1st post, so please be gentle. I have been using Avast AV Free Edition for some years now & never had a virus or anything else since using it, so very happy & thank you. It has also blocked a fair number of DCOM attacks since switching to mobile internet which my firewall seems to have missed, previously I was on landline internet behind 2 routers, so presumably the routers were blocking these attacks.
I am reporting this for information purposes in case there is "new behaviour" I don't think my system has a problem... sort of... ?
Last night I copied some videos files from a friends external hard drive (most likely source of infection), then turned off my PC. Later I watched less than 5 mins of 1 video, then stopped the video & player & went to bed, leaving the PC turned on but not connected to the internet (I use a mobile internet dongle).
This morning after using my PC for about an hour on the internet, only 1 website Travian.co.uk, which has never caused a problem (& not going on any of the videos from last night), Windows Defender popped up with an alert about
Rogue:Win32/FakeCog
Category:
Trojan
Description:
This program is dangerous and executes commands from an attacker.
Advice:
Remove this software immediately.
Resources:
process:
pid:2068
I googled FakeCog & decided to get rid of it.
I hit the removal button on Windows Defender & received the following error.
Error encountered:
Code 0x80508021. An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
I then tried the Quarantine button twice with exactly the same error.
I then ran Windows Defender again, this time (& all subsequent times) from the Start Menu instead of the pop up, with the same error results as above.
After which I did a quick scan with Avast AV, which reported my system clean.
I ran Windows Defender again & was alerted to Rogue:Win32/FakeCog again, tried removal & tried quarantine, with the same results as before (ie reported it but couldn't get rid of it)
I then ran Windows Malicious Software Removal Tool as a quick scan, which also reported my system clean.
I ran Windows Defender again, with the same steps & results as before (ie reported it but couldn't get rid of it)
I then ran a full scan with Avast AV which reported my system clean again.
Windows Defender again with the same steps & results as above (ie reported it but couldn't get rid of it)
I then ran Windows Malicious Software Removal Tool on a full scan, which again also reported my system clean.
During the above steps, I ran Task Manager several times, but could not find Rogue:Win32/FakeCog running, nor could I find pid:2068 running. I did find PnkBstrA.exe running, which has no reason for being there so I decided to get rid of that at the same time.
At this point I tried to install mbam-setup.exe, which would not install, after double clicking the file, nothing happened, & eventually I got the error message
Unable to execute file in temporary directory. Setup aborted.
Error 5: Access is denied.
I tried this 3 times to no avail, including renaming it.
I also tried to install pbsvc.exe to get rid of PnkBstrA.exe but that wouldn't work either.
At NO point have I been asked to uninstall any of my security programs, nor to install any other security programs, nor pay for, nor register any.
1 other point which may or may not be relevant, within the last few days I have downloaded a large number of pdf files (books to read) mostly on my laptop, but some on this PC, & all have been transferred to my laptop & this PC. But the most recent was 4 days ago & all within the last 2 weeks. My laptop hasn't shown any signs of trouble.
Having got nowhere very slowly, I decided to restart my PC, *1 odd thing happened which I shall come to later as I don't think its relevant*.
I ran Windows Defender again, which reported no problems. I installed successfully mbam.exe (but haven't used it yet), & I successfully ran pbsvc.exe to get rid of PnkBstrA (Punkbuster).
The 1 odd thing that happened after the restart, I don't think is relevant. I have power issues relating to my USB slots. My mobile internet dongle reinstalled it's drivers etc & then I was told it could run quicker if I plugged it into USB 2.0. All my USB slots are 2.0.
I have 4 USB slots on the Mobo,
1 has my mobile internet dongle
1 has my (powered) printer
1 has a wireless XBOX 360 receiver
1 has an unpowered 4 port hub ---- which contains
- Webcam
- Powered External HDD
- unpowered memory card reader
- unpowered wireless mouse receiver
After reinstalling the internet dongle drivers (automatically) windows told me about running quicker if I used a USB 2.0 slot, & also reported that I had 4 free slots, however all devices worked properly, & all slots were being used.
Like I said, I don't believe this last bit in italics is relevant, & is due to power issues, but I like to supply all information
I am concerned about the Rogue:Win32/FakeCog warning that I received in the 1st place. I cannot detect any problems., however any feedback would be appreciated.
OS Vista Home Premium SP2
AV Avast AV Free edition 4.8
Firewall Comodo 3.14.147648.588
If anyone want logs, I will need instructions on how to do that.
Scruds.
