“Initially known as “System Defragmenter”, then “Scan Disk” and now it’s called “Check Disk”. While the name will most certainly change again, the main goal of Trojan:Win32/FakeSysdef will surely remain the same: to trick you into buying a piece of software that does nothing except scare you with fake warnings, critical “errors” and other “problems”.
As the name suggests, this malware imitates a hard disk defragmenter. It pretend to scan your computer for problems such as: it “checks” if your hard disk is working correctly, “defragments” it, and even checks the health status of your RAM and GPU (Graphic Processor Unit). Of course, once you start checking for problems using this ‘program’ it’s going to “find” a bucketful of them,” explains Microsoft MMPC.
Below are example SHA1 hashes for the malware discussed in this blog:
While writing this blog, a new version of the malware was encountered, “Win HDD” with the following SHA1: