Mal/FakeAV-PY is a proactive detection label for attempted installations of Windows Secure Kit 2011 or other members of the Rogue:Win32/Winwebsec family of scamware. Although fake security programs from the Winwebsec family have been in distribution for some time, Mal/FakeAV-PY has acquired attention due to being used as part of a recent rise in blackhat SEO redirects that redirect your web browser from a search engine’s results to an unrelated website that markets Windows Secure Kit 2011 and similar types of fake software. Competent and up-to-date anti-malware products may be able to detect and block Mal/FakeAV-PY prior to its installation, but should this fail, SpywareRemove.com malware researchers warn that you should be prepared for fake PC threat alerts, inaccurate warning messages, fraudulent scans and other symptoms that are standard for rogue security products from the same family.
Mal/FakeAV-PY – Just the Last Step in an Intricate Dance of Browser Attacks
Winwebsec-based scamware products have been in circulation for over two years, and although new versions of these fake security products have been given fresh names, their functions are fundamentally identical to those of their predecessors. Mal/FakeAV-PY is the final step in an online attack that uses blackhat search engine optimization, redirects and misleading promotional content to install a fake security application onto your PC. These Mal/FakeAV-PY attacks have been noted to focus on installing Windows Secure Kit 2011, but other types of Winwebsec scamware, such as Security Sphere 2012, Security Shield Pro, Essential Cleaner, Total Security or Antivirus 2008 may also be installed in a similar fashion.
Typical attacks that involve Mal/FakeAV-PY follow in this fashion:
- During an online search with a popular search engine, a malicious website that’s used for redirect attacks is inserted into your results despite its irrelevancy to your search terms. Anti-malware software may be able to detect this page by Mal/SEORed-A or other aliases, and web browser security settings may be able to avoid the consequential redirect attack.
- Redirect attacks by Mal/SEORed-A will force your web browser to load a second site that promotes rogue security products from the Winwebsec family. These sites may also be identified by their own threat label, such as Mal/FakeAvJs-A.
- Lastly, Mal/FakeAvJs-A will attempt to install Mal/FakeAV-PY onto your PC, either by using misleading alerts or by using drive-by-download attacks that force the installation to occur without your permission.
SpywareRemove.com malware research team notes that the result of all this is simply to encourage you to buy Mal/FakeAV-PY’s product, which is promoted by an endless series of inaccurate pop-ups, system scans and other forms of fake system analysis.
Teaching Mal/FakeAV-PY a Lesson in Real PC Security
If you need to delete Mal/FakeAV-PY or a related PC threat, you should be prepared to use competent anti-malware programs, since manual removal is typically ineffectual against Winwebsec-based rogue security programs and equally-sophisticated forms of malicious software. Although Mal/FakeAV-PY may create security issues by attempting to disable your real security software, using common anti-malware strategies to disable Mal/FakeAV-PY will allow you to remove Mal/FakeAV-PY appropriately and regain full safety for your PC.
Artemis!9E8510765E97 [McAfee]Mal/FakeAV-PY [Sophos]Suspicious file [Panda]TR/Crypt.ZPACK.Gen [AntiVir]Trojan [K7AntiVirus]
Mal/FakeAV-PY Automatic Detection Tool (Recommended)
Is your PC infected with Mal/FakeAV-PY? To safely & quickly detect Mal/FakeAV-PY, we highly recommend you run the malware scanner listed below.
Download SpyHunter's* Malware Scanner to detect Mal/FakeAV-PY What happens if Mal/FakeAV-PY does not let you open SpyHunter or blocks the Internet?
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
- The following files were created in the system:
# File Name Detection Count 1 %SystemDrive%\ Documents and Settings\ Dr. Shah\ Local Settings\ Application Data\ xmxmrxh.exe 66
Posted: February 10, 2012 | By SpywareRemove
Threat Level: 9/10
Rate this article:
Detection Count: 26