TROJ_FAKEAV.MVA

By Sumo3000 in Trojans

Translate To:

TROJ_FAKEAV.MVA is a Trojan infection. TROJ_FAKEAV.MVA may arrive as a downloaded file obtained through a FAKEAV Search Engine Optimization (SEO) poisoning technique that uses a fake YouTube page to lure victims. Once TROJ_FAKEAV.MVA is executed it will display a GUI and generate bogus system scan results. On completion of the scan, the user will be prompted to purchase the "full version" of a rogue security application in order to remove all the "detected" malware. This is all a scam; if you detect TROJ_FAKEAV.MVA on your system have it removed immediately and do not purchase any rogueware that it promotes.

File System Details

TROJ_FAKEAV.MVA may create the following file(s):

Expand All | Collapse All

#	File Name	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	%Application Data%\SMSAITAV\SMXPAV.cfg
Name: %Application Data%\SMSAITAV\SMXPAV.cfg
2.	%User Profile%\Desktop\Security Master AV.lnk
Name: %User Profile%\Desktop\Security Master AV.lnk Type: Shortcut
3.	%Application Data%\{random}\SMAV.ico
Name: %Application Data%\{random}\SMAV.ico
4.	%User Profile%\Application Data\Security Master AV\Instructions.ini
Name: %User Profile%\Application Data\Security Master AV\Instructions.ini
5.	%User Profile%\Start Menu\Security Master AV.lnk
Name: %User Profile%\Start Menu\Security Master AV.lnk Type: Shortcut
6.	%Application Data%\{random}\SM{random}.exe - detected as TROJ_FAKEAV.MVA
Name: %Application Data%\{random}\SM{random}.exe - detected as TROJ_FAKEAV.MVA
7.	%User Profile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Master AV.lnk
Name: %User Profile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Master AV.lnk Type: Shortcut
8.	%User Profile%\Start Menu\Programs\Security Master AV.lnk
Name: %User Profile%\Start Menu\Programs\Security Master AV.lnk Type: Shortcut

Registry Details

TROJ_FAKEAV.MVA may create the following registry entry or registry entries:

HKEY..\..\..\..{RegistryKeys}

HKEY_CURRENT_USER\Software\3

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SM{random}.DocHostUIHandler

Debugger = "svchost.exe"

HKEY_CLASSES_ROOT\SM{random}.DocHostUIHandler

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\{application name}

HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

TROJ_FAKEAV.MVA

File System Details

Registry Details

Submit Comment

Trending

Rzfu Ransomware

'YouPorn' Email Scam

Rzkd Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen