4 Replies Latest reply on Jul 19, 2011 10:18 AM by joefreeflyer

    how do i remove FakeAlert virus's?

      I have the FakeAlert!grb which mcafee says removed but it keeps happening on startup and my pc re-boots. Running windows 7 64bit. Only had computer short time, so hope someone can help.

       

      I have now followed some instructions, posted on mcafee community. Run safe mode scan, and stinger. Stinger report is as follows:

       

       

      Afee(r) Labs Stinger(tm) Version 10.1.0.1629 built on May 27 2011 Copyright (c) 2011 McAfee, Inc. All Rights Reserved. Virus data file v1000.0000 created on May 27 2011. Ready to scan for 2422 viruses, trojans and variants. Scan initiated on Wed Jun 08 07:47:33 2011 C:\Windows\System32\Macromed\Flash\FlashUtil10m_ActiveX.exe     Found the FakeAlert!fakealert-REP trojan !!! C:\Windows\System32\Macromed\Flash\FlashUtil10m_ActiveX.exe is infected with the FakeAlert!fakealert-REP virus !!! C:\Windows\System32\Macromed\Flash\FlashUtil10m_ActiveX.exe has been deleted.   Number of clean files: 301711   Number of infected files: 1   Number of files cleaned: 1

       

      Message was edited by: realalert on 08/06/11 03:54:44 CDT

       

      Message was edited by: SamSwift on 7/12/11 9:47:16 AM IST
        • 1. Re: how do i remove FakeAlert virus's?
          Hayton

          Do you still have a problem with this?

          • 2. Re: how do i remove FakeAlert virus's?

            Hi Hayton, Yes i still have a problem although I may have sorted the virus. it has left my pc in bad way, in terms of folders and admin rights. For instance, I can't change backgrounds and I am locked out of some folders even though I am only profile and therefore shoudl be administrator. Looking at forums it seems as though the virus may have messed with my registry data. Is there anyway to set registry back to new? Or any other way to solve this to ensure thyere is no one else accessing my pc data etc.

             

            Thanks,

            realalert

            • 3. Re: how do i remove FakeAlert virus's?
              SamSwift

              Hi,

               

              It spunds like we've removed the infected file but not repaired the payload fully. Running the new Fake Alert Stinger might help - please could you give it a try and report back?

               

              Thanks,

               

              Sam

               

              Also - moving this thread to the Top Threats space

              • 4. Re: how do i remove FakeAlert virus's?

                I'm also interested in these fixes.  One of these Fake Alert attacks brought in a TDSS.e!RootKit.  I 've discussed my case over on that thread.

                 

                It may be that things like desktop files are gone in the first attack and just need to be reconstructed piece by piece.  I found that search by program name can get to the shortcuts in the progam folders.  Then you put the shortcut back on the desktop.

                 

                I seemed to have gotten rid of the payload, but not the damage it caused.

                 

                Point of housekeeping - I can log on with a machine running IE-8 but not with a new one running the latest IE-9.   With that, login from the tool bar gives a looping login screen, i.e. putting name and pass word in the spots and clicking login just gives back the same screen.  Everything normal with the IE-8 I'm now logged in from.  The IE-8 machine has McAfee Virus Scan installed.  The IE-9 machine  is running mcAfee site advisor.

                 

                Thanks for help so far.  I'll probably put the repaired HP machine back on line to get updates soon.

                 

                Joe

                 

                P.S. Have gone back on line with this HP machine and updated Anti virus. Nothing new.  Have also run GetSusp, with only three older NVidia files marked suspicious.

                 

                Going back tor restoration and cleanup.

                 

                Found that making this a trusted site overcame the IE-9 log in looping.

                .

                 

                Message was edited by: joefreeflyer  -  follow up actions on 7/19/11 10:18:30 AM CDT