FakeSysdef

Posted: November 30, 2010

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Ranking:	16,675
Threat Level:	8/10
Infected PCs:	35,068

First Seen:	November 30, 2010
Last Seen:	August 25, 2023
OS(es) Affected:	Windows

FakeSysDef is a group of rogue defraggmenters, memory-checkers and system diagnostic tools that create fake alerts and fake problems to make it appear as though your PC is infected by multiple types of high-level threats (such as keyloggers, rootkits or Trojan horses). Because scamware programs within the FakeSysDef try to look visually-identical to a real system diagnostic product, you may be tricked into thinking that buying a FakeSysDef program might not be a self-destructive idea. However, doing this will not solve any of the problems that a FakeSysDef infection causes, nor will FakeSysDef accomplish anything other than giving your money and credit card over to criminals. SpywareRemove.com malware analysts recommend that you treat any FakeSysDef application as a hostile invader to your PC and take steps to delete your FakeSysDef infection via suitable anti-malware system scans.

FakeSysDef – a Single Type of Scamware with More Names Than You Can Count

A Fake fake diagnostic program from the FakeSysDef family is often acquired by visits to malicious websites or infected P2P files. Variants of FakeSysDef products may use different methods to launch themselves, potentially including sophisticated techniques like memory-injection or alterations to the Windows Registry. However, the baseline behavior for a FakeSysDef infection, once installed, is typically predictable, although many FakeSysDef applications will use different names to try to keep an appearance of legitimacy. Examples of FakeSysDef programs that SpywareRemove.com malware researchers have looked over include:

The 'Disk' branch – Disk Repair, Disk Tool, Disk Optimizer, Disk OK, etcetera.
The 'Windows' branch - Windows Scan, Windows Tool, Windows SafeMode, Windows Diagnostic, Windows Fix Disk and so on.
The 'HDD' branch, including HDD Low, Hdd Fix, HDD Repair, HDD Plus, HDD Rescue and others.
Miscellaneously-named programs that lack fully-developed branches (for the moment) such as FullScan, FastDisk, Check Disk and Ultra Defragger.

FakeSysDef applications may also use an operating system name as a prefix – this is often some version of Windows (for example, Windows 7 Repair or Windows XP Restore).

How to Distinguish a FakeSysDef Attacker from Real System Defense Programs

A FakeSysDef infection can be identified by its persistent use of fake system alerts and bad system scans that imply that your PC is seriously-damaged or infected by threats that other anti-malware programs can't detect. Samples of these scarecrow warnings that SpywareRemove.com malware researchers have brought to light can be, but aren't restricted to:

Bad sectors on hard drive or damaged file allocation table – Critical Error

28% of HDD space is unreadable – Critical Error

Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.

A problem detected while reading boot operation system files

System Restore
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.

Boot sector of the hard drive disk is damaged – Critical Error – Limited Edition

System Restore
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.

Windows – No Disk
Exception Processing Message 0×0000013

Read time of hard drive cluster less than 500 ms – Critical Error

Serious system error
The system will reboot in 30 seconds
Windows can not continue operating due to fatal system error.
Windows was forced to restart.
All unsaved data will be lost.

Confirmation
FakeSysDef detected an error on your hard drive when trying to access a file
C:\Program Files\Internet Explorer\iexplore.exe
Perform data recovery now?

Disk Error
Can not find file: C:\Program Files\Messenger\msmsgs.exe
File may be deleted or corrupt.
It is strongly recommended to check the disk for errors.
Read time of hard drive cluster less than 500 ms – Critical Error

Confirmation
Your hard drive contains a lot of critical errors!
All your data including installed programs, documents, email, etc. are at risk of irreversible corrupt.
The trial version does not have low-level access module needed to fix the errors found.
It is strongly recommended to activate the full version software with necessary modules. Activate full version now?

A FakeSysDef infection is also extremely-likely to try to block your security and anti-malware programs. You may also experience software blockages for other applications such as Task Manager or Registry Editor. All of these attacks serve the purpose of convincing you to purchase an activation key for the FakeSysDef program in question. Rather than doing this and wasting your money, SpywareRemove.com malware researchers suggest that you delete your FakeSysDef infection with a real anti-malware program. Finding some method to stop the FakeSysDef application from launching itself (such as a Safe Mode boot) may be required before you remove all FakeSysDef-infected components.

