Fake Security Essential 2010 in Circulate
Mimicry of Microsoft Security Essential has been detached across the Internet. This rogue antivirus report false detection to convince user to upgrade their existing trial version to full version. Microsoft says this is due to Trojan:Win32/Fakeinit .
This fake AV get installed by Win32/fakeinit.
Symptoms
Symptoms vary among different distributions of Trojan:Win32/Fakeinit, however, the presence of the following system changes (or similar) may indicate the presence of this program:
-
Presence of the following folder and file, or similar (for example):
%ProgramFiles%\Securityessentials2010\SE2010.exe
%ProgramFiles%\antivirusxp\antivirusxp.exe
%ProgramFiles%\InternetSecurity2010\IS2010.exe
<system folder>\helpers32.dll
-
Presence of registry modifications that load the malware as in the following example:
Adds value: "Security essentials 2010"
With data: "%ProgramFiles%\Securityessentials2010\SE2010.exe"
In subkey: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Added value: "AntivirusXP.exe"
With data: "%ProgramFiles%\antivirusxp\antivirusxp.exe"
To subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Added value: "Internet Security 2010"
with data: "%ProgramFiles%\InternetSecurity2010\IS2010.exe"
To subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
The Trojan will also restrict to some of genuine sites.
Snapshots:
Fake Report
Nagging to upgrade
Activation Windows
Seem like Genuine Antivirus!
Prevention is pretty easy:
- Always Turn on Windows Firewall
- Don’t open the attachment from unknown sender
- Always turn on Windows update and make sure you have installed all important updates
- Don’t use pirate software
Microsoft Security Essential is free for all . Please do remember this.
Compiled By Gandip Khaling.