Dishonest antivirus software which tricks users into buying or installing it, usually by infecting a user's computer, or by pretending the computer is infected.
Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.
Find the latest advice in our Community Knowledge Base.
See the manual for your F-Secure product on the Help Center.
Submit a file or URL for further analysis.
Rogue:W32/Sysguard is distributed by Trojan-Downloader:W32/FraudLoad.HK. While active, the rogue also occasionally displays popup advertisements and attempts to connect to a few remote sites.
During execution, the following files are added:
While the following hosts files are modified, with the following contents:
Upon execution, SysGuard will start the scanning process, which looks like the following screenshot:
To pressure the user further, SysGuard prevents some programs from launching, then displays the following message alleging that the program is infected and asking the user to 'start your antivirus software':
While active, the rogue attempts to connect the following URLs:
From time to time, it will display popup ads to the following websites:
The rogue makes the following changes to the Registry