Scanner

Posted: December 24, 2010

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Ranking:	4,738
Threat Level:	10/10
Infected PCs:	27,107

First Seen:	December 28, 2010
Last Seen:	October 17, 2023
OS(es) Affected:	Windows

Scanner is a bogus defragmentation program which pretends to scan a system and check for system errors. Scanner comes from a long line of fake defragmenter tools such as HDD Defragmenter, Win HDD, HDD Plus, HDD Rescue, HDD Diagnostic, and HDD Doctor, just to name a few. Scanner may appear to look like a real program at first sight but, in reality, it is a scam and does not have any optimization or defragmentation capabilities. With the help of stealthy Trojans, Scanner installs itself automatically without the user's permission.

Once installed, Scanner displays several bogus warning messages stating that the computer contains many errors, and it can only be fixed with the purchase of the program. Some of the bogus results Scanner lists are:

32% of HDD space is unreadable
Read time of hard drive clusters less than 500 ms
Bad sectors on hard drive or damaged file allocation table
Requested registry access is not allowed. Registry defragmentation required
Drive C initializing error
Ram Temperature is 83 C. Optimization is required for normal operation.
Hard drive doesn't respond to system commands
Registry Error - Critical Error
Data Safety Problem. System integrity is at risk.
GPU RAM temperature is critically high. Urgent RAM memory optimization is required to prevent system crash

If you decide to use the defragmenter, it will inform you that it has to run in Safe Mode. The Safe Mode interface is actually fake. Whenever you attempt to open a program, it states that the hardware is corrupted. To create even further havoc and survive in the system, Scanner may prevent some anti-virus programs from executing. Scanner will also make sure to prevent certain folders from displaying any data. Instead of seeing a list of files on C:\Windows\System32\, for example, Scanner will make it appear empty or display another folder's data.

Do not trust Scanner or any website associated with it. If you want to prevent your system from being in the hands of a hazardous program, then instantly remove Scanner with a genuine anti-spyware program that is capable of detecting Scanner from every location on your computer.

Aliases

Generic4.AOUF [AVG]eZula.CommonElements [Sunbelt]TR/BHO.iuj.15175 [AntiVir]not-a-virus:AdWare.Win32.EZula.hkp [Kaspersky]Artemis!0A8E0D337A0C [McAfee]Packed/Win32.Krap [AhnLab-V3]Packed/Win32.Krap.gen [Antiy-AVL]TR/Agent.ar.15 [AntiVir]Trojan.DownLoader1.51475 [DrWeb]Packed.Win32.Krap.ar [Kaspersky]W32.Koobface [Symantec]Win32/Koobface.NDI [NOD32]Cryptic.BTR [AVG]Gen:Variant.Kazy.7102 [BitDefender]Win32:FakeSysdef-K [Avast]
More aliases (284)

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%TEMP%\ElkTBhTOiqUEWYN.exe

File name: ElkTBhTOiqUEWYN.exe
Size: 468.99 KB (468992 bytes)
MD5: 92e8a9f7fead7937380b9fb4ee3f4ab9
Detection count: 108
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: December 28, 2010

%ALLUSERSPROFILE%\Application Data\9f3d96\PI9f3_231.exe

File name: PI9f3_231.exe
Size: 3.87 MB (3874816 bytes)
MD5: a965b83a1b2c1eca6a11ac36d14eaa3c
Detection count: 92
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data\9f3d96
Group: Malware file
Last Updated: January 2, 2011

%WINDIR%\system32\cdosys3232.dll

File name: cdosys3232.dll
Size: 363.52 KB (363520 bytes)
MD5: 6118baeb1ef1165b4d272d7d54a06a4f
Detection count: 85
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%\system32
Group: Malware file
Last Updated: January 2, 2011

%APPDATA%\dwm.exe

File name: dwm.exe
Size: 137.21 KB (137216 bytes)
MD5: e303f81216f6544ae7ae093799de4aff
Detection count: 76
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: January 2, 2011

%TEMP%\nbtkfQpFdxB.exe

File name: nbtkfQpFdxB.exe
Size: 468.99 KB (468992 bytes)
MD5: adf38c340367f9772fa352414984a944
Detection count: 73
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: December 28, 2010

%APPDATA%\dwm.exe

File name: dwm.exe
Size: 140.8 KB (140800 bytes)
MD5: 8f79cca56199cd842146c4b2e1a89321
Detection count: 65
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: January 2, 2011

%Temp%\qYfoKD6PzadEEhF.exe

File name: qYfoKD6PzadEEhF.exe
Size: 380.92 KB (380928 bytes)
MD5: 969A26E89B4F13ADF66226B82FADB6C9
Detection count: 56
File type: Executable File
Mime Type: unknown/exe
Path: %Temp%
Group: Malware file
Last Updated: December 28, 2010

