NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  

Remove Trojan FakeAValert. Description and removal instructions

 
Title: Trojan FakeAValert
 Also known as: FakeAValert, TrojanFakeAValert
Type:
Severity scale:Trojan FakeAValert severity is 70  (70 / 100)
 
Trojan FakeAValert is a malware that promotes fake security tools. It loads annoying pop-ups and slows down computer’s performance. FakeAValert also disables various security tools including firewalls. This greatly lowers computer’s security settings and leaves a machine opened for other malwares.

The main purpose of Trojan FakeAValert is intimidating people with falsified security alerts. If clicked upon, the alerts recommend downloading rogue security tools and paying for a license. All the programs offered by Trojan FakeAValert are fake, but the alerts loaded by this trojan are very convincing. The pop-ups delivers the following message:

“Warning! Potential Spyware Operation
Your computer is making unauthorized copies of your system and Internet files. Run full scan now to pervent any unathorised access to your files! Click YES to download spyware remover …”

The warning may look like official message loaded by MS Windows, but if you take a closer look, you will find spelling mistakes and lack of logic. Do not trust Trojan FakeAValert and do not purchase applications recommended by this trojan.

FORUM:
Discuss Trojan FakeAValert in
spyware removal forum

Related files: system.exe, autorun.exe, printer.exe, WinAvXX.exe

Trojan FakeAValert properties:
• Shows commercial adverts
• Connects itself to the internet
• Stays resident in background

Trojan FakeAValert snapshot:
Trojan FakeAValert removal

Automatic Trojan FakeAValert removal:

remover for Trojan FakeAValert

Trojan FakeAValert manual removal:

Kill processes:
system.exe autorun.exe printer.exe WinAvXX.exe
HELP:
how to kill malicious processes

Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”WinAVX” = “%System%\WinAvXX.exe”
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”WinAVX” = “%System%\WinAvXX.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\”Shell” = “Explorer.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\”Shell” = “Explorer.exe %System%\printer.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\0\”1200″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\0\”1201″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\0\”1208″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\0\”1608″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\0\”1804″ = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\0\”2500″ = “3″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\1\”1200″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\1\”1201″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\1\”1208″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\1\”1608″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\1\”1804″ = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\1\”2500″ = “3″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\2\”1200″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\2\”1201″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\2\”1208″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\2\”1608″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\2\”1804″ = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\2\”2500″ = “3″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\3\”1200″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\3\”1201″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\3\”1208″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\3\”1608″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\3\”1804″ = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\3\”2500″ = “3″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\4\”1200″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\4\”1201″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\4\”1208″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\4\”1608″ = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\4\”1804″ = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\4\”2500″ = “3″
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\”Enable Browser Extensions” = “yes”
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Windir%\system32\”winav.exe” = “%Windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019″
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Windir%\system32\”winav.exe” = “%Windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019″
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Windir%\system32\”winav.exe” = “%Windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019″
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Windir%\system32\”winav.exe” = “%Windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019″
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Windir%\system32\”winav.exe” = “%Windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019″
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Windir%\system32\”winav.exe” = “%Windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019″
HKEY_CLASSES_ROOT\.htm\”(Default Value)” = “htmlfile”
HKEY_CLASSES_ROOT\.html\”(Default Value)” = “htmlfile”
HKEY_CLASSES_ROOT\.shtml\”(Default Value)” = “htmlfile”
HKEY_CLASSES_ROOT\.xht\”(Default Value)” = “htmlfile”
HKEY_CLASSES_ROOT\.xhtml\”(Default Value)” = “htmlfile”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\”EnableBalloonTips” = “1″
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\”EnableBalloonTips” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\”DisableTaskMgr” = “1″
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\”DisableTaskMgr” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\”NoControlPanel” = “1″
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\”NoControlPanel” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\”DisableRegistryTools” = “1″
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\”DisableRegistryTools” = “1″
HKEY_CURRENT_USER\Software\Policies\Microsoft\windows\Windows Update\”NoAutoUpdate” = “1″
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\”NoAutoUpdate” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\”NoWindowsUpdate” = “1″
HKEY_CLASSES_ROOT\gopher\shell\open\command\:”"C:\Program Files\Internet Explorer\”iexplore.exe” = “-nohome”
HKEY_CLASSES_ROOT\gopher\shell\open\command\: “”C:\Program Files\Internet Explorer\”iexplore.exe” = “%1″
HKEY_CLASSES_ROOT\HTTP\shell\open\command\: “”C:\Program Files\Internet Explorer\”iexplore.exe” = “-nohome”
HKEY_CLASSES_ROOT\HTTP\shell\open\command\: “”C:\Program Files\Internet Explorer\”iexplore.exe” = “%1″
HKEY_CLASSES_ROOT\https\shell\open\command\: “”C:\Program Files\Internet Explorer\”iexplore.exe” = “-nohome”
HKEY_CLASSES_ROOT\https\shell\open\command\: “”C:\Program Files\Internet Explorer\”iexplore.exe” = “%1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\”Default_Search_URL” = “http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\”Default_Search_URL” = “http://www.google.com/ie”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\”Search Page” = “http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\”Search Page” = “http://www.google.com”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\”Start Page” = “http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\”Start Page” = “http://www.google.com”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\”Start Page” = “http://www.google.com/”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\”Start Page” = “http://www.google.com”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\”Search Page” = “http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\”Search Page” = “http://www.google.com”
HELP:
how to remove registry entries

Delete files:
UserProfile\\Start Menu\\Programs\\Startup\\system.exe C:\\Documents and Settings\\All Users\\ Start Menu\\Programs\\Startup\\autorun.exe System\\printer.exe System\\WinAvXX.exe
HELP:
how to remove harmful files

Other programs to remove Trojan FakeAValert:

• Malwarebytes Anti Malware - Review - Download
• Malwarebytes Anti Malware - Review - Download
• Windows Defender - Review - Download

Information added: 12/11/08
Information updated: 12/11/08

Additional resources related to Trojan FakeAValert:

Attention: If you know or you have a website or page about Trojan FakeAValert removal, feel free to add a link to this list: add url



more resources

Post Comment:

Attention: Use this form only if you have additional information about Trojan FakeAValert parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.



Enter security code:

Latest spyware news:
Similar parasites:
Latest Spyware Threats: VirusProtect Pro | VirusLocker | SpyCrush | ContraVirus | SpyLocked | SpyDawn | AntiVerminser | SpywareQuake | VirusBurst | AntiVermins | AntiVermeans | Zlob | PopCorn.net | MovieLand | TagASaurus | BraveSentry | VirusBurster | SystemDoctor | VirusRescue | MalwareWipe | SpySheriff | CmdService | Smitfraud | SpywareStrike | WinFixer | WinHound | PestTrap | UnSpyPC
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2008 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.