4 Replies Latest reply on Apr 5, 2010 6:03 PM by Peter M

    I can't sting this FakeAlert Trojan

      I’m using McAfee Security Center (last update 4/5/2010) and Windows XP (recently updated)

       

      My computer has been invaded by a FakeAlert Trojan.  This fakealert won't allow me to access the internet.  I ran a complete scan with McAfee and detected 6 items:

      CLSID\{b3bcb8fc-flac-49f0-bb0c-7d43287df177}\Inproc Server32

      HKCR\CLSID\b3bcb88c-flac-49f0-bb0e-7d43287d177}\Inproc Se

      CLSID\{b3bcb8fc-flac-49f0-bb0c-7d43287df177}

      HKCR\CLSID\b3bcb88c-flac-49f0-bb0e-7d43287d177}

      HKLM\SOFTWARE\Microfost\Windows\currentversion\Run\befupefel

      C:WINDOWS\SYSTEM32\JUJIYAKI.DLL

       

      The first 5 items were quarantined, the second said “Scan after restart”.  I restarted and did a complete scan, then restarted in “safe mode with networking support” and did another complete scan.  The Fakeware won’t allow me to access the internet with internet explorer, so I can’t download stinger (even in safe mode).  I am leaving the country in 5 days for a research conference and need to get this under control ASAP.

        • 1. Re: I can't sting this FakeAlert Trojan
          Peter M

          Moved to Malware Discussion > Home User Assistance

          • 2. Re: I can't sting this FakeAlert Trojan
            SamSwift

            Hi,

             

            What happens when you try to access the internet? As you are posting I'm guessing you have access to another PC or laptop, therefore are you able to download stinger to a USB key and then transfer it across?

             

            Also, what detection names did the first scan come up with?

             

            Sam

            • 3. Re: I can't sting this FakeAlert Trojan

              Hi Sam,

               

              When I try to access any site on the internet, an alert webpage comes up saying "Internet Explorer alert.  Visiting this site may pose a security threat to your system!  Possible reasons include: [list of several reasons]"  It recommends 3 options: 1) "Get a copy of XP Security Tool 2010 to safeguard your PC while surfing the web (RECOMMENDED), 2) Run a spyware, virus, and malware scan, or 3) Continue surfing without any security measures (DANGEROUS)."  Clicking on option 3 just brings up the same page, so I can't go anywhere.

               

              I do have access to another PC at work.  I downloaded the stinger files to my USB, but my computer doesn't recognize the USB while running in safe mode.

               

              I should note that in normal mode, McAfee says I'm fine (everything green) but in safe mode, McAfee lists a bunch of problems:

              -- real-time scanning disabled

              -- spyware scanning disabled

              -- anti-spam service not running

              -- AM scanning disabled

              --script scanning disabled

              -- buffer overflow protection disabled

              -- personal info protection now disabled

              -- parental controls shut down and disabled.

               

              I thought the stuff I transcribed in the previous post were the detection names from the scan.  Let me restart in normal mode and see if I can locate some detection names other than what I wrote above.

               

              Gail

              • 4. Re: I can't sting this FakeAlert Trojan

                Hi again Sam,

                 

                I restarted the computer and got the message from McAfee that "McAfee has detected a virus that cannot be quarantined" and recommended restarting and scanning my computer.  The name was "Vundo!ge" and the location was C:windows\system32\jujiyaki.dll

                 

                Gail