removing trojan fakealert.H

  ami 19:06 PM 06 Nov 11

Hi all, Running a fully patched Windows XP Pro on a Toshiba laptop, with fully up-dated Panda Anti-Virus Pro and Malwarebytes. I've started getting Panda pop-up alerts of a virus, variously identified as W32/cosmu.L or Trj/Ramnit.A and that it has been neutralised and the file disinfected. This happens at approx 1 minute intervals and the file and the virus is different each time. A full scan with Panda after disabling system restore reveals no infection but Malwarebytes finds the trojan fakealert.H. It reports that it has been removed and the registry values will be deleted on re-boot, but no deletion takes place and the problem remains. Malwarebytes support says it can fully remove fake alert - but it would seem it can't. Does anyone have any suggestions? It may or may not be connected but safe mode has also become inaccessable, giving a BSOD instead.

  Fruit Bat /\0/\ 19:18 PM 06 Nov 11

Search and kill the following processes

press, “Alt+Ctrl+Delete“, then click on “Task Manager” processes tab

Now select the file name and then click on “End Task” to kill the process.

ckvo.exe, yfezaxup.exe

Remove Trojan.FakeAlert.H .exe & dlls files

“Start” then “Run” in the Run command box, type “cmd“, and then click on “OK” Type

“regsvr32 /u filename.dll” where “filename” is the name of the file that you like to Unregister.


Remove/Modify corrupt Registry Values

“Start” then “Run“ in the Run command box, type “regedit“, and then click on “OK”

Use the search option of Registry Editor, just Press “Ctrl + F” to locate the key that contain the value you want to delete or modify.

  ami 19:50 PM 06 Nov 11

Thanks fruit bat for those very clear instructions. Just one small querry, which mat be down to the posting window, where is cmdutilsys and ibunstcj?

  Fruit Bat /\0/\ 19:54 PM 06 Nov 11

You will need to Ctrl F search the registry for them.

  birdface 20:00 PM 06 Nov 11

If no luck with above maybe go to this Forum and sign in.

They are very good at getting your computer clean but are always busy so may take a couple of days.

  ami 17:28 PM 09 Nov 11

Ok, latest news on Fake Alert trojan, if that's what it is. None of the entries listed by Fruit Bat are present - Sorry Fruit Bat. A full scan with the latest Panda Anti-Virus Pro 2012 reveals 14 infected files, says is has deleted them but it doesn't. Trojan Remover 6.8.2 finds lots of dodgy reistry entries and suspect files, says it has deleted them and hasn't. Malwarebytes finds just two infections, C:\Docs and settings\username\local settings\application data\rigphigg\aoxcvwou.exe and HKEYCURRENTUSER_SOFTWARE\microsoft\windows\current version\run\aoxcvwou, says is has deleted both but doesn't. A manual try at deleting the above registry entry results in it magically reappearing before your very eyes. As I couldn't access any security web pages I downloaded the Panda 2012 and Trojan remover onto a memory stick in another computer. As soon as the memory stick was plugged into the laptop a folder called Recycler installed itself, inside this folder are numerous .exe files, all unknown to me, and which multiply each time a fake virus warning pops up. The 'fake' viruses are, amongst others, Trj/Starter.G, Trj/Ramnit.A, and W32/Cosmu.L Oh and aoxcvwou.exe does not appear as a running process in Task Manager and none of the above files or folders can be deleted manually. Wow! Lot of infothere, can anyone hepl decyper it?

  Fruit Bat /\0/\ 18:04 PM 09 Nov 11
  1. switch off system restore

  2. reboot the machine into safemode

  3. run your virus and antimalware programs delete what they find

  4. reboot the machine

5 rescan and see what comes up.

  ami 19:18 PM 09 Nov 11

I'm afraid the computer won't boot into safe mode, I get a BSOD when I try, I assume the virus/trojon is stopping safe mode opening. I switched off System Restore when I first tried to deal with this problem but it hasn't helped.

  birdface 19:54 PM 09 Nov 11

Maybe go to this forum and sign in and wait for instructions.

Like I said before it may take a few days but they will clean your computer for you if possible.

Or go to the other forum that I mentioned.Both are very good.

You can also carry on here until one of the forums contact you then you have to follow their advice.


This thread is now locked and can not be replied to.

How to watch Rugby World Cup 2015 online: Watch live, catch up on-demand & stream the 2015 Rugby…

1995-2015: How technology has changed the world in 20 years

How to watch Adobe Max 2015: See Adobe unveil new Creative Cloud features for Photoshop,…

Live Photo tips: How to take Live Photos on the iPhone 6s, how to view, share, edit and find Live…