Troj/FakeVir-BG is a Trojan for the Windows platform.
Troj/FakeVir-BG includes functionality to access the internet and communicate with a remote server via HTTP.
Troj/FakeVir-BG will periodically display fake virus alert messages to try and trick the user into paying a fee before pretending to clean the infections.
The following registry entries are created to run Troj/FakeVir-BG on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Antivirus
<pathname of the Trojan executable>
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Antivirus
<pathname of the Trojan executable>
The following registry entry is set:
HKCU\Software\WAV
545
<pathname of the Trojan executable>
Registry entries are created under:
HKCU\Software\WAV
HKCR\.key