Author Topic: Rogue:Win32/FakeCog  (Read 2424 times)

0 Members and 1 Guest are viewing this topic.

Offline Ssscrudddy

  • Newbie
  • *
  • Posts: 10
« on: November 01, 2010, 12:24:48 PM »
1st post, so please be gentle. I have been using Avast AV Free Edition for some years now & never had a virus or anything else since using it, so very happy & thank you. It has also blocked a fair number of DCOM attacks since switching to mobile internet which my firewall seems to have missed, previously I was on landline internet behind 2 routers, so presumably the routers were blocking these attacks.

I am reporting this for information purposes in case there is "new behaviour" I don't think my system has a problem... sort of... ?

Last night I copied some videos files from a friends external hard drive (most likely source of infection), then turned off my PC. Later I watched less than 5 mins of 1 video, then stopped the video & player & went to bed, leaving the PC turned on but not connected to the internet (I use a mobile internet dongle).

This morning after using my PC for about an hour on the internet, only 1 website, which has never caused a problem (& not going on any of the videos from last night), Windows Defender popped up with an alert about

This program is dangerous and executes commands from an attacker.
Remove this software immediately.

I googled FakeCog & decided to get rid of it.

I hit the removal button on Windows Defender & received the following error.

Error encountered:
Code 0x80508021. An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

I then tried the Quarantine button twice with exactly the same error.

I then ran Windows Defender again, this time (& all subsequent times) from the Start Menu instead of the pop up, with the same error results as above.

After which I did a quick scan with Avast AV, which reported my system clean.

I ran Windows Defender again & was alerted to Rogue:Win32/FakeCog again, tried removal & tried quarantine, with the same results as before (ie reported it but couldn't get rid of it)

I then ran Windows Malicious Software Removal Tool as a quick scan, which also reported my system clean.

I ran Windows Defender again, with the same steps & results as before (ie reported it but couldn't get rid of it)

I then ran a full scan with Avast AV which reported my system clean again.

Windows Defender again with the same steps & results as above (ie reported it but couldn't get rid of it)

I then ran Windows Malicious Software Removal Tool on a full scan, which again also reported my system clean.

During the above steps, I ran Task Manager several times, but could not find Rogue:Win32/FakeCog running, nor could I find pid:2068 running. I did find PnkBstrA.exe running, which has no reason for being there so I decided to get rid of that at the same time.

At this point I tried to install mbam-setup.exe, which would not install, after double clicking the file, nothing happened, & eventually I got the error message

Unable to execute file in temporary directory. Setup aborted.
Error 5: Access is denied.

I tried this 3 times to no avail, including renaming it.
I also tried to install pbsvc.exe to get rid of PnkBstrA.exe but that wouldn't work either.

At NO point have I been asked to uninstall any of my security programs, nor to install any other security programs, nor pay for, nor register any.

1 other point which may or may not be relevant, within the last few days I have downloaded a large number of pdf files (books to read) mostly on my laptop, but some on this PC, & all have been transferred to my laptop & this PC. But the most recent was 4 days ago & all within the last 2 weeks. My laptop hasn't shown any signs of trouble.

Having got nowhere very slowly, I decided to restart my PC, *1 odd thing happened which I shall come to later as I don't think its relevant*.

I ran Windows Defender again, which reported no problems. I installed successfully mbam.exe (but haven't used it yet), & I successfully ran pbsvc.exe to get rid of PnkBstrA (Punkbuster).

The 1 odd thing that happened after the restart, I don't think is relevant. I have power issues relating to my USB slots. My mobile internet dongle reinstalled it's drivers etc & then I was told it could run quicker if I plugged it into USB 2.0. All my USB slots are 2.0.
I have 4 USB slots on the Mobo,
1 has my mobile internet dongle
1 has my (powered) printer
1 has a wireless XBOX 360 receiver
1 has an unpowered 4 port hub ---- which contains
 - Webcam
 - Powered External HDD
 - unpowered memory card reader
 - unpowered wireless mouse receiver

After reinstalling the internet dongle drivers (automatically) windows told me about running quicker if I used a USB 2.0 slot, & also reported that I had 4 free slots, however all devices worked properly, & all slots were being used.
Like I said, I don't believe this last bit in italics is relevant, & is due to power issues, but I like to supply all information

I am concerned about the Rogue:Win32/FakeCog warning that I received in the 1st place. I cannot detect any problems., however any feedback would be appreciated.

OS Vista Home Premium SP2
AV Avast AV Free edition 4.8
Firewall Comodo 3.14.147648.588

If anyone want logs, I will need instructions on how to do that.


Offline CharleyO

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7089
  • Be alert for error code - ID 10T
Re: Rogue:Win32/FakeCog
« Reply #1 on: November 01, 2010, 07:03:48 PM »

Welcome to the forums, Ssscrudddy   :)

Try following essexboy's suggestions in the first post at the link below and then post the resulting logs in this same thread that you have started.


Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40636
  • Dragons by Sasha
    • Malware fixes
Re: Rogue:Win32/FakeCog
« Reply #2 on: November 01, 2010, 10:13:25 PM »
Reference the USB2.0 warning thing, I received that just recently on my system with the same set up as you.  I used a wireless USB to connect to the net, which then started failing.  None of my other USB devices gave me this error.  Used another wireless USB error gone, connection perfect.  So I surmise that the USB was on its way out