Rogue:Win32/FakePAV

Rogue:Win32/FakePAV Description

Win32/FakePAV is a group of rogue anti-malware applications that are notable for their interfaces (which imitate Microsoft-brand security software) and ability to block a wide range of Windows security applications. Fake anti-malware scanners from the Win32/FakePAV family will stick to traditional methods of conning their victims by displaying inaccurate security alerts and requesting that you purchase a member of their family to remove these imaginary PC problems. However, SpywareRemove.com malware experts can’t recommend anything other than removing Win32/FakePAV with legitimate anti-malware software, since Win32/FakePAV-based PC threats are always dangerous to your computer and can never provide any type of security benefits.

Win32/FakePAV – When Windows Isn’t Automatically a Name to Trust

Win32/FakePAV encompasses a good range of diverse scamware products, from Palladium Pro, ThinkPoint and Red Cross Antivirus to Windows Simple Protector, Windows Support System and Windows Attention Utility. Some recent variants of Win32/FakePAV can be identified by their identical interfaces, which use such fake options as an Advanced Process Control and All-In-One Suite, although other variants of Win32/FakePAV show significant deviation from this template. Some versions of Win32/FakePAV-based fake anti-malware programs may also display alerts that are designed to imitate the look of Microsoft Security Essentials.

Win32/FakePAV-based PC threats will detect Trojans and other infections as a matter of course, while simultaneously refusing to delete them until you pay a software registration fee. SpywareRemove.com malware researchers note that the only thing you have to gain from this is a decrease in your PC’s security, since Win32/FakePAV programs aren’t able to help thwart any form of harmful software, and often include secondary functions that are malicious in and of themselves.

Seeing Win32/FakePAV On Its Way Out or Stopping It from Ever Getting In

Win32/FakePAV’s primary distribution model uses fake online scanners and PC security pop-ups that request that you install their software to cure fake threat detections. These attacks are often based on JavaScript, and SpywareRemove.com malware researchers recommend disabling JavaScript for any site that you don’t trust implicitly to avoid direct or indirection association with Win32/FakePAV.

Common to Win32/FakePAV, as well as to some other families of fake anti-malware programs, is the ability to disable unrelated programs – usually as a means of stopping you from deleting Win32/FakePAV and other PC threats via real anti-malware scans. Because Win32/FakePAV’s preferential program-blocking attack has been known to delete Registry entries that are linked to various programs, SpywareRemove.com malware experts note that you may need to reinstall these programs or repair your Registry. Examples of victimized programs include Adobe, Yahoo and Skype-brand software.

Win32/FakePAV’s tampering with Registry Editor and Task Manager entries is especially of note, since Win32/FakePAV may redirect you to itself if you try to open either of these programs. SpywareRemove.com malware research team recommends booting in Safe Mode or by way of a removable media device to turn Win32/FakePAV off prior to any attempts to remove Win32/FakePAV with any help from any blocked utilities.

Aliases

More aliases (1672)

Rogue:Win32/FakePAV Automatic Detection Tool (Recommended)

Technical Details

Home Malware ProgramsRogue Anti-Spyware Programs Rogue:Win32/FakePAV