Fake Trojan

About “Trojan.FakeAv” infection

Malware Removal

The Trojan.FakeAv is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.FakeAv virus can do?

  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Reads data out of its own binary image
  • The binary likely contains encrypted or compressed data.
  • Detects the presence of Wine emulator via function name
  • Queries information on disks, possibly for anti-virtualization
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Collects information about installed applications
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization
  • Detects VirtualBox through the presence of a registry key
  • Anomalous binary characteristics

Related domains:

inactiveanimals.top
duckandbear.top

How to determine Trojan.FakeAv?



File Info:

crc32: AFA30675
md5: 3e17c84070d3d49eb5d9d26c0c781a6f
name: 3E17C84070D3D49EB5D9D26C0C781A6F.mlw
sha1: e62024e350621b2f32b09a52c2ede0c970937259
sha256: dcda6fb5e931acc136b7f08eeb8f411b4ac2ab24886c3f485d4c649591a2410a
sha512: a557fb4f0f2fe5871085a9ca70aa04691b4d11c0cf47904c410da1235c7775d81293594efab3b79f086e15d8df34dc6e928fd426cb18fa637f08e403e73634a5
ssdeep: 49152:VdYE16lMT8fee3+/7vBsoauaSRsj0Zuur1T75YiarmNTmwR9v+949Hp98Ii:VP6lMT8feeeKoadJg1narmNTmwR9TVi
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

Comments: 
InternalName: Windows apps
FileVersion: 5.9.1.9
ProductVersion: 5.9.1.9
FileDescription: Windows app
Translation: 0x0409 0x04e4

Trojan.FakeAv also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Application.InstallMonster.1
CAT-QuickHealAdware.InstallMonster.A8
ALYacGen:Application.InstallMonster.1
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
AegisLabTrojan.Win32.Generic.4!c
SangforMalware
K7AntiVirusUnwanted-Program ( 0051b9171 )
BitDefenderGen:Application.InstallMonster.1
K7GWAdware ( 0050c6b81 )
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderThetaAI:Packer.630AE8B020
CyrenW32/Trojan.DIL.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/InstallMonstr.UD potentially unwanted
APEXMalicious
AvastWin32:Adware-gen [Adw]
ClamAVWin.Malware.Agent-6598770-0
KasperskyHEUR:Trojan.Win32.Generic
NANO-AntivirusTrojan.Win32.InstallMonster.euxpvo
RisingAdware.InstallMonstr!1.A3B8 (CLASSIC)
Ad-AwareGen:Application.InstallMonster.1
SophosInstall Monster (PUA)
ComodoApplication.Win32.InstallMonster.TN@7g2wfa
F-SecureAdware.ADWARE/InstallMonster.kweyv
DrWebTrojan.InstallMonster.2398
ZillyaTool.InstallMonster.Win32.169
McAfee-GW-EditionBehavesLike.Win32.AdwareIMonster.wc
FireEyeGeneric.mg.3e17c84070d3d49e
EmsisoftGen:Application.InstallMonster.1 (B)
SentinelOneStatic AI – Malicious PE – Installer
WebrootW32.Gen.BT
AviraADWARE/InstallMonster.kweyv
Antiy-AVLTrojan/Win32.TSGeneric
MicrosoftProgram:Win32/Wacapew.C!ml
ArcabitApplication.InstallMonster.1
AhnLab-V3PUP/Win32.InstallMonster.R210553
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataWin32.Application.InstallMonstr.V
CynetMalicious (score: 100)
Acronissuspicious
McAfeeGenericRXDB-WZ!3E17C84070D3
MAXmalware (ai score=100)
VBA32Trojan.FakeAv
MalwarebytesGeneric.Trojan.Malicious.DDS
PandaTrj/Genetic.gen
TencentMalware.Win32.Gencirc.10b4c92b
YandexTrojan.GenAsa!g7ipYmhTW5g
IkarusAdWare.BundleApp
MaxSecureTrojan.Malware.300983.susgen
FortinetRiskware/InstallMonstr
AVGWin32:Adware-gen [Adw]
Cybereasonmalicious.070d3d
Paloaltogeneric.ml
Qihoo-360Win32/Application.64a

How to remove Trojan.FakeAv?

Trojan.FakeAv removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment