FakeCog

FakeCog is a family of bogus security applications that have been around since 2009. While they carry out a common online scam that is practically identical to rogue security programs belonging to other large families of rogue security programs (such as FakeSmoke and FakeScanti), malware in the FakeCog family is characterized by their green icon shaped like a shield (which attempts to imitate Windows Defender much like FakeSmoke's rogue security programs attempt to imitate Windows Security Center. Some rogue security programs belonging to this extensive family of malware include Dr. Guard, Your Protection, Digital Protection, Protection Center, AnVi, Defense Center, Data Protection, Malware Defense, Paladin Antivirus and User Protection. These names will often be followed by a year (such as 2009, 2010, 2011 or 2012) or by a word like 'Pro'. The presence of any malware in the FakeCog family on your computer system is cause for concern, since ESG security researchers consider rogue security programs belonging to this family to pose a severe danger to your computer's health.

A Technical Overview of a FakeCog Family Infection

The main way in which programs in the FakeCog family of rogue security programs attack a computer system is by pretending to run a malware scan and then displaying constant fake alerts for non-existent threats. The point of this is to convince the victim that they must pay a certain amount of money in order to register the rogue anti-virus program on the victim's computer in order to remove these threats completely. As part of its installation process, FakeCog-related malware will make dangerous changes to the Windows Registry that must be reversed as part of the FakeCog removal process. These Windows Registry changes allow FakeCog to block certain applications, display its fake alerts and run automatically when Windows starts up. Malware in the FakeCog family will place two malware components into the TEMP folder. These are a DLL file which will be injected into the explorer.exe file process so that FakeCog will run continually on the infected computer system. The second malware component that a FakeCog rogue security program installs is an imitation of the Windows Security Center main window along with an EXE file with the extension .TMP.EXE which will try to uninstall or disable common anti-virus applications that may be installed on the victim's computer system. As part of their installation process, rogue security programs in the FakeCog family also create a Start Menu shortcut and a Desktop icon with the green shield that characterizes FakeCog rogue security programs.

SpyHunter Detects & Remove FakeCog