Trojan.Win32.MicroFake.p or MicroFake is a trojan that manipulates the executable "sc.exe".


After being installed onto the victim, the trojan carries out the following commands with the system utility sc.exe.

sc.exe config wuauserv start= auto
sc.exe config BITS start= demand
sc.exe stop wuauserv
sc.exe config BITS start= disabled
sc.exe config wuauserv start= disabled

The trojan then cancels the launch of the Windows Automatic Update service on startup. It also cancels the automatic launch of the "Background Intelligent Transfer" Service. It will then open the following domain on the Internet Explorer browser, after that, the trojan terminates.


Technical Details

MD5: 2F0A719F90F423DBC2080803957CEB34
SHA1: 833A0DCC4770C9E982546F772351D316FE4A09BF


Securelist (Kaspersky Labs), Trojan.Win32.MicroFake.p