Jul26

Rogue Antivirus Terminates EXE Files 9:02 pm (UTC-7)   |    by Erika Mendoza (Threat Response Engineer)

Tweet

This weekend, we at TrendLabs came across a FAKEAV variant similar to the one peddled in the solar eclipse 2009 in America attack in this recent blog post. This one, however, introduces another new scare tactic (so far the latest new ploy we’ve seen is the ransomware/FAKEAV that encrypts files in the infected computer and offers a bogus fixtool for a price).

This FAKEAV variant terminates any executed file with an .EXE file extension and displays a pop-up message saying that the .EXE file is infected and cannot execute.

This way, users are left with no choice but to activate the antivirus product since no other application works. This Trojan is detected by Trend Micro as TROJ_FAKEAV.B. It avoids terminating critical processes to prevent system crashes.

Unfortunately, cybercriminals work hard in creating so many gimmicks, that we can only guess what comes next in FAKEAV. Fortunately though, the Trend Micro Smart Protection Network provides users protection from such threats.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!

Share this article

This entry was posted on Sunday, July 26th, 2009 at 9:02 pm and is filed under Malware, Security . Both comments and pings are currently closed.

16 Responses to “Rogue Antivirus Terminates EXE Files”

1. Jerel Peters Says:
   August 4th, 2009 at 11:33 pm

   I have trend micro internet security, and right now that virus has my computer hostage. I don’t understand the audacious statement: “Fortunately though, the Trend Micro Smart Protection Network provides users protection from such threats.”???

2. davesgraphics Says:
   August 6th, 2009 at 5:38 pm

   My vote for the worst ever rogue program is “Windows Antivirus Pro”–It will eat your computer program by program by refusing to load them as they are “infected”, then it proceeds to block any recovery—control alt delete wont work, regedit wont work, add remove programs wont work, you cant delete any of their programs files, cant restart your installed authentic virusware or even go to a previous restore point. AND YOU CANT LOAD EVEN A NEW LEGITIMATE ANTIVIRUS PROGRAM. You have but one choice–buy their software online—while Explorer is still working that is–that begins to go bad too. There are several Windows anti virus removal tools on the net—-but BEWARE—one of these—is them too!

   It appears the only recourse for one of my friends is to reinstall windows–and lose all her files.

Trackbacks

1. TrendMicro (TrendMicro)
2. spamloco (Alejandro Eguía)
3. samanahavemail (PipE)
4. balaji_a (BaaJi)
5. tonys3kur3 (Tony Bradley)
6. internetsecurity of virusscanner - Pagina 157 - Zita Forums
7. opexxx (alex knorr)
8. Gefälschte Antiviren-Software macht Dateien unbrauchbar - Security | News | ZDNet.de
9. Gefälschte Antiviren-Software macht Dateien unbrauchbar - WinBoard - Die Windows Community
10. iia_security (Terry Walls)
11. EvilFingers (EvilFingers)
12. Plaats hier software gerelateerd nieuws! - Page 10
13. Arvutikaitse » Blog Archive » Libatõje, mis keelab exe failide avamise
14. jrimer2008 (Jared Rimer)