| Visit ThreatExpert web site | | | Close Report |
| What's been found | Severity Level |
| Downloads/requests other files from Internet. |  |
| Creates a startup registry entry. |  |
| Contains characteristics of an identified security risk. |  |
 | Possible Security Risk |
| Security Risk | Description |
Application.BluSOD |
Application.BluSOD displays a fake blue screen error. Some RogueAntiSpyware may use this application as a component to trick the user into buying their product. |
| Trojan.FakeAlert |
Trojan.FakeAlert will hijack the desktop background with an image alerting the user that their computer system has been infected with spyware. It also changes some settings of windows which include:- disabling permissions for the user to change the background image and setting the active desktop to 'show web content'. It is usually installed in conjunction with a rogue anti-spyware application. |
| Threat Category | Description |
 |
A spyware program that represents security risk for a local system |
 |
A program that can be used to hijack certain aspects of users' web browser functionality (such as homepage, search page, and security settings) |
 |
A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment |
 | File System Modifications |
| # | Filename(s) | File Size | File Hash | Alias |
| 1 |
%Temp%\.tt1.tmp
%Temp%\.tt6C.tmp |
0 bytes | MD5: 0xD41D8CD98F00B204E9800998ECF8427E SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
(not available) |
| 2 | %Temp%\.tt1.tmp.vbs | 1,002 bytes | MD5: 0x9DF700C8F6FD43FAC0A89AEF04214BBD SHA-1: 0x6EC8BC6D4041CCF19757757C0DA6592469F71C57 |
VBS/FakeAlert-AB [McAfee] VBS_FAKEALER.HJ [Trend Micro]VBS/InfSR-A [Sophos] |
| 3 |
%System%\blphc35dj0erc1.scr
|
118,784 bytes | MD5: 0xB10A43B9044B488DC8C7D33B250CFEBB SHA-1: 0x50100EA46001CC84EC2047C2BE142E8A44B94664 |
Application.BluSOD [PCTools] Trojan.Blusod [Symantec]FakeAlert-AG [McAfee]Troj/FakeAle-FK [Sophos]TrojanDownloader:Win32/Renos [Microsoft] |
| 4 |
%System%\lphc35dj0erc1.exe
|
203,776 bytes | MD5: 0x0F44ED00C0B67D9E5062B8E2C3574345 SHA-1: 0x4D9B42BBD950EA0C253A483EA2DB3F888055C1C6 |
(not available) |
| 5 | %System%\phc35dj0erc1.bmp | 625,208 bytes | MD5: 0x66FA7A528D4472EBB47D70E8F088B10C SHA-1: 0x62FC3FC8B24A34D71CB0ECA6EDC9EA4DCCA75B4D |
Trojan.FakeAlert [PCTools] Trojan.Blusod [Symantec] |
| 6 | %System%\Restore\MachineGuid.txt | 78 bytes | MD5: 0x6331307B7FA1DC849B809B3E89C254CD SHA-1: 0x4B50B9471715B958941AB729908B1DD8EEA8DC50 |
(not available) |
 | Memory Modifications |
| Process Name | Process Filename | Main Module Size |
| lphc35dj0erc1.exe | %System%\lphc35dj0erc1.exe | 892,928 bytes |
| blphc35dj0erc1.scr | %System%\blphc35dj0erc1.scr | 831,488 bytes |
| Process Name | Process Filename | Allocated Size |
| svchost.exe | %System%\svchost.exe | 45,056 bytes |
| Service Name | Display Name | New Status | Service Filename |
| srservice | System Restore Service | "Running" | %System%\svchost.exe -k netsvcs |
 | Registry Modifications |
 | Other details |
All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.
The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.
Copyright © 2009 ThreatExpert. All rights reserved.