Virus.DOS.RogueAntiSpyware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 484 |
| First Seen: | June 17, 2010 |
| Last Seen: | February 18, 2023 |
| OS(es) Affected: | Windows |
Virus.DOS.RogueAntiSpyware is a versatile Trojan that has been around for a long time. Actually, this name for the Trojan is just what PCTools calls it – other software companies have their own names for it. For example, Kaspersky Labs calls it Trojan.Win32.Tdss.beea, and Microsoft calls it Trojan:Win32/Alureon.gen!J.
The virus sometimes referred to as Virus.DOS.RogueAntiSpyware is capable of a variety of different things, and over time, it has been used for widely varying purposes. Its most recent variant is being used to add infected computers to a botnet, and to steal information about the users of the infected PC's. In the past, Virus.DOS.RogueAntiSpyware has been used to download rogue anti-virus applications to affected computers, and to change DNS settings on networks. The Trojan has basic functionality that allows it to be modified to do a lot of different things.
In general, Virus.DOS.RogueAntiSpyware is a Trojan that opens a backdoor. This backdoor can then be used to contact a remote controller, to send information from the host computer to the crook behind the malware, to make the computer part of a botnet and use it to send spam or be included in denial of service attacks, and to download other malware, among other things.
This wide range of potential variations in Virus.DOS.RogueAntiSpyware means that there will be a range of different symptoms when a computer is infected. Sometimes, depending on what the Trojan has been modified in order to do, there may be no symptoms at all. Other times, the computer may be slower than normal, or files may mysteriously disappear and reappear, or the system may become unstable.
Virus.DOS.RogueAntiSpyware is extremely dangerous, and should be removed immediately in order to avoid any further information theft or botnet involvement. This Trojan has been around and going through changes for several years, and possibly goes back all the way to 2005, which is eons in virus terms. Therefore, Virus.DOS.RogueAntiSpyware is a threat that isn't going away, and in order to secure your PC, it is far better prevent this Trojan from infecting in the first place than by trying to deal with it later.
Table of Contents
Aliases
15 security vendors flagged this file as malicious.
| Anti-Virus Software | Detection |
|---|---|
| Symantec | Trojan.FakeAV!gen39 |
| F-Prot | W32/FakeAlert.HX.gen!Eldorado |
| McAfee | FakeAlert-SecurityTool.i |
| Ikarus | Trojan-Downloader.Win32.Mufanom |
| Sunbelt | Trojan.Win32.Hiloti.gen.f (v) |
| Sophos | Mal/Hiloti-D |
| Kaspersky | Trojan-Downloader.Win32.Mufanom.aafz |
| Avast | Win32:Hilot |
| F-Prot | W32/Hiloti.I.gen!Eldorado |
| NOD32 | a variant of Win32/Cimag.DC |
| McAfee | Hiloti.gen.e |
| DrWeb | Trojan.Packed.21137 |
| NOD32 | a variant of Win32/Kryptik.HQD |
| Sunbelt | VirTool.Win32.Obfuscator.ah!e (v) |
| Symantec | SecurityToolFraud!Gen4 |
SpyHunter Detects & Remove Virus.DOS.RogueAntiSpyware
File System Details
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | defcnt.exe | 11ea668acbcde94ce69dbd3b9ee578ca | 107 |
| 2. | defcnt.exe | a95737643a2fe963f07d942e36fc341a | 86 |
| 3. | defcnt.exe | 79b1ca70222b2d439fed875b5754dd8a | 74 |
| 4. | defcnt.exe | 2735a9e7bdd45c3818dbad953d96a941 | 73 |
| 5. | defcnt.exe | bc4995c1afc9fa0c70b1c91c73de66d3 | 32 |
| 6. | defcnt.exe | 221fdf14fd5bad8d2240c2095fdadedd | 20 |
| 7. | defcnt.exe | 82e1fab67f596ef433e692f95835abd5 | 20 |
| 8. | defcnt.exe | 8b353f4f257ff79532f9d71dcfa46fcd | 16 |
| 9. | defcnt.exe | d4c39e90c195c2352e101fcf0bc1d27b | 11 |
| 10. | sshnas21.dll | 70bd4a85f5a25e0f46900e213884e565 | 1 |
| 11. | Bf3.exe | d1a06ac9249d9c2554358d0fb5b4d965 | 1 |
| 12. | wscsvc32.exe | 657bd95834e67585b275cd8be7af0e99 | 0 |
| 13. | esentutl64.exe | e16da8bb88cae88fe72f8969a43e745b | 0 |
| 14. | mschrt20ex.dll | 57b453403e62b43ae880b9e280825923 | 0 |
Registry Details
Directories
Virus.DOS.RogueAntiSpyware may create the following directory or directories:
| %APPDATA%\Defense Center |
| %ProgramFiles%\Defense Center |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.