How Win32/FakePAV Steals Credit Card Information and How to Remove the Trojan
Win32/FakePAV was first detected in 3Q10 and became the second most commonly detected rogue security software family by 4Q10. This video shows how a computer is infected by FakePAV and demonstrates how to terminate its process.
The Win32/FakePAV trojan presents a dialog box similar in appearance to a Microsoft Security Essentials alert, listing one or more nonexistent infections that it claims it cannot remove. It then offers to â€œinstallâ€ a trial version of a different security program (actually another part of FakePAV itself), and imitates a rogue security software program scanning process. From this point, the experience is similar to most other rogues: the user is informed they need to buy the full version of the scanner to remove the infections. A computer infected with Win32/FakePAV becomes more difficult to use. In addition to stopping explorer.exe from running, the trojan terminates Task Manager, making it difficult to run any other programs.
For additional information on FakePAV, see MSRT Tackles Fake Microsoft Security Essentials.