Unmasking Fake Antivirus (AV)

Solution ID Last Updated
1055358 Feb. 13, 2014 8:34 AM (PST)

Product / Version Platform
Email Reputation Services - Standard/Advanced;InterScan Gateway Security Appliance - 1.0, InterScan Gateway Security Appliance - 1.1, InterScan Gateway Security Appliance - 1.5;InterScan VirusWall - 7.0;Worry-Free Business Security Standard/Advanced - 6.0, Worry-Free Business Security Standard/Advanced - 7.0, Worry-Free Business Security Standard/Advanced - 8.0, Worry-Free Business Security Standard/Advanced - 9.0;
Windows - 2003 Home Server, 2003 Small Business Server, 2003 Standard Server Edition, 2008 Enterprise Server, 2008 Essential Business Server, 2008 Small Business Server, 2008 Standard Server Edition, 7 32-bit, Vista 32-bit, XP Home, XP Professional

Problem Description

This article shows how rogue antivirus or FAKEAV applications arrive on systems.


FakeAV or rogue antivirus software has been prevalent in the market today and has affected millions of computers.
To educate you on how Fake AV arrives on a computer's system and to know the available Trend Micro solutions to combat this threat, refer to this Unmasking FakeAV document.
In this document, you will find detailed information on the following topics:
  • Infection Vectors
  • Proliferation via Malicious Routine
  • Malware Transformation
  • Notable Malware Behavior
  • Online and Local
  • Protection against Fave AV
  • Recovering from Fake AV infection
To help clean the FakeAV infection, you may use the FakeAV Removal Tool.

Rate this Solution
Did this article help you?

Please provide your comments to help us improve this solution.

  *This form is an automated system. General questions, technical, sales and product-related issues submitted through this form will not be answered.

Connect with us on