Threat Search: 

ThreatExpert's Statistics for FakeAlert-AB [McAfee]:

FakeAlert-AB [McAfee] is also known as:
Threat AliasNumber of Incidents
AntiVirus2009 [Symantec]9,144
not-a-virus:FraudTool.Win32.XPAntivirus.oj [Kaspersky Lab]8,970
TROJ_FAKEALER.GV [Trend Micro]8,970
Troj/FakeAle-GZ [Sophos]7,956
RogueAntiSpyware.AntiVirusPro [PC Tools]7,021
PHISH.FraudTool.XPAntivirus [Ikarus]6,006
Trojan:Win32/FakeXPA [Microsoft]4,998
Generic PUP.x [McAfee]1,872
Cryp_Pai-5 [Trend Micro]292
PHISH.FraudTool.XPAntivirus.OJ [Ikarus]234
Trojan Horse [Symantec]168
Troj/FakeAV-DC [Sophos]163
TROJ_FAKEALE.BJ [Trend Micro]163
Generic.Win32.Malware.FakeAlert.N [Ikarus]82
Trojan.Win32.Agent [Ikarus]81
Trojan.Win32.Agent.acqs [Kaspersky Lab]81
Trojan.Win32.Agent.acrp [Kaspersky Lab]81
Win-Trojan/Fakealert.78344 [AhnLab]78
Mal/Generic-A [Sophos]56
Mal/FakeAV-F [Sophos]48
Program:Win32/XPSecurityCenter [Microsoft]48
Trojan.Fakeavalert [Symantec]46
Trojan-Downloader.Win32.Agent.aigp [Kaspersky Lab]40
not-a-virus:FraudTool.Win32.MSAntivirus.ak [Kaspersky Lab]37
not-a-virus:FraudTool.Win32.UltimateAntivirus.cq [Kaspersky Lab]37
Backdoor.Win32.VB [Ikarus]35
Program:Win32/Antispycheck [Microsoft]34
RogueAntiSpyware.VirusResponseLab [PC Tools]30
KvmSecure [Symantec]29
Downloader.MisleadApp [Symantec]28
not-a-virus:FraudTool.Win32.XPAntivirus.pn [Kaspersky Lab]28
Troj/FakeAle-JO [Sophos]28
Trojan.Fakeav.BE [Ikarus]25
Trojan-Downloader.Agent!sd6 [PC Tools]25
Generic.Win32.Malware.Antispycheck [Ikarus]24
not-a-virus:AdWare.Win32.BHO.eag [Kaspersky Lab]20
not-a-virus:FraudTool.Win32.Agent.eh [Kaspersky Lab]16
TROJ_RENOS.ACR [Trend Micro]16
Backdoor.Win32.Frauder.in [Kaspersky Lab]15
Virus.Win32.FakeAlert.S [Ikarus]14
Trojan.FakeAlert [PC Tools]13
FakeAlert-BO [McAfee]12
VirusResponseLab [Symantec]12
InternetAntivirus [Symantec]11
Trojan:Win32/Delflob.I [Microsoft]11
Backdoor.Win32.Frauder.io [Kaspersky Lab]10
Backdoor.Win32.Frauder.ip [Kaspersky Lab]10
Backdoor.Win32.Small.ght [Kaspersky Lab]10
Troj/FakeAle-KF [Sophos]10
Trojan.Fakeavalert!sd6 [PC Tools]10
Trojan:Win32/FakeSecSen [Microsoft]10
WinDefender [Symantec]10
Generic.Win32.Malware.Antivirus2008 [Ikarus]9
Mal/FakeVirPk-A [Sophos]9
Packed.Generic.174 [Symantec]9
Troj/FakeAle-HT [Sophos]9
XPAntivirus [Symantec]9
Program:Win32/SpySheriff [Microsoft]8
Trojan.Win32.BHO.exy [Kaspersky Lab]8
Mal/EncPk-CZ [Sophos]7
Packed.Generic.187 [Symantec]6
Program:Win32/InternetAntivirus [Microsoft]6
Trojan.Win32.BHO [Ikarus]6
Trojan.Win32.Delflob.I [Ikarus]6
Trojan:Win32/Tibs.IU [Microsoft]6
Trojan-Downloader.Win32.FraudLoad.bm [Kaspersky Lab]6
Virus.Win32.Trojan [Ikarus]6
Backdoor.Win32.Agent.admr [Kaspersky Lab]5
Gen.Trojan [Ikarus]5
Program:Win32/Antispyware2008 [Microsoft]5
Program:Win32/Antivirus2008 [Microsoft]5
AntiVirus2008 [Symantec]4
Generic.Win32.Malware.InternetAntivirus [Ikarus]4
Generic.Win32.Malware.SpySheriff [Ikarus]4
Mal/EncPk-EP, Mal/TibsPk-D [Sophos]4
not-a-virus:FraudTool.Win32.Agent.gb [Kaspersky Lab]4
not-a-virus:FraudTool.Win32.MSAntivirus.k [Kaspersky Lab]4
not-a-virus:FraudTool.Win32.TotalSecure2009.aa [Kaspersky Lab]4
RogueAntiSpyware.AntiSpyware2008 [PC Tools]4
TotalSecure2009 [Symantec]4
Troj/FakeAle-GY [Sophos]4
Troj/FakeVir-FO [Sophos]4
Troj/FakeVir-HO [Sophos]4
TROJ_FAKEAV.JZ [Trend Micro]4
Trojan.Win32.BHO.gmw [Kaspersky Lab]4
Trojan.Zlob [Symantec]4
Trojan:Win32/InternetAntivirus [Microsoft]4
Trojan:Win32/Tibs.J [Microsoft]4
Trojan-Downloader.Win32.FraudLoad.vaxg [Kaspersky Lab]4
Trojan-Downloader.Win32.Small.zio [Kaspersky Lab]4
Backdoor.Agent!sd6 [PC Tools]3
Backdoor.Win32.Frauder.dk [Ikarus]3
Backdoor.Win32.Frauder.dk [Kaspersky Lab]3
Mal/EncPk-CZ, Mal/EncPk-EI [Sophos]3
Mal/EncPk-EU, Mal/Dorf-E [Sophos]3
Packed.Generic.177 [Symantec]3
Packed.Generic.180 [Symantec]3
Packed.Generic.186 [Symantec]3
Troj/FakeAle-FM [Sophos]3
Troj/Renos-BC [Sophos]3

