Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 17
First Seen: February 28, 2011
Last Seen: January 8, 2020
OS(es) Affected: Windows

ScreenshotIs WinScan telling you that your computer has no hard drive or is about to spontaneously combust? If so, don't believe it. WinScan is not actually a system optimization tool.

What WinScan is, and What it Does

WinScan is what is known as a rogue disk defragmenter. WinScan is part of a scam, intended to scare you into thinking that there are so many horrible things wrong with your computer that your only option is to pay for WinScan and hope that it can save your PC. The problem is, WinScan is an infection, and anything WinScan tells you about the state of your computer is unreliable. Furthermore, paying for WinScan doesn't do any good, because WinScan can't gain any functionality. The reason that WinScan wants you to notice it is to scare you into handing your money over to the con-artists who created this malware.

WinScan will set itself up to run when Windows starts, so right at startup is likely to be the first time you see WinScan. WinScan will display its fake user interface, which has different icons to represent different aspects of your PC's performance. Regardless of the actual state of your computer's health, this interface will show that something is wrong with some aspect of your computer's functioning. WinScan may run fake scans of the system from its phony interface, or even fake defragmenting processes. The interface is made with styling and fonts that are intended to make WinScan look like a legitimate Windows component. It is possible that the appearance of this fake interface has been updated and changed since WinScan first started causing infections, in order to keep WinScan looking realistic and fresh and avoid suspicion, but any differences are minor and cosmetic.

When you try to use your computer after bypassing the bogus WinScan home screen, WinScan will interfere with several things in order to convince you that there is some problem with the computer that only WinScan can solve. WinScan will generate frequent warning messages, almost all of which begin with the header "Critical Error!" The warning messages are meant to scare you, so they are very meticulous, and will say things about your RAM temperature being dangerously high or your hard drive being full of damaged clusters. These alerts generally indicate that really bad things will happen if you don't take action immediately, either by paying for WinScan in order to "activate" it, or by defragmenting the hard drive – but even this recommendation to defragment is malicious. If you click the right button and agree to have WinScan "defragment" the drive, WinScan fakes going into Safe Mode, and WinScan runs a fake defragmenting process with a fake animation. Then, WinScan will tell you that it found some really horrible errors, which WinScan can only fix if you pay for the full, activated version of WinScan software.

WinScan makes an attempt at manipulating some other things on your PC, as well, including changing some settings so that some key system folders, like System32, look like they're empty if you look in them. WinScan will also prevent you from starting any other program, and WinScan will show an error message if you try, but if you try to start the same program enough times in a row, you will eventually be able to get it to run.

How the WinScan Infection Begins

Although it is possible to download WinScan directly, it is much more common for this fake defragmenter to infect a system with the help of a Trojan. What happens is that you download the Trojan without knowing, from a fake "free scan" site that may claim to scan for either viruses or hard drive errors, or with a fake video codec or software update from a third-party site that has bundled the Trojan along with something else. Once the Trojan is on your computer, it will cause alerts to appear, which will say that Windows has detected a problem with your hard drive. So at this point, there is no mention of WinScan, because you are meant to think that the error messages come from Windows itself. Eventually, you will get an alert from the Trojan that says that Windows has found a program that you can download in order to correct the hard drive issue. If you agree to download the program, you download WinScan.

Additional Information on WinScan

WinScan is a member of a family of fake system utilities, which also includes WinDisk and Smart Scan This family of fake system tools is part of a scam that originated in Russia, and in general, all of the malware associated with this scam is very similar. The WinScan fake defragmenter appeared around the end of January 2011. However, it is important to note that not everything called WinScan is malicious, because it is such a generic name that there are several legitimate programs out there that use the name. It is not enough for a piece of software to be malware just because it is called WinScan. The WinScan that takes your system hostage and demands money is the one to watch out for.ScreenshotScreenshotScreenshot

SpyHunter Detects & Remove WinScan

File System Details

WinScan may create the following file(s):
# File Name MD5 Detections
1. VcGKZzKOUBEBN2j0.exe fc7499bc1417b380871b2d1b4614e6b2 1


Most Viewed