Virus.DOS.RogueAntiSpyware Description

Virus.DOS.RogueAntiSpyware is a versatile Trojan that has been around for a long time. Actually, this name for the Trojan is just what PCTools calls it – other software companies have their own names for it. For example, Kaspersky Labs calls it Trojan.Win32.Tdss.beea, and Microsoft calls it Trojan:Win32/Alureon.gen!J.

The virus sometimes referred to as Virus.DOS.RogueAntiSpyware is capable of a variety of different things, and over time, it has been used for widely varying purposes. Its most recent variant is being used to add infected computers to a botnet, and to steal information about the users of the infected PC's. In the past, Virus.DOS.RogueAntiSpyware has been used to download rogue anti-virus applications to affected computers, and to change DNS settings on networks. The Trojan has basic functionality that allows it to be modified to do a lot of different things.

In general, Virus.DOS.RogueAntiSpyware is a Trojan that opens a backdoor. This backdoor can then be used to contact a remote controller, to send information from the host computer to the crook behind the malware, to make the computer part of a botnet and use it to send spam or be included in denial of service attacks, and to download other malware, among other things.

This wide range of potential variations in Virus.DOS.RogueAntiSpyware means that there will be a range of different symptoms when a computer is infected. Sometimes, depending on what the Trojan has been modified in order to do, there may be no symptoms at all. Other times, the computer may be slower than normal, or files may mysteriously disappear and reappear, or the system may become unstable.

Virus.DOS.RogueAntiSpyware is extremely dangerous, and should be removed immediately in order to avoid any further information theft or botnet involvement. This Trojan has been around and going through changes for several years, and possibly goes back all the way to 2005, which is eons in virus terms. Therefore, Virus.DOS.RogueAntiSpyware is a threat that isn't going away, and in order to secure your PC, it is far better prevent this Trojan from infecting in the first place than by trying to deal with it later.

Aliases: TROJ_FAKELRT.SMC, Trojan.FakeAV!gen39 [Symantec], W32/FakeAlert.HX.gen!Eldorado [F-Prot], FakeAlert-SecurityTool.i [McAfee], Trojan-Downloader.Win32.Mufanom [Ikarus], Trojan.Win32.Hiloti.gen.f (v) [Sunbelt], suspected of Trojan.Win32.Waledac, Mal/Hiloti-D [Sophos], Trojan-Downloader.Win32.Mufanom!IK, Trojan-Downloader.Win32.Mufanom.aafz [Kaspersky], Win32:Hilot [Avast], W32/Hiloti.I.gen!Eldorado [F-Prot], a variant of Win32/Cimag.DC [NOD32], Trojan.Hiloti.Gen!Pac and Hiloti.gen.e [McAfee].

Technical Information

File System Details

Virus.DOS.RogueAntiSpyware creates the following file(s):
# File Name Size MD5 Detection Count
1 %PROGRAMFILES%\Defense Center\defcnt.exe 1,661,952 221fdf14fd5bad8d2240c2095fdadedd 20
2 %WINDIR%\system32\sshnas21.dll 216,064 70bd4a85f5a25e0f46900e213884e565 1
3 %TEMP%Bf3.exe 169,472 d1a06ac9249d9c2554358d0fb5b4d965 1
4 %TEMP%wscsvc32.exe 220,160 657bd95834e67585b275cd8be7af0e99 0
5 %TEMP%esentutl64.exe 418,304 e16da8bb88cae88fe72f8969a43e745b 0
6 %TEMP%mschrt20ex.dll 301,568 57b453403e62b43ae880b9e280825923 0
More files

Registry Details

Virus.DOS.RogueAntiSpyware creates the following registry entry or registry entries:
File name without path
Defense Center.lnk
%APPDATA%\Defense Center
%ProgramFiles%\Defense Center

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

HTML is not allowed.