Rogue:Win32/FakePAV
Posted: October 25, 2010
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 2,002 |
First Seen: | November 30, 2010 |
---|---|
Last Seen: | July 13, 2021 |
OS(es) Affected: | Windows |
Win32/FakePAV is a group of rogue anti-malware applications that are notable for their interfaces (which imitate Microsoft-brand security software) and ability to block a wide range of Windows security applications. Fake anti-malware scanners from the Win32/FakePAV family will stick to traditional methods of conning their victims by displaying inaccurate security alerts and requesting that you purchase a member of their family to remove these imaginary PC problems. However, SpywareRemove.com malware experts can't recommend anything other than removing Win32/FakePAV with legitimate anti-malware software, since Win32/FakePAV-based PC threats are always dangerous to your computer and can never provide any type of security benefits.
Win32/FakePAV – When Windows Isn't Automatically a Name to Trust
Win32/FakePAV encompasses a good range of diverse scamware products, from Palladium Pro, ThinkPoint and Red Cross Antivirus to Windows Simple Protector, Windows Support System and Windows Attention Utility. Some recent variants of Win32/FakePAV can be identified by their identical interfaces, which use such fake options as an Advanced Process Control and All-In-One Suite, although other variants of Win32/FakePAV show significant deviation from this template. Some versions of Win32/FakePAV-based fake anti-malware programs may also display alerts that are designed to imitate the look of Microsoft Security Essentials.
Win32/FakePAV-based PC threats will detect Trojans and other infections as a matter of course, while simultaneously refusing to delete them until you pay a software registration fee. SpywareRemove.com malware researchers note that the only thing you have to gain from this is a decrease in your PC's security, since Win32/FakePAV programs aren't able to help thwart any form of harmful software, and often include secondary functions that are malicious in and of themselves.
Seeing Win32/FakePAV On Its Way Out or Stopping It from Ever Getting In
Win32/FakePAV's primary distribution model uses fake online scanners and PC security pop-ups that request that you install their software to cure fake threat detections. These attacks are often based on JavaScript, and SpywareRemove.com malware researchers recommend disabling JavaScript for any site that you don't trust implicitly to avoid direct or indirection association with Win32/FakePAV.
Common to Win32/FakePAV, as well as to some other families of fake anti-malware programs, is the ability to disable unrelated programs – usually as a means of stopping you from deleting Win32/FakePAV and other PC threats via real anti-malware scans. Because Win32/FakePAV's preferential program-blocking attack has been known to delete Registry entries that are linked to various programs, SpywareRemove.com malware experts note that you may need to reinstall these programs or repair your Registry. Examples of victimized programs include Adobe, Yahoo and Skype-brand software.
Win32/FakePAV's tampering with Registry Editor and Task Manager entries is especially of note, since Win32/FakePAV may redirect you to itself if you try to open either of these programs. SpywareRemove.com malware research team recommends booting in Safe Mode or by way of a removable media device to turn Win32/FakePAV off prior to any attempts to remove Win32/FakePAV with any help from any blocked utilities.
Aliases
More aliases (1672)
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%SystemDrive%\Documents and Settings\1\Application Data\Protector-nddd.exe
File name: Protector-nddd.exeSize: 2.52 MB (2523648 bytes)
MD5: b1f51dd461597758b42773700578184c
Detection count: 101
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\Documents and Settings\1\Application Data
Group: Malware file
Last Updated: October 9, 2012
%SystemDrive%\Documents and Settings\Suzan\Application Data\Protector-oyuc.exe
File name: Protector-oyuc.exeSize: 2.95 MB (2955264 bytes)
MD5: c61fc311cbed13d3073d446b91db4638
Detection count: 89
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\Documents and Settings\Suzan\Application Data
Group: Malware file
Last Updated: February 12, 2013
%USERPROFILE%2\Application Data\Protector-nlvw.exe
File name: Protector-nlvw.exeSize: 2.27 MB (2275328 bytes)
MD5: f1d98045cfd37b8838eecd94eaf79647
Detection count: 84
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%2\Application Data
Group: Malware file
Last Updated: December 24, 2012
%SystemDrive%\Users\<username>\AppData\Roaming\Protector-nigk.exe
File name: Protector-nigk.exeSize: 2.41 MB (2412032 bytes)
MD5: 3be9d08fe3b42133461f6aacfc6fc45d
Detection count: 80
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\Users\<username>\AppData\Roaming
Group: Malware file
Last Updated: September 4, 2012
%SystemDrive%\Users\<username>\AppData\Roaming\Protector-jtqb.exe
File name: Protector-jtqb.exeSize: 1.88 MB (1889280 bytes)
MD5: 0b423001ef4987156773d6c68f75832a
Detection count: 80
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\Users\<username>\AppData\Roaming
Group: Malware file
Last Updated: September 25, 2012
%APPDATA%\Protector-udxv.exe
File name: Protector-udxv.exeSize: 2.99 MB (2992128 bytes)
MD5: daae04002e194da99037c4e2a7f96f43
Detection count: 75
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: November 29, 2012
%USERPROFILE%\My Documents\My Pictures\install.exe
File name: install.exeSize: 2.48 MB (2488320 bytes)
MD5: 4c977b7b1d5cb5529bf0b1684e5a1669
Detection count: 66
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\My Documents\My Pictures
Group: Malware file
Last Updated: September 17, 2012
%SystemDrive%\Users\<username>\AppData\Roaming\Protector-dpad.exe
File name: Protector-dpad.exeSize: 2.36 MB (2363392 bytes)
MD5: fc5c53995a76cd7e7c677460393dcdc9
Detection count: 63
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\Users\<username>\AppData\Roaming
Group: Malware file
Last Updated: January 8, 2013
%SystemDrive%\Users\<username>\AppData\Roaming\Protector-ewhv.exe
File name: Protector-ewhv.exeSize: 2.22 MB (2222592 bytes)
MD5: 81d4d28428c38df1a4663c6a6f5bb0a9
Detection count: 53
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\Users\<username>\AppData\Roaming
Group: Malware file
Last Updated: October 9, 2012
%TEMP%\Temp1_setup.zip\setup.exe
File name: setup.exeSize: 2.95 MB (2955264 bytes)
MD5: 782d99b44cb875655165559636ecfe84
Detection count: 41
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%\Temp1_setup.zip
Group: Malware file
Last Updated: February 22, 2013
%SystemDrive%\Users\<username>\AppData\Roaming\Protector-wqik.exe
File name: Protector-wqik.exeSize: 2.19 MB (2194432 bytes)
MD5: f4545bb7ed608bad6ffc3f6104937d34
Detection count: 40
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\Users\<username>\AppData\Roaming
Group: Malware file
Last Updated: September 19, 2012
%APPDATA%\Protector-afus.exe
File name: Protector-afus.exeSize: 2.49 MB (2498560 bytes)
MD5: 319a5ee6eea3790bb507ae3640bfba8c
Detection count: 32
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: September 25, 2012
%APPDATA%\Protector-qhdq.exe
File name: Protector-qhdq.exeSize: 2.51 MB (2510848 bytes)
MD5: fcb75acdef6444d4c0af3438d3b27d17
Detection count: 25
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: February 25, 2013
%USERPROFILE%\AppData\Roaming\Protector-nkyr.exe
File name: Protector-nkyr.exeSize: 2.47 MB (2479104 bytes)
MD5: a91470eb263d0a7ca66373303e5b12c5
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\AppData\Roaming
Group: Malware file
Last Updated: November 22, 2012
%SystemDrive%\Documents and Settings\Administrator\Application Data\Protector-prhk.exe
File name: Protector-prhk.exeSize: 1.97 MB (1970688 bytes)
MD5: 35a9b2eebd0e185d52d667d6140ef0fb
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\Documents and Settings\Administrator\Application Data
Group: Malware file
Last Updated: January 14, 2013
%USERPROFILE%\AppData\Roaming\Protector-guus.exe
File name: Protector-guus.exeSize: 2.27 MB (2273792 bytes)
MD5: a1c495bbb7bd712ced760152e886b646
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\AppData\Roaming
Group: Malware file
Last Updated: November 22, 2012
%USERPROFILE%\My Documents\setup.exe
File name: setup.exeSize: 2.05 MB (2059264 bytes)
MD5: 8f6e4a862443362314fff5c173f6de1a
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\My Documents
Group: Malware file
Last Updated: March 1, 2013
%SystemDrive%\Users\<username>\AppData\Roaming\Protector-uljb.exe
File name: Protector-uljb.exeSize: 2.24 MB (2246656 bytes)
MD5: 3f21b7e7fef42f63ab3701f9e419e12f
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\Users\<username>\AppData\Roaming
Group: Malware file
Last Updated: August 13, 2012
%APPDATA%\Protector-umxm.exe
File name: Protector-umxm.exeSize: 2.95 MB (2955264 bytes)
MD5: 3eea0fae5faca4883cb814b52412e8bb
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: August 27, 2012
%SystemDrive%\Users\<username>\AppData\Roaming\Protector-xhfg.exe
File name: Protector-xhfg.exeSize: 1.97 MB (1971712 bytes)
MD5: 4854a280ba2de4243861b3d9fcea81d3
Detection count: 4
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\Users\<username>\AppData\Roaming
Group: Malware file
Last Updated: September 25, 2012
%SystemDrive%\Users\<username>\AppData\Roaming\Protector-pdcf.exe
File name: Protector-pdcf.exeSize: 2.48 MB (2488320 bytes)
MD5: 0e8d851b268645fdc6ea388a14e68b01
Detection count: 1
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\Users\<username>\AppData\Roaming
Group: Malware file
Last Updated: March 29, 2013
More files
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.