IS4560 Hacking and Countermeasures

I was assigned the task of reviewing top malware threats reported by the McAfee Anti-Virus Corporation. The purpose of investigation reporting is to understand the typical lifecycle of new malware and how the threat presented by malware can change over time.
Malware Capabilities and Description
Virus Profile: FakeAlertAVSoft
This Binary is Trojan fake alert, as the name, this Trojan gives fake alerts to the compromised user system. This creates a mirage as if the user system is severely affected when it isn’t and then it will give fake balloon tips when clicked. Afterwards it will ask the compromised user to buy fake antivirus software. FakeAlert-AVSoft will silently install and run a virus scan on the system. It will falsely claim that it found viruses and will require the user to register the product to clean the system. The malware attacks and makes registry modification and tricks the user and prompts them to buy the fake antivirus software.
Threats
The FakeAlert-AVsoft upon execution creates the following registry keys HKEY_CURRENT_USER\Software\AvScan and the following are added to registry.
[HKEY_CURRENT_USER\Software\Microsoft\InternetExplorer\Download"RunInvalidSignatures”], also registry values are modified. The following registry keys are deleted in the system.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Windows "AppInit_DLLs". The user is prevented from running any executables and the following message is displayed upon attempted execution: After the FakeAlert has been left running for a period of time, it loads Internet Explorer and opens www.adu[Removed].com and displays a fake warning message. These are only a few of the system disruption changes that the malware performs, and it will leave the infected computer inoperable to perform even basic tasks.
Removal instructions According to mcAfee use current engine and DAT files for detection and removal, modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
Conclusion
This malware is designed to trick users into clicking on a fake Windows security alert balloon message, once user has clicked on balloon the FakeAlert-AVSoft will silently install and run a virus scan on the system. The fake scan will indicated that it discovered viruses on your computer, but it is their scan that infected and gave you the virus. This virus modifies computer registry which is a vital part of the computer operating system, because the registry is essentially the catalog or reference source for your computer.
When you attempt to open a program, your computer queries the registry to find where the program is stored. The registry contains references to settings and values for the operating system, the programs, user profiles, document types, property sheet settings, system hardware and ports. Basically, much of what goes into or comes out of your computer is noted in the registry. This malware is designed to infect your computer and trick you into purchasing their fake anti-virus product to clean your computer.

References

http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=258592#none