FakeAV-Downloader.G. Mungkin Anda sering mendownload freeware/shareware kemudian di-install di komputer Anda, tetapi bagaimana jika software tersebut membutuhkan serial/kode registrasi sampai-sampai tidak bisa di hapus / Uninstall, software seperti itu sudah tentu sangat mengganggu pengguna.
Belakangan ini kami beberapa kali mendapat email dari pembaca yang mengirimkan contoh malware yang berbeda dari biasanya. Sebab sebagian besar sample yang kami terima adalah berupa worm atau virus, sedangkan kali ini berupa sebuah “antivirus”.
A. File Info
Name: FakeAV-Downloader.G
Origin: Unknown
File Size: 1.60 MB (1,678,848 bytes)
Packer: Unknown
Programming: C + +
Icon: Resembles a security application
Type: Trojan
B. Malware Name
Previously we have got some variant FakeAV-Downloader. The ability of this Trojan horse type of malware is to use a trick to download files "update database" that characterizes the antivirus on generally. By bringing leading antivirus name, create a user who may have been confused because of the malware on his computer, it will get twice malware attacks after running this fake antivirus.
C. Companion / file created
Once active in memory, this worm makes a lot of files with the extension (. Etc /. Exe) and uses a random name into 3 sub folders such as:
C: \ WINDOWS
aBrIFiyQY.dll, afkwBOhfD.exe, afquDuSe.dll, AGwUU.dll, AjuFji.exe, akVsP.exe, AnPaaALRR.exe, aQqQvPN.dll, AtfsLI.dll, awcem.exe, bgKeWbwU.exe, BgLnlO.dll, BsDWukH. exe, BSnefB.exe, bWhJW.dll, BXYvBEp.dll, ccnCqsRo.exe, cdqfmoM.dll, cfaTbp.exe, CKXEmbjib.exe, CmBbh.exe, CNiHDxDwk.dll, cQYKCVFkV.dll, CSuMVRH.exe, dEEEXcLT.exe, dGMQP.dll, DImtrGPAh.dll, DIUjfK.exe, DkmRlQmD.exe, dNCAI.dll, DTiOxoTum.dll, dYFRUqLgF.exe, eBNkLHSmN.exe, ecuPs.exe, ECWBNfk.dll, edXRCm.dll, EFBVQAdib.dll, efrqPeo. exe, egMHvnNwT.dll, egyrSYL.dll, EmUHiPR.dll, eyodBod.exe, fbIJXj.dll, FBtDOQfjT.dll, frjdMgiV.dll, FTqiwuCNU.dll, fuiLaC.exe, fvFtSVaY.exe, GJpbfeo.exe, gktQf.exe, GliCKeGC.dll, gPddt.exe, gPpdhsOVd.dll, gWlIcuti.exe, GXaoKW.exe, HaGREENVw.dll, HdbwsAr.exe, HEcKGq.exe, hILgt.dll, HLAsaxb.exe, hpDsUt.dll, HqhyOwV.exe, HuJsHFNsA. exe, huvkc.exe, HwGRRrn.exe, HwUqxV.exe, iArtpwytN.exe, IGIiISQko.dll, iHgOF.dll, iJJqW.dll, IKkmH.exe, InfDwuwe.dll, IoQDHPOj.exe, IsWnrCrly.dll, ItgqUQbo.dll, itjVCtL.exe, JcPwG