FakeScanti

Posted: November 30, 2010
Threat Metric
Threat Level: 10/10
Infected PCs 6,635

FakeScanti Description

FakeScanti is a label that's used for a subgroup of rogue anti-virus programs that include variants such as AV Security 2012, AV Protection Online and Security Guard 2012. Like other types of rogue AV programs, FakeScanti products will create fake infection warnings as an excuse to request money in exchange for getting rid of these fictitious infections. Advanced versions of FakeScanti can rewrite their own files to avoid deletion, can change your desktop image, will block a variety of programs from the Windows Registry and can even create pop-ups. Since FakeScanti scamware will create a convincing illusion of being a security program, you should use real security programs that you trust, to find and remove FakeScanti infections from your PC. Above all else, SpywareRemove.com malware experts advise against spending money on any FakeScanti product.

The Carefully-Crafted Illusion of FakeScanti's Antivirus Features

FakeScanti isn't the name that's used by any one of FakeScanti's products, but rather, a label that real security programs use to identify rogue security programs from the FakeScanti family. This family of rogue anti-virus programs typically is installed by a Trojan:Win32/FakeScanti, a Trojan that specializes in installing rogue anti-virus applications from the FakeScanti gang. Although the installation process may not show any major symptoms, the presence of a FakeScanti rogue anti-virus application on your PC will exhibit many types highly-visible signs, such as:

  • Locking your desktop to an error message that resembles the following example. (This behavior is exclusive to younger versions of FakeScanti.)

    DANGER!!!

    Your computer is INFECTED!

    Attention!!!

    Such infection will cause permanent loss of all information stored on your computer: documents, files, etc.

    All your secret data like logins, passwords, credit card information can be accessed by third-parties for malicious purposes.

    All your online activities like sending e-mails, visiting web-sites are logged and stored on your hard disk.
    Spyware blocks the deletion of such information from your computer and makes your online actions traceable.

    PROTECT YOURSELF!
    DELETE SPYWARE FROM YOUR COMPUTER RIGHT NOW!

  • Creating error messages that alert you about infections and other hard drive problems that don't really exist. Samples include:

    Security Warning
    Your computer continues to be infected with harmful viruses. In order to prevent permanent loss of your information and credit card data theft please activate your antivirus software. Click here to enable protection.

    Warning: Infection is Detected
    Windows has found spyware infection on your computer!
    Click here to update your Windows antivirus software...

    svchost.exe has encountered a problem and needs to close. We are sorry for the inconvenience.

  • Blocked access to .exe files, with the exception of files that have been explicitly-allowed by FakeScanti, such as basic Windows processes and malicious software processes. This often creates the fake error message noted below:

    This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem.

  • Random system restarts.
  • Blocked websites. When you attempt to visit a blocked site, FakeScanti will create an error pop-up that tries to convince you that the website is harmful and then ask you to activate FakeScant's rogue AV product:

    [Rogue anti-virus program name] has denied Internet access of the program.
    Internet Explorer is possibly injected with [Random infection name]. This worm attempts to send your personal information to remote host through Internet Explorer.

FakeScanti products, which can include (but aren't limited to) AKM Antivirus 2010 Pro, BlueFlare Antivirus, Milestone Antivirus, OpenCloud Antivirus, Sysinternals Antivirus, Windows Antivirus Pro, Windows Police PRO, XJR Antivirus and Your PC Protector, are incapable of detecting or curing infections or other forms of system problems. In fact, SpywareRemove.com malware researchers have found that all variants of FakeScanti are only interested in creating fake warning messages as part of a cry wolf scam to steal your money.

Teaching FakeScanti a Lesson in Real PC Security

Although FakeScanti uses many names to conceal FakeScanti's actual nature as a rogue anti-virus program, all FakeScanti infections are roughly identical and can be removed by similar methods. SpywareRemove.com malware research team suggests Safe Mode for disabling FakeScanti to begin with; this lets you access any websites or programs that FakeScanti may have blocked.

Once FakeScanti is no longer active, system scans with suitable anti-malware programs can remove all FakeScanti components, including FakeScanti's dropper Trojan and Registry entries. Trying to remove these components by yourself isn't recommended unless no other options are open, since FakeScanti, as previously noted, can adjust FakeScanti's files to evade removal attempts.

Automatic Malware Detection Tool (Recommended)

Is your PC infected with a Rogue Anti-Spyware Program? To safely & quickly detect rogue anti-spyware programs part of the FakeScanti family, we highly recommend you download the following malware detection tool.

Aliases


TR/Fake.Scanti.626 [AntiVir]Backdoor.Win32.Gbot.qmq [Kaspersky]Backdoor.Gbot.qmq [CAT-QuickHeal]Gen:Heur.Conjar.9 [BitDefender]Trojan-PSW.Win32.Fareit.lc [Kaspersky]Backdoor/Gbot.pzhGeneric26.GYK [AVG]Trojan-FakeAV.Win32.OpenCloud.ca [Kaspersky]Trojan.Kryptik!jYjtsm27XsATrojanFakeAV.OpenCloud.ca [CAT-QuickHeal]Generic26.DBG [AVG]W32/Sirefef.11L711!tr [Fortinet]Generic25.BVGI [AVG]Artemis!04E7ECC7F7AC [McAfee-GW-Edition]TR/PSW.Fareit.40 [AntiVir]
More aliases (1585)

