|
 |
|
Remove Trojan.FakeAV Alert
Although this threat is named Trojan FakeAValert, it is very real and very annoying. FakeAValert trojan is not a destructive one, but it can easily trick people into installing corrupt security tools and purchasing nonfunctional software.
Trojan FakeAValert delivers pop-ups that are disguised to look like security warnings loaded by Windows operating system. The alert contains the following text:
“Warning! Potential Spyware Operation
Your computer is making unauthorized copies of your system and Internet files. Run full scan now to pervent any unathorised access to your files! Click YES to download spyware remover …”
The warnings are falsified in order to push people into buying fake security tools. If user clicks on pop-up loaded by Trojan FakeAValert, he or she is offered purchasing some of the rogue anti-spywares. The pop-ups are loaded regularly to scare people. Trojan FakeAValert causes system slow down. It is able to turn off firewalls and other security tools.
Trojan FakeAValert is Dangerous
Trojan FakeAValert is Adware that can present itself as a toolbar
Trojan FakeAValert logs your internet browsing history
Trojan FakeAValert displays lots of annoying advertisements
Trojan FakeAValert may infect your system via spyware or freeware
Trojan FakeAValert may repair its files, spread or update by itself
Trojan FakeAValert may prove difficult or impossible to remove
Trojan FakeAValert violates your privacy and compromises your security
To Remove this trojan manually:
Stop these Trojan FakeAValert processes:
system.exe
autorun.exe
printer.exe
WinAvXX.exe
Remove these Trojan FakeAValert Registry Entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”WinAVX” = “%System%\WinAvXX.exe”
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”WinAVX” = “%System%\WinAvXX.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\”Shell” = “Explorer.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\”Shell” = “Explorer.exe %System%\printer.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\0\”1200″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\0\”1201″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\0\”1208″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\0\”1608″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\0\”1804″ = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\0\”2500″ = “3″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\1\”1200″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\1\”1201″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\1\”1208″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\1\”1608″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\1\”1804″ = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\1\”2500″ = “3″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\2\”1200″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\2\”1201″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\2\”1208″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\2\”1608″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\2\”1804″ = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\2\”2500″ = “3″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\3\”1200″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\3\”1201″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\3\”1208″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\3\”1608″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\3\”1804″ = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\3\”2500″ = “3″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\4\”1200″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\4\”1201″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\4\”1208″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\4\”1608″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\4\”1804″ = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\4\”2500″ = “3″
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\”Enable Browser Extensions” = “yes”
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\
FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Windir%\system32\”winav.exe” = “%Windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019″
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Windir%\system32\”winav.exe” = “%Windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019″
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\
FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Windir%\system32\”winav.exe” = “%Windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019″
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Windir%\system32\”winav.exe” = “%Windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019″
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Windir%\system32\”winav.exe” = “%Windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019″
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Windir%\system32\”winav.exe” = “%Windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019″
HKEY_CLASSES_ROOT\.htm\”(Default Value)” = “htmlfile”
HKEY_CLASSES_ROOT\.html\”(Default Value)” = “htmlfile”
HKEY_CLASSES_ROOT\.shtml\”(Default Value)” = “htmlfile”
HKEY_CLASSES_ROOT\.xht\”(Default Value)” = “htmlfile”
HKEY_CLASSES_ROOT\.xhtml\”(Default Value)” = “htmlfile”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\”EnableBalloonTips” = “1″
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\”EnableBalloonTips” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
system\”DisableTaskMgr” = “1″
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
system\”DisableTaskMgr” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer\”NoControlPanel” = “1″
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer\”NoControlPanel” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
system\”DisableRegistryTools” = “1″
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
system\”DisableRegistryTools” = “1″
HKEY_CURRENT_USER\Software\Policies\Microsoft\windows\Windows Update\
”NoAutoUpdate” = “1″
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\
AU\”NoAutoUpdate” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer\”NoWindowsUpdate” = “1″
HKEY_CLASSES_ROOT\gopher\shell\open\command\:”"C:\Program Files\
Internet Explorer\”iexplore.exe” = “-nohome”
HKEY_CLASSES_ROOT\gopher\shell\open\command\: “”C:\Program Files\
Internet Explorer\”iexplore.exe” = “%1″
HKEY_CLASSES_ROOT\HTTP\shell\open\command\: “”C:\Program Files\Internet Explorer\”iexplore.exe” = “-nohome”
HKEY_CLASSES_ROOT\HTTP\shell\open\command\: “”C:\Program Files\Internet Explorer\”iexplore.exe” = “%1″
HKEY_CLASSES_ROOT\https\shell\open\command\: “”C:\Program Files\Internet Explorer\”iexplore.exe” = “-nohome”
HKEY_CLASSES_ROOT\https\shell\open\command\: “”C:\Program Files\Internet Explorer\”iexplore.exe” = “%1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\”Default_Search_URL” = “http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\”Default_Search_URL” = “http://www.google.com/ie”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\”Search Page” = “http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\”Search Page” = “http://www.google.com”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\”Start Page” = “http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\”Start Page” = “http://www.google.com”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\”Start Page” = “http://www.google.com/”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\”Start Page” = “http://www.google.com”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\”Search Page” = “http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\”Search Page” = “http://www.google.com”
Remove these Trojan FakeAValert files:
%UserProfile%\Start Menu\Programs\Startup\system.exe
C:\Documents and Settings\All Users\ Start Menu\Programs\Startup\autorun.exe
%System%\printer.exe
%System%\WinAvXX.exe
|
| | |
 |
|
|
Anti Virus - Spyware Removal - Trojan Removal - Registry Repair