Rogue:Win32/FakePAV

Rogue:Win32/FakePAV Description

Win32/FakePAV is a Trojan that has been associated with a very large family of rogue security programs. Some of the dozens of fake security applications associated with Win32/FakePAV include Windows Secure Surfer, Windows Attention Utility, Clean This, Peak Protection 2010 and ThinkPoint. Since Win32/FakePAV poses a severe threat to any PC, Win32/FakePAV shouldn't be allowed to stay in the infected machine, and it is best to remove it right away with a dependable anti-malware application. Most of the time, other components will be involved in a Win32/FakePAV-related infection. This makes manual removal impractical and automated removal with a reliable anti-malware program the preferred course of action. It is also important to note that other malware, such as a rootkit component may also be present on the victim's computer.

Malware associated with the Win32/FakePAV Trojan scams its victims by displaying a large number of misleading error messages. These are designed to mimic those displayed by Microsoft Security Essentials in order to convince the victim to download and pay for a bogus security program. Win32/FakePAV has the ability to terminate various file processes repeatedly, including Windows Registry Editor, Windows Restore, Internet Explorer and a number of known anti-virus programs in order to protect itself from removal and detection. Since Win32/FakePAV makes changes to the Windows Registry that allow Win32/FakePAV to start up automatically when the victim logs into Windows, it is advised to start up the infected computer in Safe Mode in order to prevent Win32/FakePAV from blocking access to your anti-malware software.

Understanding the Win32/FakePAV Scam


Rogue security programs in the Win32/FakePAV family, such as ThinkPoint and Palladium Pro, harass computer users with alarming error messages. They also cause browser redirects and cause the infected computer to behave erratically and to perform poorly. Inexperienced computer users may believe Win32/FakePAV's claims, paying for an expensive upgrade for a fake anti-virus application. One of the most dangerous aspects of a Win32/FakePAV infection is that these fake security programs will seldom attack alone. A Win32/FakePAV infection will often be accompanied by a Trojan dropper infection and will often occur in the presence of a dangerous rootkit component. Because of this, a Win32/FakePAV infection will usually mean that the victim's computer is exposed to other malware threats, placing the victim's sensitive data at risk.
Aliases: TROJ_GEN.RC1H1GV [TrendMicro-HouseCall], Backdoor/PcClient.qwi [Jiangmin], a variant of Win32/Kryptik.AJDN [ESET-NOD32], Rogue.FakeAV [Malwarebytes], Trojan.Win32.Jorik.vquqj [NANO-Antivirus], TROJ_FAKEAV.MZB [TrendMicro-HouseCall], Win32:FakeAV-DQY [Trj] [Avast], Trojan.Win32.Jorik.Fraud.qsl [Kaspersky], Adware.WintionalityCheck!1/PhMrMoXzY [Agnitum], Trojan.Siggen4.11689 [DrWeb], Gen:Heur.Zilix.35 (B) [Emsisoft], Trojan.Win32.FakeAV.1918976 [ViRobot], W32/Troj_Generic.CLVKT [Norman], Win32:FakeAlert-CSE [Trj] [Avast] and Gen:Variant.Kazy.77998 [BitDefender].

Infected with Rogue:Win32/FakePAV? Scan Your PC for Free

Download SpyHunter’s Spyware Scanner
to Detect Rogue:Win32/FakePAV

Security Doesn't Let You Download SpyHunter or Access the Internet?


Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in 'Safe Mode with Networking' and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

Infection Statistics


Our MalwareTracker shows malware activity across the world. Explore real-time data of Rogue:Win32/FakePAV outbreaks and other threats from global to local level.

File System Details

Rogue:Win32/FakePAV creates the following file(s):
# File Name Size MD5 Detection Count
1 %APPDATA%\avs.exe 681,472 48a3758723ccc1a62aaab9ddb07c068a 49
2 %SystemDrive%\Documents and Settings\1\Application Data\Protector-nddd.exe 2,523,648 b1f51dd461597758b42773700578184c 43
3 %SystemDrive%\Users\Eliana\AppData\Roaming\Protector-rcjp.exe 2,043,392 85614f9f45ddb50a232efb9c83fdbb60 41
4 %SystemDrive%\Documents and Settings\Suzan\Application Data\Protector-oyuc.exe 2,955,264 c61fc311cbed13d3073d446b91db4638 38
5 %APPDATA%\hotfix.exe 671,232 8070a4cb2681e8001808d33be55b1603 32
6 %USERPROFILE%\My Documents\My Pictures\install.exe 2,488,320 4c977b7b1d5cb5529bf0b1684e5a1669 28
7 %APPDATA%\Protector-vkhi.exe 1,975,808 32301e17f680b8bdca9a4c38769f0132 24
8 %APPDATA%\Protector-irwf.exe 2,048,512 8ae417a95b407819e82167698ca4a4c2 18
9 %APPDATA%\Protector-abcw.exe 2,277,888 3ba3d25e1cfa7c7e608f7888ff5200ec 15
10 %USERPROFILE%\My Documents\setup.exe 1,954,816 02d003d84d313130d193d7c8624dfe19 14
11 %SystemDrive%\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP614\a0086000.exe 2,200,064 6b5b53e850aea868ada714cfa05ec0c8 10
12 %APPDATA%\Microsoft\ocgrga.exe 2,314,752 827d9da1ec62dc2e3cd8f08ef1d6c449 9
13 %APPDATA%\Protector-hrgg.exe 1,854,464 36d0c0c3545493a4f8ca154706870074 7
14 %APPDATA%\Protector-jnlc.exe 2,596,352 2f85deab388e0c512e6ebcbc12c18242 6
15 %USERPROFILE%\My Documents\ispsetup8.exe 2,255,872 4cc5024d1d8fa3f98b0004ee94297389 6

More files

Site Disclaimer

Leave a Reply

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as-is:
What is 7 + 7 ?