Apr12 |
5:36 pm (UTC-7) | by
Edgardo Diaz, Jr. (Threats Analyst) |
Does this warning message look familiar?
 |
This new rogue antivirus is detected by Trend Micro as TROJ_FAKEAV.BUH. Ever since FAKEAV malware began making itself look as realistic as possible, its attempts have become increasingly more convincing and sophisticated as shown below.
 |
Along the way, it has added some new quirks like prompting an infection message every time a specific process is run (which then prevents that process from executing) as shown below.
 |
However, some countermeasures can still help users in this situation. Some processes such as Internet Explorer (IE) and Windows Explorer will still run. Users can also try renaming other programs to enable these to run normally.
In the past, unfortunate users have faced legal problems because of adult images on their machines due to malware. FAKEAV has adopted this behavior as well, as TROJ_FAKEAV.BUH displays the following adult website.
 |
With all these malicious routines as well as being present in the infection chain of other malware, it is easy to see why fake antivirus malware is such a significant threat.
Trend Micro product users, however, need not worry as Smart Protection Network™ prevents the download and execution of TROJ_FAKEAV.BUH on their systems.
Share this article |
 |
        |
