Scanner

Scanner Description

ScreenshotScanner is a counterfeit PC optimization tool used to fool Internet users into spending money on a program that does nothing to fix system errors or speed up their computer's performance. The people responsible for Scanner may have chosen a generic name as a way to fool computer users and poison search engine results when Internet users type the term "scanner". Scanner is distributed through the use of various Trojans. Rogue authors use a variety of Trojans to spot security vulnerabilities in an operating system and application. A common method to become a victim of a Trojan infection is to open attachments from spam emails or download software installers from warez websites.

Scanner comes from the FakeSysDef family, the same family of other rogue PC optimization tools as System Defragmenter, Ultra Defragger, HDD Control, Win HDD, Win Defrag, Win Defragmenter, Disk Doctor, Hard Drive Diagnostic, HDD Diagnostic, HDD Plus, HDD Repair, HDD Rescue, Smart HDD, Defragmenter, HDD Tools, Disk Repair, Windows Optimization Center, HDD Low, Hdd Fix, PUP.PC Health Kit.

As Scanner scans your computer, it will display several fake error alerts on the Task bar. Also, whenever you try to run an application or remove a file, Scanner will block your actions and display "critical" error messages. Scanner uses these techniques as a way to protect itself from any anti-virus program running in a user's computer.

Scanner's bogus claims are only a ploy to drive you to purchase its licensed version. Some of the errors it alleges to detect are:

  • Data Safety Problem. System integrity is at risk.
  • 32% of HDD space is unreadable
  • Bad sectors on hard drive or damaged file allocation table
  • Read time of hard drive clusters less than 500 ms
  • Drive C initializing error
  • Requested registry access is not allowed. Registry defragmentation required
  • Ram Temperature is 83 C. Optimization is required for normal operation.
  • Registry Error - Critical Error
  • Hard drive doesn't respond to system commands
  • GPU RAM temperature is critically high. Urgent RAM memory optimization is required to prevent system crash

If you make the mistake and use Scanner, it will lead to a black screen designed to look like a Safe Mode background. Another tactic from Scanner is to make it appear that a folder does not contain any content or show the content from a different folder to make you think your hard disk is infected; this usually occurs on C:\Windows:\System32 and is simply an illusion. Scanner's sole purpose is to profit from computer users, and it will hold the computer hostage until it gets what it wants. Do not let Scanner linger any longer in your computer and get a strong anti-spyware program that can restore your computer to its original self.

Aliases: Generic4.AOUF [AVG], eZula.CommonElements [Sunbelt], AdWare.EZula.hkp, Riskware.AdWare.Win32.EZula!IK, TR/BHO.iuj.15175 [AntiVir], not-a-virus:AdWare.Win32.EZula.hkp [Kaspersky], W32/Suspicious_Gen2.CQBNF, Adware.EZula.CUC, Artemis!0A8E0D337A0C [McAfee], Gen:Variant.Adware.LoudMo.4, Net-Worm.Koobface, Packed/Win32.Krap [AhnLab-V3], Packed/Win32.Krap.gen [Antiy-AVL], TR/Agent.ar.15 [AntiVir] and Trojan.DownLoader1.51475 [DrWeb].

Technical Information

Screenshots & Other Imagery

Tip: Turn your sound ON and watch the video in Full Screen mode to fully experience how Scanner infects a computer.

Scanner Video

Scanner Image 1 Scanner Image 2 Scanner Image 3 Scanner Image 4 Scanner Image 5 Scanner Image 6 Scanner Image 7 Scanner Image 8 Scanner Image 9 Scanner Image 10 Scanner Image 11 Scanner Image 12 Scanner Image 13 Scanner Image 14 Scanner Image 15

