[INFO]
AnalystName=Haja
AnalystEMailID=hajan@comodo.com
Team=India
Date=18-MAR-2010
Type=TrojWare
Platform=Win32
SubType=
Family=FakeAV
Variant=E

[OVERVIEW]
This Trojan disguises as legitimate anti-virus or anti-spyware software.
It prompts the user with false warnings,fake scan results and may also download additional malwares.

[TECHNICAL_DESCRIPTION]
Registry Keys added:
	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Svc\Svc\Svc\Svc\Svc
	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs: "<random>.dll"
Files Added:
	%SystemRoot%\System32\drivers\AdlNsNhjh.exe
	%SystemRoot%\System32\drivers\AlTCI.dll
	%SystemRoot%\System32\drivers\anHtqvuF.dll
	%SystemRoot%\System32\drivers\ANIomddK.exe
	%SystemRoot%\System32\drivers\AsCjOIk.exe
	%SystemRoot%\System32\drivers\ATBnuWWF.dll
It pretends to scan the system for malware and falsely reports finding numerous infection.

[SYMPTOMS]

[DISINFECTION]