FakeScanti

By Domesticus in Trojans

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 2,836
First Seen: November 30, 2010
Last Seen: January 10, 2022
OS(es) Affected: Windows

The Trojan:Win32/FakeScanti's family of rogue anti-spyware programs is an especially numerous family, which has been present online since at least 2010. Like on most rogue anti-spyware applications, the malware in the Trojan:Win32/FakeScanti family will claim that the infected computer is severely infected. The malware will do this, in an attempt to convince its victim to purchase a license or a "full version" for a useless fake security application. ESG security researchers recommend ignoring all claims from rogue anti-spyware programs from the Trojan:Win32/FakeScanti family; none of the supposed security programs associated with the Trojan:Win32/FakeScanti have real anti-spyware capabilities. Some examples of malware belonging to the Trojan:Win32/FakeScanti family include AV Protection 2012, AV Protection 2011, Cloud AV 2012, Security Guard 2012, Wolfram Antivirus, OpenCloud Security, OpenCloud AV, Milestone Antivirus and Your PC Protector. Rather than fixing your computer system, FakeScanti-related rogue anti-spyware programs will actually negatively impact your system's performance, deliberately cause a number of problems and pester you with a constant stream of fake security alerts and alarming error messages. Inexperienced computer users may be taken in by Trojan:Win32/FakeScanti's use of legitimate Microsoft logos or superficially-impressive user interfaces. However, ESG security researchers strongly recommend removing any malware associated with Trojan:Win32/FakeScanti immediately.
 

Main Effects of Trojan:Win32/FakeScanti

Rogue anti-spyware programs in the Trojan:Win32/FakeScanti family will make harmful changes to your operating system's settings. They will usually also create new files in your Windows or System folder. Examples of these include svchasts.exe and desot.exe. Trojan:Win32/FakeScanti will also alter the Windows registry so that rogue anti-spyware programs will be allowed to start up automatically when Windows is launched, stop and start file processes and block certain programs or access to the Internet. When installed, a rogue anti-spyware program will also create a shortcut icon on the infected computer's desktop and add an entry to the Windows Start Menu.
 

Understanding the Trojan:Win32/FakeScanti Scam

The Trojan:Win32/FakeScanti scam is typical of most rogue anti-spyware programs. However, rogue anti-spyware programs related to Trojan:Win32/FakeScanti  are characterized by having very convincing interfaces and error messages. While most rogue security applications tend to be poorly written and can be quickly discerned by their bad grammar and spelling, rogue anti-spyware programs are highly professional in appearance and can trick their victims into purchasing these useless programs. Because of this, ESG malware analysts recommend being extremely wary of any unexpected pop-up messages or error messages that show up while browsing the Internet, especially if they are prompting you to download or purchase a security application or to run a free scan of your computer system. This is usually the first step in a dangerous malware infection.

Aliases

15 security vendors flagged this file as malicious.

Anti-Virus Software Detection
AntiVir TR/Fake.Scanti.626
Kaspersky Backdoor.Win32.Gbot.qmq
CAT-QuickHeal Backdoor.Gbot.qmq
BitDefender Gen:Heur.Conjar.9
Kaspersky Trojan-PSW.Win32.Fareit.lc
AVG Generic26.GYK
Kaspersky Trojan-FakeAV.Win32.OpenCloud.ca
CAT-QuickHeal TrojanFakeAV.OpenCloud.ca
AVG Generic26.DBG
Fortinet W32/Sirefef.11L711!tr
AVG Generic25.BVGI
McAfee-GW-Edition Artemis!04E7ECC7F7AC
AntiVir TR/PSW.Fareit.40
Kaspersky Trojan.Win32.Jorik.Gbot.rlh
Avast Win32:Rootkit-gen [Rtk]

SpyHunter Detects & Remove FakeScanti

File System Details

FakeScanti may create the following file(s):
# File Name MD5 Detections
1. java.exe b5ac23200df9524102f1f04de2ceba4f 67
2. java.exe 49cc9036a42eca3abda63ea64c5f751d 34
3. java.exe 22dd77527a0698b1a3edc5cea7d01efc 34
4. java.exe 72bea5fbec7981da9ea61a9d16152299 22
5. java.exe 20f5fb0b21a127ea1a5c91c9c638469d 20
6. java.exe c9a078fbb9f5e1df927f8de43fedc250 16
7. java.exe c21763e31fb15162feb65e78612e0b23 14
8. java.exe db713dcd6bfcd61476d4a7584bf75a76 12
9. iexplore.exe 057481cd2a00cb223ed1de0e6620d49f 10
10. Cloud AV 2012v121.exe 41096615e6206b00f9206caf5307ba6a 10
11. iexplore.exe 583700a254cfd66ad644b7da67df534b 8
12. java.exe 1eb3390d1fc4a26a92b8b8b89a2b3e1e 8
13. java.exe d03b6003e2780a216316843cf6952b4e 7
14. Cloud AV 2012v121.exe 11fd80a3de0c4461f96d966d935005b5 6
15. firefox.exe dc4572c236c6eab67c4ddcedbe38ba8b 5
16. Cloud AV 2012v121.exe b7f4641a84a3ba51b01c1386d440d443 5
17. iexplore.exe 670d36e7d3ae3d08c48a602ab4a72406 4
18. Cloud AV 2012v121.exe 644a649c104f47d63b0f87ee7296024b 4
19. firefox.exe 792eef348cacb5cdc974cfd60f142533 3
20. iexplore.exe ccf74c83faaab41fea45ed735b914565 2
21. firefox.exe bb79fa479e3d4273e84c42985a8edb9f 2
22. tvq.exe e5b10e4f60bc6005191d0ea509daaa2a 2
23. firefox.exe 6c527aa9b17ff8405e52a44465176620 1
24. chrome.exe 8c348da2e1cb2660a9b003959fddd879 1
25. atm.exe f126ed56bc868c1a941e9e016bc731ab 1
26. firefox.exe 12c269bc2b30d0a54bee59de6aba861a 1
More files

Messages

The following messages associated with FakeScanti were found:

DANGER!!!
Your computer is INFECTED!
Attention!!!
Such infection will cause permanent loss of all information stored on your computer: documents, files, etc.
All your secret data like logins, passwords, credit card information can be accessed by third-parties for malicious purposes.
All your online activities like sending e-mails, visiting web-sites are logged and stored on your hard disk. Spyware blocks the deletion of such information from your computer and makes your online actions traceable.
PROTECT YOURSELF!
DELETE SPYWARE FROM YOUR COMPUTER RIGHT NOW!
Security Warning
Your computer continues to be infected with harmful viruses. In order to prevent permanent loss of your information and credit card data theft please activate your antivirus software. Click here to enable protection.
Warning: Infection is Detected
Windows has found spyware infection on your computer! Click here to update your Windows antivirus software

Related Posts

Trending

Most Viewed

Loading...