cancel
Showing results for 
Search instead for 
Did you mean: 
Reliable Contributor Peacekeeper
Reliable Contributor
Report Inappropriate Content
Message 61 of 73

Re: Fake Alert Trojan - XP Home Security (Unregistered Version Please Register) HELP

Jump to solution

If you have it already installed rename the mwab.exe file to abc.exe that shpould work.

What I was suggesting is when you download it it asks where to put the mbam-setup.exe file I rename that to setupmb.exe and when I run that it asks where to put the software default is Malwarebytes'antimalware I choose mwb as folder name.

Just renaming exe file should help.

As newjack says youtube has a few videos of this malware removal

spc3rd
Level 10
Report Inappropriate Content
Message 62 of 73

Re: Fake Alert Trojan - XP Home Security (Unregistered Version Please Register) HELP

Jump to solution

Greetings again Tony,

     I apologize for having to post another message so soon, but I seem to be drawing a mental blank regarding what you said about renaming the "mwab.exe" file to abc.exe.  I have NO idea where to find this file or even how to go about finding it.  I'm starting to wonder if I should just uninstall the whole MWB program and download it all over again.  Trying to make sense of all this tech stuff is starting to really irk me to no end.  For me...it seems I have to have exact step-by-step instructions of every link to click on, every button to click on, etc......you get the picture.

I appreciate your attempts to help though.

Message was edited by: spc3rd on 5/16/11 7:33:01 AM ADT
Reliable Contributor Peacekeeper
Reliable Contributor
Report Inappropriate Content
Message 63 of 73

Re: Fake Alert Trojan - XP Home Security (Unregistered Version Please Register) HELP

Jump to solution

It is in program files /malwarebytes' anti malware on xp/vista and program files (x86)/ malwarebytes' anti malware.

dekkem most AVs do not handle Fake AVsthese because theylook like real programs.

Message was edited by: Peacekeeper on 17/05/11 6:47:43 AM

Re: Fake Alert Trojan - XP Home Security (Unregistered Version Please Register) HELP

Jump to solution

So what do I do if I can't get online to download anything that will remove this malware. I have triedto go online, but the widows security center virus won't let me view any web pages. I have run malicious software programs and antivirus. I am not the most computer savy person in the world. Should I try to call Mcafee directly?

Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 65 of 73

Re: Fake Alert Trojan - XP Home Security (Unregistered Version Please Register) HELP

Jump to solution

McAfee will try to charge you for virus removal so that's a last resort.

Can you access the internet in 'Safe Mode with Networking' ?   (Reached by tapping F8 repeatedly while booting up).

If so download, install and update (important) then run a full scan with the free version of THIS tool.

It will all work in that mode.

Re: Fake Alert Trojan - XP Home Security (Unregistered Version Please Register) HELP

Jump to solution

Ex_Brit wrote:

McAfee will try to charge you for virus removal so that's a last resort.


Please tell me this is a joke.

Reliable Contributor Hayton
Reliable Contributor
Report Inappropriate Content
Message 67 of 73

Re: Fake Alert Trojan - XP Home Security (Unregistered Version Please Register) HELP

Jump to solution

No, it's not a joke. If you really are infected by one of the troublesome viruses you might need to call upon the services of a computer expert - from a local company or PC repair store, or from McAfee; if you're really lucky then a friend or friend of a friend might help you. McAfee provide the service, if you really really need it. But for a pesky little piece of scareware fake antivirus, I think that would be overkill (unless the malware that landed it on you dropped some other nasties on your system as well).

I'm collecting articles and blog posts about these programs and how they work (and how you get infected by them). They're much the same under the hood (as it were), just re-branded and re-packaged from time to time. Their main function is to part you, the put-upon computer user, from your money in return for a fake 'fix' of a non-existent problem, or sometimes a fix (often only a partial 'fix') of a problem that they themselves have created. They hide a few files, block access to some sites (or occasionally all sites) on the internet, and generally play havoc with your set-up. Nothing that can't be undone. The real danger is if they start calling up those command-and-control servers to download more malware .... then you would need McAfee to sort out the mess.

And to all those people who say, why doesn't McAfee stop them before they get onto my system : it's all to do with how they look to an antivirus program. Some of them can be prevented from installing, but not all. And that goes for Norton/Symantec and Windows Security Essentials et al as well as McAfee.

Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 68 of 73

Re: Fake Alert Trojan - XP Home Security (Unregistered Version Please Register) HELP

Jump to solution

scottfarkus wrote:

Ex_Brit wrote:

McAfee will try to charge you for virus removal so that's a last resort.


Please tell me this is a joke.

At least they don't charge quite as much as Norton/Symantec.

All the antivirus companies, those that offer the service in the first place, charge for personal virus removal.   That's why there is this board and other anti-malware forums on the web to help with such problems.   Unfortunately we are a bit limited in what we can offer as this is, after all, McAfee's board, but we do our best.

.



Message was edited by: Ex_Brit on 21/05/11 7:51:47 EDT AM
Highlighted

Re: Fake Alert Trojan - XP Home Security (Unregistered Version Please Register) HELP

Jump to solution

strykermp wrote:

So what do I do if I can't get online to download anything that will remove this malware. I have triedto go online, but the widows security center virus won't let me view any web pages. I have run malicious software programs and antivirus. I am not the most computer savy person in the world. Should I try to call Mcafee directly?

strykemp,

If you can't get online from Safe mode (I couldn't), the only option you have is to get to another computer and download some stuff to either a removable USB drive or burned to a CD.

If you can, boot up in Safe mode and open Windows Explorer.  Put in a USB stick and see if Windows Explorer recognizes it.  It didn't for me, so I had to resort to burning a CD, which I'll talk about in a minute.  If the USB drive is recognized, go to another computer and download the programs that Ex_Brit has recommended, specifically Malwarebytes, onto the USB stick.  You will then take that USB stick to the infected computer and run the various programs off of it.

This is an interesting link also.  http://www.mattearle.com/xp-home-security-2011-virusmalware-removal-instructions/  These instructions didn't work for me because as mentioned, the virus shut down my USB drive, but there are links here to three different programs that you might need - FixNCR.reg, rkill, and malwarebytes.  Download those onto the USB stick, take the USB stick to the infected computer, and try to run them as per the instructions.  It might work, it might not, I don't know.

If that doesn't work, the only way that I know of is to get control of the machine at a more basic level, which means controlling the boot-up.  I did some research and found this thing, called Hirens Boot CD. http://www.hirensbootcd.org/download/   NOTE:  The yellow box at the top is an ad, not the Hirens download.  The Hirens download link is a .zip file about 2/3's of the way down the page.  Anyway, you burn this onto a CD from another computer, then put the CD into the infected computer, turn it on, and follow the prompts.  It basically lets Windows boot up in Safe mode and, as best as I could tell, gives you access to just about every free/public domain type anti-virus related utility there is, through DOS commands.  It's a little tricky and you're going to have to follow some confusing instructions, but it worked for me.  Once you get it booted with Hirens, you should be able to access rkill and malwarebytes and whatever else you need from the CD.

Hope this helps.  I'm not a tech person either so I hope the above instructions make some sort of sense. 

Good luck!

newjack
Level 12
Report Inappropriate Content
Message 70 of 73

Re: Fake Alert Trojan - XP Home Security (Unregistered Version Please Register) HELP

Jump to solution

hey spc3rd, If you can veiw the you tube video you will have a better understanding for some of this.You can find many informative videos on Youtube.com.The link I posted above is from mrizos who is a youtube partner and fixes computers for a living.Mainly in the virus and spyware area.As a matter of fact.In the video he does not rename the  mbam.exe file.The key is a successful run of Rkill.Then when rkill is done it shows the path for rogue which he deletes.Then runs malwarebytes without having to rename it.Most of the time the rogue is what stops the good programs from running or updateing.So once rkill is complete do not reboot.Then run Malwarebytes.If needed here are the alternate named versions of Rkill from Bleeping computer.You can try any of these as they are already renamed.If for some reason you still cannot run.What version is your computer?? Vista,win 7?

http://www.bleepingcomputer.com/download/anti-virus/rkill

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community