Skip to main content
Published Jan 04, 2011 | Updated Sep 15, 2017

Win32/FakePAV

Severe |Detected with Windows Defender Antivirus

Aliases: AntiSpy Safeguard (other) Clean This (other) LizaMoon SQL injection (other) Major Defense Kit (other) fake Microsoft Security Essentials (other) Palladium Pro (other) Peak Protection 2010 (other) Pest Detector (other) Privacy Guard 2010 (other) Red Cross Antivirus (other) ThinkPoint (other) Windows Advanced Security Center (other) Windows Antivirus Master (other) Windows Attention Utility (other) Windows Background Protector (other) Windows Debug System (other) Windows Defence Center (other) Windows Defence Counsel (other) Windows Defence Unit (other) Windows Efficiency Manager (other) Windows Efficiency Magnifier (other) Windows Error Correction (other) Windows Emergency System (other) Windows Expansion Center (other) Windows Lowlevel Solution (other) Windows Passport Utility (other) Windows Performance Manager (other) Windows Power Expansion (other) Windows Premium Console (other) Windows Process Regulator (other) Windows Remedy (other) Windows Secure Surfer (other) Windows Servant System (other) Windows Simple Protector (other) Windows Stability Center (other) Windows Support System (other) Windows Threats Removing (other) Windows Trouble Remover (other) Windows Troublemakers Agent (other) Windows Web Commander (other) Windows Defence Unit (other) Windows AntiBreach Module (other)

Summary

Windows Defender detects and removes this threat.

This family of rogue security programs pretend to scan your PC for malware, and often report lots of infections. The program will say you have to pay for it before it can fully clean your PC.

However, the program hasn't really detected any malware at all and isn't really an antivirus or antimalware scanner. It just looks like one so you'll send money to the people who made the program. Some of these programs use product names or logos that unlawfully impersonate Microsoft products.

Even if you do pay to "unlock" the app, it won't do anything because your PC isn't actually infected with all that malware it "found".

Different brands of the rogues may modify various settings on your computer, end or close programs or system services, or block access to websites.

It might have been installed on your PC by a Rogue:VBS/FakePAV variant.

Find out ways that malware can get on your PC.  

The following free Microsoft software detects and removes this threat:

Even if we've already detected and removed this particular threat, running a full scan might find other malware that is hiding on your PC.

Additional recovery instructions for Win32/FakePAV ThinkPoint variant
Win32/FakePAV ThinkPoint variant may modify the computer to stop you from accessing the Desktop, Start Menu and Task Bar. The following steps outline how to disable the rogue, so you can run a quick-scan to remove the threat.
  1. Click Settings on the ThinkPoint menu tab.
  2. Check Allow unprotected startup.

  3. Click Save settings.
  4. You should now be able to close the rogue’s window and Windows Explorer will run.
  5. Open a command prompt by pressing the Windows Logo Key + R or typing cmd.exe in the Start screen or Start menu.
  6. Type taskkill /IM hotfix.exe and press Enter.
  7. Launch Microsoft Security Essentials and run a quick scan.
Get more help

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

If you’re using Windows XP, see our Windows XP end of support page.