What is Trojan.FakeWarning.A?
- Type: Virus
- Category: Trojans and viruses
- Discovered: 9 March 2008
- Removal tools: Malwarebytes' Anti-Malware, Spyware Doctor
1. Introduction
If your computer's desktop background has been transformed into blue coloured screen with a note in the middle saying "Warning! Your're in danger! Your computer is infected with spyware!.." it is evident that the PC has been infected with Trojan.FakeWarning. You can only change back the background for several seconds before the blue screen comes back on the desktop.
Trojan is also forcing every few minutes to pop a "Security Monitor: WARNING!" message telling that "system detected a potential hazard (TrojanSPM/LX) on your computer that may infect executable files". User is offered to download rogue software to remove assumingly found threat.
Internet Explorer may automatic be launched with a porn or security related page.
"Security Monitor: WARNING!":
Rogue websites related to Trojan.FakeWarning.A (not recommended for visiting):
hxxp://pcsecuritycenter.net/remove_spyware.php?affid=g4qw4
hxxp://safe-strip-download.com
hxxp://systemerrorfixer.com
hxxp://gayfriendfinder.com
Trojan is also forcing every few minutes to pop a "Security Monitor: WARNING!" message telling that "system detected a potential hazard (TrojanSPM/LX) on your computer that may infect executable files". User is offered to download rogue software to remove assumingly found threat.
Internet Explorer may automatic be launched with a porn or security related page.
"Security Monitor: WARNING!":
Rogue websites related to Trojan.FakeWarning.A (not recommended for visiting):
hxxp://pcsecuritycenter.net/remove_spyware.php?affid=g4qw4
hxxp://safe-strip-download.com
hxxp://systemerrorfixer.com
hxxp://gayfriendfinder.com
2. Trojan.FakeWarning.A removal tools:
- Malwarebytes' Anti-Malware (for the installation guide click here)
- Spyware Doctor (for the installation guide click here)
3. Screenshot:
4. Trojan.FakeWarning.A files:
sysockeu.exe, sysodkcs.exe, sysoghcx.exe, sysokuaw.exe5. Hijackthis entries:
O4 Entries:
O4 - HKLM\..\Run: [1029BB4B-16A9-4E77-AA3D-96930BD68EEC] "C:\WINDOWS\sysockeu.exe"
O4 - HKLM\..\Run: [852EBF20-A95D-4F1F-B9C2-B2CD24350F3E] "C:\WINDOWS\sysodkcs.exe"
O4 - HKLM\..\Run: [756349DC-6D9E-4F2A-9B24-269661F073C3] "C:\WINDOWS\sysoghcx.exe"
O4 - HKLM\..\Run: [2177F056-0AA6-4D6C-A944-13F71F341C29] "C:\WINDOWS\sysokuaw.exe"
O4 - HKLM\..\Run: [1029BB4B-16A9-4E77-AA3D-96930BD68EEC] "C:\WINDOWS\sysockeu.exe"
O4 - HKLM\..\Run: [852EBF20-A95D-4F1F-B9C2-B2CD24350F3E] "C:\WINDOWS\sysodkcs.exe"
O4 - HKLM\..\Run: [756349DC-6D9E-4F2A-9B24-269661F073C3] "C:\WINDOWS\sysoghcx.exe"
O4 - HKLM\..\Run: [2177F056-0AA6-4D6C-A944-13F71F341C29] "C:\WINDOWS\sysokuaw.exe"