McAfee > Theat Center > Virus Detail Page

Overview

Similar to other malwares of this family, FakeAlert-D shows a fake warning message, alarming the user that their machine is infected or at risk. The intention behind all the fake messages is drive users to download the advertised antispyware product.

Characteristics

Upon execution the trojan shows a popup balloon with a display message like the one shown in the picture below. It does not create any file or registry key/value.

One of the following messages can be displayed as a fake alert message.

• Windows has detected an Internet attack attempt...
  Somebody's trying to infect your PC with spyware or harmful viruses. Run full system scan now to protect your PC from Internet attacks, hijacking attempts and spyware! Click here to download spyware remove for total protection.
  
• Alert! You are receiving spam!
  This means that your computer is infected with spyware! Scan your computer for spyware and adware now. Click here to visit security center web site for more information.
  
• Danger! Spyware activity detected on your computer!
  Full system scan highly recommended to remove possible malicious spyware. Scan now to remove all spyware and adware! Visit security center web site and download spyware remover to protect your system against spyware and viruses.
  
• Your computer is not protected against spyware!
  Spyware able to steal your data including passwords, credit card numbers, etc. Scan your computer for spyware immediately! System scan is highly recommended by Windows Security Center.
  
• Warning! Your security and privacy are at risk!
  Spyware has been detected on your computer. Click here to run a FULL SYSTEM SCAN to protect your data. (Windows Security Center message)
  
• Warning! Potential spyware operation!
  Your computer is making unauthorized copies of your system and Internet files. Run full scan now to prevent any unauthorized access to your files! Click here to download spyware remover...
  
• Your computer is working slowly!
  Slow operation speed might have been caused by malicious spyware. Download spyware remover now and run full system scan to remove all viruses and spyware from your computer! Click here to start downloading...
  
• Alert! A minimum of 7 spyware entries found.
  To remove all spyware and viruses click here to visit Security Center web site and download spyware remover for total protection.!

Upon clicking the fake warning message the browser will be redirected to http://antispynet.com , directing the users to download an antispyware product "AntiSpywareSoldier". Avert is evaluating this product and will publish more details if this product warrants detection.

 

 

Symptoms

Presence of aforementioned properties.

Method of Infection

Trojans do not self-replicate. They spread manually, often under the premise that the executable is something beneficial. Trojans may also be received as a result of poor security practices, or un-patched machines and vulnerable systems. Distribution channels include IRC, peer-to-peer networks, email, newsgroups postings, etc

Avert Labs has received many submissions of this trojan in the last two days so it may have been mass spammed.

Removal

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

Additional Windows ME/XP removal considerations

Variants

Variants

N/A

All Information

Overview -

Similar to other malwares of this family, FakeAlert-D shows a fake warning message, alarming the user that their machine is infected or at risk. The intention behind all the fake messages is drive users to download the advertised antispyware product.

Characteristics

Characteristics -

Upon execution the trojan shows a popup balloon with a display message like the one shown in the picture below. It does not create any file or registry key/value.

One of the following messages can be displayed as a fake alert message.

• Windows has detected an Internet attack attempt...
  Somebody's trying to infect your PC with spyware or harmful viruses. Run full system scan now to protect your PC from Internet attacks, hijacking attempts and spyware! Click here to download spyware remove for total protection.
  
• Alert! You are receiving spam!
  This means that your computer is infected with spyware! Scan your computer for spyware and adware now. Click here to visit security center web site for more information.
  
• Danger! Spyware activity detected on your computer!
  Full system scan highly recommended to remove possible malicious spyware. Scan now to remove all spyware and adware! Visit security center web site and download spyware remover to protect your system against spyware and viruses.
  
• Your computer is not protected against spyware!
  Spyware able to steal your data including passwords, credit card numbers, etc. Scan your computer for spyware immediately! System scan is highly recommended by Windows Security Center.
  
• Warning! Your security and privacy are at risk!
  Spyware has been detected on your computer. Click here to run a FULL SYSTEM SCAN to protect your data. (Windows Security Center message)
  
• Warning! Potential spyware operation!
  Your computer is making unauthorized copies of your system and Internet files. Run full scan now to prevent any unauthorized access to your files! Click here to download spyware remover...
  
• Your computer is working slowly!
  Slow operation speed might have been caused by malicious spyware. Download spyware remover now and run full system scan to remove all viruses and spyware from your computer! Click here to start downloading...
  
• Alert! A minimum of 7 spyware entries found.
  To remove all spyware and viruses click here to visit Security Center web site and download spyware remover for total protection.!

Upon clicking the fake warning message the browser will be redirected to http://antispynet.com , directing the users to download an antispyware product "AntiSpywareSoldier". Avert is evaluating this product and will publish more details if this product warrants detection.

 

 

Symptoms

Symptoms -

Presence of aforementioned properties.

Method of Infection

Method of Infection -

Trojans do not self-replicate. They spread manually, often under the premise that the executable is something beneficial. Trojans may also be received as a result of poor security practices, or un-patched machines and vulnerable systems. Distribution channels include IRC, peer-to-peer networks, email, newsgroups postings, etc

Avert Labs has received many submissions of this trojan in the last two days so it may have been mass spammed.

Removal -

Removal -

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

Additional Windows ME/XP removal considerations

Variants

Variants -

N/A