We’ve all seen Fake AntiVirus applications deliberately misreporting malware detection and encouraging the user to buy their “products”. The slew of these fake anti virus applications has been relentless. This Fake anti-virus ups the ante further.
When this particular Trojan (Troj/FakeAV-AAB) is executed, the following dialog box is displayed:
On running its scan, the fake anti-virus application purports to report positive detections for files in a folder that may be empty. Have these malware authors messed up? Or have they gotten so lazy that they cannot be bothered to do a proper file scan anymore?
What has gone on here is something that is rather sneaky. Instead of blatantly and randomly misreporting files as malware, what this Trojan has done is to deliberately spawn/create new junk files on the infected computer, with random names and random file extensions and proceeded to detect them! To make matters worse, these files manifest themselves in various folders like the My Documents folder and Windows folder.
Thankfully, these files are not malicious by themselves.
Full read @ Sophos.