According to David Wood, from Microsoft Malware Protection Center, Rogue:Win32/FakeXPA now goes by as AVG Antivirus 2011, and attackers went as far as copying the actual logo for AVG.
“This is not to be confused with the legitimate antivirus product from AVG – we’ve reached out to AVG, and they are aware the rogue is using their brand.
“FakeXPA’s developers are hoping you will confuse it with the real AVG.” It looks like the real deal, but it’s not. The rogue malware bombards the user with a bewildering assortment of dialogs, popups, and balloons. You can see more examples in the AVG Antivirus 2011 description.
For detailed information on the particular subvariants of this malware, including their methods of installation and additional Payloads, please check out this link: Win32/FakeXPA