Rogue:Win32/FakePAV Description

Win32/FakePAV is a group of rogue anti-malware applications that are notable for their interfaces (which imitate Microsoft-brand security software) and ability to block a wide range of Windows security applications. Fake anti-malware scanners from the Win32/FakePAV family will stick to traditional methods of conning their victims by displaying inaccurate security alerts and requesting that you purchase a member of their family to remove these imaginary PC problems. However, malware experts can’t recommend anything other than removing Win32/FakePAV with legitimate anti-malware software, since Win32/FakePAV-based PC threats are always dangerous to your computer and can never provide any type of security benefits.

Win32/FakePAV – When Windows Isn’t Automatically a Name to Trust

Win32/FakePAV encompasses a good range of diverse scamware products, from Palladium Pro, ThinkPoint and Red Cross Antivirus to Windows Simple Protector, Windows Support System and Windows Attention Utility. Some recent variants of Win32/FakePAV can be identified by their identical interfaces, which use such fake options as an Advanced Process Control and All-In-One Suite, although other variants of Win32/FakePAV show significant deviation from this template. Some versions of Win32/FakePAV-based fake anti-malware programs may also display alerts that are designed to imitate the look of Microsoft Security Essentials.

Win32/FakePAV-based PC threats will detect Trojans and other infections as a matter of course, while simultaneously refusing to delete them until you pay a software registration fee.

» Learn more about SpyHunter's Spyware Detection Tool
and steps to uninstall SpyHunter. malware researchers note that the only thing you have to gain from this is a decrease in your PC’s security, since Win32/FakePAV programs aren’t able to help thwart any form of harmful software, and often include secondary functions that are malicious in and of themselves.

Seeing Win32/FakePAV On Its Way Out or Stopping It from Ever Getting In

Win32/FakePAV’s primary distribution model uses fake online scanners and PC security pop-ups that request that you install their software to cure fake threat detections. These attacks are often based on JavaScript, and malware researchers recommend disabling JavaScript for any site that you don’t trust implicitly to avoid direct or indirection association with Win32/FakePAV.

Common to Win32/FakePAV, as well as to some other families of fake anti-malware programs, is the ability to disable unrelated programs – usually as a means of stopping you from deleting Win32/FakePAV and other PC threats via real anti-malware scans. Because Win32/FakePAV’s preferential program-blocking attack has been known to delete Registry entries that are linked to various programs, malware experts note that you may need to reinstall these programs or repair your Registry. Examples of victimized programs include Adobe, Yahoo and Skype-brand software.

Win32/FakePAV’s tampering with Registry Editor and Task Manager entries is especially of note, since Win32/FakePAV may redirect you to itself if you try to open either of these programs. malware research team recommends booting in Safe Mode or by way of a removable media device to turn Win32/FakePAV off prior to any attempts to remove Win32/FakePAV with any help from any blocked utilities.


a variant of Win32/Kryptik.AJDN [ESET-NOD32]Backdoor/PcClient.qwi [Jiangmin]TROJ_GEN.RC1H1GV [TrendMicro-HouseCall]Trojan.Win32.FakeAV.1918976 [ViRobot]Gen:Heur.Zilix.35 (B) [Emsisoft]Trojan.Siggen4.11689 [DrWeb]Adware.WintionalityCheck!1/PhMrMoXzY [Agnitum]Trojan.Win32.Jorik.Fraud.qsl [Kaspersky]Win32:FakeAV-DQY [Trj] [Avast]TROJ_FAKEAV.MZB [TrendMicro-HouseCall]

More aliases (1672)

Rogue:Win32/FakePAV Automatic Detection Tool (Recommended)

Is your PC infected with Rogue:Win32/FakePAV? To safely & quickly detect Rogue:Win32/FakePAV we highly recommend you run the malware scanner listed below.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
Posted: October 25, 2010 | By
Rate this article:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...
Threat Metric
Threat Level: 10/10
Detection Count: 1,525

Leave a Reply

What is 11 + 11 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)