Malware report: AdvancedXPFixer adware and Tixcet worm

PandaLabs reports this week about the adware AdvancedXPFixer, the Banbra.FTI Trojan and the Tixcet.A worm. AdvancedXPFixer is adware (a program designed to display adverts) that tricks users into installing the program and tries to convince them that the computer has been infected.

When the file containing the adware is run, a warning message appears indicating that the computer has been infected by spyware. Then a screensaver appears with cockroaches eating the desktop.

Then other warning messages may appear and finally, a window with the adware itself, pretending to scan the system for other threats. Needless to say, it always finds a great deal of them, and offers the user the chance to remove them for a fee. If the fee is not paid, the adware continues to display warning messages.

Next in today’s report, we look at the Banbra.FTI Trojan, a new member of the extensive family of Trojans of the same name. The file containing this malicious code has a typical Windows image file icon.

When run, the Trojan creates several files on the infected system and keys in the Windows registry. With this, the Trojan waits until the user connects to a particular online banking service to steal the login details.

Finally today, Tixcet.A is a worm designed to delete MSOffice documents, disable several Windows functions and restart the computer.

The worm is in a file with the Microsoft Word icon. When run, it creates several copies of itself on the infected system and keys in the Windows registry.

It is easy to recognize when a computer has been infected by this worm, as the word CETIX appears next to the clock in the taskbar and it changes the name with which the system has been registered to CETIX BALi.

Tixcet.A spreads by making copies of itself in the drives that it accesses, and creates the file AUTORUN.INF, so it runs automatically.