cancel
Showing results for 
Search instead for 
Did you mean: 
websterslair
Level 7

FAKE MICROSOFT SECURITY ESSENTIALS ALERT TROJAN

Jump to solution

I am running Windows 7 Ultimate with McAfee Internet Security 2010 with all updates current.  I had what appeared to be a Java Update load, then a "Microsoft Security Essentials Alert" pop-up came onto the screen.  I can see from various web postings this is a fake AV Trojan, but cannot find anything worthwhile on removing it.  I have tried running GetSusp 3.0.0.81 but when I attempt to view the report the pop up comes up again, preventing IE8 from launching.  It appears there is a file called hotfix.exe that is suspicious as well as mmfinfo.dll

0 Kudos
1 Solution

Accepted Solutions
vinoo
Level 13

Re: FAKE MICROSOFT SECURITY ESSENTIALS ALERT TROJAN

Jump to solution

C:\Users\Lee\AppData\Roaming\hotfix.exe is confirmed malicious.

md5: 5a230eb885af102f611cf882129ab640

Please reboot in safe mode and delete this file.

0 Kudos
4 Replies
CopyRon
Level 10

Re: FAKE MICROSOFT SECURITY ESSENTIALS ALERT TROJAN

Jump to solution

Download and install mawarebytes, update and run quick scan.

http://http://www.malwarebytes.org/

This shoud remove the trojan.

0 Kudos
Hayton
Level 18

Re: FAKE MICROSOFT SECURITY ESSENTIALS ALERT TROJAN

Jump to solution

With apologies to CopyRon, it may take slightly more than Malwarebytes to get rid of this rogue program (much as I admire Malwarebytes).

The removal issue is being discussed all over the place, but I've picked out two threads from other forums that websterslair should read through carefully. One is from VirusRemovalGuru - http://www.virusremovalguru.com/?p=5687

The other is from the Microsoft Security Essentials Forum -

http://social.answers.microsoft.com/Forums/en-US/msescan/thread/e6a8f912-270a-46ba-b3a1-dda329fbeed2

Between the two of them, it should be possible to find a method to remove this menace from an infected system. Perhaps websterslair would like to give some feedback to help anyone else who gets infected (and they probably will).

0 Kudos
vinoo
Level 13

Re: FAKE MICROSOFT SECURITY ESSENTIALS ALERT TROJAN

Jump to solution

C:\Users\Lee\AppData\Roaming\hotfix.exe is confirmed malicious.

md5: 5a230eb885af102f611cf882129ab640

Please reboot in safe mode and delete this file.

0 Kudos
websterslair
Level 7

Re: FAKE MICROSOFT SECURITY ESSENTIALS ALERT TROJAN

Jump to solution

Thanks for the help.  A quick note that this did come in looking like Java Update.  I have since went to my firewall settings and adjusted the permissions for both Adobe and Java Updates, as it seems that both the Action Antivirus and Fake Microsoft Secrity Essentials Alert Trojan are slipping by using this method.

0 Kudos