Windows Defender detects and removes this threat.

Win32/FakeSysdef is a family of programs that claim to scan for hardware defects related to system memory, hard drives and over-all system performance. They scan the system, show fake hardware problems, and offer a solution to defrag the hard drives and optimize the system performance. They then inform the user that they need to pay money to download the fix module and to register the software in order to repair these non-existent hardware problems. One of the first variants was distributed as program named "HDD Defragmenter" hence the name "FakeSysdef" or "Fake System Defragmenter".

NOTE: On March 31, 2017, an incorrect detection for our cloud-based protection for Trojan:Win32/FakeSysdef was identified and immediately fixed.

To ensure that this issue is remediated, you can do a forced daily update to download your Microsoft antimalware and antispyware software. The fix has been deployed in signature build 1.239.530.0 on March 31, 2017, 2:50 PM PDT.

See Updating your Microsoft antimalware and antispyware software for more information.

Windows Defender detects and removes this threat.

See the Win32/FakeSysdef family description for more information.

Windows Defender Antivirus detects and removes this threat. 

This family of programs claim to scan for hardware defects related to system memory, hard drives and over-all system performance. They show fake hardware problems and ask you to pay money to repair them.

TrojanDropper:Win32/Hiloti.gen!A drops and installs several malware into the affected computer.

Exploit:Win32/Pdfjsc.ADQ is a malicious PDF file that exploits a vulnerability in Adobe Acrobat and Adobe Reader.

The vulnerabilities, discussed in CVE-2010-0188, allow this malware to download and run arbitrary files.

The following versions of Adobe Acrobat and Adobe Reader are vulnerable to this exploit:

• Adobe Acrobat 8 and Adobe Reader 8 earlier than 8.2.1
• Adobe Acrobat 9 and Adobe Reader 9 earlier than 9.3.1

TrojanDownloader:Win32/Kuluoz.A is a trojan that attempts to connect your computer to a remote server so it receives and performs instructions, such as to download and execute files. This trojan has been observed to download variants of Trojan:Win32/FakeSysdef, a rogue security scanner.

Windows Defender detects and removes this threat.

This trojan downloads other malware onto your PC. It also opens a text file to try and fool you into thinking it's harmless.

There is more information about this type of threat in the Win32/Kuluoz family description.

Find out ways that malware can get on your PC.  

Windows Defender detects and removes this threat.

This threat is part of the Win32/Kuluoz malware family. It can steal your passwords and sensitive information. It can also download other malware onto your PC, including other variants of Win32/Kuluoz and Win32/Sirefef, and rogue security software such as Win32/FakeSysdef and Win32/Winwebsec.

See the Win32/Kuluoz family description for more information.

Find out ways that malware can get on your PC.  

Exploit:JS/Blacole.A is the detection for malicious Javascript that loads a series of other exploits. If the computer runs a vulnerable version of certain software and exploitation is successful, various malware may be downloaded.

Exploit:Java/CVE-2011-3544.A is a malicious Java applet stored within a Java Archive (.JAR) file. It attempts to exploit a vulnerability in the Java Runtime Environment (JRE) component in Oracle JAVA SE JDK and JRE 7, 6 Update 27 and earlier. The vulnerability allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to run arbitrary Java code outside of the "sandbox" environment.

More information about the vulnerability is available in the following articles:

• CVE-2011-3544
• Oracle Java SE Critical Patch Update Advisory - October 2011

Exploit:Java/CVE-2011-3544.T is a malicious Java applet stored within a Java Archive (.JAR) file. It attempts to exploit a vulnerability in the Java Runtime Environment (JRE) component in Oracle JAVA SE JDK and JRE 7, 6 Update 27 and earlier. The vulnerability allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to run arbitrary Java code outside of the "sandbox" environment.

More information about the vulnerability is available in the following articles:

• CVE-2011-3544
• Oracle Java SE Critical Patch Update Advisory - October 2011