.exe, JHJUN.exe, jlonQ.dll, jMAksN.exe, jMFqDG.exe, JPLNfAK.exe, jQxkkPf.dll, JRAxfO.dll, JTlWNL.dll, jugPP.dll, jXYtXUj.exe, KAgtbOFFN. etc., KBloSFpn.dll, KhrXlOS.dll, KMqGkNT.dll, KNQiXI.dll, kpSfYcxn.exe, ksQLWnPx.dll, KWaIhRmA.dll, KxsSqtGA.exe, KYVMvVf.dll, LBuivMO.exe, LJmVHyOy.exe, LmUieVCvD.exe, LOXNbcBF.exe, LWQrT.exe, mauLRra.exe, mCwVvgOyW.dll, meMVntQFr.exe, MfDXDaJQp.dll, MGpLf.exe, mJbPnAuWP.exe, mNxJATC.dll, mraVnDWM.dll, mSgaBF.exe, namoxNBgw.exe, NJCjVdag. exe, NKdcmk.exe, NMseyXJMQ.exe, NodmP.exe, NOPbhF.exe, NUOcVEo.dll, nXQxMRcyS.dll, ODDMIA.dll, OhkaPAiI.dll, oKiWewDae.dll, oMmDa.exe, omWuQ.dll, ooyJFpTc.exe, OTUCA.exe, pAdUilHN.dll, pjOUr.exe, pktdIUu.dll, pktFHi.dll, pLXOdVy.dll, PPuypaOJ.dll, PQtyRvk.exe, PTyReeJU.exe, PViqt.dll, Qjrwm.dll, qtDolISh.dll, raDqPUexB. etc., rerByB.exe, RHDSlOv.exe, RlFKIkH.exe, RliLfdFHL.dll, RtrcuR.exe, rVXusVD.dll, SgkDXf.dll, SJfrRY.dll, skCxwOmy.exe, SlrKjdOq.dll, SmfBiLAf.dll, sNPwFfPOj.exe, SNqTC.exe, SQgjVglrM.exe, StUDfXter.exe, sUASnms.dll, SwQovYS.dll, system32, SYvri.exe, TaoYkr.dll, TCNpuAy.dll, tGfkbAB.dll, TiXpucJ.dll, ToXmTp.exe, TrUHIN.exe, tSRiJyj.dll, TsTAsj.exe, TTdMFkTsD.exe, tTsuAJKo.exe, TUHCB.dll, UcUYAFVwd.exe, UEbknsR.dll, UGUSTr.dll, UjkKUNO.exe, UkcHyW.exe, ulVvcuChS.dll, uOoliMG.exe, uphGP. exe, uSnsSBC.exe, UtaiFoBhj.dll, uWYbeol.dll, UYEat.dll, VBOvTFIqF.exe, vnEansH.exe, VnITeRBdk.exe, VNXRbF.exe, VqvHhXn.exe, vuvceLU.exe, VXIATUn.exe, wAcFLkD.dll, wbNJOmAmf.dll, WCREYPiw.dll, WftBouxoB.dll, whJUeN.exe, wIOYUHnEN.exe, WKVfq.exe, WloJS.exe, wTBHxhXT.dll, WtuvvJ.exe, wXcsGlYUR.exe, xbhVDpG.exe, xDpClu.dll, XDqFU. etc., xiEbUMtT.dll, xjNJOCA.dll, xkDStBF.exe, XLBHexa.exe, xPdVmRsO.exe, xQxQW.dll, xrJwUGpHX.exe, ycEYX.dll, ycPxP.dll, yDgYSBuXd.exe, yEGERbv.dll, yFWmoaLVX.exe, yIohLsGwt.exe, ylkLe.dll, YNCEPCXH.dll, Ypvhabw.exe, YurrpofWI.exe, YVGdkkA.dll, YwgoKMGF.dll
C: \ WINDOWS \ system32
AdFlu.dll, AGjIdq.dll, aHRKi.dll, AHsLUuiMN.exe, aIVjcAttD.dll, AkFtDVnIE.exe, aUKFFg.dll, ayGUb.exe, BcLJPDG.exe, bHCcPTtKl.dll, BhttmUcP.exe, bjQqAD.exe, BkXOXDIB. exe, BQKnMsiVy.exe, bWnMkEd.dll, BxepYyifS.dll, CGBJBNvx.exe, cGdHWxJeD.dll, CGhKQU.dll, ChQmMf.exe, cKQKUCps.dll, CkSIKHOKJ.exe, cmjtEJqB.dll, COwlR.dll, cQppfna.dll, CSowpmpOI.exe, CUhYx.exe, CvBFvmke.dll, DBjQM.exe, DJMJtU.dll, dJXTsn.exe, dKIqLHS.dll, doBuRK.dll, doFaKtxuU.dll, dQAKEFi.dll, DreYJ.dll, drivers, DtuQdUWB.exe, DXKxL.dll, DXnJDfiPs.exe, EACqQUCqw.exe, edqlMs.exe, EePVD.dll, eeYhpf.exe, EkLQL.dll, eLQDQG.dll, emjAJqqb.exe, EnOuyTKtw.exe, eoHtAjuk.exe, EPBsp.dll, ePgSNgbW. exe, faQcO.dll, faxDfcf.exe, FCDRbv.exe, fgcoFELjP.exe, fhIet.dll, FKDcA.exe, fMCmSmLf.exe, fnOfeyx.dll, fNVASnQ.dll, FQIxI.dll, FVBDB.dll, fvMUXM.dll, gFAhnXA.dll, GhnTwNMv.dll, GjkNjJ.exe, GKFoBJR.dll, gKHlVXTw.dll, gKxpIn.dll, GKYnurg.exe, gOqCPK.dll, gSnhtAoVC.dll, GSnugOp.exe, gsOpmYt.exe, GwCajJkS.exe, GWTbLMy. exe, GxbIv.exe, GyqPy.exe, HcDwIssoN.dll, hCffwqlPd.dll, HCRUw.exe, hCYGxcNr.exe, HGgXSe.dll, HKiSWgrp.dll, HmausKg.dll, hPGJi.exe, HrbTG.dll, iAflL.dll, iBAhXd.dll, IDEyEm.exe, IdUFBIkk.exe, ieMQPM.dll, igKBB.exe, iGNbKeG.exe, iGwHEMs.exe, IHvJao.dll, IIbqp.dll, iMXNBjkJ.exe, iPmkHTskQ.dll, IqUfOdX.exe, iREuARmf. exe, IrnRpOyO.dll, IshSDTqIw.dll, itRATcUa.exe, IugcCkHFk.dll, IwaEH.exe, IwJQohoLR.dll, iwwkHLots.exe, JCgICwbju.exe, JCqhGLnOB.exe, jdhSv.dll, jfpLlJTY.dll, JHNVxRjeP.exe, jIobcI.dll, jjSpveaa.exe, JNKVtC.dll, JQhwAggo.exe, jRHvGn.exe, JTMEOG.dll, JUmCjkS.dll, jvCTLGa.exe, JxDaBEl.dll, KAAMR.exe, kahWCv.exe, KBlxa.exe, kcdnIIj. exe, kGfBshwIh.dll, KGuXAjXS.dll, KmLJeRdan.dll, KqyqLCrS.exe, kSjCRs.dll, kSohW.dll, kSVFShpu.dll, KTgwRxL.exe, KVRMk.exe, kWdxYTR.exe, kWhocx.dll, LcoXSDf.exe, LGvhMKcpE.dll, LsTld.dll, lSXnxdDO.dll, lVkuL.dll, lYcGuHn.dll, MbwkuyDU.dll, mdtrO.exe, mHxIb.exe, MlYsiACC.dll, MRBJHpwk.dll, mULwnXcCJ.dll, muoseJ.dll, Muway. etc., NbnWk.exe, ncrWr.exe, ndeKXf.exe, nflFxatSA.exe, NGlDI.exe, nidwofS.exe, nIhSEPOCJ.exe, nJoNxb.exe, NOdUONtOQ.exe, nvLchJp.exe, NvxeXSmbx.exe, nxgdWadc.dll, OAgPP.dll, Ochfcem.dll, OhJQAYOc.exe, OiXgfgie.dll, OJnQABDLX.dll, OnjMQof.dll, OvrsdU.exe, OYOioF.exe, oYYNLEo.dll, PjPSrYM.exe, pLmxyu.dll, PnjarnfGu.exe, PpDRwE. etc., pPXbiJ.dll, PQskqYnX.exe, pWvnrvRW.dll, qEkUl.exe, QEXsyG.exe, qJXuJTPLb.dll, QvMIDpQk.dll, rBDVU.exe, RFkVUXL.exe, rFWhWQK.exe, RjFPEf.exe, rKWQdaCTE.exe, rnlXjp.exe, rNUpKVf.exe, rqnbfqee.exe, RSrwt.dll, RTCXhIhD.exe, rWEuG.dll, RXiwBdi.dll, SdoPWuxM.dll, seLtwjRQc.exe, SibvFf.dll, sJCkkoa.exe, smXWxug.dll, SnjVj. exe, srXlObet.dll, SvNelnOmd.exe, sxGcvX.dll, tanMCob.dll, tdOXkAqcu.dll, TEddcY.exe, tEmQDr.exe, Tfkqqdys.dll, TjwUlFt.exe, TlOEum.exe, tmdgc.exe, tNhMSJO.exe, TOIRNm.exe, tTfFXxOU.dll, TXpQq.exe, tyaePbhl.exe, uabhXfsj.dll, ufrclvJ.dll, UhaMfU.dll, uMPbG.exe, UPKnqEe.dll, uQBLufvl.dll, UXIHqkHJ.exe, VCaUxDAM.exe, vCSKMoVhH. exe, vHdmMjqy.exe, vOMhQucuJ.dll, vVCHo.exe, VxdnLJJ.dll, wBIKgUq.dll, WfABWQ.dll, wjhMnn.exe, WJord.dll, wlQtlFG.exe, WOmIUjkUY.exe, WrpQhNG.exe, XcMnkcy.dll, xDmMbwp.exe, xkjALe.dll, XkJIXcK.dll, xnLEOfou.exe, xnqCJ.exe, XTKXb.exe, XvSnm.exe, XYqHWe.exe, YdFjVF.exe, YDNUWEjDf.dll, YGxtyy.exe, yrfyvGP.exe, yvychuMC. exe
C: \ WINDOWS \ system32 \ drivers
AaUat.exe, aIoyuM.dll, aQdTu.dll, aWetMxvmP.exe, axfFtwra.dll, BasbyV.dll, Bcatx.exe, BEBJoS.dll, biCYNieU.exe, BKJFxDWrO.dll, BLfTvhA.dll, BtXiWvRT.exe, bXUlSmkM. exe, CbDTi.dll, cbgHTEYj.exe, chNSUtN.exe, CIvEF.dll, ckWVO.dll, cmbtnBb.dll, CnbvdFe.dll, CNgWSRB.exe, coIfhHPqR.dll, CrFfNcSdt.exe, cThUXJOV.dll, Cuvbeb.exe, DCNGSrb.dll, dhBAvLsBW.dll, dMOgf.dll, DNSjlFRn.dll, doHlNaSe.dll, dQCvkuV.exe, dsvtcVXc.dll, DTQHG.dll, EiOeM.dll, EJQUXAhBL.exe, eoHDGMV.dll, EoqAibh.dll, EsbPexXyG. exe, fCjAw.exe, FDEaqvrEt.dll, fdoHD.exe, ffdEq.dll, FJGXkwxoG.dll, fkCPSy.exe, fsTkkqD.exe, gCQgE.exe, GfTVcnlJ.exe, GGuuKlShh.exe, ggxCasODW.dll, gIvFQL.dll, GMlIjJ.dll, GqOOd.dll, GSVaS.dll, gUrJmp.dll, gXmfF.exe, GycNUj.dll, hALpPKJ.exe, HeqJNRGr.exe, hfDArFjX.dll, HHuarT.dll, HMtPXAniS.dll, hmtUeIJXL.exe, hOJbRbdat. exe, hpQAtlv.exe, hrEpSH.exe, HsLMOHTkh.exe, Hsmdw.exe, ibPwYwRNw.dll, IBuNlp.dll, icHWPAfXQ.exe, ifNpGyvk.exe, iIpWGM.exe, iKoLM.dll, illtmQP.exe, IsOvYbmL.exe, iYHDRH.dll, IYpTQnq.exe, JayutaGif.dll, JBSyLVV.exe, jeKhQkfuR.dll, jFlcUbsL.dll, jHKoJy.dll, jHPtJm.dll, JLsPswNa.dll, JMcly.dll, JoGyIgxog.exe, JpEkwBMw.dll, JTlPJbmGJ. etc., jtrDGeyCP.dll, jTYQN.dll, JVeGQMN.exe, JyIGecY.dll, JYlWQxpj.exe, jyopY.dll, KBPicSRw.dll, KibBCTdE.dll, kIDCblr.dll, KjokykXBV.exe, kjwIoj.exe, kOWsOSiv.exe, kPeJVjfQ.exe, krSbSX.exe, KsARfcADm.dll, kTxXWeMf.dll, KVNiDGy.exe, kvVkQ.exe, kyAXcqKTF.exe, LdsETEgfb.dll, LfPrRa.exe, LjTCi.dll, LKeuq.dll, LLmhM.dll, LLtDDXn. etc., lnbgkij.exe, LRoRNIMV.exe, MbkbmqOXp.dll, mDyTUlNYy.exe, MiGUqqywP.exe, mioYTJFha.dll, mKeWgXg.exe, MKsxvOo.dll, mqWrGGFn.exe, mUibhYO.dll, MYXaLJF.exe, NcDlJNWub.dll, NIhidXBGU.dll, NjVXaid.dll, nLPqB.dll, NMFGxXk.exe, NmSxLP.exe, NmTxBAJfR.exe, NUilI.exe, nyFFuaf.exe, OfUnknnvx.exe, OhCPa.exe, okdipND.exe, oLjYsGxqd.dll, OXLJfk. exe, PQAkvF.exe, prOWIRJ.dll, PTCnbbCEO.exe, pxabO.dll, QalAJBrTL.exe, QdOal.dll, qDRjBfcy.dll, qFrtL.dll, QGjuDf.exe, QnhQJ.dll, QRMyQJ.dll, QvrPMy.dll, RclRxyxfv.dll, RdviJRH.dll, RgkNQPp.exe, rJfRTrXC.dll, rlEyOBO.dll, ROqGadwe.exe, RsJpnAAQx.dll, RUStuuKp.dll, RwCAlcegD.dll, rwUoJlbG.exe, RXBCtDfF.dll, SCKKV.dll, SdyqsReyD. etc., SEfpPJ.dll, sFqOdas.exe, SHcPbj.dll, shNhWL.dll, SIMnls.dll, SnvXLcD.exe, SoaXUwnF.exe, SPMRCRYY.exe, sQQjqEqoP.exe, sTefHT.dll, swiWIs.dll, SWOSlR.dll, tGsmbmA.dll, tiGNRS.dll, tihFLXTw.exe, tikYwoXbX.exe, tJPEvul.dll, TKjkfyg.dll, TNageYk.dll, TOXIaj.dll, TVMmwTRi.exe, TwOVe.dll, tyKdGUnG.exe, uijnjW.exe, UKRceHpYR. etc., uQqYHkv.dll, UrNycc.dll, uTWnwpnl.exe, uwNhgfNgW.dll, VBrpheQHl.exe, vIXOH.exe, VjYyJ.dll, vqgafQ.exe, vrQIBO.dll, vsNIT.exe, VxoWqBTk.exe, vybMN.exe, VYnPBUoc.dll, WAhFt.exe, wAXGQYGXH.dll, wDBdocRj.dll, WgnvDiRbT.dll, wIqyCOM.exe, wKpgWTw.exe, wlGlYOd.dll, wlnPpfhK.dll, wPnqGPG.dll, WQsOSQarN.dll, WRaDp.exe, WreLeH. etc., WWBbulRe.exe, XcjXdLh.exe, XFImnkJGF.exe, XGpNyeFgV.exe, XKIEmFs.exe, xLoLpyL.exe, XLxrEaH.exe, xpgTxyKYF.exe, XpoXMwj.exe, xTiMuDDw.exe, xwrOd.dll, xWybDVX.dll, xxwlqARQS.exe, Xynuy.exe, YeBma.exe, yKdGhFLC.exe, yrbAm.exe, yuDKyrD.dll, YUhfr.dll
D. Results Infection
FakeAV-Downloader.G is attempting to connect to some websites that some are inactive.
In addition to connections, this malware also has worm capabilities that multiply like companionnya as already described above. For defense and more look perfect disguise, some functions were disabled as Windows Task Manager, to characterize that as a computer that is infected is actually infected with other malware. FakeAV-Downloader.G also made several messages such as:
The presence of DDoS attacks
Smurf attack is one of DDoS attacks
Notifications bawha spyware infected computer
Some functions are disabled on fake antivirus will display this message. Users in required to register for the walk function.
Some functions are disabled on fake antivirus will display this message. Users in required to register for the walk function.
Messages that the spam email.
E. Cleaning
Use PCMAV 4.5 Update Build3 to clean FakeAV-Downloader.G.
Messages that the spam email.
E. Cleaning
