Thursday, February 23, 2012

Security Scanner 2012 (FakeAV) - 02.23.2012 - Analysis and Removal

This was performed on a virtual machine
__________________________________________________________________________________
Much like Security Shield 2011, upon first injection, you will be notified that the "<Name of Fake AV> has been installed successfully!".

Does not matter if you press X or OK, you are already infected and the Fake AV will start automatically "scanning" your system.
__________________________________________________________________________________
 For this one, I gave MBAM's Chameleon a try to kill the bad process (fzbif.exe) from running.




It works quite nicely and is a handy feature to use if you are able to install MBAM or already have it installed. This is available to all MBAM users whether you are using the paid version of MBAM or not.

Simply go into the C:\Program Files\MalwareBytes' Anti-Malware\Chameleon
folder and start trying to run the files there.

There is even a help text file here if you need additional assistance. It is called chameleon.chm

__________________________________________________________________________________
MBAM





Files Detected: 1
C:\Documents and Settings\infectedxp\Local Settings\Application Data\fzbif.exe (Trojan.Agent) -> Quarantined and deleted successfully.
__________________________________________________________________________________
Misc Notes:
Two associated icons in the bottom right corner of the taskbar.
___________________________________________________________________________________

No comments:

Post a Comment