Aliases

W32/FakeSysDef.PGE!tr [Fortinet]TR/FakeSysdef.A.737 [AntiVir]Trojan-FakeAV.Win32.FakeSysDef.pge [Kaspersky]Dropper.Generic6.BILT [AVG]Virus.Win32.Injector [Ikarus]TR/Rogue.KD.716362.5 [AntiVir]Trojan.Win32.Jorik.Zbot.fre [Kaspersky]Trojan.Jorik.Zbot.fre [CAT-QuickHeal]W32/FakeAV.JHZL!tr [Fortinet]Trojan.Generic.7052164 [BitDefender]Trojan.Win32.FakeAV.jhzl [Kaspersky]Downloader.Zlob.BIHQ [AVG]TR/FakeSysdef.AR.2 [AntiVir]Trojan-FakeAV.Win32.SystemFix.cc [Kaspersky]TrojanFakeAV.SystemFix.cc [CAT-QuickHeal]
More aliases (8976)

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%ALLUSERSPROFILE%\Datos de programa\egidPXEnjJF.exe

File name: egidPXEnjJF.exe
Size: 305.15 KB (305152 bytes)
MD5: ff47d228034fc136af3c44c64b33c72e
Detection count: 81
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Datos de programa
Group: Malware file
Last Updated: April 16, 2013

%USERPROFILE%\gppmxkbsscdiwpjyih.exe

File name: gppmxkbsscdiwpjyih.exe
Size: 305.15 KB (305152 bytes)
MD5: 7bd18d1dd6236ed83fbf2f254eb66d69
Detection count: 64
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%
Group: Malware file
Last Updated: March 21, 2013

%ALLUSERSPROFILE%\Datos de programa\ltCNsxmSemgqBwD.exe

File name: ltCNsxmSemgqBwD.exe
Size: 297.98 KB (297984 bytes)
MD5: bd59eae29a74d107a7c77d635fb4178f
Detection count: 56
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Datos de programa
Group: Malware file
Last Updated: March 12, 2013

%ALLUSERSPROFILE%\Datos de programa\eknXhqrKnsXlF.exe

File name: eknXhqrKnsXlF.exe
Size: 301.56 KB (301568 bytes)
MD5: be52e7e38b9b467c51972cc841e7e487
Detection count: 35
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Datos de programa
Group: Malware file
Last Updated: April 24, 2013

%TEMP%\148247.exe

File name: 148247.exe
Size: 296.96 KB (296960 bytes)
MD5: 807f4514320ea1577d1a7d28299e35b6
Detection count: 32
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: March 4, 2013

%ALLUSERSPROFILE%\Anwendungsdaten\XHnASFcJrnlLmYD.exe

File name: XHnASFcJrnlLmYD.exe
Size: 294.91 KB (294912 bytes)
MD5: e56e762f2e90c996dccd13411c910e6c
Detection count: 28
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Anwendungsdaten
Group: Malware file
Last Updated: February 25, 2013

%ALLUSERSPROFILE%\MRvvplxYWheRr.exe

File name: MRvvplxYWheRr.exe
Size: 300.54 KB (300544 bytes)
MD5: 0186556c2243dc8d47b3780cb01359eb
Detection count: 26
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: March 7, 2013

%ALLUSERSPROFILE%\ltCNsxmSemgqBwD.exe

File name: ltCNsxmSemgqBwD.exe
Size: 297.98 KB (297984 bytes)
MD5: a767bed0fee596706f9556d9dd6cea51
Detection count: 24
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: March 4, 2013

%ALLUSERSPROFILE%\ODJvPpaotTb.exe

File name: ODJvPpaotTb.exe
Size: 294.91 KB (294912 bytes)
MD5: a35e808f5866d1b5de1cf31c8dcea26f
Detection count: 21
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: February 26, 2013

%ALLUSERSPROFILE%\Dati applicazioni\jdSnJsadxcWFCe.exe

File name: jdSnJsadxcWFCe.exe
Size: 297.98 KB (297984 bytes)
MD5: 29e8b46c3d92b92a0ea64289fe66764f
Detection count: 21
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Dati applicazioni
Group: Malware file
Last Updated: May 15, 2013

