Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
This discussion is locked
58964 Views 97 Replies Latest reply: Mar 24, 2010 8:13 AM by SamSwift RSS Branched to a new discussion. 1 2 3 ... 10 Previous Next
BMann McAfee SME 51 posts since
Nov 3, 2009
Currently Being Moderated

Jan 26, 2010 12:46 AM

If you have Fake AV Software showing up on your system, read this

The Fake Antivirus/Rogue Antivirus/Fake Security Suites, by variant, are the most common threat that we are seeing today.  There are a lot of methods that the bad guys behind it are using to try and bypass anti-virus software and pump out as many variants as possible.


McAfee has produced Stinger tools as solutions to help with special threats/infections that are difficult to deal with and we have done so for this threat and are keeping this updated with some of our newer detection signatures and technology that are not yet in the dat files.  You can download the FakeAlert Stinger from the following location:


An article is available at that discusses this tool as well as instructions for use.


Please give this Stinger tool a shot if you come across any Fake Antivirus wreaking havoc on your system.  Feedback on this thread highly appreciated.







Message was edited by: Brian Mann on 1/25/10 10:46:13 PM PST
  • SamSwift Group Leader 651 posts since
    Nov 9, 2009

    If you have used the new stinger please post your feedback in this poll.





  • Newcomer 4 posts since
    Jan 26, 2010

    I have performed all your instructions just as outlined, I turned off restore, ran the Stinger 3 times and I am still plagued by the XP Antispyware 2010 / XP Antivirus 2010  etc... pop-ups. It even blocks me from loading 2/3 of the web pages i try to load. It first pops up with a screen that says "Internet Explorer alert. Visiting this site may pose a security threat to your system" then offers 3 options of purchase our "protection" "run a scan" "continue without security" and sometimes the continue will work must mostly it just takes me back to the page I just tried to leave or pops up an advertisement. Please Help!     

    Oh yeah, and either your Poll is broken or the virus prevents it's use too because all I get is an error when trying to take the Poll.



    Message was edited by: IronMac on 1/26/10 10:29:21 AM CST



    Message was edited by: IronMac on 1/26/10 10:30:11 AM CST
  • SamSwift Group Leader 651 posts since
    Nov 9, 2009

    Thanks for the feedback - we're in the process of testing a newer build so will post it as soon as testing is complete.



  • Newcomer 4 posts since
    Jan 26, 2010

    So, I was just wondering, this new build your testing... is it due to be put out soon? I mean, are we talking a matter of hours, days, weeks? I am just trying to gauge my time waiting to see if it would just more prudent to format and re-install from scratch or wait for the new release. Any heads up?

  • Newcomer 3 posts since
    Jan 27, 2010

    Received 2 fake spyware announcements, did not click on them , ran full scan, trojan was identified as JS/Fake Alert/Kryptik(..., report said it was quarantined and removed, which was untrue.  Ran another complete scan, which came up negative. Continued to receive fake warnings.  Restarted computer, received real warning that I had virus Netsky 32.  Activated Stinger Tool ran it 4 times, including latest version twice.  Found the fake alert trojan, and said it removed 3 trojans.  Did not affect fake alerts at all.  Your program is completely ineffective, as far as solving my problem.  Please advise.

  • Newcomer 5 posts since
    Jan 27, 2010

    I have the same problems as John Simpson's post.  I will try the updated stinger program to see if it will sovle problem.


    I am curious as to why this "problem" hasn't been delt with.  I Googled the symptoms and saw there are posts from August of 2008 about this.  As the previous poster said, PLEASE advise as to where this came from, how it gets into a computer, and when McAfee will finally deal with it.

  • Newcomer 4 posts since
    Jan 27, 2010

    I too have run the latest version of Stinger in this post, and had similar results to the two posts above mine.  Stinger found the "main" JS\Fakealert\Kryptik file and I was able to delete it.  This temporarily stopped the phoney pop-ups.  But after a restart, it was back.  This leads me to believe that there is something hidden in the registry that is re-creating the problem/file.  We all need advice on how to get rid of that "hook" that calls this thing back up with a restart.


    I believe this is a revamped version of some of those old FakeAlert malware trojans, and we just need updated instructions on how to wipe out the current hiding places.


    BTW - the message on start up of Netsky 32 is also a fake message, not a real one.  I saw that listed, verbatim, somewhere else, can't remember where.  A real clue to the fake messages is the language/grammar/misspellings.  Look closely...





    Message was edited by: fzpj9d on 1/27/10 5:11:47 PM CST
1 2 3 ... 10 Previous Next

More Like This

  • Retrieving data ...

Bookmarked By (9)