Generally Fake Antivirus software mention all sorts of messages on the users computer to encourage/scare them into buying their product. This could be fake warnings, fake intrusion/infiltration reports, security warnings about certain executables or maybe simple dropping random "fake" malware files onto the users computer.
Today's Fake AV comes with a wallpaper ;-)
When run, the Fake AV (detected by Sophos as Troj/FakeAl-P) will change the wallpaper of the users computer to look like this.
Looks pretty serious, doesn't it? ;-)
This malware still does most of the usual Fake AV stuff as well. Fake warning's and detections are included in the bundle as well
Interestingly, the malware also stops most executables from running. When I tried to run "cmd.exe", it gave me the following error:
Clicking "Yes" here will take you to the main site of the Fake AV, which will them ask you to "Activate Antivirus System Pro". Clicking "No" will get you back to the Fake AV's user interface.
Leaving the security warning box as it is, i.e. not clicking on either "Yes" or "No", will allow you to run cmd.exe. Since this security warning for "cmd.exe" is fake, it can't stop multiple instances of the same process being run.
Wonder what scare tactics will they will think of next.
Actually, scratch that ;-)