Home Malware Programs Trojans Trojan:Win32/FakeScanti


Posted: August 4, 2009

Threat Metric

Ranking: 4,714
Threat Level: 1/10
Infected PCs: 3,860
First Seen: December 1, 2009
Last Seen: November 25, 2021
OS(es) Affected: Windows

Trojan:Win32/FakeScanti is a subcategory of rogue anti-virus programs that display similar types of fake warning messages in an attempt to make you spend money on a nonexistent virus-removal feature. Although scamware programs in the Trojan:Win32/FakeScanti group will attempt to appear realistic and believable, Trojan:Win32/FakeScanti applications have no ability to find or delete viruses (or, for that matter, any other type of PC threat). SpywareRemove.com malware researchers recommend that you expel any Trojan:Win32/FakeScanti infection with a real anti-malware application, since Trojan:Win32/FakeScanti infections may also be responsible for severe security issues (such as browser hijacks and blocked security programs), in addition to the many types of fake information that they present.

Trojan:Win32/FakeScanti Scanners: All of the Pizazz and None of the Features

Trojan:Win32/FakeScanti infections look just like normal anti-virus scanners on the outside, but their internal structure is built to create fake alerts and warnings without detecting genuine threats to your PC. The sheer amount of fake warnings, pop-ups and inaccurate messages that Trojan:Win32/FakeScanti can deliver is staggering, and include errors like the ones shown here:

Warning: Spyware Detected
Windows has found spy programs running on your computer!
Click here to update your Windows antivirus software

Security Warning
Your computer continues to be infected with harmful viruses. In order to prevent permanent loss of your information and credit card data theft please activate your antivirus software. Click here to enable protection.

Security Warning
There are critical system files on your computer that were modified by malicious software.
It may cause permanent data loss.
Click here to remove malicious software.

Windows Security Center
Serious security vulnerabilities were detected on this computer. Your privacy and personal data may be unsafe. Do you want to protect your PC?

Warning! Infection found
Unauthorized sending E-MAIL with subject "RE:" to [FAKE EMAIL HERE] was CANCELLED.

Trojan:Win32/FakeScanti may also support its fake warnings by changing your Desktop background or by pretending to scan your PC. The name of the program that Trojan:Win32/FakeScanti displays while Trojan:Win32/FakeScanti provides this fake information can also vary; major branches of Trojan:Win32/FakeScanti scamware programs include names as varied as Your PC Protector, OpenCloud AV, Security Guard 2012, Milestone Antivirus, WireShark Antivirus, Wolfram Antivirus and AV Guard Online. SpywareRemove.com malware experts recommend that you disregard the name that a Trojan:Win32/FakeScanti presents you with, since it, like Trojan:Win32/FakeScanti fake alerts, has no point beyond tricking you into thinking that Trojan:Win32/FakeScanti is a real anti-virus product.

Ousting Trojan:Win32/FakeScanti with Legitimate Anti-Malware Protection for Your PC

Even though Trojan:Win32/FakeScanti's fake alerts are almost without end, you may also be attacked by additional functions of a Trojan:Win32/FakeScanti infection that will continue to try to persuade you to give money up to Trojan:Win32/FakeScanti's criminal masterminds. Other symptoms that may make removing Trojan:Win32/FakeScanti particularly-difficult can include:

  • The automatic startup of a Trojan:Win32/FakeScanti program that starts a fake system scan whenever Windows loads.
  • A fake Windows Security Center pop-up that only serves in the form of a secondary launcher for Trojan:Win32/FakeScanti programs.
  • Disabled programs that refuse to launch with unusual warnings. Trojan:Win32/FakeScanti may attempt to deny you access to anti-malware and system maintenance programs, or to all other programs in general.
  • Random system restarts (AKA reboots).
  • Web browser hijacks that block your ability to visit PC security websites.

Variants of PC threats within the Trojan:Win32/FakeScanti family can display varying characteristics and may include extra functions that aren't present in other Trojan:Win32/FakeScanti programs. However, all Trojan:Win32/FakeScanti variants use advanced methods to infect baseline Windows files; due to this, SpywareRemove.com malware analysts recommend that you delete Trojan:Win32/FakeScanti with the best anti-malware program that's available. If Trojan:Win32/FakeScanti attempts to block your anti-malware application, using Safe Mode or another method to disable Trojan:Win32/FakeScanti from starting in the first place may be mandatory to insure efficient deletion.

The activation code 'DB038748-B4659586-4A1071AF-32E768CD-36005B1B-F4520642-3000BF2A-04FC910B' has also been noted to disable some members of the Trojan:Win32/FakeScanti family.



Generic Malware [Panda]FakeAlert.SF [AVG]W32/FakeAV.AXNT!tr [Fortinet]Trojan.Fakealert [Ikarus]Trojan.Win32.Generic.pak!cobra [Sunbelt]Trojan.Fakealert!IK [a-squared]Trojan/Win32.FraudPack.gen [Antiy-AVL]Win32/SysinternalsAntivirus.D [eTrust-Vet]Artemis!0E6D024A5238 [McAfee-GW-Edition]TR/FakeScanti.A.229 [AntiVir]Heur.Suspicious [Comodo]Gen:Variant.FakeAlert.12 [BitDefender]Trojan.Win32.FraudPack.axnt [Kaspersky]W32/Trojan2.MWJI [F-Prot]Win32/Adware.PCProtector.A [NOD32]
More aliases (91)

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Trojan:Win32/FakeScanti may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%PROGRAMFILES%\shk_v10.dll File name: shk_v10.dll
Size: 371.71 KB (371712 bytes)
MD5: 991802e7fca6cc47e264e06b59d2376c
Detection count: 1,192
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: October 8, 2010
plugie.dll File name: plugie.dll
Size: 656.89 KB (656896 bytes)
MD5: 17eabc7ea492a63dd6b4f7e6335d0b85
Detection count: 98
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009
%PROGRAMFILES%\adc_w32.dll File name: adc_w32.dll
Size: 360.96 KB (360960 bytes)
MD5: 23bcde829d7c222cbfafefb6c3d9db21
Detection count: 23
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 7, 2010
%PROGRAMFILES%\svchost.exe File name: svchost.exe
Size: 28.67 KB (28672 bytes)
MD5: 12fceb054d18c433152e12f760059573
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 7, 2010
%SystemDrive%\Documents and Settings\Guest\Application Data\wpp.exe File name: wpp.exe
Size: 1.38 MB (1385984 bytes)
MD5: 0e6d024a52380ae16bd8657cdc17d5a7
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\Documents and Settings\Guest\Application Data\
Group: Malware file
Last Updated: April 2, 2013

More files