Home Malware Programs Rogue Anti-Virus Programs FakeCog

FakeCog

Posted: October 4, 2010

Threat Metric

Threat Level: 10/10
Infected PCs: 3,523
First Seen: October 4, 2010
Last Seen: July 9, 2023
OS(es) Affected: Windows


FakeCog is a subset of rogue anti-malware products that include CoreGuard Antivirus 2009, Your Protection, Dr. Guard, Digital Protection, Defense Center, Protection Center, Data Protection and AnVi. Like FakeRean, FakeScan or FakeSmoke, FakeCog scamware programs use fake scanner results and warning messages to fool victims into thinking that they should spend money to remove nonexistent PC threats. However, since FakeCog-based programs, like most types of scamware, don't have any of the features that they advertise, SpywareRemove.com malware researchers recommend that you delete FakeCog products with legitimate anti-malware software. You should also be aware of the strong possibility of FakeCog installing a fake Security Center application that looks identical to Windows Security Center – while having none of Windows Security Center's real functions.

FakeCog – All the Visual Polish of a Real Program... but Nothing Else to Recommend It

The FakeCog scamware like Defense Center, although they may look like real anti-malware programs, aren't able to find or remove any type of PC threat. This doesn't slow down their barrage of fake alerts, however, which relentlessly claim that nonexistent spyware are on your computer and must be removed by spending money on FakeCog's product of the moment. Rogue anti-malware programs from the FakeCog family try to look legitimate and include license agreements as well as logos from unrelated companies (such as Visa, MasterCard and VeriSign). However, like any other type of fraudulent security software, FakeCog-based PC threats primarily deal in dishing out inaccurate warning messages.

Examples of just a few of the warnings that FakeCog may use to incite panic include:

Danger!
It is strongly recommended to remove all detected viruses to protect your computer against existing security threats. Click on the message to ensure the protection of your computer.

Warning!
DANGEROUS! SYSTEM PROTECTION HAS DETECTED A VIRUS OR A HARMFUL PROGRAM ON YOUR COMPUTER! THEY MAY CORRUPT YOUR INFORMATION OR SEND IT TO HACKERS.

Uncertified [sic] Microsoft Security Essentials antivirus software detected on your computer. You need to remove Microsoft Security Essentials software for correct operation of the Antivirus.

Warning!
NEED HELP? CONTACT [FakeCog rogue program's name] CUSTOMER SUPPORT SERVICE.

These pop-ups can appear in the form of toolbar notifications or other formats that look legitimate despite their inclusion of fraudulent content. Since FakeCog scamware, like most types of rogue security programs will launch themselves without your permission, you should always be prepared to identify and ignore FakeCog-derived pop-ups until you've removed the FakeCog infection from your computer.

Getting the Real Gears of Security Churning Anew

SpywareRemove.com malware experts also warn you to be aware of various types of security attacks that FakeCog programs may make against your PC. You may be subjected to:

  • A fake Security Center that looks like the real thing (but doesn't have any of the real Security Center's protective features).
  • Be unable to access Task Manager, although alternate programs that perform similar functions can be used until you've gotten rid of your FakeCog problem.
  • Be asked to uninstall real anti-malware programs. Naturally, you shouldn't obey this suggestion by FakeCog software, since it will only make your PC even more vulnerable to attacks than before.

Since FakeCog rogue security programs may also install other PC threats or include non-visible components, you should first disable FakeCog before using real anti-malware programs to scan your PC.

Aliases

Trojan-Downloader [K7AntiVirus]Trojan-Downloader.Win32.FraudLoad.xfup [Kaspersky]W32/FakeAV.BSY!tr [Fortinet]Trojan/Win32.FraudLoad.gen [Antiy-AVL]Win32/FakeAV.CYB [eTrust-Vet]Troj/FakeAV-BSY [Sophos]TR/Dldr.FraudLoad.xfah [AntiVir]Trojan.Generic.KDV.45406 [BitDefender]Win32.TRDldr.FraudLo [eSafe]Win32:Malware-gen [Avast]AntivirusFraud [Symantec]Win32/TrojanDownloader.Prodatect.AQ [NOD32]Win32:Agent-AMLR [Avast]Artemis!03C20AC80D0A [McAfee]Generic4.ANRS [AVG]
More aliases (438)

