If you are a McAfee customer and you are seeing detection names in a pop up window for Bankerfox.a and/or Win32/Nugel.e then it's pretty much a done deal that you have been hit by a variant of FakeAlert. These alerts are trying to trick the unsuspecting user in purchasing a fake anti-virus product, and the usage of 'legitimate' virus names is one of the deception techniques used by the malware authors to make their software appear to be genuine.


Some good examples of these infection characteristics can be found here - but this is just one of literally thousands of FakeAlert type infections. So if the pop ups you are seeing differ from those shown in the VIL article don't be too surprised, another classic technique of the bad guys behind this stuff is to regularly change both the look and feel of the visual side of the malware, and even more regularly they change the actual malware files themselves to try and avoid detection.


If you do find yourself having to deal with a new variant of FakeAlert here please read the following blog post and related articles


Fighting Fake Anti-Virus Infections


Sending in a sample of the file is always helpful too- and here's how.