FakeAlert-AB [McAfee] has the following possible countries of origin:
OriginNumber of Incidents
Russian Federation137
Germany29
Ukraine10
Netherlands1

FakeAlert-AB [McAfee] is known to be created as:
%CommonAppData%\crucialsoft ltd\ms antispyware 2009\msas2009.exe
%ProgramFiles%\antispyware 2008\antispyware-2008.exe
%ProgramFiles%\antivirus 2008\antivirus-2008.exe
%ProgramFiles%\antivirus2008\antvrs.exe
%ProgramFiles%\cleanmaster\uninstall.exe
%ProgramFiles%\internet antivirus\iaupdater.exe
%ProgramFiles%\lpvideoplugin\5378.exe
%ProgramFiles%\microantivirus\microav.exe
%ProgramFiles%\microav\microav.exe
%ProgramFiles%\pc protection center 2008\uninstall.exe
%ProgramFiles%\pchealthcenter\0.exe
%ProgramFiles%\pchealthcenter\1.exe
%ProgramFiles%\pchealthcenter\3.exe
%ProgramFiles%\pchealthcenter\4.exe
%ProgramFiles%\pchealthcenter\5.exe
%ProgramFiles%\power-antivirus-2009\power-antivirus-2009.exe
%ProgramFiles%\rhc75dj0erc1\rhc75dj0erc1.exe
%ProgramFiles%\rhc75dj0erc1\uninstall.exe
%ProgramFiles%\richvideocodec\escan.exe
%ProgramFiles%\sav\sav.exe
%ProgramFiles%\ts-2009\scan.exe
%ProgramFiles%\vav\vav.exe
%ProgramFiles%\virrl2009\virrl2009.exe
%ProgramFiles%\virslab\virslab.exe
%ProgramFiles%\virusrl2009\avlwarning.dll
%ProgramFiles%\virustriggerbin\uninst.exe
%ProgramFiles%\vreslab\vreslab.exe
%ProgramFiles%\windefender\windef.exe
%System%\brastk.exe
%System%\cfax32u.dll
%System%\cfen32i.dll
%System%\cfov32i.dll
%System%\cfov32u.dll
%System%\cfov32x.dll
%System%\dfax32i.dll
%System%\dllcache\userinit.exe
%System%\getfn32.dll
%System%\lpax32i.dll
%System%\lphc35dj0erc1.exe
%System%\ntdll64.dll
%System%\smwin32.dll
%System%\vie1.exe
%System%\yur1.exe
%System%\yur7.exe
%System%\yur8.exe
%Temp%\880158_z.exe
%Temp%\bm_v.exe
%Temp%\mousehook.dll
%Temp%\ntdll64.dll
%Temp%\xpa.exe
%Temp%\xpantivirus2008_v77011807.exe
%Temp%\xpantivirus2008_v880011.exe
%Temp%\xpantivirus2008_v880142.exe
%Temp%\xpapro1003_en.exe
%Temp%\xpsecuritycenter.exe
Notes:
  • %CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.
  • %ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
  • %System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
  • %Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).