Troj/FakeAv-G is fake anti-spyware software for the Windows platform.

Troj/FakeAv-G creates dummy installations of known adware/spyware such as "180solutions" and changes the computer wallpaper to display the following message:

'Warning: Spyware threat has been detected on your PC.
Your computer has several fatal errors due to spyware activity.
It is strongly recommended to install an anti-spyware software to close all security vulnerabilities.
Anti-spyware software helps protect your PC against spyware and other security threats.
CLICK HERE TO SCAN YOUR PC FOR SPYWARE...'

When the user clicks the link a web page is opened containing links to download / buy fake antispyware software.

When first run Troj/FakeAv-G copies itself to the Windows system folder and changes/sets the following registry entries to run itself on startup:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit
pathname of the Troj/FakeAv-G executable>,
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit
System>\userinit.exe,,

The following registry entries are set, disabling system software:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System DisableTaskMgr
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system DisableTaskMgr
1

Troj/FakeAv-G drops the file (Windows)\default.htm and uses it to set the wallpaper by setting the registry entry:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General Wallpaper
(Windows)\default.htm

More information can be found at this Sophos page.