FakeSmoke Description

FakeSmoke is a family of rogue security programs that have been around since 2009. Some examples of malware belonging to the FakeSmoke family include SoftCop, Antivirus, BlockKeeper, AntiAID, Link Safeness, SiteVillain and Virus Protector. If malware belonging to the FakeSmoke family of rogue security programs is present on your computer system, this constitutes a severe risk to your computer's integrity. ESG security researchers urge immediate action in order to remove this dangerous invader from your hard drive.

A Summary of the FakeSmoke Scam

There are various Trojan infections that belong to the FakeSmoke family of rogue security programs. All of these have two components in common; a fake version of Windows Security Center, which consists of nothing more than an interface designed to mimic the layout of Security Center and a bogus anti-virus which carries out the main portion of the FakeSmoke scam. These two components take over the victim's computer system and display a constant stream of fake notifications that are designed to imitate closely notifications that Windows Security Center displays normally. These notifications will usually urge the victim to register the fake anti-virus, purchasing a malicious product with absolutely no anti-malware capabilities. FakeSmoke perform fake scans and display a false positive in order to sell copies of their useless product.

How FakeSmoke Attacks Your Computer System

Typically, Trojans in the FakeSmoke family of rogue security programs copy themselves to the System folder. The program's name varies depending on the particular rogue security program that is infecting your computer system. As part of their installation process, FakeSmoke makes a change to the Windows Registry that allows them to run automatically whenever Windows starts up. As part of its installation process, a rogue security program belonging to the FakeSmoke family of rogue security programs will also install files in the Program Files, like a legitimate application. This will usually be in a folder with the rogue security program's name containing another folder marked as 'Software'. FakeSmoke also creates a Start Menu icon and Desktop shortcut. The icon that FakeSmoke uses is often identical from one rogue security program to another, characterizing this malware infection. As part of their payload, FakeSmoke displays its fake Windows Security Center window and a legitimate-looking notification which has been found to appear in various languages, among them Italian, French, German and Russian. Some of FakeSmoke malware's messages will include a 'Get Registration Code' button, which will then take the victim to a malicious website requesting the victim's credit card information.

Aliases: Generic4.ADKX [AVG], Gen.Variant [Ikarus], Trojan.Win32.FraudPack.aoej (v) [Sunbelt], Win32.Adware.VirusProtector.AA, Trojan/Win32.FakeAV [AhnLab-V3], High Risk Fraudulent Security Program, Trojan.Agent/Gen-FraudAV, Trojan/Win32.Pakes.gen [Antiy-AVL], Trojan/Generic.aitr, Gen.Variant!IK, TR/FakeAV.1690112 [AntiVir], Trojan.Fakealert.14846 [DrWeb], Win32:Adware-gen [Avast], Trojan.FakeAV!gen25 [Symantec] and W32/MalwareS.AYNI [F-Prot].

Technical Information

File System Details

FakeSmoke creates the following file(s):
# File Name Size MD5 Detection Count
1 %WINDIR%\system32\fbn46.tmp 467,456 1bd24f3b3bc23fe578ac533359d93779 81
2 aBpYoQKtT.dll 1,678,336 2c019ec0d78438ac96f80ad38a030a02 25
3 aoVJNpWtJ.dll 1,690,112 e85975b410e2908d38ae9bf3665718e5 3
4 %WINDIR%\system32\cez2B.tmp 431,104 05f89f6b0e80845d24e3a25ff0f986a6 1

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

One Comment

  • jenila12:

    Take the following steps to help prevent infection on your computer:

    *Enable a firewall on your computer.
    *Get the latest computer updates for all your installed software.
    *Use up-to-date antivirus software.
    *Limit user privileges on the computer.
    *Use caution when opening attachments and accepting file transfers.
    *Use caution when clicking on links to webpages.
    *Avoid downloading pirated software.
    *Protect yourself against social engineering attacks.
    *Use strong passwords.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.