This threat has been renamed to Rogue:Win32/FakeScanti.

Win32/FakeScanti is a rogue that claims to scan for malware and displays fake warnings of "malicious programs and viruses". It tells you that you need to pay to register this fake program and remove the non-existent threats. Win32/FakeScanti variants have been observed to use names like:

• AKM Antivirus Pro
• AV Guard Online
• BlueFlare Antivirus
• Guard Online
• Milestone Antivirus
• Open Cloud AV
• OpenCloud Antivirus
• Security Guard 2012
• Sysinternals Antivirus
• Windows Antivirus Pro
• Windows Police Pro
• XJR Antivirus
• Your PC Protector

Windows Defender Antivirus detects and removes this threat. See the Win32/FakeScanti description for more information.

Win32/FakeScanti is a family of trojans that claim to scan for malware and display fake warnings of “malicious programs and viruses”. They then inform the user that they need to pay money to register the software in order to remove these non-existent threats. Win32/FakeScanti variants have been observed to use names such as “Windows Antivirus Pro.”

 

Special Note:
Reports of Rogue Antivirus programs have been more prevalent as of late.  These are programs that generate misleading alerts and false detections in order to convince users to purchase illegitimate security software.  Some of these programs may display product names or logos in an apparently unlawful attempt to impersonate Microsoft products. 

 

To detect and remove this threat and other malicious software that may be installed in your computer, run a full-system scan with an up-to-date antivirus product such as the following:

 

• Microsoft Security Essentials
• Windows Defender
• Microsoft Safety Scanner
• Microsoft Windows Malicious Software Removal Tool

 

For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.

Trojan:HTML/FakeScanti is a detection for a component installed by Trojan:Win32/FakeScanti that is used to render a fake version of the Windows Security Center.

Special Note:
Reports of Rogue Antivirus programs have been more prevalent as of late.  These are programs that generate misleading alerts and false detections in order to convince users to purchase illegitimate security software.  Some of these programs may display product names or logos in an apparently unlawful attempt to impersonate Microsoft products. 

 

Use Microsoft Windows Defender, the Microsoft Safety Scanner (http://go.microsoft.com/fwlink/?LinkId=212742), or another up-to-date scanning and removal tool to detect and remove these threats and other unwanted software from your computer. For more information on Microsoft security products, see http://www.microsoft.com/protect/products/computer/default.mspx.

Wireshark Antivirus is a variant of Win32/FakeScanti - a family of programs that claims to scan for malware and displays fake warnings of “malicious programs and viruses”. They then inform the user that they need to pay money to register the software in order to remove these non-existent threats.

Sysinternals Antivirus is a variant of Win32/FakeScanti - a family of programs that claims to scan for malware and displays fake warnings of “malicious programs and viruses”. They then inform the user that they need to pay money to register the software in order to remove these non-existent threats.

Trojan:Win32/Oficla.H!dll is a trojan that attempts to inject code into a running process to download a rogue security program identified as TrojanDownloader:Win32/FakeScanti.

TrojanDropper:Win32/Oficla.A is a detection for a trojan that installs and executes Trojan:Win32/Oficla.E. This Win32/Oflicla variant attempts to download TrojanDownloader:Win32/FakeScanti from a remote Web site.

Win32/Oficla is a familiy of trojans that attempts to inject code into running processes in order to download and execute arbitrary files. In the wild, we have observed variants of this family downloading and installing several different malware families, including Win32/FakeScanti and Win32/Cutwail.

Trojan:Win32/Oficla.H is a trojan that attempts to inject code into a running process to download a rogue security program, such as TrojanDownloader:Win32/FakeScanti.

Trojan:Win32/Oficla.G is a trojan that installs and runs Trojan:Win32/Oficla.E. Trojan:Win32/Oficla.E may download a rogue security program identified as TrojanDownloader:Win32/FakeScanti.

Trojan:Win32/Oficla.E is a trojan that attempts to inject code into a running process to download a rogue security program identified as TrojanDownloader:Win32/FakeScanti.

AV Security 2012 is a variant of Win32/FakeScanti - a family of trojans that claim to scan for malware and display fake warnings of "malicious programs and viruses". It then informs the user that they need to pay money to register the software in order to remove these non-existent threats. The malware may also attempt to terminate processes and block access to websites.

AV Guard Online is a variant of Win32/FakeScanti - a family of trojans that claim to scan for malware and display fake warnings of "malicious programs and viruses". It then informs the user that they need to pay money to register the software in order to remove these non-existent threats. The malware may also attempt to terminate processes and block access to websites.

Security Guard 2012 is a variant of Win32/FakeScanti - a family of trojans that claim to scan for malware and display fake warnings of "malicious programs and viruses". It then informs the user that they need to pay money to register the software in order to remove these non-existent threats. The malware may also attempt to terminate processes and block access to websites.