10/14: FakeAle-IJ Trojan Creates Files, Registry Entries

When Troj/FakeAle-IJ is installed the following files are created:

Current Folder\delself.bat
System\brastk.exe
System\dllcache\beep.sys
System\dllcache\figaro.sys

The files beep.sys and figaro.sys are detected as Mal/FakeAle-C. The file brastk.exe is detected as Troj/FakeAle-IG.

The following registry entries are created to run brastk.exe on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run brastk
System\brastk.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run brastk
System\brastk.exe

More information can be found at this Sophos page.

Comment and Contribute