"Rogue" software is an antivirus or antispyware program that tricks users into buying or installing it, usually by infecting a user's computer, or by pretending the computer is infected.
Depending on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the suspect file, or ask you for a desired action.
More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.
You may also refer to the Knowledge Base on the F-Secure Community site for more information.
This program is the "demo" version of a rogue antispyware application. It attempts to convince the user to "upgrade" and purchase the full version of the software by making the user believe that their computer system is riddled with malware; the malware would, of course, only be removed if the user purchases the full version of the program.See also the rogue antispyware description.
Upon execution, this rogue antispyware displays this End User License Agreement (EULA):
Supposedly, the user must accept it before the software will install onto the system. If the user does not accept the EULA, it will not pretend to scan the system and display fake output. It will, however, still create the following registry keys:
Create these files:
It queries this website:
If the user does agree to the EULA, the program does all the above, and in addition will pretend to scan the system:
After the scan, it will display these files, which are supposedly on the computer system. In reality, these files are taken from a predefined list located in C:\Program Files\VirusRemover2008\Viruses.bdt.
If the user closes this window, the rogue will display this notification box to remind the user that the system is still infected:
Create these directories:
Creates these mutexes:
Attempts to download files from:
Sets these values:
Creates these keys: