種類 |
Spyware
|
危険度/拡散度 |
/
|
発見日 |
[korea] 2010-05-18 [Foreign] 0000-00-00
|
Virobot対応 |
2010-05-18 [Able to detect & repair]
|
[Symptom of Infection]
[Spyware.FakeAV.Dr.389120] is a fake Anti-Spyware that induces users to purchase for fake repair by showing fake detection result. [PIC 1] Fake Anti-Spyware name is "Data Protection". [PIC 2] Fake Anti-Spyware UI [PIC 3] Interrupting normal programs execution
[PIC 4] A fake warning window of "KeyLogger detected on your PC"
[PIC 5] A fake warning window of "Network attack detected" [PIC 6] Making users to feel nervous by ending Windows forcibly
[PIC 7] Fake detection result
[PIC 8] Installation
[PIC 9] Inducing to purchase fake Anti-Spyware
[PIC 10] Fake attack detection warning by using cookie values
[PIC 11] Showing Windows Security Center pretended malicious code
[PIC 12] Fake file and URL link that created by malicious code
[PIC 13] Fake warning message
[Spyware.FakeAV.Dr.389120] accessed URL and IP are like below: 220.90.***.*** <File> [Spyware.FakeAV.Dr.389120] creates below files:
(Temp Folder)\kernel64xp.dll [Spyware.FakeAV.Dr.389120] creates below registries: HKLM\SOFTWARE\Program Groups |
|
[How to repair]
1. If you are WinXP/ME users, please be inactivate System Recovery Function.
|