%ALLUSERSPROFILE%\rbpbjipvqhrr.exe

File name: rbpbjipvqhrr.exe
Size: 299 KB (299008 bytes)
MD5: 97b0d56dde618dd297203291b06ec545
Detection count: 21
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: March 4, 2013

%ALLUSERSPROFILE%\XPVnElAMsonvcMj.exe

File name: XPVnElAMsonvcMj.exe
Size: 301.56 KB (301568 bytes)
MD5: 289c511dd277e046e3da62ce43fb49f8
Detection count: 19
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: March 21, 2013

%ALLUSERSPROFILE%\xwqnxyxepcug.exe

File name: xwqnxyxepcug.exe
Size: 300.03 KB (300032 bytes)
MD5: 4b8f337c8cd53fea7cb35511069d07ce
Detection count: 16
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: March 6, 2013

%ALLUSERSPROFILE%\bgPqKOKVwPQv.exe

File name: bgPqKOKVwPQv.exe
Size: 296.44 KB (296448 bytes)
MD5: d206f84768ea72998aed1f851433b1c6
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: February 26, 2013

%ALLUSERSPROFILE%\okjlroutvcya.exe

File name: okjlroutvcya.exe
Size: 299 KB (299008 bytes)
MD5: fbd750d0a801f621130b836daae32324
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: March 4, 2013

%ALLUSERSPROFILE%\yejptgssgaxp.exe

File name: yejptgssgaxp.exe
Size: 303.1 KB (303104 bytes)
MD5: a1c5a8aa1ba6d5ed2eb25d61d4f0126f
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: March 21, 2013

%ALLUSERSPROFILE%\qrxslipmyxvfmye.exe

File name: qrxslipmyxvfmye.exe
Size: 299.52 KB (299520 bytes)
MD5: d1d14cccc83221d9514f3340fedc5e53
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: March 4, 2013

%ALLUSERSPROFILE%\Datos de programa\MRvvplxYWheRr.exe

File name: MRvvplxYWheRr.exe
Size: 300.54 KB (300544 bytes)
MD5: 8cc290bd8d6c401b0718ccb67333fb1b
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Datos de programa
Group: Malware file
Last Updated: March 6, 2013

%ALLUSERSPROFILE%\ellporskarvhs.exe

File name: ellporskarvhs.exe
Size: 301.56 KB (301568 bytes)
MD5: 006c636e1bee4ae2830dc33b35991131
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: March 21, 2013

%ALLUSERSPROFILE%\SyxlJvVkCVeuBSP.exe

File name: SyxlJvVkCVeuBSP.exe
Size: 301.56 KB (301568 bytes)
MD5: 3117eef55b0ee060df4bee5286522236
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: March 29, 2013

%ALLUSERSPROFILE%\dttiyfmkftuqpj.exe

File name: dttiyfmkftuqpj.exe
Size: 298.49 KB (298496 bytes)
MD5: d1ac34449b856c8cba42e7febf1ec2ba
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: March 4, 2013

%ALLUSERSPROFILE%\KxEKSHyFtVVY.exe

File name: KxEKSHyFtVVY.exe
Size: 300.03 KB (300032 bytes)
MD5: e4380b5b02d432a677bcf1ceaed3e038
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: March 12, 2013

%ALLUSERSPROFILE%\qlgpacrvkixcre.exe

File name: qlgpacrvkixcre.exe
Size: 305.15 KB (305152 bytes)
MD5: 1e2b74845aab419e78a9e63758863482
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: March 21, 2013

%ALLUSERSPROFILE%\qlgpacrvkixcre.exe

File name: qlgpacrvkixcre.exe
Size: 305.15 KB (305152 bytes)
MD5: c03e461849f7204882f477e97f761dd8
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: March 21, 2013

%ALLUSERSPROFILE%\yintxdfmjessfn.exe

File name: yintxdfmjessfn.exe
Size: 301.56 KB (301568 bytes)
MD5: d020f69d6216c4a14f9c15928b89474f
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: March 29, 2013

More files

Win32:FakeSysdef-D[Trj]