FakeSysDef Description

Type: Trojan

The FakeSysDef family of rogue defragmenter programs is a dangerous group of fake security applications that forms part of a well-known online scam. What makes the FakeSysDef family of rogue defragmenter programs particularly dangerous is that they will usually be associated with a Master Boot Record (MBR) rootkit, such as TDL4 that can be quite difficult to remove. Malware analysts have been keeping track of malware in the FakeSysDef family of rogue defragmentersecurity programs since 2010. Some examples of the dozens of clones of FakeSysDef rogue security programs include System Recovery, WinHDD, Windows Fix Disk, Windows 7 Recovery, Windows Diagnostic, Windows Disk, Windows Repair, Windows Recovery, Windows Safe Mode, and System Repair. Despite their names, make no mistake about it, rogue security programs from the FakeSysDef family are not connected in any way with Microsoft or with any kind of legitimate security application. These fake security programs are designed to take over your computer system until they managed to scam you and take your money. Rogue defragmenter programs fromthe FakeSysDef family will often continue to profit from the infected computer by using the included Master Boot Record rootkit.

How the FakeSysDef Scam Works

Most of the rogue defragmenter programs in the FakeSysDef family follow the same basic premise in order to scam their victims. Programs in the FakeSysDef family pretend to be legitimate defragmenters or system optimization utilities. After invading the victim's computer system with the aid of a dropper Trojan and common Trojan delivery methods, rogue defragmenter programs from the FakeSysDef family will pester the victim with a constant stream of error messages, fake system alerts and pop-up notifications. Rogue defragmenter programs from the FakeSysDef family pretend to run a system scan (which is nothing more than an animation) and then display a list of alarming problems on the infected computer. Many of these problems, such as failure to detect a hard drive or extreme CPU overheating are impractical and even laughable in most cases. However, the technical language in the alerts may be enough to alarm inexperienced or gullible computer users. The next step in the FakeSysDef scam involves convincing the computer user that a "full version" of the rogue security program in question is needed. The victim is taken to a website where he/she will then enter his/her credit card information. ESG security researchers strongly recommend against paying for any of the rogue defragmenter programs. This family of fake security programs has absolutely no way of fixing a hard drive, optimizing your system or removing malware. Once a "full version" of this dangerous malware is purchased, all the victim will receive in exchange will be a rootkit infection and the chance of identity theft or credit card fraud.


15 security vendors flagged this file as malicious.

Anti-Virus Software Detection
Fortinet W32/FakeSysDef.PGE!tr
AntiVir TR/FakeSysdef.A.737
Kaspersky Trojan-FakeAV.Win32.FakeSysDef.pge
AVG Dropper.Generic6.BILT
Ikarus Virus.Win32.Injector
AntiVir TR/Rogue.KD.716362.5
Kaspersky Trojan.Win32.Jorik.Zbot.fre
CAT-QuickHeal Trojan.Jorik.Zbot.fre
Fortinet W32/FakeAV.JHZL!tr
BitDefender Trojan.Generic.7052164
Kaspersky Trojan.Win32.FakeAV.jhzl
AVG Downloader.Zlob.BIHQ
AntiVir TR/FakeSysdef.AR.2
Kaspersky Trojan-FakeAV.Win32.SystemFix.cc
CAT-QuickHeal TrojanFakeAV.SystemFix.cc

Technical Information

Screenshots & Other Imagery

SpyHunter Detects & Remove FakeSysDef

File System Details

FakeSysDef creates the following file(s):
# File Name MD5 Detection Count
1 URdEIoPdlrOf.exe 4c9929524ba309d75c408c9a80750665 19
2 eknXhqrKnsXlF.exe be52e7e38b9b467c51972cc841e7e487 15
3 XHnASFcJrnlLmYD.exe e56e762f2e90c996dccd13411c910e6c 12
4 AMjpXjqDLxjl.exe 34281f199b526205535309cff287a9fe 12
5 ODJvPpaotTb.exe a35e808f5866d1b5de1cf31c8dcea26f 9
6 jdSnJsadxcWFCe.exe 29e8b46c3d92b92a0ea64289fe66764f 9
7 rbpbjipvqhrr.exe 97b0d56dde618dd297203291b06ec545 9
8 XPVnElAMsonvcMj.exe 289c511dd277e046e3da62ce43fb49f8 8
9 xwqnxyxepcug.exe 4b8f337c8cd53fea7cb35511069d07ce 7
10 vjqeiipbxglly.exe 5538819bd8a99d544547754318bc3d9f 6
11 bgPqKOKVwPQv.exe d206f84768ea72998aed1f851433b1c6 6
12 LEyOUApFFHXwn.exe d1e1e3f9ae62a7e1a619dcc7d9245008 6
13 okjlroutvcya.exe fbd750d0a801f621130b836daae32324 5
14 yejptgssgaxp.exe a1c5a8aa1ba6d5ed2eb25d61d4f0126f 5
15 CBeVxEyIguxw.exe 3a7194a1586591b6d1d70b4f2ac176f7 4
16 qrxslipmyxvfmye.exe d1d14cccc83221d9514f3340fedc5e53 4
17 MRvvplxYWheRr.exe 8cc290bd8d6c401b0718ccb67333fb1b 4
18 ellporskarvhs.exe 006c636e1bee4ae2830dc33b35991131 4
19 SyxlJvVkCVeuBSP.exe 3117eef55b0ee060df4bee5286522236 4
20 jtxnkwkrmurfpk.exe d9cb33073a80e7f50c8e507fffb1bc09 3
21 dttiyfmkftuqpj.exe d1ac34449b856c8cba42e7febf1ec2ba 3
22 KxEKSHyFtVVY.exe e4380b5b02d432a677bcf1ceaed3e038 3
23 qlgpacrvkixcre.exe 1e2b74845aab419e78a9e63758863482 3
24 yintxdfmjessfn.exe d020f69d6216c4a14f9c15928b89474f 2
25 wBFvnHvxiqUJ.exe 83787f90afa8f1f5c6901bce7a11326f 1
26 148247.exe 807f4514320ea1577d1a7d28299e35b6 1
27 ltCNsxmSemgqBwD.exe a767bed0fee596706f9556d9dd6cea51 1
28 gppmxkbsscdiwpjyih.exe 7bd18d1dd6236ed83fbf2f254eb66d69 1
29 egidPXEnjJF.exe ff47d228034fc136af3c44c64b33c72e 1
More files

Related Posts

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.