Welcome to the Computer Security Wiki! You can help us by expanding stubs, create new articles and improve current articles.
You can also help us by logging-in or creating an account!

FakeFormat

From Malware Wiki
Jump to: navigation, search

Stubsymbol.png This article is a stub. You can help by editing it.

FakeFormat
Fakeformat.jpg
TypeTrojan
PlatformMicrosoft Windows
File TypeWin32 PE executable (.EXE)
This box: view  talk  edit

FakeFormat is a trojan program.

Payload

Once the program is run, it overwrites the boot sector and both FAT copies of diskette in drive A: assuming that there's a 1.44 mb diskette is there. After that a diskette boot sector contains a stub that will output

This is a DATA disk only;
Insert system disk, press any key when ready.

The trojan waits for keypress and if CTRL + C combination is pressed exits to system, otherwise it loops (starts its code from the beginning).

Removal

Depending on the settings of the user's F-Secure security product, it will either automatically delete the program, quarantine or rename the suspect file, or ask the user for a desired action.

Source

https://www.f-secure.com/v-descs/fakefmt.shtml