The rogue creates fake files on the system and detects it as malware to scare users.
Once registered, the rogues updates the database:
hxxp://ertubedewse.com/updates/main.cvd
But its database is from ClamAV and its date is 09 Dec 2007 (a bit outdated).
ClamAV-VDB:09 Dec 2007 15-50 +0000:45:169676:21:b35429d8d5d60368eea9630062f7c75a:
