Written by Tomas Meskauskas
Damage level: High
Win32/FakeRean family of fake antivirus programs
FakeRean/Braviax family of fake antivirus programs is being developed and distributed by Cyber criminals. The main purpose of these rogue programs is to infiltrate user's operating system and display fake security scans in order to trick users into purchasing a fake license key. Cyber criminals who are responsible for creating these bogus programs are using exploit kits to infiltrate users computers. Exploit kits rely on out-dated software in order to infect user's operating system, thus keeping one's installed software up-to-date could drastically decrease the risk of getting one's computer infected. Braviax/FakeRean family of rogues is well known for it's name changing fake antivirus programs. All of the bogus programs from this family are capable of detecting the operating system of the computer that they are about to infiltrate and change their name accordingly. For example when infecting a computer running Windows 7 operating system, rogue programs from this family would appear as Windows 7 Antivirus, Windows 7 Internet Security, Windows 7 Home Security or Win 7 Security. Windows XP users would see these bogus programs appearing as Windows XP Antivirus, Windows XP Internet Security, etc.
The main goal of distributing such rogue programs is to convince PC users into thinking that their computers are at risk in order to sell useless license keys. In reality paying for any program from FakeRean/Braviax family would equal to sending one's money to Cyber criminals - you would loose your money moreover you would give away your banking information and this could end up in further money thefts. PC users should use cautious when purchasing security software to protect their computers - Internet is full of fake ones, so one should always do some research before buying an antivirus program. Furthermore none of the legitimate antivirus programs starts a security scan every time user loads their operating system. Most common source of fake antivirus programs from this family are infected email messages, malicious websites and drive-by downloads. To protect your computer from such security infections one should always keep your operating system and all of the installed software up-to-date, furthermore you should always use legitimate antivirus and anti-spyware software.
Here are some name variations used by fake antivirus programs from this family:
Win 7/XP/Vista Antivirus 2012/2013
Win 7/XP/Vista Anti-spyware 2012/2013
Win 7/XP/Vista Internet Security 2012/2013
Win 7/XP/Vista Security 2012/2013
Win 7/XP/Vista Home Security 2012/2013
Win 7/XP/Vista Total Security
Win 7/XP/Vista Security Cleaner
Win 7/XP/Vista Defender
Screenshots of various user interfaces used by rogue antivirus programs from FakeRean/Braviax family:
Fake security warning messages used to trick computer users into purchasing useless antivirus programs:
Activate your copy right now and get full real-time protection with [Fake Antivirus Name]!
ALERT! System scan for spyware, adware, Trojans and viruses is complete. [Fake Antivirus Name]! detected 30 critical system objects. These security breaches may be exploited and lead to the following:
Your system becomes a target for spam and bulky, intruding ads
Browser crashes frequently and web access speed decreases
Your personal files, photos, documents and passwords get stolen
Your computer is used for criminal activity behind your back
Bank details and credit card information gets disclosed
Click REGISTER to register your copy of Fake Antivirus Name]! and perform threat removal on your system. The list of infections and vulnerabilities detected will become available after registration.
Fake Antivirus Name]! Alert - [Fake Antivirus Name]! has blocked a program from accessing the Internet
This program is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.
Name: Microsoft Windows Operating System
Company: Microsoft Corporation
Windows recommend Activate [Fake Antivirus Name]!
Click "Yes, Activate…" to register your copy of [Fake Antivirus Name]! and perform threat removal on your system.
Yes, activate [Fake Antivirus Name]! (Recommended)
No, Continue unprotected (Dangerous)
Rogue antivirus programs from FakeRean/Braviax family removal:
Cyber criminals who are creating these fake antivirus programs are using the same license keys in almost all of their rogue programs. Entering one of these keys will make the removal of fake antivirus program less complicated. Entering these keys will force fake antivirus program into thinking that you have already purchased it's license key and will allow execution of installed programs (including legitimate antivirus and anti-spyware software).
IMPORTANT! Before downloading: Click "Registration" button which is located at the top right corner of the fake antivirus main window, and when registration window opens enter this registry key in the "Reg key" field and click "Activate":
When the registration key is entered, fake antivirus will think, that you've purchased it's full version and will stop generating fake security warning messages. It will also allow you to run programs and anti-spyware software. Note, that registering this program will not remove it from your PC, it will just disable the fake pop-up windows and will allow to access the Internet. After you enter this key, you can now download the recommended spyware remover (use the button below) and get rid of this bogus antivirus software.
NOTE: If you cannot run remover, try to right-click on it and select "Run as administrator". If installation of spyware remover fails, or you can't open .exe files you can try our Customized installer, built by our technicians to bypass spyware infections and install removers anyway. It is a DOS program, that most of spyware doesn't block.
If after or before removal of this scam you cannot run your installed programs, this means that fake antivirus has modified your operating system's .exe file associations. When you try to run any executable, Windows would open "select program" dialog and wouldn't execute a program. To fix it, download a registry fix (link below). Save it to your computer, double click it, click yes and then ok. After rebooting your PC file associations should function normally.
If You Can't open your browser (Internet explorer, Firefox, Google Chrome or Opera):
Fake antivirus programs from this family hijacks Internet browsers, modifies registry settings and disables execution of programs. For such cases our developers have made a custom installer. It is useful when you can't browse the Internet and can't execute .exe files. It starts like MS-Dos program, runs some registry fixes then initiates execution of a installer. When tested this installer worked on Windows 7, Windows Vista and XP, infected with most common spyware infections.
To use this installer click Windows logo button (Start)
In the Search field enter this link: www.pcrisk.com/installer.com and then press ENTER.
Fake antivirus program will generate fake warning after pressing ENTER. please ignore it and click "No, stay unprotected..." on this message
File download dialog will appear saying you are downloading file installer.com. Click Run, wait for download to finish then follow the on-screen instructions. Windows may warn you that opening unknown files may be unsafe, please ignore these warnings.
If your Internet browsers work, you can use this button to download customized installer.
Manual removal of fake antivirus programs from FakeRean/Braviax family:
Some spyware can block downloading spyware removers. If You can't download it using default location, try one of the alternative download locations below:
- Location 1 (The file is renamed to "iexplore.exe" because most of spyware doesn't block this file)
- Location 2
If installation of the remover fails, please try downloading customized installer, which was built by our technicians to bypass spyware infections. Download customized installer
If you still can't download or can't run spyware removing software, please perform these steps:
Download registry fix. This fix removes registry entries, that disallows executing of programs in some variants of this spyware, to download it, click the link below. After downloading double click win7_av_fix.reg file, click Yes when asked and then click OK.
Some variants of this spyware modifies system proxy settings and you can't access Internet or website addresses is redirected to malicious or phishing websites. To reset proxy settings to default, download and run this tool:
Fake antivirus programs from this family modifies system hosts file. It is used to resolve some canonical names of websites to ip addresses. When it is changed, the user may be redirected to malicious site still seeing good URL in address bar. It is very hard to find out if the site is genuine or not, when hosts file is modified. To fix this, please download Microsoft FixIt tool, that restores your hosts file to windows default. Run this tool when downloaded and follow the on-screen instructions. Download link below:
That's It! You can now try to download Spyware remover or install and run it if already downloaded. In most cases this leads to a success, if not, please describe your problem in our FORUM and our technicians will try to help you.
Other tools known to remove fake antivirus programs from FakeRean/Braviax family: