WinCodecPro a Misleading Application

by on 03/27/2009 in Fake Antivirus, Security

Win32/FakeAlert.ADQ is a Trojan that displays fake warnings and messages to deceive the user into installing the rogue security product “WinCodecPRO”. Users should never download this misleading application as it’s a scam.

When executed, Win32/FakeAlert.ADQ drops the following files:

%Program Files%\MediaSystem\1.gif – non-malicious file
%Program Files%\MediaSystem\wall.html – non-malicious file
%Program Files%\MediaSystem\wmptray.exe – copy of Trojan

Note: %Program Files% is a variable location. The malware determines the location of the current Program Files folder by querying the operating system. A typical location for this folder would be C:\Program Files.

It then creates the following registry entries to execute itself at every Windows startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WmpTray = “%Program Files%\MediaSystem\wmptray.exe”
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WmpTray = “%Program Files%\MediaSystem\wmptray.exe”

It also creates the following registry entries:

HKLM\SOFTWARE\GenericMultiMedia
HKLM\SOFTWARE\GenericMultiMedia\WinCoDecPRO
HKLM\SOFTWARE\GenericMultiMedia\WinCoDecPRO\countr = dword:00000001

Also known as:  Trojan-Downloader.Win32.Agent.bkvq (Kaspersky), WinCodecPro (CA Anti-Spyware), Troj/FakeVir-LC (Sophos)

Share

3 Responses to “WinCodecPro a Misleading Application”

  1. Topics about Computers » WinCodecPro a Misleading Application

    Mar 27th, 2009

    [...] TechJaws: Tech News, Internet Tools and SEO placed an observative post today on WinCodecPro a Misleading ApplicationHere’s a quick excerptWin32/FakeAlert.ADQ is a Trojan that displays fake warnings and messages to deceive the user into installing the rogue security product “WinCodecPRO”. Users should never download this misleading application as it’s a scam. When executed, Win32/FakeAlert.ADQ drops the following files : %Program Files%MediaSystem1.gif – non-malicious file %Program Files%MediaSystemwall.html – non-malicious file %Program Files%MediaSystemwmptray.exe – copy of Trojan Note: %Program Files% is a variabl [...]

  2. Kikolani

    Mar 27th, 2009

    I actually found one of these fake software programs on someone’s pc at my old office. I’m sure it looked legit, and it goes to show that even the technically savvy can fall for a well-designed virus.

    ~ Kristi

    • Frank J

      Mar 27th, 2009

      I try to post a lot about these misleading apps to warn others, but sometimes it’s too late.