SCANDSYS211D_8097.EXE is FakeAV VirusDoctor

June 19, 2012 by NightWatcher
Filed under: FakeAV 
: Solved!

Fix it immediately:

The file SCANDSYS211D_8097.EXE is a part of Fake Antiviral software.
You must delete the file SCANDSYS211D_8097.EXE immediately!
Delete the file SCANDSYS211D_8097.EXE without delay!
Kill the process SCANDSYS211D_8097.EXE and remove SCANDSYS211D_8097.EXE from the Windows startup.

Malware Analysis of SCANDSYS211D_8097.EXE
Full path on a computer: %Temp%\scandsys211d_8097.exe

Detected by RegRun Warrior:

SCANDSYS211D_8097.EXE
Default location: %Temp%\scandsys211d_8097.exe

Removal Results: Success
Number of reboot: 1

SCANDSYS211D_8097.EXE is known as:

FakeAV.VirusDoctor, Rogue.FakeVimes

SCANDSYS211D_8097.EXE hash:

  • MD5: aea8d7b3c862e7ee83a68c91d505d0e5
How to quickly detect SCANDSYS211D_8097.EXE presence?

Registry:
  • HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\BAS: “”%Temp%\scandsys211d_8097.exe” /cs:1 ”
Folders:
  • %Common Appdata%\69cb8a
Files:
  • %Temp%\144E3.dmp
  • %Temp%\3bef_appcompat.txt
  • %Temp%\scandsys211d_8097.exe
  • %Common Appdata%\69cb8a\BA69c_8097.exe


  • Recommended: UnHackMe anti-rootkit and anti-malware

    Premium software: RegRun Security Suite (Good choice for removal and protection)

    Written by

    Malware Hunter.

    Tags: FakeAV, SCANDSYS211D_8097.EXE, VirusDoctor

    Comments

    Tell me what you're thinking...
    and oh, if you want a pic to show with your comment, go get a gravatar!

    You must be logged in to post a comment.