Saturday, January 24, 2009

FakeAlert Trojan

Removing FakeAlert
Categories: Trojan,Downloader,Hoax
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
A HOAX is a false email message warning the recipient
of a virus that is going around. The message usually serves as a chain e-mail that
tells the recipient to forward it to everyone they know.


FakeAlert Also known as:

[Kaspersky]Hoax.Win32.Renos.eq,Trojan-Clicker.Win32.Agent.is;
[McAfee]FakeAlert-D,FakeAlert-H,FakeAlert-U;
[F-Prot]W32/FakeAlert.DS;
[Other]Win32.Cadux.AU,Trojan.Fakealert.196,TR/SpyCleaner.A,Win32/Vaxkat,Downloader,W32/Agent.BRAT,Troj/Clicker-EF

Visible Symptoms:
Files in system folders:
[%INTERNET_CACHE%]\Content.IE5\KPCZQPW7\vwjrmrmur[1].htm
[%WINDOWS%]\system32fab.exe
[%SYSTEM%]\tcpipmon.exe
[%SYSTEM%]\winblsrv.dll
[%SYSTEM%]\ctpmon.exe
[%INTERNET_CACHE%]\Content.IE5\KPCZQPW7\vwjrmrmur[1].htm
[%WINDOWS%]\system32fab.exe
[%SYSTEM%]\tcpipmon.exe
[%SYSTEM%]\winblsrv.dll
[%SYSTEM%]\ctpmon.exe

How to detect FakeAlert:

Files:
[%INTERNET_CACHE%]\Content.IE5\KPCZQPW7\vwjrmrmur[1].htm
[%WINDOWS%]\system32fab.exe
[%SYSTEM%]\tcpipmon.exe
[%SYSTEM%]\winblsrv.dll
[%SYSTEM%]\ctpmon.exe
[%INTERNET_CACHE%]\Content.IE5\KPCZQPW7\vwjrmrmur[1].htm
[%WINDOWS%]\system32fab.exe
[%SYSTEM%]\tcpipmon.exe
[%SYSTEM%]\winblsrv.dll
[%SYSTEM%]\ctpmon.exe

Registry Keys:
HKEY_CLASSES_ROOT\650ef38e.axb8
HKEY_CLASSES_ROOT\650ef38f.ds45
HKEY_CLASSES_ROOT\6fa10094.vcsd
HKEY_CLASSES_ROOT\767960fa.ccas
HKEY_CLASSES_ROOT\767960fb.2345
HKEY_CLASSES_ROOT\7fe62cc2.bctp
HKEY_CLASSES_ROOT\877faba2.2dfh
HKEY_CLASSES_ROOT\8dcb614a.afbs
HKEY_CLASSES_ROOT\94ad4b18.3hpo
HKEY_CLASSES_ROOT\adfghost.cli
HKEY_CLASSES_ROOT\bprintinghost.serv
HKEY_CLASSES_ROOT\c5621605.dhcp
HKEY_CLASSES_ROOT\svshost1.dhcp
HKEY_CLASSES_ROOT\svshost10.3hpo
HKEY_CLASSES_ROOT\svshost11.cs35
HKEY_CLASSES_ROOT\svshost12.varh
HKEY_CLASSES_ROOT\svshost13.fpol
HKEY_CLASSES_ROOT\svshost14.knbs
HKEY_CLASSES_ROOT\svshost15.kbns
HKEY_CLASSES_ROOT\svshost2.axb8
HKEY_CLASSES_ROOT\svshost3.ds45
HKEY_CLASSES_ROOT\svshost4.vcsd
HKEY_CLASSES_ROOT\svshost5.ccas
HKEY_CLASSES_ROOT\svshost6.2345
HKEY_CLASSES_ROOT\svshost7.bctp
HKEY_CLASSES_ROOT\svshost8.2dfh
HKEY_CLASSES_ROOT\svshost9.afbs
HKEY_CLASSES_ROOT\svshostt.arty
HKEY_CLASSES_ROOT\ntservice.control.1
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winalert

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing FakeAlert:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing VCL.Restart Trojan
Removing Backdoor.SubSeven.PSW Backdoor
Vxidl.AMF Trojan Cleaner
Bancos.HRV Trojan Removal
Removing Pigeon.EJZ Trojan

No comments: