Fatma Bazargan’s blog


Rogue Anti-Virus Programs – Win32/FakeSecSen
November 13, 2008, 9:48 am
Filed under: Security

 microavinfo

 

I’m sure lately most of you heard about the Win32/FakeSecSen; it’s a nasty program that claims to scan for malware and display fake warnings of Malicious Programs, Viruses and Trojans. After the so said scan that didn’t actually take place; it uses the concept of FUD (Fear, Uncertainty and Doubt) to victimize the user for paying in order to clean the infection of non-existing threats!

The different forms of Win32/FaceSecSen programs are: Micro AV 2009, MS Antivirus, Spyware Preventer, Vista Antivirus 2008, Advanced Antivirus, System Antivirus 2008, Ultimate Antivirus 2008, Windows Antivirus, XPert Antivirus, Power Antivirus and Ultra Antivirus 2009 among others. (Note: Get familiarized with these names)

Win32/FakeSecSen installs six different files. So for example if you use the ‘Micro AV’ program, the FakeSecSen installs these files:

  1. Microav.exe: the actual executable file, which consists of the interface, an icon in the system tray and the infection pop-up warnings;
  2. Microav.cpl: is the control panel applet; which adds an entry to the control panel and if you run it; it will launch the actual executable file (i.e. microav.exe) (Note: it looks exactly like the Microsoft Security Center Icon)
  3. Microav0.dat and Microav1.dat: are the files that contain the malware information to report to the user, (Note: bare in mind that there is no actual scanning happening, as all the entries that are reported are fetched from these DAT files.)
  4. Microav.ooo: a harmless file; and 
  5. Microantivirus.lnk: is the fancy desktop shortcut pointing to the actual executable file.

Users can notice these files under their programs files directory and there are some registry entries added to start the program at system start.

 

Pass on the word: Always use a real anti-malware program and to check if it’s legitimate visit Virus-Bulletin or AV-Test.

 

Check out the AV-Test release latest results. Interesting stats.

 

 

be safe online..

Fatma

Advertisements

Leave a Comment so far
Leave a comment



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s



%d bloggers like this: