Trojan:Win32/FakeIA.C is a trojan that may display product names or logos in an apparently unlawful attempt to impersonate Microsoft products. It pretends to be an application similar in appearance to the Windows Security Center.
Trojan:Win32/FakeIA.C arrives in the system as an EXE File with a random file name. Upon execution, it drops the file mscscc.dll in the same folder where it is currently running from. This DLL file is also detected as Trojan:Win32/FakeIA.C.
It then modifies the system registry so that it runs every time Windows starts:
Adds value: "HPseti"
With data: "<Malware file name>"
To subkey: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Imitates the Windows Security Center
Trojan:Win32/FakeIA.C has the following interface, which is similar to the Windows Security Center interface:
If a user clicks on "Enable Protection" (as it is the only available option), the user is redirected to www.defender-review.com. This website offers a fake AV software for download.
Anlaysis by Dan Nicolescu
Symptoms vary among different distributions of Trojan:Win32/FakeIA.C, however, the presence of the following system changes (or similar) may indicate the presence of this program: