This attack could pose a moderate security threat. It does not require immediate action.
This signature detects activities of misleading application SaferScan.
When SaferScan is executed, it performs the following actions:
1. Creates the following files:
* %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\SaferScan\SaferScan.lnk
* %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
* %SystemDrive% is a variable that refers to the drive on which Windows is installed. By default, this is drive C.
2. Creates the following registry subkeys:
3. Adds the value:
"SaferScan" = "%ProgramFiles%\SaferScan\SaferScan.exe"
to the registry subkey:
so that the risk runs every time Windows starts.
- Windows 2000
- Windows 95
- Windows 98
- Windows Me
- Windows NT
- Windows Server 2003
- Windows XP
The following instructions pertain to all Symantec antivirus products that support security risk detection.
1. Update the definitions.
2. Run a full system scan.
3. Delete any values added to the registry.