The malware will create the following:
%UserProfile%\Recent\cid.drv
%UserProfile%\Recent\CLSV.tmp
%UserProfile%\Recent\DBOLE.exe
%UserProfile%\Recent\delfile.sys
%UserProfile%\Recent\fan.dll
%UserProfile%\Recent\grid.sys
%UserProfile%\Recent\kernel32.exe
%UserProfile%\Recent\kernel32.sys
%UserProfile%\Recent\PE.dll
%UserProfile%\Recent\PE.tmp
%UserProfile%\Recent\runddlkey.drv
%UserProfile%\Recent\SICKBOY.drv
%UserProfile%\Recent\std.dll
%UserProfile%\Recent\tempdoc.tmp
%UserProfile%\Recent\tjd.sys
While My Security Shield is running it will also display fake security warnings that are designed to make you think that your computer has a severe computer security problem. The text of some of the alerts you will see are:
Warning! Access conflict detected!All of these security alerts are not true and should be ignored. My Security Shield aim at tricking the user of purchasing the anti virus. If you have purchased it, we suggest that you call your credit card company and asked for refund.
An unidentified program is trying to access system process address space.
Process Name: AllowedForm
Location: C:\Windows\...\notepad.exe
Warning! Identity theft attempt detected
Memory access problem
WindowsErrorForm has encountered a problem at address 0x1FC408.
We are sorry for the inconvenience.
If you see this error again, operational information can be irrevocably lost.
Warning! Virus detected
Threat Detected: Trojan-PSW.VBS.Half
Description: This is a VBScript-virus. It steals user's passwords.
To remove the My Security Shield
No comments:
Post a Comment