FakeScanti Description

FakeScanti is a label that’s used for a subgroup of rogue anti-virus programs that include variants such as AV Security 2012, AV Protection Online and Security Guard 2012. Like other types of rogue AV programs, FakeScanti products will create fake infection warnings as an excuse to request money in exchange for getting rid of these fictitious infections. Advanced versions of FakeScanti can rewrite their own files to avoid deletion, can change your desktop image, will block a variety of programs from the Windows Registry and can even create pop-ups. Since FakeScanti scamware will create a convincing illusion of being a security program, you should use real security programs that you trust, to find and remove FakeScanti infections from your PC. Above all else, SpywareRemove.com malware experts advise against spending money on any FakeScanti product.

The Carefully-Crafted Illusion of FakeScanti’s Antivirus Features

FakeScanti isn’t the name that’s used by any one of FakeScanti’s products, but rather, a label that real security programs use to identify rogue security programs from the FakeScanti family. This family of rogue anti-virus programs typically is installed by a Trojan:Win32/FakeScanti, a Trojan that specializes in installing rogue anti-virus applications from the FakeScanti gang. Although the installation process may not show any major symptoms, the presence of a FakeScanti rogue anti-virus application on your PC will exhibit many types highly-visible signs, such as:
  • Locking your desktop to an error message that resembles the following example. (This behavior is exclusive to younger versions of FakeScanti.)

    Your computer is INFECTED!


    Such infection will cause permanent loss of all information stored on your computer: documents, files, etc.

    All your secret data like logins, passwords, credit card information can be accessed by third-parties for malicious purposes.

    All your online activities like sending e-mails, visiting web-sites are logged and stored on your hard disk.
    Spyware blocks the deletion of such information from your computer and makes your online actions traceable.

  • Creating error messages that alert you about infections and other hard drive problems that don’t really exist.

    » Learn more about SpyHunter's Spyware Detection Tool
    and steps to uninstall SpyHunter.

    Samples include:
    Security Warning
    Your computer continues to be infected with harmful viruses. In order to prevent permanent loss of your information and credit card data theft please activate your antivirus software. Click here to enable protection.

    Warning: Infection is Detected
    Windows has found spyware infection on your computer!
    Click here to update your Windows antivirus software…

    svchost.exe has encountered a problem and needs to close. We are sorry for the inconvenience.
  • Blocked access to .exe files, with the exception of files that have been explicitly-allowed by FakeScanti, such as basic Windows processes and malicious software processes. This often creates the fake error message noted below:
    This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem.
  • Random system restarts.
  • Blocked websites. When you attempt to visit a blocked site, FakeScanti will create an error pop-up that tries to convince you that the website is harmful and then ask you to activate FakeScant’s rogue AV product:
    [Rogue anti-virus program name] has denied Internet access of the program.
    Internet Explorer is possibly injected with [Random infection name]. This worm attempts to send your personal information to remote host through Internet Explorer.

FakeScanti products, which can include (but aren’t limited to) AKM Antivirus 2010 Pro, BlueFlare Antivirus, Milestone Antivirus, OpenCloud Antivirus, Sysinternals Antivirus, Windows Antivirus Pro, Windows Police PRO, XJR Antivirus and Your PC Protector, are incapable of detecting or curing infections or other forms of system problems. In fact, SpywareRemove.com malware researchers have found that all variants of FakeScanti are only interested in creating fake warning messages as part of a cry wolf scam to steal your money.

Teaching FakeScanti a Lesson in Real PC Security

Although FakeScanti uses many names to conceal FakeScanti’s actual nature as a rogue anti-virus program, all FakeScanti infections are roughly identical and can be removed by similar methods. SpywareRemove.com malware research team suggests Safe Mode for disabling FakeScanti to begin with; this lets you access any websites or programs that FakeScanti may have blocked.

Once FakeScanti is no longer active, system scans with suitable anti-malware programs can remove all FakeScanti components, including FakeScanti’s dropper Trojan and Registry entries. Trying to remove these components by yourself isn’t recommended unless no other options are open, since FakeScanti, as previously noted, can adjust FakeScanti’s files to evade removal attempts.


TR/Fake.Scanti.626 [AntiVir]Backdoor.Win32.Gbot.qmq [Kaspersky]Backdoor.Gbot.qmq [CAT-QuickHeal]Gen:Heur.Conjar.9 [BitDefender]Trojan-PSW.Win32.Fareit.lc [Kaspersky]Backdoor/Gbot.pzh [TheHacker]Generic26.GYK [AVG]Trojan-FakeAV.Win32.OpenCloud.ca [Kaspersky]Trojan.Kryptik!jYjtsm27XsA [VirusBuster]TrojanFakeAV.OpenCloud.ca [CAT-QuickHeal]

More aliases (1585)

Automatic Malware Detection Tool (Recommended)

Is your PC infected with a Rogue Anti-Spyware Program? To safely & quickly detect rogue anti-spyware programs part of the FakeScanti family, we highly recommend you download the following malware detection tool.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
Posted: November 30, 2010 | By
Rate this article:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...
Threat Metric
Threat Level: 10/10
Detection Count: 4,841

Leave a Reply

What is 8 + 4 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)