TROJ_FAKEAV.WKA – Trojan disguised as an Anti-Virus app

Variant: TROJ_FAKEAV.WKA [Trend Micro], Rogue:Win32/FakeSpypro [Microsoft]

Operating Systems Affected: Windows 9x, Windows 2000, Windows XP, Windows Vista, Windows 7

TROJ_FAKEAV.WKA is a Trojan that disguises itself as a legitimate Anti-Virus program. The fake AV application will connect to a website then downloads the core component of the trojan which is TROJ_FAKEAV.WKA. Once the system is infected, the said malware will display a fake scan result showing you that you have  multiple virus infection. After that, it gives you the option to purchase the software to be able to remove the pseudo infection. If you click on purchase, you will be redirected to particular website asking you to enter credit card information. Don’t be deceive, do not buy the fake Anti-Virus program!

• Disable system restore (Windows ME and XP only)
• Reboot and login under safe mode with networking
• Navigate and delete the Trojan added registry values:

• Navigate and restore the original registry values:

• Navigate and delete this registry key:

{Disclaimer: Registry modification is done at your own risk. Backup the registry before making any changes!}

Windows XP Registry Backup
Windows 7 Registry Backup

• Update Anti-Virus definition files
• Run Anti-Virus full system scan
• Re-enable system restore (Windows ME and XP only)
• Reboot and login under normal mode