AnVi.FakeCog

AnVi.FakeCog Description

AnVi.FakeCog is a fake security application that is downloaded after the TDss Rootkit has infected a system. AnVi.FakeCog also spreads via Trojans that exploit a vulnerability in applications that use .pdf format files. On infiltrating a system, AnVi.FakeCog will claim to find malicious code on a compromised machine in order to coerce a victim into purchasing its supposed full version. The graphical user interface of AnVi.FakeCog uses the name "Antivirus" at the top of the page. Keep an eye out for this rogueware and avoid wasting your money is this useless application.

Technical Information

Registry Details

AnVi.FakeCog creates the following registry entry or registry entries:
RegistryKey
HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antivirus
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "wmsdk64_32.exe"
HKEY_CURRENT_USER\Software\Paladin Antivirus
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Antivirus"
HKEY_CURRENT_USER\Software\Malware Defense
HKEY_LOCAL_MACHINE\SOFTWARE\AnVi
HKEY_LOCAL_MACHINE\SOFTWARE\Paladin Antivirus

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.

By Domesticus in Rogue Anti-Spyware Program
Translate To: Español Português