Dishonest antivirus software which tricks users into buying or installing it, usually by infecting a user's computer, or by pretending the computer is infected.
Depending on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the suspect file, or ask you for a desired action.
More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.
You may also refer to the Knowledge Base on the F-Secure Community site for more information.
Rogue:W32/Sysguard is distributed by Trojan-Downloader:W32/FraudLoad.HK. While active, the rogue also occasionally displays popup advertisements and attempts to connect to a few remote sites.
During execution, the following files are added:
While the following hosts files are modified, with the following contents:
Upon execution, SysGuard will start the scanning process, which looks like the following screenshot:
To pressure the user further, SysGuard prevents some programs from launching, then displays the following message alleging that the program is infected and asking the user to 'start your antivirus software':
While active, the rogue attempts to connect the following URLs:
From time to time, it will display popup ads to the following websites:
The rogue makes the following changes to the Registry