cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
neilg
neilg
Level 7
Report Inappropriate Content
Message 1 of 73
‎02-24-2011 05:21 AM

Fake Alert Trojan - XP Home Security (Unregistered Version Please Register) HELP

Jump to solution

I have PC Running XP (Service Pack 3)

- Mcafee Anti Virus Plus

I have an infection of what looks like a fake XP Home Security Scan.

The system boots up and immediately open up 'what looks like' Microsoft XP Security Centre and starts a scan, it is telling me I have multiple Viruses, (worms, trojans)

The screen almost looks like a Microsoft Screen but I am pretty sure it isnt. - Its says it is a 'Unregistered Version' Of XP Home Security and prompting me to register.

I am also getting multiple pop ups from the Taskbar telling me I have serious security threats to my machine.

I have started up in Safe Mode, ran a complete scan, it does not find anything.

Yesterday I installed the 6266xdat.exe file which from what I can see is a fix for a similar problem where there is AV Security Pop ups similar to this XP one. (FakeAlertAVSoft Trojan)

This does not fix the problem.

Whatever this is it seems to have taken over anything on my machine relating to Anti Virus Security.

I am also unsure if the Mcafee Screens are actually genuine. Though I do have a Mcafee advice screen saying that it has found Fake Alert and can not remove it whilst the program is running. - machine needs to restart to fix it, a restart fixes nothing.

Please can anyone Help. I have attached Screen Print.

Thanks,

Neil

0 Kudos
Reply
1 Solution

Accepted Solutions
SamSwift
SamSwift
Level 12
Report Inappropriate Content
Message 38 of 73
‎08-02-2011 08:40 AM

Re: Fake Alert Trojan - XP Home Security (Unregistered Version Please Register) HELP

Jump to solution

Hi everyone,

I am going to close and lock this thread now. If you are visiting this site and have a new infection of 'XP Home Security' please start by using our FakeAlert Stinger. If that doesn't resolve the issue please start a new thread in our Top Threats space and we'll do all we can to help.

Kind regards,

Sam

0 Kudos
Reply
72 Replies
exbrit
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 2 of 73
‎02-24-2011 06:47 AM

Fake Alert Trojan - XP Home Security (Unregistered Version Please Register) HELP

Jump to solution

None of the major security software applications can handle these fake antimalware entities as Googling XP Home Security attests - their forums are full of it..

Please read the epitomal removal guide here:  http://www.bleepingcomputer.com/virus-removal/remove-win-7-internet-security-2011

Scroll down that page as the first links you see are all advertising which help pay for their guides and forums which are probably the best on the web.

Don't click the first thing you see.

0 Kudos
Reply
neilg
neilg
Level 7
Report Inappropriate Content
Message 3 of 73
‎02-24-2011 08:11 AM

Fake Alert Trojan - XP Home Security (Unregistered Version Please Register) HELP

Jump to solution

Thanks Peter,

It looks exactly the same problem, I was going to go through the steps to fix it, but all of the links to the RKill Download come up with a trojan alert and are deleted by Mcafee as soon as the complete download.

Is there another program I can use, or some other way of stopping the process so I can run the Malwarebytes (which I already have, but didnt fix it either, but im guessing it is because the bad program is already running it will not remove it??)

Thanks Again,  Neil

0 Kudos
Reply
ConorD62
ConorD62
Level 12
Report Inappropriate Content
Message 4 of 73
‎02-24-2011 08:55 AM

Re: Fake Alert Trojan - XP Home Security (Unregistered Version Please Register) HELP

Jump to solution

Hi Neilg,

We can attempt to fix the problem,

Are you running Malwarebytes in Safe Mode or normal mode?

Please do this:

  • Start > Run (Or type run in search for Vista/W7) > Msconfig > Startup.

Please tell me if you see anything with the location coming under Appdata or Appdata/Temp,

Also please tell me if you see anything out of the ordinary.

Thanks.

0 Kudos
Reply
neilg
neilg
Level 7
Report Inappropriate Content
Message 5 of 73
‎02-24-2011 09:33 AM

Fake Alert Trojan - XP Home Security (Unregistered Version Please Register) HELP

Jump to solution

Hi,

Can see nothing in there under Appdata or Temp, Mostly all HKLM/Software and HKCU/Software..

However, there is some stuff in LOCALS Temp called rsahnijxm\ssodixksike.exe and mjtckvitq\ggkbvfsika.exe which I saw earlier, I thought they looked strange so I disabled them on start up,

Oh , hang there are some more... I may try it again, is that what I am looking for???

Thanks,

0 Kudos
Reply
ConorD62
ConorD62
Level 12
Report Inappropriate Content
Message 6 of 73
‎02-24-2011 09:42 AM

Re: Fake Alert Trojan - XP Home Security (Unregistered Version Please Register) HELP

Jump to solution

Hi,

That is most likely them,

Disable them, then restart in Normal Mode.

Please reply when you have done this, and if you can still see XP Home Security.

Thanks.


0 Kudos
Reply
exbrit
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 7 of 73
‎02-24-2011 10:08 AM

Re: Fake Alert Trojan - XP Home Security (Unregistered Version Please Register) HELP

Jump to solution 
neilg wrote:
Thanks Peter, 
It looks exactly the same problem, I was going to go through the steps to fix it, but all of the links to the RKill Download come up with a trojan alert and are deleted by Mcafee as soon as the complete download.
Is there another program I can use, or some other way of stopping the process so I can run the Malwarebytes (which I already have, but didnt fix it either, but im guessing it is because the bad program is already running it will not remove it??)
Thanks Again,  Neil

My apologies, I hadn't realised that you had responded due to delayed emails from this board.  If you ever find that something wont work in regular mode, you can always try "Safe Mode with Networking" reached by tapping F8 repeatedly while booting up.  This stops most processes from running but at least gives you internet access where you can then download something, possibly using the "Save as" option and renaming it in the process, that way it may not get deleted.

However, I digress.  You are in good hands with Conor, so I'll let him guide you.

0 Kudos
Reply
neilg
neilg
Level 7
Report Inappropriate Content
Message 8 of 73
‎02-24-2011 10:18 AM

Fake Alert Trojan - XP Home Security (Unregistered Version Please Register) HELP

Jump to solution

Thanks again Peter,

But , Hey Conor,

I have disabled everything I can find on Start up that looks slightly worrying, maybe a few things I shouldnt have even,

I am booting up in Normal Mode for now and seeing what happens,

My question is from what I have read that the malwarebytes program as long as its up to date should find and fix this, as long as I can stop the program starting in the first place, is that a correct assumption???

0 Kudos
Reply
neilg
neilg
Level 7
Report Inappropriate Content
Message 9 of 73
‎02-24-2011 10:22 AM

Fake Alert Trojan - XP Home Security (Unregistered Version Please Register) HELP

Jump to solution

Update,,,,

From what I can see, everytime I disable one of those LOCALS\Temp anonymous programs, and restart I am getting at least two more that are active???

0 Kudos
Reply
Highlighted
ConorD62
ConorD62
Level 12
Report Inappropriate Content
Message 10 of 73
‎02-24-2011 10:29 AM

Re: Fake Alert Trojan - XP Home Security (Unregistered Version Please Register) HELP

Jump to solution

Hi,

But is XP Home Security still popping up in Normal Mode?

Please tell me what items are restoring when you restart.

Thanks.


0 Kudos
Reply