Welcome to the Computer Security Wiki! You can help us by expanding stubs, create new articles and improve current articles.
You can also help us by logging-in or creating an account!

FakeSpybot

From Malware Wiki
Jump to: navigation, search

Stubsymbol.png This article is a stub. You can help by editing it.

MultipleIssues.png This page has multiple issues. These issues most likely include issues with references and manual of style violations. Please help Malware Wiki by correcting these issues.

FakeSpybot
TypeTrojan, Rogue Antivirus
PlatformMicrosoft Windows
File TypeWin32 PE executable (.EXE)
This box: view  talk  edit

FakeSpybot is a trojan and rogue antivirus on Microsoft Windows that pretends to be a legitimate antivirus.

Payload

The operations of this trojan include pretending to be scanning the computer as an antivirus and it displays a message reading "Welcome to CMDSpybot. Press any key to continue." It does the dir/s command in cmd.exe, then acts much like a rogue, finding fake threats on the computer. When it is complete, it scares the user into thinking that it is deleting hal.dll and control.ini. It does not actually do this, but it will display a message reading "This is rogue please remove me." When the user then presses any key, it will automatically remove itself.