FakeSmoke is a family of rogue security programs that have been around since 2009. Some examples of malware belonging to the FakeSmoke family include SoftCop, Antivirus, BlockKeeper, AntiAID, Link Safeness, SiteVillain and Virus Protector. If malware belonging to the FakeSmoke family of rogue security programs is present on your computer system, this constitutes a severe risk to your computer's integrity. ESG security researchers urge immediate action in order to remove this dangerous invader from your hard drive.
A Summary of the FakeSmoke Scam
There are various Trojan infections that belong to the FakeSmoke family of rogue security programs. All of these have two components in common; a fake version of Windows Security Center, which consists of nothing more than an interface designed to mimic the layout of Security Center and a bogus anti-virus which carries out the main portion of the FakeSmoke scam. These two components take over the victim's computer system and display a constant stream of fake notifications that are designed to imitate closely notifications that Windows Security Center displays normally. These notifications will usually urge the victim to register the fake anti-virus, purchasing a malicious product with absolutely no anti-malware capabilities. FakeSmoke perform fake scans and display a false positive in order to sell copies of their useless product.
How FakeSmoke Attacks Your Computer System
Typically, Trojans in the FakeSmoke family of rogue security programs copy themselves to the System folder. The program's name varies depending on the particular rogue security program that is infecting your computer system. As part of their installation process, FakeSmoke makes a change to the Windows Registry that allows them to run automatically whenever Windows starts up. As part of its installation process, a rogue security program belonging to the FakeSmoke family of rogue security programs will also install files in the Program Files, like a legitimate application. This will usually be in a folder with the rogue security program's name containing another folder marked as 'Software'. FakeSmoke also creates a Start Menu icon and Desktop shortcut. The icon that FakeSmoke uses is often identical from one rogue security program to another, characterizing this malware infection. As part of their payload, FakeSmoke displays its fake Windows Security Center window and a legitimate-looking notification which has been found to appear in various languages, among them Italian, French, German and Russian. Some of FakeSmoke malware's messages will include a 'Get Registration Code' button, which will then take the victim to a malicious website requesting the victim's credit card information.
File System Details
|#||File Name||Size||MD5||Detection Count|
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.