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%TEMP%\dfrgsnapnt.exe File name: dfrgsnapnt.exe
Size: 470.86 KB (470864 bytes)
MD5: b82591d16d40e4af689d5178e70dfeae
Detection count: 131
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: October 14, 2010
%TEMP%\dfrgsnapnt.exe File name: dfrgsnapnt.exe
Size: 471.29 KB (471296 bytes)
MD5: cf419370d8e7732f301a95aec10cd4aa
Detection count: 129
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: October 5, 2010
%TEMP%\dfrgsnapnt.exe File name: dfrgsnapnt.exe
Size: 467.2 KB (467200 bytes)
MD5: bddd35b19d8ce7e42446b0bc182455fe
Detection count: 105
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: October 5, 2010
%TEMP%\dfrgsnapnt.exe File name: dfrgsnapnt.exe
Size: 471.29 KB (471296 bytes)
MD5: b57d2bb2702314d1414932d7191784cc
Detection count: 91
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: October 5, 2010
%APPDATA%\AnVi\avt.exe File name: avt.exe
Size: 2.06 MB (2066944 bytes)
MD5: 56e6a70ca07cdb6dace0c52db014bade
Detection count: 91
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\AnVi
Group: Malware file
Last Updated: December 1, 2010
C:\Users\<username>\Documents\nod 32\TNod 32 User & Password Finder 1.4.0.17\TNODUP.exe File name: TNODUP.exe
Size: 1.83 MB (1837056 bytes)
MD5: 18c84f2c40e9a1d6a748ef8359403dcc
Detection count: 80
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\Documents\nod 32\TNod 32 User & Password Finder 1.4.0.17\TNODUP.exe
Group: Malware file
Last Updated: October 15, 2022
%APPDATA%\AnVi\avt.exe File name: avt.exe
Size: 2.06 MB (2066944 bytes)
MD5: 0bec56e51cdfd27f3c4ba8c0522be422
Detection count: 68
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\AnVi
Group: Malware file
Last Updated: October 4, 2010
%PROGRAMFILES%\AnVi\avt.exe File name: avt.exe
Size: 2.06 MB (2066944 bytes)
MD5: 0bd4b5d7b2f0a67f0741b0a0da0dedd4
Detection count: 63
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\AnVi
Group: Malware file
Last Updated: January 5, 2011
%APPDATA%\AnVi\avt.exe File name: avt.exe
Size: 2.06 MB (2066944 bytes)
MD5: abfb4e71253c82b8830b569f7c9216f6
Detection count: 56
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\AnVi
Group: Malware file
Last Updated: December 28, 2010
%WINDIR%\TEMP\dfrgsnapnt.exe File name: dfrgsnapnt.exe
Size: 471.29 KB (471296 bytes)
MD5: 161c82fa6bc007d8876a32166aef23c3
Detection count: 44
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\TEMP
Group: Malware file
Last Updated: October 6, 2010
%PROGRAMFILES%\AnVi\avt.exe File name: avt.exe
Size: 2.06 MB (2066944 bytes)
MD5: 894edee5b466f504f73d6d4cc5748dc1
Detection count: 37
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\AnVi
Group: Malware file
Last Updated: October 4, 2010
%WINDIR%\mobedirlinkers.exe File name: mobedirlinkers.exe
Size: 110.88 KB (110889 bytes)
MD5: d6f32418d68a998d9c643c0ffa009f2c
Detection count: 36
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%
Group: Malware file
Last Updated: November 30, 2010
%PROGRAMFILES%\DoubleD\GamingHarbor Toolbar\4.2.4.23050\stb0.dll File name: stb0.dll
Size: 1.13 MB (1134592 bytes)
MD5: e1463171557fd96c4aa6a5b94da56150
Detection count: 30
File type: Dynamic link library
Mime Type: unknown/dll
Path: %PROGRAMFILES%\DoubleD\GamingHarbor Toolbar\4.2.4.23050
Group: Malware file
Last Updated: November 30, 2010
%PROGRAMFILES%\AnVi\avt.exe File name: avt.exe
Size: 2.06 MB (2066944 bytes)
MD5: c9ac2f34842073da9a608ad3bd071ca1
Detection count: 28
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\AnVi
Group: Malware file
Last Updated: October 6, 2010
%APPDATA%\AnVi\avt.exe File name: avt.exe
Size: 2.06 MB (2066944 bytes)
MD5: 45033a8780887fa9460352f3514f7925
Detection count: 28
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\AnVi
Group: Malware file
Last Updated: November 30, 2010
%USERPROFILE%\Desktop\ComboFix.exe File name: ComboFix.exe
Size: 3.86 MB (3861166 bytes)
MD5: 3a7288c09145e5a1edbe619b917ec2ea
Detection count: 16
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Desktop
Group: Malware file
Last Updated: November 30, 2010
%APPDATA%\AnVi\avt.exe File name: avt.exe
Size: 2.06 MB (2066944 bytes)
MD5: 3d04633909edc25991e68d04a344f3bc
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\AnVi
Group: Malware file
Last Updated: December 1, 2010
%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\0LC3WICR\MEDIAPLUGIN_Installer[1].exe File name: MEDIAPLUGIN_Installer[1].exe
Size: 323.58 KB (323584 bytes)
MD5: 1affc3a34abd0afc6152a245232079db
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\0LC3WICR
Group: Malware file
Last Updated: November 30, 2010
%USERPROFILE%\Escritorio\ComboFix.exe File name: ComboFix.exe
Size: 3.91 MB (3913031 bytes)
MD5: 3fef48d0d82e80548a2ed96a674583cd
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Escritorio
Group: Malware file
Last Updated: November 30, 2010

More files

Related Posts

Loading...