Tro.DesktopScam
Category: Trojan
Risk:
High Risk
* High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May use a security flaw in the operating system to gain access to your computer.
Description: Tro.DesktopScam is a program used to trick the affected user into purchasing certain security applications. On the infected machine, Tro.DesktopScam will display notifications indicating that the computer is infected. Tro.DesktopScam uses a fake Windows update globe to trick the user into thinking that Microsoft Windows is reporting a spyware infection. Clicking on this notification, directs the user to a pre-defined website to order malware removal software. On certain systems, there may also be the presence of the Security Toolbar.DesktopScam.
Alias: None
Signatures:
process: nvctrl.exe: MD5 Hash: 4b1f73477e5ed813b6f
process: mscornet.exe: MD5 Hash: a9af581ee51d4cef6ef
process: mscornet.exe: MD5 Hash: 1f9d4af987869c1ddff
process: mssearchnet.exe: MD5 Hash: 39ce5ad69b9219e13f3
process: mssearchnet.exe: MD5 Hash: 581f296556d51d8ba99
process: nvctrl.exe: MD5 Hash: 2e592f9eb6537c58d02
process: nvctrl.exe: MD5 Hash: db9ed50e0c0b28dd497
process: mssearchnet.exe: MD5 Hash: cad9f745510ffe9e391
process: mssearchnet.exe: MD5 Hash: b3f7cc6ffe81111e8e8
process: mscornet.exe: MD5 Hash: fe96d3aaee79c787e73
process: mssearchnet.exe: MD5 Hash: e2e082fa17d39593720
process: nvctrl.exe: MD5 Hash: c666e18f3b3d09a362f
process: mscornet.exe: MD5 Hash: daffe219748eeab2490..
Copyright @2006 THR Computer Solutions: Tro.DesktopScam