Home > New Threats > Remove FakeAlert – Overview and Removal Guide

Remove FakeAlert – Overview and Removal Guide

July 4th, 2009
Goto comments Leave a comment

quick-look

 


 

FakeAlert
Trojan.FakeAlert, Trojan.Agent.BE
 ★★★★★★★★★½ 
Trojan
1. Changes computer settings and registers fake infection results.
  2. Masquerades as a legitimate program and hides itself from you as the user.
  3. Can change your PC’s security settings.
  4. Saps system function and stays resident in the background.

Click here for your removal guide.

 

overview-white

If you have found this site, it’s because your computer is probably infected with the FakeAlert Trojan threat.

First things first, don’t panic!

The FakeAlert Trojan threat is one of the more dangerous malware threats on the Internet today, and is notoriously difficult to remove from your computer. With that said, early detection and thorough removal of the threat will get you back up and running in less than ten minutes – and this site is your one-stop-shop, giving you the step-by-step instructions needed to completely remove this ‘Net nasty from your PC.

What is FakeAlert, and What Does It Do?

FakeAlert is an special kind of malware called a Trojan that is downloaded onto your computer by being sneakily bundled up with a freeware program, application or piece of software. Trojans carry what are known as payloads – groups of malicious programs that install themselves onto your computer that serve unwanted ads right up to recruiting your PC as part of a botnet, allowing your PC to be controlled by a third party.

FakeAlert is typically bundled up with a fake anti-spyware tool and changes your desktop screensaver, advising that you have multiple spyware infections. FakeAlert can also deliver other dangerous malware threats, most commonly keyloggers and programs allowing remote third party control of your PC. FakeAlert will also sap your computer’s performance and leave the backdoor wide open, allowing other malware threats to creep onto your computer.

What Should You Do Now?

FakeAlert is a dangerous malware threat and can have serious effects on your online and offline life – It is strongly recommended that you get rid of this Trojan immeditately.

Our easy to follow guide will take you through the steps that you’ll need to follow to permanently delete this threat from your computer.

Click here for your removal guide.

 

removal-options

Automatic Removal (Recommended)

Using a dedicated anti-malware tool is the quickest, easiest and most convenient way of removing this threat as well as the added benefit of protecting your computer from future infections.

Our simple six-step guide will have your computer back to you as good as new in less than ten minutes so you can spend less time worrying about malware and more time enjoying your PC and the Internet.

 

Click here for your removal guide.

 

 

related-articles4

Four Ways Trojans Work To Compromise Your Online Safety

 

threat-properties

File System Modifications:

  • %CommonAppData%\Microsoft\Network\Downloader\qmgr0.dat
  • %CommonAppData%\Microsoft\Network\Downloader\qmgr1.dat
  • %AppData%\bhs.bat
  • %Windir%\ieocx.dll

Registry Keys Created

  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39fc2065-c9c7-49cd-8942-44cc2dedc844}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39fc2065-c9c7-49cd-8942-44cc2dedc844}\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39fc2065-c9c7-49cd-8942-44cc2dedc844}\ProgID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39fc2065-c9c7-49cd-8942-44cc2dedc844}\Programmable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39fc2065-c9c7-49cd-8942-44cc2dedc844}\TypeLib
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39fc2065-c9c7-49cd-8942-44cc2dedc844}\VersionIndependentProgID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}\ProxyStubClsid
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}\ProxyStubClsid32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}\TypeLib
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}\1.0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}\1.0\0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}\1.0\0\win32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}\1.0\FLAGS
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}\1.0\HELPDIR
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinInetApp.WinInet
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinInetApp.WinInet\CLSID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinInetApp.WinInet\CurVer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinInetApp.WinInet.1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinInetApp.WinInet.1\CLSID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39fc2065-c9c7-49cd-8942-44cc2dedc844}
  • HKEY_CURRENT_USER\Software\WinPC Defender

Registry Values Created

  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39fc2065-c9c7-49cd-8942-44cc2dedc844}\VersionIndependentProgID]
    • (Default) = “WinInetApp.WinInet”
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39fc2065-c9c7-49cd-8942-44cc2dedc844}\TypeLib]
    • (Default) = “{b360243e-09e8-402f-8721-00b6798089ad}”
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39fc2065-c9c7-49cd-8942-44cc2dedc844}\ProgID]
    • (Default) = “WinInetApp.WinInet.1″
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39fc2065-c9c7-49cd-8942-44cc2dedc844}\InprocServer32]
    • (Default) = “%Windir%\ieocx.dll”
    • ThreadingModel = “Apartment”
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39fc2065-c9c7-49cd-8942-44cc2dedc844}]
    • (Default) = “WinInet Class”
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}\TypeLib]
    • (Default) = “{B360243E-09E8-402F-8721-00B6798089AD}”
    • Version = “1.0″
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}\ProxyStubClsid32]
    • (Default) = “{00020420-0000-0000-C000-000000000046}”
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}\ProxyStubClsid]
    • (Default) = “{00020420-0000-0000-C000-000000000046}”
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}]
    • (Default) = “_IBhoAppEvents”
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib]
    • (Default) = “{B360243E-09E8-402F-8721-00B6798089AD}”
    • Version = “1.0″
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid32]
    • (Default) = “{00020424-0000-0000-C000-000000000046}”
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid]
    • (Default) = “{00020424-0000-0000-C000-000000000046}”
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}]
    • (Default) = “IBhoApp”
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}\1.0\0\win32]
    • (Default) = “%Windir%\ieocx.dll”
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}\1.0\HELPDIR]
    • (Default) = “%Windir%\”
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}\1.0\FLAGS]
    • (Default) = “0″
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}\1.0]
    • (Default) = “WinInet 1.0 Type Library”
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinInetApp.WinInet\CurVer]
    • (Default) = “WinInetApp.WinInet.1″
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinInetApp.WinInet\CLSID]
    • (Default) = “{39fc2065-c9c7-49cd-8942-44cc2dedc844}”
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinInetApp.WinInet]
    • (Default) = “WinInet Class”
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinInetApp.WinInet.1\CLSID]
    • (Default) = “{39fc2065-c9c7-49cd-8942-44cc2dedc844}”
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinInetApp.WinInet.1]
    • (Default) = “WinInet Class”
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    • AntiVirusDisableNotify = “1″
    • FirewallDisableNotify = “1″
    • UpdatesDisableNotify = “1″

    • to disable notification of firewall, antivirus and/or update status through the Windows Security Center

  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39fc2065-c9c7-49cd-8942-44cc2dedc844}]
    • NoExplorer = 0×00000001
  • [HKEY_CURRENT_USER\Control Panel\don't load]
    • scui.cpl = “No”
    • wscui.cpl = “No”
  • [HKEY_CURRENT_USER\Software\WinPC Defender]
    • Minimize = “0″
    • Start = “1″
    • Scan = “1″
    • id = “”
    • UpdateDate = “28-06-2009″
    • fstart = “1″
    • site = “http://2payon.com/pp/?id=”
  • The following Registry Value was deleted:
    • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
      • AntiVirusDisableNotify = 0×00000001
      • FirewallDisableNotify = 0×00000001
      • UpdatesDisableNotify = 0×00000001
  1. No comments yet.
Privacy Statement & General DisclaimerComputer Blogs - BlogCatalog Blog Directoryblogarama - the blog directoryBlog Directory