Windows Smart Security


Windows Smart Security Screenshot Image

Other payload of Windows Smart Security includes the following:

It will modify Windows Registry and add the following entries:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run “f348522908”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run “[Random]”
  • HKEY_CLASSES_ROOT\CLSID\{425882B0-B0BF-11CE-B59F-00AA006CB37D}
    HKEY_LOCAL_MACHINE\SOFTWARE\f348522908
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Uninstall\WindowsSmartSecurity

The threat will drop the following malicious files:

  • %UserProfile%\Desktop\Windows Smart Security 2009.lnk
  • %UserProfile%\Start Menu\Programs\Windows Smart Security
  • %UserProfile%\Start Menu\Programs\Windows Smart Security\Windows Smart Security 2009.lnk
  • c:\Documents and Settings\All Users\Application Data\f348522908
  • c:\Documents and Settings\All Users\Application Data\[Random]\[Random]
  • c:\Documents and Settings\All Users\Application Data\f348522908\f348522908
  • c:\Documents and Settings\All Users\Application Data\f348522908\f348522908.exe
  • c:\Documents and Settings\All Users\Application Data\[Random]\[Random].exe
  • c:\Documents and Settings\All Users\Application Data\f348522908\rftl11734594dfr

Leave a Comment