5 Replies Latest reply on Dec 14, 2010 11:09 PM by dpal

    System Tool "FakeAlert" unable to detect/remove

      Hi.  I have read through similar threads on this new "FakeAlert" malware called SYSTEM TOOL.  I believe it came from Facebook, though I was not the one that was using it at the time - so I cant be certain.  It basically does the usual annoying things - installs itself, puts an icon on my desktop, then pops up that you have a "virus" it disabled McAfee and will not allow me to run any application at all, not even my snipping tool because I tried to capture a picture of the pop up.   It just says that the file is infected and I need to of course run the software and purchase the antivirus software.   I was able to switch users to another user that is not affected. However, AV and Malwarebytes does not detect anything wrong with my system, even though its obvious there is.  I was tempted to just do a system restore from last week - but figured these buggers probably put a copy there as well - so I would rather find it and get rid of it.

        • 1. Re: System Tool "FakeAlert" unable to detect/remove
          Vinod R

          Hi,

           

          i could see that you had posted elsewhere requesting for assistance. It would be great if you stick to one post to ensure that you get maximum attention in provided to all the users posting.

           

          Posting more threads will only delay any help coming your way as the helper would get bogged down trying to answer all open posts ( not to mention the confusion this is going to cause).

           

           

          Hope this helps

           

          regards

          Vinod

          • 2. Re: System Tool "FakeAlert" unable to detect/remove

            Upon reading the other posts, you had asked the person to create a new thread - so I wasnt sure what to do. Shall I continue with this thread or the other one?  Malwarebytes did detect the program System Tools 2011, said it removed it - and yet I rebooted and just logged on to the other user (the infected files) and its worse than ever - now my entire wallpaper is the "your're (spelled wrong) computer is infected"

            • 3. Re: System Tool "FakeAlert" unable to detect/remove
              Vinod R

              you may post in this same thread.

               

              I am not surprised by the lack of detection there... eventhough I love that application it seems to be detecting files / location it already known and is not based on othjer advanced detection techniques.

               

              here is what you could do...

               

              Read this document and perform the indicated steps.

              https://community.mcafee.com/docs/DOC-1294

               

              ideally we could start off by Running the latest version of stinger and update the logs of the same in next reply

               

              regards

              Vinod

              • 4. Re: System Tool "FakeAlert" unable to detect/remove

                That Required reading document is a waste.  When you go to the section on how to send a virus file to macafee - the link is dead.

                 

                I just finished cleansing this from my computer.

                 

                McAfee - useless - third time this year.  I'm done with it after more than 15 years, they just dont measure up anymore.

                Malwarebytes found the link in the startup file that was bad, but not the actual file.  Once I found the file Malwarebytes at least recogonized it as a virus - McAfee blithley declares it clean.

                 

                The file was located in a hidden folder (hidden directory C:\programdata\pDaLd06309 - which i have to believe is random)

                 

                The trick seems to be that the desktop.ini file in the startup -and several other folders off the start menu- had been modified to kick off the file.  There wasn't anything in the registry on it.  But that might have been because the user was a limited account.

                 

                (Attached file has virus)

                 

                 

                Message was edited by: dpal on 12/14/10 11:09:36 PM CST

                 

                 

                Message was edited by: dpal on 12/14/10 11:11:11 PM CST
                • 5. Re: System Tool "FakeAlert" unable to detect/remove

                  Make sure you note my attachment is the virus file.  I just changed the .exe to .exe-bad

                   

                   

                  Message was edited by: dpal on 12/14/10 11:09:04 PM CST