- Installs itself without permissions
- Connects to the internet without permission
- Shows commercial adverts
- Slow internet connection
- System crashes
- Annoying Pop-up's
- Slow Computer
There are many reasons as to the continued success of rogue system optimizers, despite the ongoing effort of the online security industry to educate its consumers. Rogue defragmenters such as Scanner perfect examples of seemingly genuine looking and appearing system optimizers. These defragmenters are actually nothing more than empty shells. Instead of helping the user optimize his PC and gain the most benefit and highest performance out of his system, Scanner, like its predecessors Disk Repair, Defragmenter, HDD Tools, Smart HDD, HDD Rescue, HDD Plus, HDDDiagnostic, Hard Drive Diagnostic, HDD Scan, Win Defragmenter, Win Defrag, Win HDD, Check Disk, Ultra Defragger, Quick Defragmenter, HDD Defragmenter and System Defragmenter will spend its time barraging the user with fake alerts over nonexistent errors.
This is only one aspect of Scanner’s attack on the system, and part of its greater goal of fleecing the consumer out of his money. Scanner is spread via supercilious fake websites which make use of drive-by download techniques. These websites act as browser hijackers, with the aim of only getting the user to visit their landing pages where his system will immediately be infected with the Scanner Trojan. Other popular methods of distribution include Scanner making use of Trojan and malware bundled downloads distributed along with security updates and codecs from third parties.
Once the Scanner infection takes root in the PC, it will be configured to run at Windows start up. It will start barraging its victim with the purported fake security alerts the moment the user attempts to launch files or delete files from the system. Scanner will then prompt you to scan your PC with its software, which will state that there are various critical errors threatening the health of your system. Do not fall for this tomfoolery. Also, remember that any rogue is dependent on user interaction. This means that a rogue cannot gain access to your system or cause damage to your PC unless you allow it permission. This is the exact purpose behind the fake warnings, which all have a call to action. Ignore the fake notifications, and do not follow any links or instructions contained therein. Some of the notorious fake alerts to be on the lookout for include:
Damaged hard drive clusters detected. Private data is at risk.”
“Hard Drive not found. Missing hard drive.
RAM memory usage is critically high. RAM memory failure.”
Windows can't find hard disk space. Hard drive error”
Windows was unable to save all the data for the file System32496A8300. The data has been lost. This error may be caused by a failure of your computer hardware.”
A critical error has occurred while indexing data stored on hard drive. System restart required.”
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.”
As a further attack on the system, and in an effort to remain undetected and undeleted until it fulfilled its purpose, Scanner will prevent the user from running any executables. This is a cautionary measure instigated by rogues to prevent the user from running a security application which could detect and remove it from the system. When the PC owner tries to launch an executable, he will be presented with the following messages:
“Windows detected a hard drive problem. A hard drive error occurred while starting the application.”
“Windows cannot find notepad. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.”
When the user closes the fake alerts, another pop up will appear which pretends to originate from a legitimate program which will attempt to fix the hard drive from errors:
Windows Disk Diagnostics will scan the system to identify performance problems.” Start or Cancel
If the user presses on the Start Button, the fake alert, will act as if it is scanning the PC and then generate the following pop up message:
“Windows Disk Diagnostics
Windows detected a hard disk error. A problem with the hard drive sectors has been detected. It is recommended to download the following sertified software to fix the detected hard drive problems. Do you want to download recommended software?”
Obviously none of these fake messages can be trusted. If the user makes use of the fake scanner, it will generate an entirely fake batch of warnings, some of which may state:
“Requested registry access is not allowed. Registry defragmentation required” “Read time of hard drive clusters less than 500 ms” “32% of HDD space is unreadable” “Bad sectors on hard drive or damaged file allocation table” “GPU RAM temperature is critically high. Urgent RAM memory optimization is required to prevent system crash” “Drive C initializing error” “Ram Temperature is 83 C. Optimization is required for normal operation.” “Hard drive doesn't respond to system commands” “Data Safety Problem. System integrity is at risk.” “Registry Error - Critical Error”
Users who did not remove Scanner in time reported numerous disturbing symptoms of this infection, including being unable to launch the Internet or launch an executable. The random generating and deleting of files were also reported, along with poor system performance and increased erratic system behavior.
In order to reestablish an Internet connection in order to download a Scanner removal tool, enter the following security tool. This should not only fix the Internet connection but will also allay the other dire symptoms following a Scanner infection:
This rogue does not deserve the time of day. Although unable to deliver on any of its purported promises, this rogue is still very dangerous with the ability to cause permanent and irreparable damage to the system. In an effort to limit the damage posed to the system, destroy Scanner before it destroys your PC. Invest in a reliable and legitimate security tool which will get rid of Scanner for good.
How to manually remove Scanner
Files associated with Scanner infection:
%UserProfile%\Start Menu\Programs\Scanner\Uninstall Scanner.lnk
c:\Documents and Settings\All Users\Application Data\[random].exe
c:\Documents and Settings\All Users\Application Data\[random]
c:\Documents and Settings\All Users\Application Data\dfrgr
c:\Documents and Settings\All Users\Application Data\dfrg
Scanner DLL's to remove:
Scanner processes to kill:
Remove Scanner registry entries: