Win32/FakePAV is a group of rogue anti-malware applications that are notable for their interfaces (which imitate Microsoft-brand security software) and ability to block a wide range of Windows security applications. Fake anti-malware scanners from the Win32/FakePAV family will stick to traditional methods of conning their victims by displaying inaccurate security alerts and requesting that you purchase a member of their family to remove these imaginary PC problems. However, SpywareRemove.com malware experts can’t recommend anything other than removing Win32/FakePAV with legitimate anti-malware software, since Win32/FakePAV-based PC threats are always dangerous to your computer and can never provide any type of security benefits.
Win32/FakePAV – When Windows Isn’t Automatically a Name to Trust
Win32/FakePAV encompasses a good range of diverse scamware products, from Palladium Pro, ThinkPoint and Red Cross Antivirus to Windows Simple Protector, Windows Support System and Windows Attention Utility. Some recent variants of Win32/FakePAV can be identified by their identical interfaces, which use such fake options as an Advanced Process Control and All-In-One Suite, although other variants of Win32/FakePAV show significant deviation from this template. Some versions of Win32/FakePAV-based fake anti-malware programs may also display alerts that are designed to imitate the look of Microsoft Security Essentials.
Win32/FakePAV-based PC threats will detect Trojans and other infections as a matter of course, while simultaneously refusing to delete them until you pay a software registration fee.
Seeing Win32/FakePAV On Its Way Out or Stopping It from Ever Getting In
Common to Win32/FakePAV, as well as to some other families of fake anti-malware programs, is the ability to disable unrelated programs – usually as a means of stopping you from deleting Win32/FakePAV and other PC threats via real anti-malware scans. Because Win32/FakePAV’s preferential program-blocking attack has been known to delete Registry entries that are linked to various programs, SpywareRemove.com malware experts note that you may need to reinstall these programs or repair your Registry. Examples of victimized programs include Adobe, Yahoo and Skype-brand software.
Win32/FakePAV’s tampering with Registry Editor and Task Manager entries is especially of note, since Win32/FakePAV may redirect you to itself if you try to open either of these programs. SpywareRemove.com malware research team recommends booting in Safe Mode or by way of a removable media device to turn Win32/FakePAV off prior to any attempts to remove Win32/FakePAV with any help from any blocked utilities.
a variant of Win32/Kryptik.AJDN [ESET-NOD32]Backdoor/PcClient.qwi [Jiangmin]TROJ_GEN.RC1H1GV [TrendMicro-HouseCall]Trojan.Win32.FakeAV.1918976 [ViRobot]Gen:Heur.Zilix.35 (B) [Emsisoft]Trojan.Siggen4.11689 [DrWeb]Adware.WintionalityCheck!1/PhMrMoXzY [Agnitum]Trojan.Win32.Jorik.Fraud.qsl [Kaspersky]Win32:FakeAV-DQY [Trj] [Avast]TROJ_FAKEAV.MZB [TrendMicro-HouseCall]
More aliases (1672)
Rogue:Win32/FakePAV Automatic Detection Tool (Recommended)
Is your PC infected with Rogue:Win32/FakePAV? To safely & quickly detect Rogue:Win32/FakePAV we highly recommend you run the malware scanner listed below.
Download SpyHunter's* Malware Scanner to detect Rogue:Win32/FakePAV What happens if Rogue:Win32/FakePAV does not let you open SpyHunter or blocks the Internet?
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
- The following files were created in the system:
# File Name Detection Count 1 %APPDATA%\ Adobe\ plugs\ KB32920859.exe 294 2 %APPDATA%\ Microsoft\ nierml.exe 290 3 %SystemDrive%\ Users\ 123\ AppData\ Roaming\ Protector-snym.exe 287 4 %APPDATA%\ Protector-lsmi.exe 284 5 %APPDATA%\ Protector-qnxg.exe 284 6 %APPDATA%\ Microsoft\ hnmidy.exe 281 7 %TEMP%\ 6.tmp 265 8 %USERPROFILE%2\ Application Data\ Protector-nlvw.exe 262 9 %APPDATA%\ bnadlt.exe 256 10 %APPDATA%\ Microsoft\ akymdv.exe 253
Posted: October 25, 2010 | By SpywareRemove
Rate this article: