Rogue:W32/FakeApp

Classification

Category :

Malware

Type :

Rogue

Aliases :

Rogue:W32/FakeApp.[variant]

Summary

This program appears to be a utility program. When installed however, it displays a fake message to give the impression that the utility program cannot run, and then offers to download another program. No other functionality is offered.

Removal

Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note: You need administrative rights to change the settings.

Technical Details

Applications identified by the Rogue:W32/FakeApp detection appear to be utility programs, with most using filenames that make it seem as though they are video format conversion tools or CD/DVD burner programs. Some of the filenames used include:

  • freeflvconvertersetup-[variable].exe
  • freemp3wmaconvertersetup-[variable].exe
  • freescreentovideosetup-[variable].exe
  • freevideoconvertersetup-[variable].exe
  • freeeasycddvdburnersetup-[variable].exe
  • nomoneyfreeeasycddvdburnersetupstub.exe

Regardless of the name used, when the FakeApp file is launched and installed, the expected utility program is not provided.

Installation

When the FakeApp file is launched, the user may be prompted to install a bundled toolbar. If the user attempts to uncheck or otherwise avoid installing the bundled components, the program again prompts the user to install them. This behavior is more commonly seen in programs categorized as Potentially Unwanted Applications.

Once installation is complete, the program displays a message in the web browser informing the user that an 'issue' prevents the program from performing its expected behavior (that is, converting videos or burning discs). For example, one FakeApp sample uses the text, 'Unfortunately, your browser cannot handle this site'.

Finally, the program offers to download an alternative web browser. No other functionalities are offered by the program.