In this article, I am going to detail the way the FakeFolder trojan infused into your personal computer, and how to delete FakeFolder trojan virus.
What is FakeFolder trojan?
| Name | FakeFolder |
| Infection Type | Trojan |
| Symptoms |
|
| Similar behavior | Nuev, SpyAgent, Cleaman, VirLock, Halnir, Zombie |
| Fix Tool |
See If Your System Has Been Affected by FakeFolder trojan |
The name of this sort of malware is an allusion to a well-known legend about Trojan Horse, that was operated by Greeks to enter into the city of Troy and win the war. Like a dummy horse that was made for trojans as a present, FakeFolder trojan virus is dispersed like something legit, or, at least, valuable. Malicious apps are concealing inside of the FakeFolder trojan virus, like Greeks within a large wooden dummy of a horse.1Trojan viruses are one of the leading malware sorts by its injection rate for quite a very long time. And currently, during the pandemic, when malware got tremendously active, trojan viruses enhanced their activity, too. You can see a number of messages on diverse resources, where people are complaining concerning the FakeFolder trojan virus in their computers, and also asking for assistance with FakeFolder trojan virus removal.
Trojan FakeFolder is a sort of virus that infiltrates right into your personal computer, and after that performs a wide range of harmful functions. These functions depend on a kind of FakeFolder trojan: it may act as a downloader for additional malware or as a launcher for another malicious program which is downloaded along with the FakeFolder trojan. Over the last two years, trojans are likewise delivered using e-mail add-ons, and most of situations used for phishing or ransomware infiltration.
FakeFolder2 also known as
| Bkav | W32.AIDetect.malware1 |
| Lionic | Trojan.Win32.Generic.4!c |
| Elastic | malicious (high confidence) |
| MicroWorld-eScan | Gen:Trojan.Heur.cmrar1L0ZPeib |
| FireEye | Generic.mg.209fadfc389f5513 |
| McAfee | GenericRXAA-AA!209FADFC389F |
| Cylance | Unsafe |
| VIPRE | Trojan.Win32.Generic.pak!cobra |
| Sangfor | Suspicious.Win32.Save.a |
| K7AntiVirus | Trojan ( 0052964f1 ) |
| Alibaba | Trojan:Win32/FakeFolder.86129b07 |
| K7GW | Trojan ( 0052964f1 ) |
| Cybereason | malicious.c389f5 |
| Baidu | Win32.Trojan.Agent.apt |
| VirIT | Trojan.Win32.Dnldr5.IMT |
| Cyren | W32/S-ac9fabbe!Eldorado |
| Symantec | W32.Griptolo |
| ESET-NOD32 | a variant of Win32/Agent.RTF |
| APEX | Malicious |
| Paloalto | generic.ml |
| Cynet | Malicious (score: 100) |
| Kaspersky | HEUR:Trojan.Win32.Generic |
| BitDefender | Gen:Trojan.Heur.cmrar1L0ZPeib |
| NANO-Antivirus | Trojan.Win32.Cmrar1L0ZPeib.fpzttg |
| SUPERAntiSpyware | Trojan.Agent/Gen-Buzy |
| Tencent | Malware.Win32.Gencirc.10b30677 |
| Emsisoft | Gen:Trojan.Heur.cmrar1L0ZPeib (B) |
| Comodo | TrojWare.Win32.Kryptik.VARA@4n0j7s |
| DrWeb | Trojan.DownLoader5.5739 |
| Zillya | Trojan.Generic.Win32.663666 |
| TrendMicro | TROJ_GEN.R002C0DAV22 |
| McAfee-GW-Edition | BehavesLike.Win32.PWSZbot.nh |
| Sophos | ML/PE-A + Mal/Behav-043 |
| Jiangmin | Backdoor/LolBot.ic |
| Avira | TR/Crypt.XPACK.Gen |
| Antiy-AVL | Trojan[Backdoor]/Win32.LolBot |
| Microsoft | Trojan:Win32/FakeFolder.AA!MTB |
| ZoneAlarm | HEUR:Trojan.Win32.Generic |
| GData | Gen:Trojan.Heur.cmrar1L0ZPeib |
| AhnLab-V3 | Malware/Win32.Generic.C3058653 |
| BitDefenderTheta | AI:Packer.D99D49AF1D |
| ALYac | Gen:Trojan.Heur.cmrar1L0ZPeib |
| MAX | malware (ai score=100) |
| VBA32 | Trojan.Downloader |
| Malwarebytes | Malware.AI.822915290 |
| TrendMicro-HouseCall | TROJ_GEN.R002C0DAV22 |
| Rising | Malware.FakeFolder/ICON!1.6AA9 (CLOUD) |
| Yandex | Trojan.Agent!jCzSeZinJEI |
| SentinelOne | Static AI – Malicious PE |
| MaxSecure | Win.MxResIcn.Heur.Gen |
| Fortinet | W32/Agent.XKP!tr |
| Panda | Trj/CI.A |
| CrowdStrike | win/malicious_confidence_100% (W) |
What are the symptoms of FakeFolder trojan?