File System Details

Scanner creates the following file(s):
# File Name Size MD5 Detection Count
1 %TEMP%ElkTBhTOiqUEWYN.exe 468,992 92e8a9f7fead7937380b9fb4ee3f4ab9 46
2 %TEMP%nbtkfQpFdxB.exe 468,992 adf38c340367f9772fa352414984a944 31
3 %ALLUSERSPROFILE%LBSYdYrDlalNvk.exe 467,456 9811765f5136490618dfd95f6beae0d1 23
4 %WINDIR%mike149.exe 164,352 7f4db3946a4e554f6ed093b7d678afdf 14
5 %ALLUSERSPROFILE%ehSfAxdeCUNMnk.exe 478,208 3acf15d92bbe24ddf9b378429bd0842f 13
6 %APPDATA%\MSA\bbaka14.exe 165,888 657e6c7efd339a2efa60c5338ce1ba5b 11
7 %USERPROFILE%\Start Menu\Programs\Startup\syscron.exe 82,944 37bf2db6d12d6b53addaf3753e87cb52 6
8 %APPDATA%defender.exe 1,775,104 bc5a96fd997763db076a4724a404ccae 5
9 %APPDATA%\75961\bbzzkzz17.exe 3,845,632 a60c0eb12877e2bd55d5d8696cdf71e6 5
10 %APPDATA%\Microsoft\conhost.exe 122,880 34b5af6dd06b27ca15c938318990aa5a 3
11 %TEMP%\{6FC2601D-C798-4220-AE11-63D6D0317522}\13b9.dll 131,584 330b8b95adb8fd70022827a52d4059a1 2
12 %APPDATA%\SystemProc\lsass.exe 100,864 3a2179180d149df7b3d04110927b4c26 2
13 %TEMP%qykcmjln.exe 162,816 711ca3091ac4d0c371a3ab3aa7627d1a 1
14 %TEMP%0.08093930418284179.exe 167,424 24723650f47db68061e56eda9a10fd06 1
15 C:\driverwinx.exe\driverwinx.exe 394,819 b4f5ea42cb3404fe522f876ec4e9e445 1
16 %TEMP%m.23C.tmp.exe 2,734,080 cf27dcc4bf3d8e41fed8c0cc68ab9573 1
17 %WINDIR%\system32\cdosys3232.dll 363,520 6118baeb1ef1165b4d272d7d54a06a4f 1
18 %WINDIR%\system32\Apphlpdm32.dll 417,792 c59fd7d299581486ecb47af70d76123c 1
19 %WINDIR%\system32\api-ms-win-core-file-l1-1-032.dll 420,352 f80872715ca54e00238ab56372a65b64 1
20 %APPDATA%hmm.exe 237,568 e7a659d0edf6c6f157fe98efcac37e2c 1
21 %WINDIR%\system32\14bc9f61-4222-c3b7-11e2-4ce8c3479aa9.dll 2,517,504 a751f32f3a751c20099beb28faef13a9 1
22 %ALLUSERSPROFILE%\Application Data\9f3d96\PI9f3_231.exe 3,874,816 a965b83a1b2c1eca6a11ac36d14eaa3c 1
23 %TEMP%4886746.exe 382,464 2073e7be4ece0e69d59a1ebb492677ac 1
24 %APPDATA%dwm.exe 140,800 8f79cca56199cd842146c4b2e1a89321 1
25 %ALLUSERSPROFILE%DCjap4QWgPf.exe 387,072 43f6528114a4dbe0a77720b17c4dade8 1
26 %Temp%qp4iReRF.exe 383,488 58ad6a013e1747137018ca3b66c1571e 0
27 %Temp%qYfoKD6PzadEEhF.exe 380,928 969A26E89B4F13ADF66226B82FADB6C9 0
28 %Temp%tSfkTNduxrPpGPr.exe 465,408 E4CD92C1495368A2FB0AC287FA44C0DF 0
More files

More Details on Scanner

The following messages associated with Scanner were found:
Windows Disk Diagnostics
Windows detected a hard disk error.
A problem with the hard drive sectors has been detected. It is recommended to download the following sertified software to fix the detected hard drive problems. Do you want to download recommended software?

Related Posts

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.

By Domesticus in Misleading Programs
Translate To: Português
Threat Scorecard
?
The ESL Threat Scorecard is an assessment report that is given to every malware threat that has been collected and analyzed through our Malware Research Center. The ESL Threat Scorecard evaluates and ranks each threat by using several metrics such as trends, incidents and severity over time.

In addition to the effective scoring for each threat, we are able to interpret anonymous geographic data to list the top three countries infected with a particular threat. The data used for the ESL Threat Scorecard is updated daily and displayed based on trends for a 30-day period. The ESL Threat Scorecard is a useful tool for a wide array of computer users from end users seeking a solution to remove a particular threat or security experts pursuing analysis and research data on emerging threats.

Each of the fields listed on the ESL Threat Scorecard, containing a specific value, are as follows:

Ranking: The current ranking of a particular threat among all the other threats found on our malware research database.

Threat Level: The level of threat a particular computer threat could have on an infected computer. The threat level is based on a particular threat's behavior and other risk factors. We rate the threat level as low, medium or high. The different threat levels are discussed in the SpyHunter Risk Assessment Model.

Infected Computer: The number of confirmed and suspected cases of a particular threat detected on infected computers retrieved from diagnostic and scan log reports generated by SpyHunter's Spyware Scanner.

% Change: The daily percent change in the frequency of infected computers of a specific threat. The formula for percent changes results from current trends of a specific threat. An increase in the rankings of a specific threat yields a recalculation of the percentage of its recent gain. When a specific threat's ranking decreases, the percentage rate reflects its recent decline. For a specific threat remaining unchanged, the percent change remains in its current state. The % Change data is calculated and displayed in three different date ranges, in the last 24 hours, 7 days and 30 days. Next to the percentage change is the trend movement a specific malware threat does, either upward or downward, in the rankings. Each level of movement is color coded: a green up-arrow (∧) indicates a rise, a red down-arrow (∨) indicates a decline, and a brown equal symbol (=) indicates no change or plateaued.

Top 3 Countries Infected: Lists the top three countries a particular threat has targeted the most over the past month. This data allows computer users to track the geographic distribution of a particular threat throughout the world.
Ranking: N/A
Threat Level: 10
Infected Computers: 5,892