AnVi.FakeCog
AnVi.FakeCog is a counterfeit security program that uses several illicit tactics to get unsuspecting computer users to download, install and purchase the full AnVi.FakeCog application. AnVi.FakeCog is able to perform these actions through many deceiving tactics such as displaying of misleading popup alerts after running a bogus scan accompanied by fake parasites.
File System Modifications
- The following files were created in the system:
# File Name 1 %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus.lnk 2 %UserProfile%\Desktop\Antivirus Support.lnk 3 %UserProfile%\Desktop\Antivirus.lnk 4 %UserProfile%\Desktop\nudetube.com.lnk 5 %UserProfile%\Desktop\pornotube.com.lnk 6 %UserProfile%\Desktop\spam001.exe 7 %UserProfile%\Desktop\spam003.exe 8 %UserProfile%\Desktop\troj000.exe 9 %UserProfile%\Desktop\youporn.com.lnk 10 %UserProfile%\Local Settings\Temp\wmsdk64_32.exe 11 %UserProfile%\Local Settings\Temp\wscsvc32.exe 12 %UserProfile%\Start Menu\Programs\AnVi\ 13 %UserProfile%\Start Menu\Programs\AnVi\About.lnk 14 %UserProfile%\Start Menu\Programs\AnVi\Activate.lnk 15 %UserProfile%\Start Menu\Programs\AnVi\Antivirus Support.lnk 16 %UserProfile%\Start Menu\Programs\AnVi\Antivirus.lnk 17 %UserProfile%\Start Menu\Programs\AnVi\Buy.lnk 18 %UserProfile%\Start Menu\Programs\AnVi\Scan.lnk 19 %UserProfile%\Start Menu\Programs\AnVi\Settings.lnk 20 %UserProfile%\Start Menu\Programs\AnVi\Update.lnk 21 c:\Program Files\AnVi\ 22 c:\Program Files\AnVi\about.ico 23 c:\Program Files\AnVi\activate.ico 24 c:\Program Files\AnVi\avt.db 25 c:\Program Files\AnVi\avt.exe 26 c:\Program Files\AnVi\avtext.dll 27 c:\Program Files\AnVi\avthook.dll 28 c:\Program Files\AnVi\buy.ico 29 c:\Program Files\AnVi\help.ico 30 c:\Program Files\AnVi\scan.ico 31 c:\Program Files\AnVi\settings.ico 32 c:\Program Files\AnVi\splash.mp3 33 c:\Program Files\AnVi\Uninstall.exe 34 c:\Program Files\AnVi\update.ico 35 c:\Program Files\AnVi\virus.mp3
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Malware DefenseHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Antivirus"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "wmsdk64_32.exe"HKEY_CURRENT_USER\Software\Paladin AntivirusHKEY_LOCAL_MACHINE\SOFTWARE\AnViHKEY_LOCAL_MACHINE\SOFTWARE\Malware DefenseHKEY_LOCAL_MACHINE\SOFTWARE\Paladin AntivirusHKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}Antivirus
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.