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus