Trend Micro documents that DLL based FAKEAV attacks are circulating in the wild and that these infected systems are challenging to clean.
Fourth Generation FAKEAV DLL Based attacks return in the wild
QUOTE: One of the early generations listed in the paper can be recalled as the DLL-based FAKEAV (4th Generation) — a FAKEAV group that uses a DLL file to perform all the malicious routines, primarily to avoid being terminated easily. A few months ago, however, we saw this particular generation again making its rounds in the wild, one of which we detect as TROJ_FAKEAV.BTV
Trend Micro – Reasearch report on FAKEAV Threat