Threat Description

Rogue antispyware


Aliases: Rogue antispyware, Trojan.Win32.Fraudpack.gen, Gen:Heur.Krypt.9, Fraudtool
Category: Malware
Type: Rogue
Platform: W32


Dishonest antivirus software which tricks users into buying or installing it, usually by infecting a user's computer, or by pretending the computer is infected.


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More scanning & removal options

More information on scanning or removal options is available in the documentation for your F-Secure security product on the Downloads section of our Home - Global site.

You may also refer to the Knowledge Base on the F-Secure Community site for further assistance.

Suspect A False Alarm?

If you suspect a file has been incorrectly identified as malicious, (that is, it is a False Alarm or a False Positive), please first ensure your F-Secure security program is up-to-date with the latest detection database updates, then rescan the suspect file.

If you continue to suspect a False Alarm, you may submit a sample of the suspect file to our Security Labs for further analysis via the Submit A Sample (SAS) page.

Further actions

In some cases, a rogue may have been silently installed on the system in a 'drive-by download'. In such cases, disinfection should be accompanied by a check to determine if any programs require updating or patching; if so, please refer to the program vendor's site for further details.

Technical Details

Rogue antivirus/antispyware programs (generally known as 'rogueware' or 'rogues') are security applications that use misleading, high-pressure, fraudulent or malicious sales tactics to convince users into installing and/or purchasing the product.

The quality of the purchased software itself is also suspect; once installed, the product may not perform as expected. Some are simply substandard products that present false information or false positives due to bugs in the software's code, rather than because of an outright deception. Code corrections can move a suspect program off the rogueware detection lists. Other rogues however are intentionally malicious and either do not bring no benefit to the user, or actively interfere with the computer's operations or compromise the user's data.

Rogue antispyware or antivirus programs typically closely mimic legitimate applications, using similar (or even identical) styling and packaging to convey legitimacy. As such, it can be difficult for both technical and non-technical users to differentiate between legitimate and rogue applications.

For more information about rogues, please see Article: Rogues


Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More