How to identify and remove FakeAlert TrojansEnvironment
Affected Operating Systems:
All Windows operating systems
New variants of the FakeAlert-AZ Trojan are periodically released and can infect computers. This Trojan affects products from multiple security companies, including McAfee.
If your system is infected with this Trojan, your web browser and other Internet applications cannot access the intended website, and are instead redirected to unwanted websites or receive a Page cannot be displayed error. These errors occur when you attempt to update your McAfee products, virus definition (DAT) files, or access McAfee websites. If you are a new customer and are trying to install McAfee software, the unwanted site might be displayed within the McAfee Download Manager window.
Additionally, you might see numerous popups similar to these shown below:
Fake or rogue software and FakeAlert Trojans are illegitimate security applications that are presented as valid, for monetary gain. This scam involves the distribution or aggressive promotion of a Trojan disguised as legitimate security software. While these programs usually use scare tactics and behave aggressively, it may still be difficult to recognize the illegitimate behavior and distinguish a valid product from a fake or rogue software product. DO NOT GIVE YOUR CREDIT CARD OR PERSONAL INFORMATION. Below is an example of how this family of malware will present itself:
Other common symptoms of an infection include:
- Multiple pop-up messages stating that your system is infected, with prompts to download specific software to remove the infection.
- Notifications from an application that you have never seen before stating that there are an unusually high number of viruses or other malware on your computer. The application will not clean the infections unless you purchase the product.
- New icons for an unknown program appear on your desktop or in the taskbar beside your clock.
- Unexpected network connections to unknown domain(s): when you open your web browser or while browsing the Internet, you are directed to a page other than your home page or intended destination.
IMPORTANT: Do not click directly on these pop-up messages, even to close them. Clicking Cancel or the X in the top right corner can sometimes cause the application to install itself.
If you receive an unexpected message from a rogue application, use the steps below to close the task:
- Right-click an empty spot on your Windows taskbar and select Task Manager.
- Click the Applications tab, highlight the false notification message, then click End Task.
- If you are unable to end the task in this manner, shut down and restart your computer to clear the notification. This will not remove the malware, but will allow you use of your computer so you can then remove the infection.
McAfee recommends that you clear the cached (stored) data in your web browser after ending the malware task, then download and run the Stinger tool.
- Clear your browser cache:
- Click Tools, Internet Options.
- Under Browsing History, click Delete.
- Click Delete Files.
- Click Yes.
- Click Delete Cookies.
- Click Yes.
- Click Tools and select Clear Private Data.
- Ensure only Cache, Cookies, and Offline Website Data are selected.
- Click Clear Private Data Now.
- In your web browser, go to the McAfee Labs Stinger page:
- Click Download this tool now.
- Click Download Now and save the Stinger to your desktop.
IMPORTANT: McAfee Labs recommends that you disable the Windows System Restore feature before you run Stinger, because many threats can save copies of themselves to your restore points. Disabling System Restore will delete your existing restore points, so you will be unable to use System Restore until you re-enable it and create new restore points. For instructions on how to disable System Restore, click the following link:
- Double-click the Stinger application you saved to your desktop.
NOTE: If you are a Windows 7 or Windows Vista user, right-click the file and select Run As Administrator.
- If a security warning is displayed, click Continue or Run.
- Click Add or Browse to add additional drives or directories (by default, Stinger scans the entire C: drive).
- Click Scan Now. Stinger repairs all infected files found.
To enable Artemis Technology in Stinger, click Preferences
and then select the required sensitivity level. If you select High
or Very High
, McAfee Labs recommends that you set the On virus detection
action to Report only
for the first scan to make sure valid files are not accidentally removed.Related Information
If you are unable to access your download after running the Stinger tool, you might have a new or different variant of the FakeAlert-AZ Trojan. Follow the procedure in article TS100095 to submit a sample to McAfee Labs.
If you require additional assistance with virus removal you can contact our Virus Removal service by clicking here: http://service.mcafee.com/SpecializedServiceHome.aspx?lc=1033&sg=VR.
If you require product support, click the following link to contact McAfee Technical Support: http://service.mcafee.com/TechSupportHome.aspx?lc=1033&sg=TS.
See the McAfee Threat Center for more information about FakeAlert Trojans and other malware: http://www.mcafee.com/us/threat_center/default.asp.