FakePAV: How to Fight Back

How Win32/FakePAV Steals Credit Card Information and How to Remove the Trojan

Win32/FakePAV was first detected in 3Q10 and became the second most commonly detected rogue security software family by 4Q10. This video shows how a computer is infected by FakePAV and demonstrates how to terminate its process.

The Win32/FakePAV trojan presents a dialog box similar in appearance to a Microsoft Security Essentials alert, listing one or more nonexistent infections that it claims it cannot remove. It then offers to “install” a trial version of a different security program (actually another part of FakePAV itself), and imitates a rogue security software program scanning process. From this point, the experience is similar to most other rogues: the user is informed they need to buy the full version of the scanner to remove the infections. A computer infected with Win32/FakePAV becomes more difficult to use. In addition to stopping explorer.exe from running, the trojan terminates Task Manager, making it difficult to run any other programs.

For additional information on FakePAV, see MSRT Tackles Fake Microsoft Security Essentials.

Featured Articles


United States Change All Microsoft Sites



Was the information in this article helpful?