Win32/Adware.HDDRescue [Threat Name] go to Threat

Win32/Adware.HDDRescue.AA [Threat Variant Name]

Category adware
Size 525312 B
Detection created Jan 02, 2011
Detection database version 5754
Aliases Trojan.Win32.FakeAv.bhzq (Kaspersky)
  Trojan:Win32/FakeSysdef (Microsoft)
  Mal/FakeAV-IK (Sophos)
Short description

Win32/Adware.HDDRescue.AA is a rogue system tool. The goal of the program is to persuade the user to purchase the product. The Win32/Adware.HDDRescue.AA is usually a part of other malware.

Installation

When executed, the adware copies itself into the following location:

  • %commonappdata%\­%variable%.exe (525312 B)

A string with variable content is used instead of %variable% .


The file is then executed.


After the installation is complete, the adware deletes the original executable file.


The adware creates the following files:

  • %desktop%\­System Diagnostic.lnk
  • %programs%\­System Diagnostic\­System Diagnostic.lnk
  • %programs%\­System Diagnostic\­Uninstall System Diagnostic.lnk

These are shortcuts to files of the adware .

Other information

Win32/Adware.HDDRescue.AA is a rogue system tool.


The adware displays fake warnings about threats detected on the compromised computer that need to be removed.


Some examples follow.

The goal of these programs is to persuade the user to purchase them.


The adware may redirect the user to the attacker's web sites.


The adware may create the following files:

  • %appdata%\­%variable%
  • %appdata%\­%variable%.lic
  • %desktop%\­System Diagnostic EDS.txt

The following programs are terminated:

  • msascui.exe
  • msseces.exe

Please enable Javascript to ensure correct displaying of this content and refresh this page.