4 Replies Latest reply on Mar 28, 2012 7:18 PM by gailk

    Removing Smart Fortress malware

      We are running McAfee VirusScan Enterprise v8.8 and 2 users have malware on their machine called Smart Fortress and have not been able to get rid of it.  It is not detected by McAfee and I find nothing on the McAfee support portal site.


      I have asked the support in the office to check the registry for malware in the Run statement and to start the machine in Safe Mode and run a system scan.


      Anyone else have any experience with removing this?



        • 1. Re: Removing Smart Fortress malware

          Hi Randy,


          its Fake alert Pls follow the link which will be usefull






          For now, restart into safe mode and login as Administrator.


          Start Internet explorer and download the following files:


          Download http://download.bleepingcomputer.com/reg/FixExe.reg and save it to the C:\ folder.

          Download http://download.bleepingcomputer.com/grinler/iExplore.exe and save it to the C:\ folder


          Log off, and still in safe mode, log in as your infected user.


          Navigate to the C:\ folder where you saved the reg file, FixExe.reg, and double-click on it. Allow the data to be merged.


          Run rkill renamed as iExplorer.exe, that should be in your C:\ folder, and let it kill the Smart Fortress process. May need to do this a few times.


          When the Smart Fortress is killed, dont start any programs, and double-click on the FixExe.reg file one more time and allow it to merge.


          Reboot into normal mode.


          Download your favorite security program and clean up the mess.


          MBAM should soon, if not already, be able to clean it!


          If at any time Smart protection start when you try one of the above steps...just double-click and merge the FixExe.reg file!

          • 2. Re: Removing Smart Fortress malware
            Hemant Koli



            Why their is no Solution/Detection from McAfee.......??????

            • 3. Re: Removing Smart Fortress malware

              Hi Hemant,


              No other AV will protect 100 % for FAke alert because no of users receiving different type of mails Looks like valid mail but its questionable Like you have visited illegal site looks like came from FBI etc...So the users getting infect by opening the attachments .


              For example one of our site users received these kind of mails .


              we have tested McAfee found Document.exe in attachment infecting the users so we have created user defined rule and blocked the document.exe and McAfee providede the update for that but still more no of users got infected with the same FAKE ALERT AV because users received  no mails with diff questionable subject line with different attchment (like visited sites , tried to acess the restricted sites, Pls check the information 0f your bank account details etc ..... Not only the users getting infect with FAKE ALERT even visiting illegitimate sites,downloading cracks x rated sites etc 

              Finally onething we  learned instead of blaming AV product support we have to educate the users not to open the unknown mails.


              Message was edited by: lakshmanans on 3/9/12 3:53:26 AM CST
              • 4. Re: Removing Smart Fortress malware

                Hi there, MY computer is vista 64 with McAfee. I just got this smart fortress yesterday. How enoying. I was totally supprised when I couldn't do anything... I couldn't even try and find the files on my harddrive. Grr... And McAfee wasn't working. So this is what I did and it worked for me.

                I rebooted to safemode (f8 while booting) I have Ccleaner installed (this is a free program that  use alot) to check my start up.

                You can use msconfig in run and OK to open system configuration. Look in startup and see if there is a program that looks like it shouldn't be there. Mine was file that had a about 10-20 numbers in the name and was located in my c:\programdata (or something like that). Make sure you disable it in the startup and also delete it from your computer.

                If You are unsure of which one then go on by one through them all and find the location and zip or rar the file then delete it. (This is incase you deleted the wrong file you can go back into safemode and unxip it.)  I rebooted and everything was working great. I downloaded Malwarebytes. It was one of many that actually worked and was truely free. http://www.malwarebytes.org/products/malwarebytes_free. So for now everything is working great and I'm a happy camper Hope this helps!!