More Windows Rogues than Just AV – Fake Defragmenter Check Disk

By Marius Oiaga on December 2nd, 2010 14:47 GMT

Don’t think for a second that rogues are limited to scareware, because as so-called products such as "System Defragmenter", "Scan Disk" "Check Disk" prove, they’re not.

Essentially, "System Defragmenter", "Scan Disk" and "Check Disk" are all the same, just different labels for a fake defragmenter detected by Microsoft’s security solutions as Trojan:Win32/FakeSysdef.

When the software giant first detected FakeSysdef it was being served to unsuspecting users as a fake Windows Update.

The rogue defragmenter is relatively new, having emerged at the start of October 2010, according to Daniel Radu & Marian Radu, MMPC Dublin.

“At this point the installer malware came in an unprotected form: no actions were taken in order to evade antivirus detections, no code obfuscation applied to make analysis more difficult. This makes us think it was a trial run, made just to test the waters to see how it handled once in the wild,” Radu stated.

FakeSysdef evolved a few times over the course of the past months, and is now being offered as Check Disk, an obvious attempt to pass it for the legitimate chkdsk.exe which ships by default with Windows.

The rogue defragmenter is now designed to avoid detection by antivirus products, it’s set up to ignore virtualized environments, and it sports a new interface put together to make it as credible as possible.

Just as it is the case for rogue AV, the fake defragmenter is a useless piece of malicious software.

It also attempts to scare victims into thinking that their hardware produces a range of fake warnings, critical errors and an assortment of completely bogus problems.

Then FakeSysdef is designed to “resolve” all the fake issues it pretends to discover, but not until users pay for a full license.

Essentially, the product is offering to defragment the hard drive, but users should be aware that HDD defragmentation capabilities are included in Windows by default.

“As the name suggests, this malware imitates a hard disk defragmenter. It will pretend to scan your computer for problems such as: it "checks" if your hard disk is working correctly, "defragments" it, and even checks the health status of your RAM and GPU (Graphic Processor Unit).

“Of course, once you start checking for problems using this 'program' it is going to “find” a bucketful of them: bad sectors; RAM fragmentation; registry errors; very high CPU/GPU temperature ; RAM failures,” Radu explained.

Whatever you do, don’t install Check Disk on your system, and in the case that the malicious code already infected your machine don’t pay a single cent for a license.

Instead grab a genuine antivirus solution such as Microsoft Security Essentials which is available free of charge, and clean your computer of this filth.

Microsoft Security Essentials is available for download here.
Check Disk
   Check Disk
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

4 Comments