Rogue:Win32/FakePAV

Rogue:Win32/FakePAV Description

Win32/FakePAV is a Trojan that has been associated with a very large family of rogue security programs. Some of the dozens of fake security applications associated with Win32/FakePAV include Windows Secure Surfer, Windows Attention Utility, Clean This, Peak Protection 2010 and ThinkPoint. Since Win32/FakePAV poses a severe threat to any PC, Win32/FakePAV shouldn't be allowed to stay in the infected machine, and it is best to remove it right away with a dependable anti-malware application. Most of the time, other components will be involved in a Win32/FakePAV-related infection. This makes manual removal impractical and automated removal with a reliable anti-malware program the preferred course of action. It is also important to note that other malware, such as a rootkit component may also be present on the victim's computer.

Malware associated with the Win32/FakePAV Trojan scams its victims by displaying a large number of misleading error messages. These are designed to mimic those displayed by Microsoft Security Essentials in order to convince the victim to download and pay for a bogus security program. Win32/FakePAV has the ability to terminate various file processes repeatedly, including Windows Registry Editor, Windows Restore, Internet Explorer and a number of known anti-virus programs in order to protect itself from removal and detection. Since Win32/FakePAV makes changes to the Windows Registry that allow Win32/FakePAV to start up automatically when the victim logs into Windows, it is advised to start up the infected computer in Safe Mode in order to prevent Win32/FakePAV from blocking access to your anti-malware software.

Understanding the Win32/FakePAV Scam


Rogue security programs in the Win32/FakePAV family, such as ThinkPoint and Palladium Pro, harass computer users with alarming error messages. They also cause browser redirects and cause the infected computer to behave erratically and to perform poorly. Inexperienced computer users may believe Win32/FakePAV's claims, paying for an expensive upgrade for a fake anti-virus application. One of the most dangerous aspects of a Win32/FakePAV infection is that these fake security programs will seldom attack alone. A Win32/FakePAV infection will often be accompanied by a Trojan dropper infection and will often occur in the presence of a dangerous rootkit component. Because of this, a Win32/FakePAV infection will usually mean that the victim's computer is exposed to other malware threats, placing the victim's sensitive data at risk.
Aliases: TROJ_GEN.RC1H1GV [TrendMicro-HouseCall], Backdoor/PcClient.qwi [Jiangmin], a variant of Win32/Kryptik.AJDN [ESET-NOD32], Rogue.FakeAV [Malwarebytes], Trojan.Win32.Jorik.vquqj [NANO-Antivirus], TROJ_FAKEAV.MZB [TrendMicro-HouseCall], Win32:FakeAV-DQY [Trj] [Avast], Trojan.Win32.Jorik.Fraud.qsl [Kaspersky], Adware.WintionalityCheck!1/PhMrMoXzY [Agnitum], Trojan.Siggen4.11689 [DrWeb], Gen:Heur.Zilix.35 (B) [Emsisoft], Trojan.Win32.FakeAV.1918976 [ViRobot], W32/Troj_Generic.CLVKT [Norman], Win32:FakeAlert-CSE [Trj] [Avast] and Gen:Variant.Kazy.77998 [BitDefender].

Infected with Rogue:Win32/FakePAV? Scan Your PC for Free

Download SpyHunter’s Spyware Scanner
to Detect Rogue:Win32/FakePAV

Security Doesn't Let You Download SpyHunter or Access the Internet?


Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in 'Safe Mode with Networking' and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

Infection Statistics


Our MalwareTracker shows malware activity across the world. Explore real-time data of Rogue:Win32/FakePAV outbreaks and other threats from global to local level.

File System Details

Rogue:Win32/FakePAV creates the following file(s):
# File Name Size MD5 Detection Count
1 %APPDATA%\Adobe\plugs\KB32920859.exe 2,428,928 e50aa8fdc8dc9ae23ec95c2565587492 294
2 %APPDATA%\Microsoft\nierml.exe 2,306,560 e88e325572c0b92ee5a0f6d2955ce473 290
3 %SystemDrive%\Users\123\AppData\Roaming\Protector-snym.exe 2,259,968 d723f30667b0e35e958c6426aefae353 287
4 %APPDATA%\Protector-lsmi.exe 2,339,840 4884ee8dedb9e9603c189aa7f315de7f 284
5 %APPDATA%\Protector-qnxg.exe 2,520,064 92b95c6993f94b6e727aa06cb70a64c5 284
6 %APPDATA%\Microsoft\hnmidy.exe 2,317,824 15a1d5053e686f6a0ee10fb513956a84 281
7 %TEMP%\6.tmp 663,040 7d4742d8daaea142d40d5ec371cfd693 265
8 %USERPROFILE%2\Application Data\Protector-nlvw.exe 2,275,328 f1d98045cfd37b8838eecd94eaf79647 262
9 %APPDATA%\bnadlt.exe 2,478,080 5514135ddbe2b36cb0ccc1c20c1b944e 256
10 %APPDATA%\Protector-etiw.exe 2,072,064 32eafd9a4345cc4a8a3ed326238a9e42 253
11 %APPDATA%\Microsoft\akymdv.exe 2,308,608 383586dd1ddd01fa62b0de40faa9f0f1 253
12 %SystemDrive%\Users\Artis Family\AppData\Roaming\Protector-jtqb.exe 1,889,280 0b423001ef4987156773d6c68f75832a 250
13 %SystemDrive%\Users\PlAY\AppData\Roaming\Protector-nigk.exe 2,412,032 3be9d08fe3b42133461f6aacfc6fc45d 250
14 %APPDATA%\Adobe\plugs\KB2336458.exe 2,400,256 4dbae633268554e2ceff6b3ecdb3f802 237
15 %APPDATA%\Protector-udxv.exe 2,992,128 daae04002e194da99037c4e2a7f96f43 234

More files

Site Disclaimer

Leave a Reply

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as-is:
What is 14 + 4 ?