FakeVimes Description

The Rogue:Win32/FakeVimes family of malware is a group of fake security applications that has been prevalent since at least 2009. There are numerous fake security programs belonging to the FakeVimes family, including earlier rogue anti-virus programs like Malware Catcher 2009 and Smart Engine, as well as other Rogue:Win32/FakeVimes clones that include such fake security applications as The presence of malware belonging to the Rogue:Win32/FakeVimes family on your computer is a severe intrusion into your computer's security and can be devastating if not treated immediately with a real, reliable and advanced anti-malware application. Basically, any program in the Rogue:Win32/FakeVimes family of malware claims that they scan your computer system for malware, but actually does nothing but harass the victim with constant fake warnings claiming that the victim's computer is infected. The catch is that FakeVimes programs claim that they will only remove these nonexistent problems if the victim is willing to purchase a registration code for a "full version" of Rogue:Win32/FakeVimes responsible for the attack. Rogue:Win32/FakeVimes has been known to use trademarked logos and product names in order to disguise themselves as legitimate security programs.

How Rogue:Win32/FakeVimes Attacks your Computer System

FakeVimes programs have been known to carry out browser hijacking and web browser redirects. The presence of an invasive fake security program and constant fake security alerts on your computer are the main symptoms of an infection with a Rogue:Win32/FakeVimes threat. FakeVimes programs are particularly dangerous because they tend not to be limited to spamming their victims with fake error messages. Members of the Rogue:Win32/FakeVimes family of malware have been known to disable known security programs as well as being able to stop file processes corresponding to applications that are often useful when dealing with malware.

FakeVimes programs can also bypass the Windows firewall, connect to a remote server and make dangerous changes to the Windows Registry. Recent members of the Rogue:Win32/FakeVimes family, particularly in 2012, have been known to be bundled with a rootkit component. This means that, while malware researchers have been able to update security software in order to deal with Rogue:Win32/FakeVimes infections, the rootkit component makes the Rogue:Win32/FakeVimes infection undetectable. In these cases, an anti-rootkit application may be necessary before trying to remove the Rogue:Win32/FakeVimes infection itself.

Aliases: Trojan.FakeAV.LEO [BitDefender], TROJ_ZBOT.CEX, a variant of Win32/Kryptik.GUW [NOD32], Trojan/Generic.zfrt, Gen:Variant.Barys.905 [BitDefender], Win32.TRATRAPS [eSafe], Win32:Kryptik-HWP [Trj] [Avast], TROJ_GEN.R49C7CD, W32/Troj_Generic.AKYYL, Trojan.Kryptik!97nVzYd5I8o, FakeAlert-FBO!B33E80FC0218 [McAfee], probably a variant of Win32/Agent.PGCLXV, Trojan.Win32.Encpk.lee.b (v), W32/Troj_Generic.CMULY and Trojan.FakeAV!wDpIwY+eDm8.

Technical Information

File System Details

FakeVimes creates the following file(s):
# File Name Size MD5 Detection Count
1 %ALLUSERSPROFILE%\Application Data\0cdb4f\BA0cd_8001.exe 4,046,848 ca3aeda1e62cccfdc148c947aeeeebd5 71
2 %TEMP%scandsk107d_8046[1].exe 95,237 bb38279988fcd5dfb313ac7803588daf 53
3 %ALLUSERSPROFILE%\cda02e\BVcda_8039.exe 2,958,336 41697fb087b9d3924ad4d465e533cc48 52
4 %ALLUSERSPROFILE%\f0f852\TAf0f_8068.exe 3,682,816 1570e3d543406a1aac419a033bb701f9 50
5 %TEMP%scandsk107d_8001[1].exe 137,221 96943fd9b02fa996f348d7ce867c012b 15
6 %TEMP%scandsys107f_8028.exe 138,245 ea088f10a1b9297f71c4b1f1f5dbaa61 13
7 %ALLUSERSPROFILE%\d27d5f\MPd27_8051.exe 3,406,336 92942c6a4924ebf85f58c2591452474e 13
8 %ALLUSERSPROFILE%\5e8e21\TA5e8_8044.exe 3,652,608 6d6a5c7e9d8522f35a56237a0a6c09ec 11
9 %ALLUSERSPROFILE%\Application Data\aba85f\BAaba_8028.exe 4,046,848 fc23a98def665c7ae23136ffdfbe268f 8
10 %ALLUSERSPROFILE%\Datos de programa\f4b3c7\AVf4b_8050.exe 4,210,688 d30f14b57d841c5ed78449d9d1d8f060 4
11 %ALLUSERSPROFILE%\d444da\APd44_8028.exe 2,957,824 b33e80fc0218e4e268e243422e37a87a 4
12 %ALLUSERSPROFILE%\Application Data\80c9f0\AS80c_8020.exe 3,404,288 53e00c57e1c105c837fc64d6813d2663 3
13 %TEMP%scandsk107d_8028[1].exe 119,301 e8ca18008b508982c12c9b04307a7e90 3
14 %ALLUSERSPROFILE%\Application Data\db49d8\AAdb4_8048.exe 3,864,576 ae492045c2e412f3c0732bd20f468e20 3
15 %ALLUSERSPROFILE%\98f754\MP98f_8050.exe 3,390,976 8e7ec460af8c49dfb104123e9bd0b5aa 2
16 %ALLUSERSPROFILE%\a89acb\AVa89_8050.exe 3,379,712 fdad5e201d698b3d66c5bb45b94e3c12 2
17 %ALLUSERSPROFILE%\Application Data\d8da93\AVd8d_8050.exe 3,392,512 3b3d15d3b26918819ccbafabe13f9502 2
18 %ALLUSERSPROFILE%\Application Data\81a26c\TA81a_8068.exe 3,649,536 ab23544a651bedbeee1d6da6bb8f401b 2
19 %ALLUSERSPROFILE%\Application Data\050659\MP050_8032.exe 3,408,384 1b3324938817cd0c4d700d4acb2f02bb 1
20 %TEMP%0.6567048221346792.exe 215,557 1d3c9c66bfb6e0431764de1a0dc6d058 1
21 %TEMP%0.0013807596795621935.exe 92,165 b1f6225e4f291f0030d27af3e2f9cc39 1
22 %ALLUSERSPROFILE%\Application Data\2ff31a\BA2ff_8001.exe 4,765,696 fc649800fbb20ea1fc4c0bd4fe3921b3 1
23 %ALLUSERSPROFILE%\Application Data\676476\BA676_8028.exe 4,029,440 6ed6d330cda226bb3cf8d9948b95b24c 1
24 %ALLUSERSPROFILE%\Application Data\62bbfd\BA62b_8001.exe 4,030,976 a70a88be1fc5b481dc9065a349de3764 1
25 %ALLUSERSPROFILE%\62160b\BA621_8097.exe 4,168,704 d7d10ccece823eb9aefd5b401f79e16e 1
26 %ALLUSERSPROFILE%\Application Data\7e92d9\BA7e9_8028.exe 4,145,152 08d9a59ffab33559c38c4e3f323dbfb4 1
27 %ALLUSERSPROFILE%\1abfdc\BA1ab_8028.exe 4,145,152 7387055fa87c5771d984a196da5e90b4 1
More files

Related Posts

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

HTML is not allowed.