Trojan.Win32.MicroFake.p

Removal Instructions

If your computer has not been protected with anti-virus software and has been infected with malware, you will need to take the following actions to delete this:

  1. Delete the original trojan file (its location on the infected computer will depend on how the program got onto the computer).
  2. Using the MMC (Microsoft Management Console) ("Services and applications\Services" tab), restore the startup parameters for the "wuauserv" and "BITS" services.
  3. Run a full Kaspersky Antivirus scan of the computer with updated antivirus databases (download trial version).


MD5: 2F0A719F90F423DBC2080803957CEB34
SHA1: 833A0DCC4770C9E982546F772351D316FE4A09BF

Payload

After launching, the trojan uses the system utility "sc.exe" to carry out the following command sequence:

sc.exe config wuauserv start= auto
sc.exe config BITS start= demand
sc.exe stop wuauserv
sc.exe config BITS start= disabled
sc.exe config wuauserv start= disabled

This stops and cancels the automatic launch of the "wuauserv" service (Windows Automatic Update service), and also cancels the automatic launch of the "BITS" service (Background Intelligent Transfer Service). The trojan then opens the following resource in the Internet Explorer browser:
http://windo***pdate.microsoft.com

The trojan then shuts down.

Technical Details

A trojan program that carries out destructive actions on the user's computer. It is a Windows application (PE-EXE file). 8704 bytes. Written in C++.