1. Symantec/
  2. Security Response/
  3. SecurityToolFraud

SecurityToolFraud

Updated:
October 9, 2009 2:52:47 PM
Type:
Misleading Application
Name:
SecurityTool
Publisher:
sitesecuritytest.com
Risk Impact:
Medium
Systems Affected:
Windows
Behavior
The program must be manually installed.

The program reports false or exaggerated system security threats on the computer.





The user is then prompted to pay for a full license of the application in order to remove the threats.





Installation
When the program is executed, it creates the following files:
  • %UserProfile%\Desktop\Security Tool.lnk
  • %UserProfile%\Start Menu\Programs\Security Tool.lnk
  • C:\Documents and Settings\All Users\Application Data\[RANDOM NAME]\[RANDOM NAME].exe


Next, the program creates the following registry entry so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"[RANDOM NAME]" = "C:\DOCUME~1\ALLUSE~1\APPLIC~1\[RANDOM NAME]\[RANDOM NAME].exe"

It also creates the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\[RANDOM NAME]

Similar Security Risks
SystemSecurity


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube