Active Scan. Scan your PC free
Download Cloud Antivirus Gratis

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.


Threat LevelLow threatDamageHighDistributionNot widespread


The main aim of FakeTube.A is to spread itself via email and affect as many computers as possible.

Infection strategy 

FakeTube.A creates the file AVAST!CACHEAGENT.EXE, in the Windows system directory. This file is a copy of the worm.


FakeTube.A creates the following entry in the Windows Registry in order to register itself as a service and be automatically run whenever Windows is started:

  • HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ avast!CacheAgent.exe

Means of transmission 

FakeTube.A spreads via email in message with erotic content about celebrities like Britney Spears and Paris Hilton, whose names have been replaced with "Britney Spirs" and "Peris Hilton" respectively in these emails.

The message has the following characteristics:

  • Subject: it can contain texts like the following:
    Giga Video Movie Britney Spirs and 8 Beverage Andorran

    Stimulating Image Britney Spirs and One Manifest South Korean
  • Message: it contains a link to an erotic video of any of these celebrities.

When users click the link to the video, a website imitating YouTube's is displayed, requiring users to download a newer version of Flash Player in order to see the video:

If users download this update, they will be actually downloading a copy of the worm to the computer.

Then, it sends a similar email message to all the contacts of the affected user.

Further Details  

FakeTube.A is 25,088 bytes in size and is compressed with UPX.