Threat Database Trojans Virus.DOS.RogueAntiSpyware


By ESGI Advisor in Trojans

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 484
First Seen: June 17, 2010
Last Seen: February 18, 2023
OS(es) Affected: Windows

Virus.DOS.RogueAntiSpyware is a versatile Trojan that has been around for a long time. Actually, this name for the Trojan is just what PCTools calls it – other software companies have their own names for it. For example, Kaspersky Labs calls it Trojan.Win32.Tdss.beea, and Microsoft calls it Trojan:Win32/Alureon.gen!J.

The virus sometimes referred to as Virus.DOS.RogueAntiSpyware is capable of a variety of different things, and over time, it has been used for widely varying purposes. Its most recent variant is being used to add infected computers to a botnet, and to steal information about the users of the infected PC's. In the past, Virus.DOS.RogueAntiSpyware has been used to download rogue anti-virus applications to affected computers, and to change DNS settings on networks. The Trojan has basic functionality that allows it to be modified to do a lot of different things.

In general, Virus.DOS.RogueAntiSpyware is a Trojan that opens a backdoor. This backdoor can then be used to contact a remote controller, to send information from the host computer to the crook behind the malware, to make the computer part of a botnet and use it to send spam or be included in denial of service attacks, and to download other malware, among other things.

This wide range of potential variations in Virus.DOS.RogueAntiSpyware means that there will be a range of different symptoms when a computer is infected. Sometimes, depending on what the Trojan has been modified in order to do, there may be no symptoms at all. Other times, the computer may be slower than normal, or files may mysteriously disappear and reappear, or the system may become unstable.

Virus.DOS.RogueAntiSpyware is extremely dangerous, and should be removed immediately in order to avoid any further information theft or botnet involvement. This Trojan has been around and going through changes for several years, and possibly goes back all the way to 2005, which is eons in virus terms. Therefore, Virus.DOS.RogueAntiSpyware is a threat that isn't going away, and in order to secure your PC, it is far better prevent this Trojan from infecting in the first place than by trying to deal with it later.


15 security vendors flagged this file as malicious.

Anti-Virus Software Detection
Symantec Trojan.FakeAV!gen39
F-Prot W32/FakeAlert.HX.gen!Eldorado
McAfee FakeAlert-SecurityTool.i
Ikarus Trojan-Downloader.Win32.Mufanom
Sunbelt Trojan.Win32.Hiloti.gen.f (v)
Sophos Mal/Hiloti-D
Kaspersky Trojan-Downloader.Win32.Mufanom.aafz
Avast Win32:Hilot
F-Prot W32/Hiloti.I.gen!Eldorado
NOD32 a variant of Win32/Cimag.DC
McAfee Hiloti.gen.e
DrWeb Trojan.Packed.21137
NOD32 a variant of Win32/Kryptik.HQD
Sunbelt VirTool.Win32.Obfuscator.ah!e (v)
Symantec SecurityToolFraud!Gen4

SpyHunter Detects & Remove Virus.DOS.RogueAntiSpyware

File System Details

Virus.DOS.RogueAntiSpyware may create the following file(s):
# File Name MD5 Detections
1. defcnt.exe 11ea668acbcde94ce69dbd3b9ee578ca 107
2. defcnt.exe a95737643a2fe963f07d942e36fc341a 86
3. defcnt.exe 79b1ca70222b2d439fed875b5754dd8a 74
4. defcnt.exe 2735a9e7bdd45c3818dbad953d96a941 73
5. defcnt.exe bc4995c1afc9fa0c70b1c91c73de66d3 32
6. defcnt.exe 221fdf14fd5bad8d2240c2095fdadedd 20
7. defcnt.exe 82e1fab67f596ef433e692f95835abd5 20
8. defcnt.exe 8b353f4f257ff79532f9d71dcfa46fcd 16
9. defcnt.exe d4c39e90c195c2352e101fcf0bc1d27b 11
10. sshnas21.dll 70bd4a85f5a25e0f46900e213884e565 1
11. Bf3.exe d1a06ac9249d9c2554358d0fb5b4d965 1
12. wscsvc32.exe 657bd95834e67585b275cd8be7af0e99 0
13. esentutl64.exe e16da8bb88cae88fe72f8969a43e745b 0
14. mschrt20ex.dll 57b453403e62b43ae880b9e280825923 0

Registry Details

Virus.DOS.RogueAntiSpyware may create the following registry entry or registry entries:
File name without path
Defense Center.lnk


Virus.DOS.RogueAntiSpyware may create the following directory or directories:

%APPDATA%\Defense Center
%ProgramFiles%\Defense Center


Most Viewed