Also detected as:
The following could indicate that you have this threat on your PC:
detects and removes this threat.
This app is used to help you find programs to run unknown files, however it is also known to install variants of the Win32/Sefnit family without your knowledge.
You might download this app yourself, or it might have been installed on your PC by Win32/Rotbrow or Win32/Brantall.
Find out ways that malware can get on your PC.
Use the following free Microsoft software to detect and remove this threat:
You should also run a full scan. A full scan might find other, hidden malware.
You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.
If you’re using Windows XP, see our Windows XP end of support page.
You might download this app with the name FileScout or File Scout, with the file name filescout.exe. It might also be installed on your PC by a variant of the Win32/Rotbrow or Win32/Brantall families.
It installs the following files:
It creates a shortcut on your PC that might look like this:
It registers and installs itself by modifying the registry.
Installs Win32/Sefnit variants and other malware
When running, the app sends a HTTP GET requests to a remote server, which then responds with a command to download a file.
We have seen it send the request to updater-1341016669.<removed>.elb.amazonaws.com/update/update.php?name=filescout&version=50397193&r=1397078091.
We detect the file as a variant of Win32/Sefnit, such as Trojan:Win32/Sefnit.BW.
Analysis by Geoff McDonald and Chris Stubbs
Take these steps to help prevent infection on your PC.
I want to...
Note: Your feedback is very important to us, however we do not respond to individual submissions through this channel.
If you require support, please visit the
Safety & Security Center.