This page has multiple issues. These issues most likely include issues with references and manual of style violations. Please help Malware Wiki by correcting these issues.
|Type||Trojan, Rogue Antivirus|
|File Type||Win32 PE executable (.EXE)|
The operations of this trojan include pretending to be scanning the computer as an antivirus and it displays a message reading "Welcome to CMDSpybot. Press any key to continue." It does the dir/s command in cmd.exe, then acts much like a rogue, finding fake threats on the computer. When it is complete, it scares the user into thinking that it is deleting hal.dll and control.ini. It does not actually do this, but it will display a message reading "This is rogue please remove me." When the user then presses any key, it will automatically remove itself.