F-Secure
Tools
Rogue:W32/Reanimator.D
| Name : | Rogue:W32/Reanimator.D |
| Detection Names : |
FraudTool.Win32.Reanimator |
| Aliases : |
TrojanDownloader:Win32/Winreanimator.A (Microsoft) WinReanimator (Symantec) |
| Category: | Riskware |
| Type: | Rogue |
| Platform: | W32 |
Summary
Dishonest antivirus software which tricks users into buying or installing it, usually by infecting a user's computer, or by pretending the computer is infected.
Additional Details
Rogue:W32/Reanimator is a rogue anti-malware program. When executed, it will produce exaggerated scan results and attempt to pressure users into buying the full version of the product in order to remove non-existent infections.
Installation
The installer must be executed manually in order to install the program. The main installation folder is:
The program also connects to www.winreanimator.com to download the following files:
And drops them in %USERPROFILE%\Local Settings\Temp.
Activity
Upon execution, the program will scan the computer and display exaggerated/fake scan results indicating infections on the system. It will then constantly display alert messages informing the users that they must register and buy the product in order to remove the "infections".
Installation
The installer must be executed manually in order to install the program. The main installation folder is:
• C:\Program Files\WinReanimator
The program also connects to www.winreanimator.com to download the following files:
• Binaries1.zip
• Binaries2.zip
• Binaries3.zip
And drops them in %USERPROFILE%\Local Settings\Temp.
Activity
Upon execution, the program will scan the computer and display exaggerated/fake scan results indicating infections on the system. It will then constantly display alert messages informing the users that they must register and buy the product in order to remove the "infections".