Rogue:JS/FakeAV is a generic detection for a trojan script that tries to download and run rogue security software when you visit a malicious web page and move your mouse cursor over certain graphics or images.
Rogue:JS/FakeAV does not install locally. However, it can be cached in your temporary Internet files folder after you visit a malicious web page.
Downloads rogue security software
The trojan script can download rogue security software, including Win32/FakeRean. We have also seen it download other malware, including Win32/Winwebsec.
It generates a dialogue box that asks you to run a fake security scan or download and run fake security software. This software can then further compromise your PC.
The fake scan can look like the following:
The following are some of the dialog boxes that indicate this script has run:
Analysis by Marianne Mallen
The following could indicate that you have this threat on your PC:
- You see these dialog boxes: