Trojan.Win32.MicroFake

Detect Date 02/03/2010
Class Trojan
Platform Win32
Description

After launching, the trojan uses the system utility “sc.exe” to carry out the following command sequence:




sc.exe config wuauserv start= auto



sc.exe config BITS start= demand



sc.exe stop wuauserv



sc.exe config BITS start= disabled



sc.exe config wuauserv start= disabled



This stops and cancels the automatic launch of the “wuauserv” service (Windows Automatic Update service), and also cancels the automatic launch of the “BITS” service (Background Intelligent Transfer Service). The trojan then opens the following resource in the Internet Explorer browser:

http://windo***pdate.microsoft.com

The trojan then shuts down.