Multi-Device Licenses (Volume Discounts)

Change Region

English Português
Threat Database Rogue Anti-Spyware Program FakeYak

FakeYak

By LoneStar in Rogue Anti-Spyware Program
Translate To:
English

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 3,594
First Seen: November 30, 2010
Last Seen: January 10, 2022
OS(es) Affected: Windows

FakeYak is a family of fake anti-virus products. These kinds of fake security applications are used by a well-known online scam. The FakeYak family of rogue security programs includes Antimalware Doctor and Zentom System Guard. Like most rogue security programs, the FakeYak family is designed to spam the victim with a torrent of error messages and fake system scans. Then, taking advantage of the panic they cause, these fake security programs offer to remove these non-existent infections as long as the victim is willing to pay for a useless 'full version' of FakeYak. Malware in the FakeYak is characterized by the use of an executable file (with an EXE extension) with a random name composed of a string of numbers and letters which will usually be installed inside a randomly-named folder in the Application Data directory. FakeYak malware also makes dangerous changes to the Windows Registry which allows FakeYak to display its fake warnings and perform other malicious tasks on your computer system. If you have reasons to think that your computer has become infected with a rogue security program belonging to the FakeYak family of malware, ESG security researchers advise to rely on an up-to-date anti-malware tool to remove the offending application from your computer system immediately.

How FakeYak Infect Your Computer System

The FakeYak scam is fairly typical of how malware of this kind works. Fake anti-virus applications belonging to the FakeYak family display bogus warnings in an attempt to convince their victim to register this fake software in order to get rid of the very problems that FakeYak itself caused. Usually, rogue security programs in the FakeYak family will be installed through a Trojan dropper, a malware infection specifically designed to install other malware onto the victim's computer system. It will usually create a directory with a name composed of 32 hexadecimal digits (that is, using all digits and letters from A to F). The executable file associated with the FakeYak family will then create a folder in the Programs file, a link in the Startup menu and install the actual rogue security program of choice. Then it runs the FakeYak, which creates files that contain this program's fake security notifications and fake malware details that FakeYak displays when prompted. As part of its installation process, FakeYak also creates an icon on the victim's desktop and will also add a useless uninstall icon to the Start Menu (FakeYak can only be permanently uninstalled using a real anti-malware program.) The file names in this particular step all vary according to the particular clone of FakeYak that is being installed. ESG malware analysts have identified dozens of fake security programs that belong to the FakeYak family of fake security programs.

Aliases

15 security vendors flagged this file as malicious.

Anti-Virus Software Detection
Fortinet W32/FakeAV.HH!tr
AhnLab-V3 Win-Trojan/Fakeav.1296896
Fortinet W32/Kryptik.QSB!tr
AhnLab-V3 Win-Trojan/Injector.69120.BP
DrWeb Trojan.Packed.2212
Avast Win32:Crypt-JZF [Trj]
NOD32 a variant of Win32/Kryptik.QSB
AVG Generic25.AHWS
BitDefender Trojan.Generic.6749759
Kaspersky Trojan.Win32.Menti.immd
Avast Win32:Agent-ANJK [Trj]
AVG Generic25.ATLT
Antiy-AVL Trojan/Win32.Menti.gen
Kaspersky Trojan.Win32.Menti.ionw
eSafe Win32.Trojan

SpyHunter Detects & Remove FakeYak

File System Details

FakeYak may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. senrmodk70.exe 7d55342b17462fee6b09efdd0fb71f4b 44
2. senrmodk70.exe 6ba3fa188a1dd9580348d5dcca714498 41
3. finc70dkk.exe e8407c751a5910dca7f305e98bd4d6d2 26
4. kocinc700kk.exe 337c8011fbc475dc0423276784923d0a 18
5. finc70dkk.exe 30b5cde805d0ecb120767f77f0f4dffb 18
6. kocinc700kk.exe 0c87890fb6e64bfeb429512e2c6deafb 13
7. senrmodk70.exe c5441c664b04d9a0348be5dd9ecf74fd 11
8. vb70hmodx.exe 4e344c28fd14eab567cb6d06302e1a52 10
9. kocinc700kk.exe 3f850d87e3e9c03ab077bb9679ea435c 9
10. pagepropcpl.exe d069ec28ecf8cd8814d77925c6c762d2 7
11. finc70dkk.exe a53278cfafaac5a7932f55d4d8787137 4
12. vb70hmodx.exe 8e30adca479895b3ee8c99a0e4984ad2 4
13. evtsadslmgr.exe 04d796b5db1de5668d4c397f5ebe9121 3
14. dbgpropscan.exe 8b0149fcc3a7cb8f27356a96192d92c3 3
15. finc70dkk.exe 77f210f2ae5b60e3b8a4b0c64a853355 2
16. svccabcfg.exe 96d827f9ceffd2e58fa7092f7e424dff 2
17. certappparse.exe 4390b8f9c97bcb78a2f91fe3efa0cacb 2
18. acctproxypage.exe 44b46c89e19688f63a703b5aed15f5c2 2
19. pageadslaction.exe 20852292ee402cb52babb8a76a579ce7 1
20. auditwinsrv.exe b3bfc38534fcb81a6f4cf3a4d718799d 1
21. cachescanhost.exe f8e90b7f490dbdc0faa15ce3cf7adf8d 1
22. aclappcat.exe f2b5fd88cb094ef0cfd3e2e2a276a064 1
23. cscfileaction.exe 7b8e7748646cab824e25951221c2a17a 1
24. bridgeadslcat.exe 5aa6f967164f482742f987eb7d792095 1
25. kocinc700kk.exe 90f1f33560e250b5449493b69681b8c8 1
26. acctpropparse.exe 8a962e36347d6d26d4ee838df7fcddcb 1
27. actionauthaudio.exe 707c15d09dc464ac2099d6b6dd65b0db 1
28. filecachediag.exe 09f6f4b22aa91a3fc064c2d40cc6b8e2 1
29. pagepropcpl.exe
30. onslik700patch.exe
31. kocinc700kk.exe
32. hostproxycat.exe
33. filednsedit.exe
34. vb70hmodx.exe
35. svccabcfg.exe
36. setui70vir.exe
37. cap70sott.exe
38. bridgeadslcat.exe
39. xsornmewca.exe
40. xescrnwamo.exe
41. veusll.exe
42. updtappl70700core.exe
43. auditwinsrv.exe
44. adsldbgsrv.exe
45. acladmres.exe
46. acctpagecert.exe
47. tassib700lib.exe
48. syncdata70700fix.exe
49. setup708appdl.exe
50. nswaermcox.exe
51. mxeasonrcw.exe
52. mainapp708dl.exe
53. KB6980829.exe
54. k70ccreloc.exe
55. hmod70twindl.exe
56. rfcm700newfix.exe
57. path716sync5.exe
58. oewxsarmnc.exe
59. fdebckalias70.exe
60. erwmscanxo.exe
61. enrcsmaoxw.exe
62. diagadvxml.exe
63. bnstss700mano.exe
64. asp70vdviss.exe
65. areonsxwcm.exe
66. libdir711binfile.exe
67. fixcore70700bin.exe
68. 67atrbin87ctr.exe
69. yxxa.exe
70. proxydebugpage.exe
71. pageadslaction.exe
72. lss700dbgg.exe
73. KB13672359.exe
74. finc70dkk.exe
75. tplsis70t.exe
76. siboni24acv.exe
77. evtsadslmgr.exe
78. certappparse.exe
79. vystar24cc0.exe
80. upd_debug.exe
81. unitset70700bin.exe
82. amduiapp.exe
83. aclappcat.exe
84. acctpropparse.exe
85. tr700lqqcore.exe
86. sysmedia700upl.exe
87. sokdrt700.exe
88. satdll70snn.exe
89. neamcxwros.exe
90. msgsrvctrl.exe
91. mainfile7072410002.exe
92. lavsstr70.exe
93. info[1].exe
94. gsrvmdctrl.exe
95. provobjcrypt.exe
96. filetos708dlgmd.exe
97. esowcrxanm.exe
98. enxocsramw.exe
99. dnsrtl708dcs.exe
100. avres10100binclt.exe
101. arg70techsdk.exe
102. antihckrdl.exe
103. admbootcache.exe
104. fixmediaset70700en00.exe
105. 7078CA5327Dbin.exe
106. 45avs87hck.exe
107. main70716en02setup.exe
108. r24upldoc.exe
109. pagecplpack.exe
110. mllsic70nb.exe
111. KB2231578.exe
112. hostfilescan.exe
113. tplsub700jk.exe
114. siboni24acv2.exe
115. senrmodk70.exe
116. cscfileaction.exe
117. cachescanhost.exe
118. 700corelease00d05.exe
119. xpatch700isoref.exe
120. xcrwmaoens.exe
121. verscap716ii2.exe
122. auditprovstream.exe
123. actionauthaudio.exe
124. acctproxypage.exe
125. tun70uidop.exe
126. sysobdedrun.exe
127. searoxmncw.exe
128. msoxwracen.exe
129. libav700fxcore.exe
130. reb700casdll.exe
131. pack700midlevelxx.exe
132. fitsub70rlz.exe
133. ewsracmonx.exe
134. eraowcsmnx.exe
135. duosmart700mod0en.exe
136. cwreonmasx.exe
137. binupdt700max.exe
138. asecpp70.exe
139. agibck70dl.exe
140. libcore707en0setup.exe
141. 87avshck78.exe
142. truefix70700duo.exe
143. wemnorcsxa.tmp
144. smaewroncx.tmp
145. F6.tmp
146. 46.tmp
147. 16.tmp
148. xcneosmarw.tmp
149. swxrmneaco.tmp
150. onrcxmaswe.tmp
151. E.tmp
152. 1D.tmp
153. xomwrecnas.tmp
154. AE.tmp
155. msnercwaxo.tmp
156. erxcsnamwo.tmp
157. B3AD.tmp
158. 2F7.tmp
More files

Related Posts

Trending

Most Viewed

Loading...