Trojan FakeAV

Explanation: Trojan FakeAV is a name given by security expert Trend Micro for rogue security software. Trend Micro identifies these malicious programs as those which that pretend to be legitimate system security programs to trick the user in to making some form of payment. In the process the Trojan FakeAV gains access to the user’s credit card information. Normally, Trojan FakeAV applications propagate through the internet by using a number of methods:

• Social Engineering – users are tricked into installing the software, as it pretends to come from a legitimate source.
• Trojan viruses – these viruses enter the user’s computer along with other fake applications such as browser plug-ins, video/audio codecs, free online malware scanners or e-mail attachments. Once they have entered the system, they automatically download and install Trojan FakeAV.
• SEO poisoning techniques – Search Engine Optimization (SEO) is used to utilize the algorithms and functions used by popular web search engines in order to push a certain website up in search result rankings. These methods are also used by rogue software vendors, who place their URLs at the top of the search results for important queries such as recent news events. When the users click on these URLs, the browser will be redirected to a page that pushes a trial version of the Trojan FakeAV on to the user’s computer.

Once a Trojan FakeAV has established itself on a user’s system, it will normally load itself as a service and run all the time. It will also generate fake security warnings that the user’s system is under threat in various ways. The Trojan FakeAV will also disable any system utilities such as Task Manager, Registry Editor and System Restore that could be used to uninstall them, as well as completely disabling any legitimate security software that the user has already installed on the computer. The Trojan FakeAV may also create actual malware on the computer and point them out to the user as threats, or create harmless files and point them out as threats, or simply point out useful and harmless system files as threats. It will perform these actions in the most attention-grabbing way, utilizing all the system resources such as taskbar pop-ups, desktop scan etc. Other symptoms may include the user’s desktop background being changed, Windows error screens (blue screens), and an error being displayed below the Windows logo when Windows boots up.

The culmination of all this activity occurs when the Trojan FakeAV requests some sort of monetary payment to be made by the user. Usually, this is done by claiming that the currently installed ‘trial’ version of the Trojan FakeAV is incapable of removing the previously detected false ‘threats’, and so the user should pay for a license to the ‘full’ version of the software. Other methods include promoting another Trojan FakeAV that can apparently ‘do the job better’ or ‘perform housekeeping tasks on the system’. Another gimmick is to claim that if the user buys the ‘full’ version, the vendor will donate a small sum to some charitable cause such as environmental protection. However, none of the statements made by the Trojan FakeAV are true at any point.

As soon as a Trojan FakeAV is found on the system, the user should take immediate measures to remove it, as it could cause immeasurable harm to the system. For this reason, the usage of professional and legitimate online computer repair services such as http://www.pcninja.com and genuine antivirus products such as Spyware Doctor with Antivirus is highly recommended.