Disguising these hijacker 'viruses' have been a mainstay for many years now by tricking a user into unknowingly giving away User Rights.
Like Mina inviting in Count Dracula - once she lets him in, it's all over.
Many AVs use their own proper names in the Active Window Title Bar. So, if I've got AVG Anti-Virus installed, I'll see virus-alerts with "AVG AntiVirus" printed in the active-windows title bar. If I see something else, then I know it's a fake alert.
Microsoft's Windows Defender and Security Essentials didn't use those exact spellings on their true alerts. Not in the past. Maybe their Win8 programmers discovered "precision" and "correctness" to be useful.
Or maybe not. We'll see.
The Bleeping Computer has a huge array of hijacker names that have been used, and almost all of them are worthy of tricking more than a few users in their web.
I'm not sure how an OS can defeat these hijackers when the nonchalant user is tricked into 'letting them in' but it seems like an OS should be able to detect changes to its core components and offer some solution. Unfortunately, that will always result in some UserID agreeing to the changes - and if that's the HiJacker User, well, then...
"Come right in."
(I have laughed at the several articles in the past month talking about Win8's "security" and "invulnerabiliteis", and especially, "the lack of virus attacks." Yeah. Riiiight. Before Day One. Uh huh. Next summer, we'll see "Win8 has more Virus Attacks than Win7" articles. Meanwhile, Win98-SE will be among the least-attacked Win OS's. du-uh.