2 Replies Latest reply on Jul 20, 2011 4:47 PM by pammirab

    Has lic.exe Fake security Notice been Defeated?

      After suffering with a root kit on my HP running XP last month, my wife had a fake virus alert running from a program called lic.exe today on the Toshiba laptop she was using.  It was running McAfee Virus Scan.  She was at a sewing center site.

       

      I used the techniques in McAfee Document ID: TS100767 to end task for lic.exe and also deteleted internet temp files and cookies.

       

      Then I loaded GetSusp and ran it.  It detected  lic.exe as suspicious and made a captured zip file of it. I hope it was sent successfully.

       

      I hope this works.  I didn't see this problem on the computer I'm loggged in on now.

       

      Has this fake alert been stopped?

       

      3 hrs later - Got on computer and fake alert still there and still found by GetSusp..

       

      I manually deleted it by unhiding the path to it, then scanned again with GetSusp and it's not there.

       

      I am scanning with today's update of VirusScan.

       

      What else should I do?

       

      .

       

      Message was edited by: joefreeflyer  to add latest actions on 7/20/11 3:29:10 PM CDT
        • 1. Re: Has lic.exe Fake security Notice been Defeated?

          Hello,

           

          If you are still getting fake alerts please try our FakeAlert Stinger tool in the first instance -  ***Download FakeAlert Removal Tool Here***. We recommend you to use the 'Fix to scan' option first - instructions for which are on the link for the stinger.

           

          If this does not resolve the issue please let us know what is the Analysis ID you received when submitted your getsusp files for analysis. This will help us on investigate the files further and add detection and cleaning properly.

           

          Hope this helps!

           

          Patty

          • 2. Re: Has lic.exe Fake security Notice been Defeated?

            Patty

             

            So far so good.  The Virus scan had not detected anything, after I deleted the suspicious file found by GetSusp.  The package I had sent was identified (beta_detected) as a Trojan called  fakealert-rena.p  .

             

            Logging into Yahoo mail gave no recurrence of the problem.  My wife has not tried the sewing site yet.

             

            Thanks for your advice

             

            Joe