Win32.Fake Raken Description
Fake Raken is one of the latest rogue anti-spyware malware programs to hit the Internet. It claims to scan your computer for malware and will display fake infection warnings after it has been installed on your computer. It will then attempt to convince you that a paid malware removal tool needs to be purchased. Unlike some of the other rogue anti-spyware programs, Fake Raken is adaptable and will change its look and feel depending on the variant your computer has become infected with. It is classified as both a Trojan Virus and as Spyware.
Win32.Fake Raken Aliases
Fake Raken goes by several other names to include: XP Anti-Spyware 2009, XP Security Center, PC Anti-Spyware 2010, Home Anti-Virus 2010, and PC Security 2009.
Symptoms of Fake Raken Infection
Fake Raken symptoms will vary depending on the variant that has infected your computer. Some system changes that you may see are the following files installed on your computer:
Binaries1.cab
Binaries2.cab
Binaries3.cab
%Program Files%\XP_AntiSpyware\AVEngn.dll
%Program Files%\XP_AntiSpyware\htmlayout.dll
%Program Files%\XP_AntiSpyware\pthreadVC2.dll
%Program Files%\XP_AntiSpyware\Uninstall.exe
%Program Files%\XP_AntiSpyware\wscui.cpl
%Program Files%\XP_AntiSpyware\XP_Antispyware.cfg
%Program Files%\XP_AntiSpyware\XP_AntiSpyware.exe
%Program Files%\XP_AntiSpyware\data\daily.cvd
%Program Files%\XP_AntiSpyware\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
%Program Files%\XP_AntiSpyware\Microsoft.VC80.CRT\msvcm80.dll
%Program Files%\XP_AntiSpyware\Microsoft.VC80.CRT\msvcp80.dll
%Program Files%\XP_AntiSpyware\Microsoft.VC80.CRT\msvcr80.dll
The following registry entries made on your computer:
Key: HKCU\Control Panel\don’t load
Value: scui.cpl Data: “No”
Value: wscui.cpl Data: “No”
Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value: ForceClassicControlPanel
Data: 0×1
Key: HKLM\SOFTWARE\Microsoft\Security Center
Value: AntiVirusDisableNotify
Data: 0×1
Value: FirewallDisableNotify
Data: 0×1
Value: UpdatesDisableNotify
Data: 0×1
Key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XP_AntiSpyware\
Value: DisplayName
Data: “XP Antispyware 2009″
Value: UninstallString
Data: “%Program Files%\XP_AntiSpyware\Uninstall.exe”
The Following Shortcuts Installed on Your Computer:
%Start menu%\Programs\XP_AntiSpyware\XP_AntiSpyware.lnk
%Start menu%\Programs\XP_AntiSpyware\Uninstall.lnk
%Desktop%\XP_AntiSpyware.lnk
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\XP_AntiSpyware.lnk
Display of fake infection dialogues, pop-ups, and warnings.
Fake Raken Infection Methods
Computer users who don’t enable their firewall are leaving the door open for Fake Raken infection. Once it is on your computer it will attempt to download: Binaries1.cab, Binaries2.cab, and Binaries3.cab to your computer and then extract them to the Program Files directory. It may or may not display a dialogue box before installing the files on your computer. The Trojan is known to take advantage of web browser security holes and operating system vulnerabilities for the initial infection. Fake Raken also known to display a fake Microsoft security center window on your computer after it has infected it.
Fake Raken Removal Information
Fake Raken is complex and it is not recommended to attempt manual removal. Automatic removal using an updated anti-virus program is the recommended means for removal. If you are seeing what you believe to be “Fake” infection notifications, then your computer is likely already infected with the Spyware and the Trojan virus that deployed it to your computer.
No related posts.
Related posts brought to you by Yet Another Related Posts Plugin.
