Once again the “Conflicker.B Infection Alert” spam campaign has started. The same campaign was seen earlier this year. The scheme remains the same but the e-mail is a bit modified and written is several different languages. Basically, a person gets an email with Conflicker.B Infection Alert in subject from Microsoft Windows Agent (supposedly from Microsoft’s Computer Safety Division). The fake message has an attachment. Usually, it is a file called install.zip (29.66KB), however please note that the file name may vary. The message states:
Most importantly, do not download and open install.zip file. It contains a Trojan virus (install.exe file) which displays fake security alerts and notifications about serious system security threats and infections. The fake notification reads:
Finally, the Trojan installs the rogue security application called Antivirus Pro 2010 on the compromised computer. It imitates system scan and reports false scan results to make you think your computer is badly infected. The main goal of this malware is to trick your into purchasing the program.
If your computer is infected with this parasite, please use the removal guide below to remove Antivirus Pro 2010 and related malware including Conflicker.B Infection Alert Trojan from your PC. Also we strongly recommend you to scan your computer with a reliable anti-spyware application just to make sure there are no other viruses on your computer.
Conflicker.B Infection Alert manual removal:
Delete registry values:
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload "RunInvalidSignatures" = "1"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations "LowRiskFileTypes" = "zip;.rar;.cab;.txt;.exe;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mov;.mp3;.wav"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations "SaveZoneInformation" = "1"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer "ForceClassicControlPanel" = "1"
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload "CheckExeSignatures" = "no"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun "Antivirus Pro 2010"