You might have heard about rogue AV solutions and scareware, but not many people have experienced a rogue defragmenter that hides files and (indirectly) asks money to return it.
Symantec researchers warn about Fakefrag – a Trojan that moves all the files in the “All Users” folder to a temporary location and hides files in the “Current User” folder, hides icons and makes it look like they have been deleted, disables the Task Manager, and shows error messages that indicate that the hard disk might be failing.
In short, it makes it look like you’re about to loose everything you have on your hard disk and everything you’re currently working on. And while you begin to panic, it drops a fake diagnostic utility named Windows Recovery and offers you to check your system with it. Windows Recovery, of course, detects errors that make you believe the failure warnings.
Windows Recovery then tells you it has the answer to your problems, and that you have to shell out $79.50 for the version that will allow you to fix the errors. “Fortunately with Trojan.Fakefrag all the files are still on your hard drive. A quick search will find anything you need—after you run an up-to-date antivirus scan to delete the Trojan of course,” note the researchers.