Fake Trojan

Should I remove “BScope.Trojan.FakeAV”?

Malware Removal

The BScope.Trojan.FakeAV is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What BScope.Trojan.FakeAV virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Scheduled file move on reboot detected
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Created a process from a suspicious location
  • Anomalous binary characteristics

How to determine BScope.Trojan.FakeAV?



File Info:

name: 55B5B3C7CDBD478BCCEC.mlw
path: /opt/CAPEv2/storage/binaries/c63e6e2074620999d398ce65575978511c8759b7236f7b21ad4257c9ea9235ed
crc32: 24BDC992
md5: 55b5b3c7cdbd478bccec3d2743cb8d61
sha1: ff86461b7c80788a8c15456bc39e9dead16fc8e2
sha256: c63e6e2074620999d398ce65575978511c8759b7236f7b21ad4257c9ea9235ed
sha512: 4d0623c9531dd7a36c9d91221871154392a8ec879aa4d530230f173e29aa3665d4733a26cb61e19b0ca0a64929216944563406a66ebbd856fe82c47ab9e8b839
ssdeep: 49152:DShySkASzCNzcvi57bxUxw2d6uIccnMSMU8gt0/PAjzI:2qBQzcahitd6uxcnMSME04zI
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T176B52303B693D072E5A900B404669B768E7A7D3293B5D4F7AFC43E694E313D09A3634B
sha3_384: 87547398640f748b18c8b3170dac6408d93cc4205cd21012d6babeaf4cc165a67a9fab4e167cd2da9a05d9ea54be1c74
ep_bytes: e8a61d0000e989feffff8bff565733f6
timestamp: 2012-06-14 16:16:10


Version Info:

Comments: Created with Setup Factory
FileDescription: Setup Application
FileVersion: 9.1.0.0
InternalName: suf_launch
LegalCopyright: Setup Engine Copyright © 2004-2012 Indigo Rose Corporation
LegalTrademarks: Setup Factory is a trademark of Indigo Rose Corporation.
OriginalFilename: suf_launch.exe
ProductName: Setup Factory Runtime
ProductVersion: 9.1.0.0
Translation: 0x0409 0x04e4

BScope.Trojan.FakeAV also known as:

VBA32BScope.Trojan.FakeAV
APEXMalicious
eGambitUnsafe.AI_Score_91%

How to remove BScope.Trojan.FakeAV?

BScope.Trojan.FakeAV removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment