cancel
Showing results for 
Search instead for 
Did you mean: 
Wuggy
Level 7
Report Inappropriate Content
Message 1 of 6

Trojan.FakeAlert scriptsn.dll EASIER FIX (I think)

Hey Everybody! I think I found a way to save pain for those who tried to remove the FakeAlert trojan with Malwarebytes' Free Anti-Maleware program and found their system behaving strangely afterward. I downloaded and ran the program earlier this evening, scanned for the first time and removed the following (as pasted from the log file):

 

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7db2d5a0-7241-4e79-b68d-6309f01c5231} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7db2d5a0-7241-4e79-b68d-6309f01c5231} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\McAfee\VirusScan\scriptsn.dll (Trojan.FakeAlert) -> Delete on reboot.

It then occurred to me to do some research (!) on this pesky Trojan.FakeAlert. Apparently it gets in the way of Windows Update and louses up McAfee SecurityCenter so you can't update that either. Sure enough,

  • My SecurityCenter panel came up blank when I attempted to open it from the Task Bar,
  • The window to Add/Remove McAfee SecurityCenter Program came up blank, and
  • Even the buttons at the McAfee Support web page didn't work anymore when I accessed the main McAfee Support window via my web browser. So I couldn't even access McAfee Technical Support.


So I came here to the McAfee Community Forum and found some recent advice here:

and here:

That all seemed labor intensive, and I'm a lazy bum, so instead of following instructions I clicked START...RUN and ran "Windows System File Checker" by typing the text inside the following brackets but without the brackets --> (sfc /scannow). That took about five minutes to finish by itself. Then I used good ol' Google to locate McAfee Virtual Technician:

1. https://us.mcafee.com/root/ProductUpdate.asp?cid=35172

If the link to MVT doesn't work from that page, open the following link #2 instead to bring up Virtual Technician by itself:

2. https://us.mcafee.com/root/mvtapp.exe

Follow the instructions as per the usual prompts. McAfee Virtual Technician found a whack of problems and fixed some of them the first time. But here's the beauty of it: web buttons worked properly again! So I then returned to McAfee Virtual Technician through the proper path via the following link #3,

3. http://home.mcafee.com/Root/Support.aspx?page=Support

...And McAfee Virtual Technician no longer finds any problems! Hiphip Hooray!

So here's my question for the McAfee Meisters on this board: Should I do anything else? My inclination is just to thank my lucky stars and leave Malwarebytes' software alone from now on. And if this helps others to get back on their feet a little quicker, it's worth it.

Thanks and regards, 'Wuggy'

Forgot to mention that the machine in question has McAfee Internet Security Suite 9.2.095 / VirusScan 13.0.232 / Firewall 10.0.209 running on XPSP2. I downloaded and ran MBAM as part of a security sweep with the intention of subsequently backing up the entire system and then upgrading to XPSP3. MBAM is now uninstalled and I am proceeding with the backup.
5 Replies
Wuggy
Level 7
Report Inappropriate Content
Message 2 of 6

Groan

No good. Users who are not Administrators on this machine are getting those creepy fake spyware protection messages. So I have to go the long route... Maybe. The fake ads don't appear under the Admin account, for some reason.
-------------
Update:

- Successfully uninstalled and reinstalled entire McAfee suite as per link #1 above, including MCPR.exe.
- Haven't upgraded to SP3 yet. I want to be clear of garbage first.
- Ran full scans of Superantispyware, Spybot, F-Protect and McAfee (updated). Nothing found.
- Reinstalled & ran full system scan with Malwarebytes' Anti-Malware:

 

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.


- McAfee Virtual Technician found and fixed a "registry error."
- Initiated another full McAfee scan.

No idea where this stuff comes from, although I suspect an email contact running some outdated home-baked security software supplied by Telus. I'm running some more scans and will make another update tomorrow afternoon.
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 3 of 6

RE: Groan

You appear to be talking to yourself here Wuggy.

I suggest that you or anyone with this issue download Hijackthis and post its log on one of the following forums for expert free guidance:

Do not post the log here, we can't help!

DOWNLOAD HIJACKTHIS

Post the logs at a specialist Forum:

AUMHA FORUM

BLEEPING COMPUTER FORUM

CASTLECOPS FORUM

GEEKS TO GO FORUM

MAJOR GEEKS FORUM

MALWARE REMOVAL FORUM

SPYWARE INFO FORUM

TECH SUPPORT GUY FORUM

WHAT THE TECH FORUM (Formerly Tom Coyote)

Be sure to read all the sticky announcements/instructions at the top of each malware forum!

Don't try repairing anything yourself as mistakes can be made & don't let Hijackthis repair anything either. Those forums have experts in the field who will advise the best course of action.
Wuggy
Level 7
Report Inappropriate Content
Message 4 of 6

Yeah...

Roger that, Ex_Brit. Thanks. (sigh)
Wuggy
Level 7
Report Inappropriate Content
Message 5 of 6

Update

I was mistaken. The advertisement that I referenced on February 7 was the result of an unexpected "allowed pop-up" from a trusted site -- NOT adware.

My system remains clean as a result of the actions taken previously -- particularly the repeated scans by fully-updated MBAM. I hope this thread helps others.

Regards, 'Wuggy'
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 6 of 6

RE: Trojan.FakeAlert scriptsn.dll EASIER FIX (I think)

Glad it's OK now.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community