- Yara rule detections observed from a process memory dump/dropped files/CAPE;
- Dynamic (imported) function loading detected;
- Enumerates running processes;
- Repeatedly searches for a not-found process, may want to run with startbrowser=1 option;
- Drops a binary and executes it;
- The binary contains an unknown PE section name indicative of packing;
- The binary likely contains encrypted or compressed data.;
- Executable file is packed/obfuscated with MPRESS;
- Authenticode signature is invalid;
- Operates on local firewall’s policies and settings;
The frequent indicator of the FakeFolder trojan virus is a progressive appearance of different malware – adware, browser hijackers, et cetera. As a result of the activity of these malicious programs, your personal computer becomes very slow: malware uses up substantial amounts of RAM and CPU capabilities.
One more detectable impact of the FakeFolder trojan virus existence is unfamiliar operations showed in task manager. Sometimes, these processes may attempt to imitate system processes, but you can understand that they are not legit by taking a look at the source of these processes. Quasi system applications and FakeFolder trojan’s processes are always detailed as a user’s processes, not as a system’s.
How to remove FakeFolder trojan virus?
- Download and install Loaris Trojan Remover.
- Open Loaris and perform a “Standard scan“.
- “Move to quarantine” all items.
- Open “Tools” tab – Press “Reset Browser Settings“.
- Approve the reset pressing “Yes” button in the appeared window.
- Restart your computer.
To clean up FakeFolder trojan and also be sure that all added malware, downloaded with the help of this trojan, will certainly be removed, as well, I’d suggest you to use Loaris Trojan Remover.
FakeFolder trojan virus is quite difficult to get rid of by hand. Its pathways are really hard to track, and the changes executed by the FakeFolder trojan are concealed deeply within the system. So, the opportunity that you will make your system 100% clean of trojans is quite low. And don't ignore malware that has been downloaded and install with the help of the FakeFolder trojan virus. I believe these arguments suffice to ensure that getting rid of the trojan virus manually is an awful suggestion.
FakeFolder removal guide
To detect and delete all malicious programs on your PC using Loaris Trojan Remover, it’s better to use Standard or Full scan. Removable scan, as well as Custom, will scan only specified folders, so such checks are not able to provide the full information.
You can spectate the detects during the scan process lasts. However, to execute any actions against spotted malicious items, you need to wait until the scan is over, or to interrupt the scan.
To choose the special action for each detected malicious programs, choose the arrow in front of the detection name of detected malicious items. By default, all malicious programs will be sent to quarantine.
How to remove FakeFolder Trojan?
Name: FakeFolder
Description: Trojan FakeFolder is a kind of virus that infiltrates into your computer, and after that performs different destructive functions. These features depend upon a type of FakeFolder trojan: it can act as a downloader for many other malware or as a launcher for another destructive program which is downloaded in addition to the FakeFolder trojan. During the last two years, trojans are also dispersed via e-mail attachments, and most of situations utilized for phishing or ransomware infiltration.
Operating System: Windows
Application Category: Trojan
User Review
( votes)- What is Trojan Horse: https://en.wikipedia.org/wiki/Trojan_horse_(computing)
- FakeFolder VirusTotal Report: https://www.virustotal.com/api/v3/files/1283522e00cbdcbe6c600b7674bb544322cbb30783a628fd76ba1b3b33e3e72a