%ALLUSERSPROFILE%\LBSYdYrDlalNvk.exe

File name: LBSYdYrDlalNvk.exe
Size: 467.45 KB (467456 bytes)
MD5: 9811765f5136490618dfd95f6beae0d1
Detection count: 54
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: January 5, 2011

%Temp%\qp4iReRF.exe

File name: qp4iReRF.exe
Size: 383.48 KB (383488 bytes)
MD5: 58ad6a013e1747137018ca3b66c1571e
Detection count: 45
File type: Executable File
Mime Type: unknown/exe
Path: %Temp%
Group: Malware file
Last Updated: December 28, 2010

%TEMP%\tSfkTNduxrPpGPr.exe

File name: tSfkTNduxrPpGPr.exe
Size: 465.4 KB (465408 bytes)
MD5: edb7343f73ed951ee0c0fe5a16ed1c4a
Detection count: 37
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: January 3, 2011

%WINDIR%\mike149.exe

File name: mike149.exe
Size: 164.35 KB (164352 bytes)
MD5: 7f4db3946a4e554f6ed093b7d678afdf
Detection count: 33
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%
Group: Malware file
Last Updated: January 12, 2011

%WINDIR%\system32\Apphlpdm32.dll

File name: Apphlpdm32.dll
Size: 417.79 KB (417792 bytes)
MD5: c59fd7d299581486ecb47af70d76123c
Detection count: 31
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%\system32
Group: Malware file
Last Updated: January 2, 2011

%APPDATA%\MSA\bbaka14.exe

File name: bbaka14.exe
Size: 165.88 KB (165888 bytes)
MD5: 657e6c7efd339a2efa60c5338ce1ba5b
Detection count: 26
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\MSA
Group: Malware file
Last Updated: January 2, 2011

%TEMP%\4886746.exe

File name: 4886746.exe
Size: 382.46 KB (382464 bytes)
MD5: 2073e7be4ece0e69d59a1ebb492677ac
Detection count: 21
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: December 28, 2010

%APPDATA%\defender.exe

File name: defender.exe
Size: 1.77 MB (1776128 bytes)
MD5: a89a714b389f182973f6ebcf2f02c20b
Detection count: 21
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: January 2, 2011

%USERPROFILE%\Start Menu\Programs\Startup\syscron.exe

File name: syscron.exe
Size: 82.94 KB (82944 bytes)
MD5: 37bf2db6d12d6b53addaf3753e87cb52
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Start Menu\Programs\Startup
Group: Malware file
Last Updated: January 5, 2011

%APPDATA%\hmm.exe

File name: hmm.exe
Size: 237.56 KB (237568 bytes)
MD5: e7a659d0edf6c6f157fe98efcac37e2c
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: January 2, 2011

%APPDATA%\defender.exe

File name: defender.exe
Size: 1.77 MB (1775104 bytes)
MD5: bc5a96fd997763db076a4724a404ccae
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: January 2, 2011

%APPDATA%\75961\bbzzkzz17.exe

File name: bbzzkzz17.exe
Size: 3.84 MB (3845632 bytes)
MD5: a60c0eb12877e2bd55d5d8696cdf71e6
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\75961
Group: Malware file
Last Updated: January 2, 2011

%APPDATA%\Microsoft\conhost.exe

File name: conhost.exe
Size: 122.88 KB (122880 bytes)
MD5: 34b5af6dd06b27ca15c938318990aa5a
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Microsoft
Group: Malware file
Last Updated: December 28, 2010

%TEMP%\{6FC2601D-C798-4220-AE11-63D6D0317522}\13b9.dll

File name: 13b9.dll
Size: 131.58 KB (131584 bytes)
MD5: 330b8b95adb8fd70022827a52d4059a1
Detection count: 5
File type: Dynamic link library
Mime Type: unknown/dll
Path: %TEMP%\{6FC2601D-C798-4220-AE11-63D6D0317522}
Group: Malware file
Last Updated: January 2, 2011

%APPDATA%\SystemProc\lsass.exe

File name: lsass.exe
Size: 100.86 KB (100864 bytes)
MD5: 3a2179180d149df7b3d04110927b4c26
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\SystemProc
Group: Malware file
Last Updated: January 2, 2011

More files

Additional Information

The following messages's were detected:

#	Message
1	Windows Disk Diagnostics Windows detected a hard disk error. A problem with the hard drive sectors has been detected. It is recommended to download the following sertified software to fix the detected hard drive problems. Do you want to download recommended software?