FakeAlert-K Virus

Status
Not open for further replies.
This is one nasty virus. Very hard to get rid of. Following the instructions for topic 58138 and after a long process it worked!
Here are the attachements from AVG antispywear,Combofix, HJT.

Worked very well.

Virus was created on 6/7/2007 or thereabouts and is really very dangerous. Clogs up your system with useless message about virus and that you have to download a specific program to get rid of it. I went searching around the net to find out how to get rid of it and found at least 2 dummy message boards stating how bad it was and how to get rid of it you need to download the software that it was advertising.

Hope this helps.
Thanks to the help!
 
Hello and welcome to TechSpot.

I've seen evidence of the FakeAlert virus in your HJT log.

Step 1:

Run HijackThis with no other programs open and do a system scan. Place a check in the box next to the following entries (if there):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O17 - HKLM\System\CCS\Services\Tcpip\..\{ADAF7812-879D-4431-8CEE-4DA4B9D4CBED}: NameServer = 85.255.113.122,85.255.112.169

O22 - SharedTaskScheduler: hundi - {596e4935-4d3b-4a3c-842d-2efd1b3de598} - E:\WINNT\system32\pjgerka.dll

Click the Fix Checked button. Close HJT.

Step 2:

Navigate to virusscan.jotti.org.

Enter the following into the text box at the top of the page.

E:\Documents and Settings\Mike\Downloads\msconfig.exe

Click the Submit button.

Please post the results here.

Step 3:

Please download FixWareout from here or here.

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.

The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Step 4:

Please download SmitFraudFix from here. Save it to your desktop.

Double-click smitfraudfix.exe
Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt

Boot into safe mode, under your normal user name (not the administrator account). See how HERE.

Double-click smitfraudfix.exe

Select 2 and hit Enter to delete infected files.

You will be prompted: Do you want to clean the registry? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file? answer Y (yes) and hit Enter to restore a clean file.

A reboot may be needed to finish the cleaning process.

Step 5:

Please post fresh HijackThis, ComboFix, and AVG Anti-Spyware logs as attachments into this thread. Also post the results of the Jotti virus scan, as well as the SmitFraudFix log (located at E:\rapport.txt).

Regards :)

This thread is for the use of speedoboyny only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
 
Status
Not open for further replies.
Back