Win32/FakeCog Family Added to the Malicious Software Removal Tool (MSRT) September 2010 Release

Microsoft added "Win32/FakeCog" family to latest MSRT release. "FakeCog employ dubious methods to convince an unsuspecting user to install and buy their software. It tries to protect itself with code obfuscation and anti-emulation techniques to evade detection by security products. Some recent brand names that FakeCog uses are "Defense Center", "Anvi Antivirus", "Protection Center" and […]

Microsoft added "Win32/FakeCog" family to latest MSRT release. "FakeCog employ dubious methods to convince an unsuspecting user to install and buy their software. It tries to protect itself with code obfuscation and anti-emulation techniques to evade detection by security products. Some recent brand names that FakeCog uses are "Defense Center", "Anvi Antivirus", "Protection Center" and "Data Protection". There're times when FakeCog just changes brand name but still uses same skin.

Note this brand of FakeCog disables Windows Task Manager so that if the user attempts to kill rogue processes using Task Manager, they'll not be able to use it. It always shows Firewall and Automatic Updates features as ON, even if the real settings say otherwise," explains Microsoft.

FakeCog has been observed to download and install variants of Win32/Alureon family into infected system.

[Source]