1. /
  2. Security Response/
  3. SecurityToolFraud

SecurityToolFraud

Updated:
October 9, 2009 2:52:47 PM
Type:
Misleading Application
Name:
SecurityTool
Publisher:
sitesecuritytest.com
Risk Impact:
Medium
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
Behavior
The program must be manually installed.

The program reports false or exaggerated system security threats on the computer.





The user is then prompted to pay for a full license of the application in order to remove the threats.





Installation
When the program is executed, it creates the following files:
  • %UserProfile%\Desktop\Security Tool.lnk
  • %UserProfile%\Start Menu\Programs\Security Tool.lnk
  • C:\Documents and Settings\All Users\Application Data\[RANDOM NAME]\[RANDOM NAME].exe


Next, the program creates the following registry entry so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"[RANDOM NAME]" = "C:\DOCUME~1\ALLUSE~1\APPLIC~1\[RANDOM NAME]\[RANDOM NAME].exe"

It also creates the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\[RANDOM NAME]

Similar Security Risks
SystemSecurity


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver