cancel
Showing results for 
Search instead for 
Did you mean: 
BMann
Level 9

If you have Fake AV Software showing up on your system, read this

The Fake Antivirus/Rogue Antivirus/Fake Security Suites, by variant, are the most common threat that we are seeing today.  There are a lot of methods that the bad guys behind it are using to try and bypass anti-virus software and pump out as many variants as possible.

McAfee has produced Stinger tools as solutions to help with special threats/infections that are difficult to deal with and we have done so for this threat and are keeping this updated with some of our newer detection signatures and technology that are not yet in the dat files.  You can download the FakeAlert Stinger from the following location:

http://download.nai.com/products/mcafee-avert/fakealertstinger.exe

An article is available at http://service.mcafee.com/FAQDocument.aspx?id=TS100893 that discusses this tool as well as instructions for use.

Please give this Stinger tool a shot if you come across any Fake Antivirus wreaking havoc on your system.  Feedback on this thread highly appreciated.

Thanks

Brian

Message was edited by: Brian Mann on 1/25/10 10:46:13 PM PST
0 Kudos
97 Replies
SamSwift
Level 12

Re: If you have Fake AV Software showing up on your system, read this

If you have used the new stinger please post your feedback in this poll.

Thanks,

Sam

0 Kudos
IronMac
Level 7

Re: If you have Fake AV Software showing up on your system, read this

I have performed all your instructions just as outlined, I turned off restore, ran the Stinger 3 times and I am still plagued by the XP Antispyware 2010 / XP Antivirus 2010  etc... pop-ups. It even blocks me from loading 2/3 of the web pages i try to load. It first pops up with a screen that says "Internet Explorer alert. Visiting this site may pose a security threat to your system" then offers 3 options of purchase our "protection" "run a scan" "continue without security" and sometimes the continue will work must mostly it just takes me back to the page I just tried to leave or pops up an advertisement. Please Help!     

Oh yeah, and either your Poll is broken or the virus prevents it's use too because all I get is an error when trying to take the Poll.

Message was edited by: IronMac on 1/26/10 10:29:21 AM CST

Message was edited by: IronMac on 1/26/10 10:30:11 AM CST
0 Kudos
SamSwift
Level 12

Re: If you have Fake AV Software showing up on your system, read this

Thanks for the feedback - we're in the process of testing a newer build so will post it as soon as testing is complete.

Sam

0 Kudos
IronMac
Level 7

Re: If you have Fake AV Software showing up on your system, read this

So, I was just wondering, this new build your testing... is it due to be put out soon? I mean, are we talking a matter of hours, days, weeks? I am just trying to gauge my time waiting to see if it would just more prudent to format and re-install from scratch or wait for the new release. Any heads up?

0 Kudos
BMann
Level 9

Re: If you have Fake AV Software showing up on your system, read this

The new version is posted available at http://download.nai.com/products/mcafee-avert/fakealertstinger.exe

Apologies for this taking longer than expected but we wanted to make sure it got some thorough QA because false detections or partial repairs can put you in an even worse position than you can be in with a virus.

0 Kudos
dbcspace
Level 7

Re: If you have Fake AV Software showing up on your system, read this

I ran the stinger, and it removed 8 of 9 "viruses".

Apparently it also deleted several DLL files.

Now I can do nothing with my computer. Every time I try to run anything, the standard dialog pops up saying that "That file format (which is .exe, such as "firefox.exe") is not recognized. Choose a program to open the file..."

The only exception thus far would seem to be windows explorer.

Help please! I am on a borrowed machine now

0 Kudos
jim_hall
Level 7

Re: If you have Fake AV Software showing up on your system, read this

We also have the same problem...Ran the fakealert stinger program and it fixed all but one file....After that I tried to reboot and now I can't get off the welcome screen...Same thing in safe mode...after clicking on the user it looks like it's going to boot then says saving setting and back to the welcome screen....This is a work computer and any help would be great, I can't even log in now to save important files before I try a reformat.

0 Kudos
SamSwift
Level 12

Re: If you have Fake AV Software showing up on your system, read this

For those who have had issues with the machine not booting - one of volunteer moderators has put together information on how to create a boot disk, which may well be of use to you. Details can be found here

Kind regards,

Sam

0 Kudos
cocojen1
Level 7

Re: If you have Fake AV Software showing up on your system, read this

I created the boot disk and allowed it to run mcafee (it first connected to the internet and downloaded the current files), then I ran the other scanner on the boot disk (ESET).  Both picked up and deleted or quarantined trojans - mcaffee 4 trojans called fake alert, ESET about a dozen or so others.  I was really hoping that did the trick.  Unfortunately when I re-booted without the boot disk, same result - won't let me get into windows.  I did save the logs that were generated.  What is the next step?  Thank you.

0 Kudos