Trojan:Win32/FakeSysdef Rogue PC Defragmenter

Trojan:Win32/FakeSysdef Rogue PC Defragmenter

Win32/FakeSysdef is a Rogue PC Defragmenter whitch once you activate the rogue everything hidded from your pc is restored and rebooted at normal.

Enables submitting non-encrypted form data:
In subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
Sets value: "1601"
With data: "0"

Changes the setting for certificates used:
In subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing
Sets value: "State"
With data: "146944"

Enables changing the desktop wallpaper:
In subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
Sets value: "NoChangingWallPaper"
With data: "0"

Displays all shortcuts:
In subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Sets value: "HideIcons"
With data: "0"

Disables Task Manager:
In subkeys:
Sets value: "DisableTaskMgr"
With data: "1"

Disables checking for signatures on downloaded programs:
In subkey: HKCU\Software\Microsoft\Internet Explorer\Download
Sets value: "CheckExeSignatures"
With data: "no"

Disables marking file attachments by using their zone information:
In subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
Sets value: "SaveZoneInformation"
With data: "1"

Sets low risk file types:
In subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
Sets value: "LowRiskFileTypes"
With data: "/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:"

Terminates or blocks programs
Some Win32/FakeSysdef variants that may terminate running processes during installation and may block launched application after the computer restarts. During the installation process, they may terminate all running processes and force the computer to restart.

After the restart, FakeSysdef attempts to block every launched program, and may then display fake error messages offering to fix the problem. It then repeatedly restarts the computer until the user agrees to buy the fake software.