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to FakeScanti may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%WINDIR%\SysWOW64\w666dWWK7fR9gXq.exe File name: w666dWWK7fR9gXq.exe
Size: 1.78 MB (1783296 bytes)
MD5: 50378c840a7009237a0c6f37b9bcce1c
Detection count: 92
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\SysWOW64\
Group: Malware file
Last Updated: November 10, 2011
%APPDATA%\rc1v2npH5Q7EXjV\rtPNycc1uD2b.exe File name: rtPNycc1uD2b.exe
Size: 1.77 MB (1775616 bytes)
MD5: 49bd1616bd849becef61feeda6b76c5b
Detection count: 75
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\rc1v2npH5Q7EXjV\
Group: Malware file
Last Updated: November 10, 2011
%APPDATA%\byycFsJEK8gZ9Y\System Security 2012v121.exe File name: System Security 2012v121.exe
Size: 1.67 MB (1671168 bytes)
MD5: e401ecb9eed8fdfc66331c7359abcdd7
Detection count: 73
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\byycFsJEK8gZ9Y\
Group: Malware file
Last Updated: November 11, 2011
%APPDATA%\KkVrrcv4JZOiH8Z\ChhYXjUelBm5Q6E.exe File name: ChhYXjUelBm5Q6E.exe
Size: 1.78 MB (1781248 bytes)
MD5: 7b954ddfb6ba079a187548c94e5875de
Detection count: 56
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\KkVrrcv4JZOiH8Z\
Group: Malware file
Last Updated: December 1, 2011
%WINDIR%\SysWOW64\GIIBBrzPNyxA1.exe File name: GIIBBrzPNyxA1.exe
Size: 1.77 MB (1771008 bytes)
MD5: 7f503c78051f544da53d7f2622ec356c
Detection count: 42
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\SysWOW64\
Group: Malware file
Last Updated: January 10, 2012
%WINDIR%\system32\Cloud AV 2012v121.exe File name: Cloud AV 2012v121.exe
Size: 2.8 MB (2800640 bytes)
MD5: 0f6955539a00b06b299394764fba7b11
Detection count: 30
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32\
Group: Malware file
Last Updated: November 28, 2011
%APPDATA%\CPPNNyxAA1v\AV Security 2012v121.exe File name: AV Security 2012v121.exe
Size: 2.45 MB (2457088 bytes)
MD5: 56bced94ec82b0f5745af39c4c1ec7a8
Detection count: 26
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\CPPNNyxAA1v\
Group: Malware file
Last Updated: November 15, 2011
%APPDATA%\bZ99hhTXwjU\ZCCeelIIBrPNyA1.exe File name: ZCCeelIIBrPNyA1.exe
Size: 1.77 MB (1777664 bytes)
MD5: fe8c7ca516a0f4b514e9af50e5236186
Detection count: 21
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\bZ99hhTXwjU\
Group: Malware file
Last Updated: January 30, 2012
%USERPROFILE%\Local Settings\Application Data\atm.exe File name: atm.exe
Size: 328.7 KB (328704 bytes)
MD5: f126ed56bc868c1a941e9e016bc731ab
Detection count: 20
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Local Settings\Application Data\
Group: Malware file
Last Updated: December 12, 2011
%APPDATA%\damHW7dd8gRZqYw\OkUUVVelOBtz0.exe File name: OkUUVVelOBtz0.exe
Size: 1.76 MB (1766912 bytes)
MD5: 7e6f13016f72c8d1a153aeff2397d95c
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\damHW7dd8gRZqYw\
Group: Malware file
Last Updated: November 28, 2011
%USERPROFILE%\Application Data\iexplore.exe File name: iexplore.exe
Size: 2 MB (2002432 bytes)
MD5: 9cd838d207e1c2ec709be4c77324c2e2
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Application Data\
Group: Malware file
Last Updated: November 21, 2011
%USERPROFILE%\Application Data\chrome.exe File name: chrome.exe
Size: 1.9 MB (1904128 bytes)
MD5: c07e02b5ede8f54010112d8cc5640e57
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Application Data\
Group: Malware file
Last Updated: November 18, 2011
%APPDATA%\Microsoft\A2B5\5DEB.exe File name: 5DEB.exe
Size: 1.91 MB (1915904 bytes)
MD5: 9d39d69135b8331f7c26a0e915bbd560
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Microsoft\A2B5\
Group: Malware file
Last Updated: November 23, 2011
%ALLUSERSPROFILE%\Application Data\MgKPyEORiQUvGj.exe File name: MgKPyEORiQUvGj.exe
Size: 400.88 KB (400880 bytes)
MD5: 75569ee34b3f47d54ad394adee6bf49d
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data\
Group: Malware file
Last Updated: November 8, 2011
%WINDIR%\system32\oYCekIBrzNx1v2b.exe File name: oYCekIBrzNx1v2b.exe
Size: 1.78 MB (1788416 bytes)
MD5: 7934e9f3aab3afec9f8cb62fb8fb65cd
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32\
Group: Malware file
Last Updated: November 11, 2011
%USERPROFILE%\Application Data\firefox.exe File name: firefox.exe
Size: 2.88 MB (2883584 bytes)
MD5: 98629be3662310013b2bda0e484688da
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Application Data\
Group: Malware file
Last Updated: November 18, 2011
%APPDATA%\RHH66sWK7fE\VLTqjCkrtxP0cSi.exe File name: VLTqjCkrtxP0cSi.exe
Size: 1.77 MB (1777664 bytes)
MD5: c9b6ceb5cb37c9e50f96bb874ab9da35
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\RHH66sWK7fE\
Group: Malware file
Last Updated: November 8, 2011
%APPDATA%\PTypTOiKk0D7U1d\QvKV26hz3LzSG7.exe File name: QvKV26hz3LzSG7.exe
Size: 1.78 MB (1783296 bytes)
MD5: e33568879f72b497307ef82c93647b24
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\PTypTOiKk0D7U1d\
Group: Malware file
Last Updated: November 8, 2011
%WINDIR%\system32\CcccS2ibbDpnGa.exe File name: CcccS2ibbDpnGa.exe
Size: 1.78 MB (1788416 bytes)
MD5: bdb279078dae6d0661b2745c88988f85
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32\
Group: Malware file
Last Updated: November 10, 2011
%WINDIR%\system32\LNNNtxxA0uc2iF3.exe File name: LNNNtxxA0uc2iF3.exe
Size: 2.62 MB (2620928 bytes)
MD5: bf424f39001aa8b862548c275bed661b
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32\
Group: Malware file
Last Updated: November 10, 2011
%USERPROFILE%\Local Settings\Application Data\tvq.exe File name: tvq.exe
Size: 324.09 KB (324096 bytes)
MD5: e5b10e4f60bc6005191d0ea509daaa2a
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Local Settings\Application Data\
Group: Malware file
Last Updated: December 12, 2011

More files

Related Posts

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.