| Visit ThreatExpert web site | | | Close Report |
[Symantec] [Kaspersky Lab] [McAfee] [Trend Micro] [Sophos] [Microsoft]| What's been found | Severity Level |
| Downloads/requests other files from Internet. |  |
| Creates a startup registry entry. |  |
| Contains characteristics of an identified security risk. |  |
 | Possible Security Risk |
| Security Risk | Description |
| RogueAntiSpyware.AntivirusXP2008 |
RogueAntiSpyware.AntivirusXP2008 displays fake alerts in malware payloads in order to persuade users into buying the rogue antispyware products. |
| Trojan-Downloader.FakeAV.LEM |
This malware will try to download other trojans and then will create a desktop background with an image alerting the user that their computer has been infected with malware or spyware. |
| Application.BluSOD |
Application.BluSOD displays a fake blue screen error. Some RogueAntiSpyware may use this application as a component to trick the user into buying their product. |
| Trojan.FakeAlert |
Trojan.FakeAlert will hijack the desktop background with an image alerting the user that their computer system has been infected with spyware. It also changes some settings of windows which include:- disabling permissions for the user to change the background image and setting the active desktop to 'show web content'. It is usually installed in conjunction with a rogue anti-spyware application. |
| Threat Category | Description |
 |
A malicious backdoor trojan that runs in the background and allows remote access to the compromised system |
 |
A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment |
 | File System Modifications |
| # | Filename(s) | File Size | File Hash | Alias |
| 1 |
%Temp%\.tt1.tmp
%Temp%\.tt6E.tmp |
0 bytes | MD5: 0xD41D8CD98F00B204E9800998ECF8427E SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
(not available) |
| 2 | %Temp%\.tt1.tmp.vbs | 1,002 bytes | MD5: 0x9DF700C8F6FD43FAC0A89AEF04214BBD SHA-1: 0x6EC8BC6D4041CCF19757757C0DA6592469F71C57 |
Trojan-Downloader.FakeAV.LEM [PCTools] Backdoor.Win32.Frauder.eo [Kaspersky Lab]VBS/FakeAlert-AB [McAfee]VBS_FAKEALER.HJ [Trend Micro]VBS/InfSR-A [Sophos]Trojan:VBS/Renos.A [Microsoft] |
| 3 |
%System%\blphc35dj0erc1.scr
|
70,144 bytes | MD5: 0x515787E9DCA480D9AB59B48A54E58852 SHA-1: 0xC13E68ACEAC3FA86F36EC3BD3E8D2146C5FD1EBA |
Application.BluSOD [PCTools] Joke.Blusod [Symantec]Joke-Bluescreen.c [McAfee]Mal/HckPk-A [Sophos]Trojan:Win32/Tibs.HP [Microsoft] |
| 4 |
%System%\lphc35dj0erc1.exe
|
145,920 bytes | MD5: 0x90DC33CDFAFF72799962F678BA7EB88F SHA-1: 0x94C70418A9FD1FE36FF2348ADB5ADC76E9DF1A0A |
Trojan.Desktophijack [Symantec] Trojan.Win32.Agent.zeb [Kaspersky Lab]FakeAlert-AG [McAfee]TROJ_FAKEALER.HW [Trend Micro]Mal/EncPk-CZ [Sophos]TrojanDownloader:Win32/Renos.gen!AT [Microsoft] |
| 5 | %System%\phc35dj0erc1.bmp | 90,838 bytes | MD5: 0x818C2209BD67775533DDF1ACEFB1F84C SHA-1: 0x0A56C98CA99A777ECEEF89EC6B915432A9D5BADD |
Trojan.FakeAlert [PCTools] Trojan.Blusod [Symantec]Fakealert!bmp [McAfee]Troj/FakeAV-BN [Sophos] |
| 6 | %System%\Restore\MachineGuid.txt | 78 bytes | MD5: 0x6331307B7FA1DC849B809B3E89C254CD SHA-1: 0x4B50B9471715B958941AB729908B1DD8EEA8DC50 |
(not available) |
 | Memory Modifications |
| Process Name | Process Filename | Main Module Size |
| lphc35dj0erc1.exe | %System%\lphc35dj0erc1.exe | 393,216 bytes |
| blphc35dj0erc1.scr | %System%\blphc35dj0erc1.scr | 745,472 bytes |
| Process Name | Process Filename | Allocated Size |
| svchost.exe | %System%\svchost.exe | 45,056 bytes |
| Service Name | Display Name | New Status | Service Filename |
| srservice | System Restore Service | "Running" | %System%\svchost.exe -k netsvcs |
 | Registry Modifications |
 | Other details |
All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.
The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.
Copyright © 2010 ThreatExpert. All rights reserved.