TROJ_FAKEAV.MVA
TROJ_FAKEAV.MVA is a malicious Trojan that runs in the background and allows hackers remote access to an infected PC. TROJ_FAKEAV.MVA modifies other files on the system by infecting or overwriting them. TROJ_FAKEAV.MVA can also download corrupt files to the local computer that may represent security risk. TROJ_FAKEAV.MVA may be installed on a system when users unknowingly visit malicious websites and uses rootkit technology to evade scanners. TROJ_FAKEAV.MVA poses a severe threat to any computer and should be removed immediately.
File System Modifications
- The following files were created in the system:
# File Name 1 %Application Data%\SMSAITAV\SMXPAV.cfg 2 %Application Data%\{random}\SMAV.ico 3 %Application Data%\{random}\SM{random}.exe - detected as TROJ_FAKEAV.MVA 4 %User Profile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Master AV.lnk 5 %User Profile%\Application Data\Security Master AV\Instructions.ini 6 %User Profile%\Desktop\Security Master AV.lnk 7 %User Profile%\Start Menu\Programs\Security Master AV.lnk 8 %User Profile%\Start Menu\Security Master AV.lnk
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\3HKEY_CURRENT_USER\Software\Microsoft\Internet ExplorerHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SM{random}.DocHostUIHandlerHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFGHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\{application name}HKEY..\..\..\..{RegistryKeys}Debugger = "svchost.exe"HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}HKEY_CLASSES_ROOT\SM{random}.DocHostUIHandler
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.