If you're infected with a variant of the rogue Security Suite a.k.a FakeAlert-SpyPro Trojan, one of the side effects is that none of the applications on the infected machine barring Internet Explorer will work. (The Trojan authors let Internet Explorer work because the browser is used to visit their site for making a payment to purchase the supposedly full version of this rogue software.)




Once infected, the following warning message will shown if a user tries to launch any windows applications or security tools.




In such a scenario where a user is prevented from running any other application what are their choices? Here's help!

1. On the affected system, execute the "net pause winmgmt" command from the run menu (not the command prompt). Once you get back control of the system, execute a "net continue winmgmt" (this is optional).


2.Alternately you could download and run the McAfee GetSusp tool to regain control back of the system. GetSusp handles this class of FakeAlert Trojans and uses many other nifty techniques to detect malware.


"McAfee GetSusp is intended for users who suspect undetected malware on their system. By using a combination of clever heuristics and querying McAfee's online database of known clean files to gather suspicious files, GetSusp eliminates the user's need for deep technical knowledge of computer systems to isolate undetected malware. McAfee GetSusp is recommended as a tool of first choice when analyzing a suspect machine."


Shown below is the GetSusp report of this Trojan being detected.




Get it from here: https://community.mcafee.com/message/148081#148081
Once GetSusp identifies and collects the suspect files, post the logs to the forum and we community members can help.


Vinoo Thomas
Technical Product Manager, McAfee Labs