Security Basics mailing list archives
RE: FakeAlert virus removal
From: "Mike Staples" <mstaples () wvii com>
Date: Tue, 2 Dec 2008 17:05:16 -0500
This situation seems to me more like a computer that is infected with SmitFraud and the suite of Trojans that come with it rather than a website that has a problem. Very often, a keylogger is among those Trojans, so this is a situation that may require changing logon passwords for any service accessed on the computer while the infection was present. SmitFraud can be a bear to remove as it sticks randomly-named dll's in the Winlogon\notify registry area, and it manages to totally reassert itself when only partial removal occurs; I don't believe it can be removed by deleting files and registry entries manually, as it stays a few steps ahead of you, restoring them faster than you can delete them. When the computer is able to be rebooted into Safe Mode, SmitFraudFix usually does a good job; increasingly, I see SmitFraud variants that prevent Safe Mode, causing a reboot when it is attempted. In those cases I've had good luck with SuperAntiSpyware. Googling either of those (from an uninfected machine, of course) should point you in the right direction. Mike Staples
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]On Behalf Of John Williams Sent: Tuesday, December 02, 2008 15:08 To: security-basics () lists securityfocus com Subject: FakeAlert virus removal Dear LIst, I am working with a small local police department to resolve a malware issue on their police web site. When the web site is access directly from a browser address bar, the web site displays properly. But when the web site is accessed via a google search, the "FakeAlert" virus for AntiVirus 2009 takes over the browser. I am interested in a) understanding how this virus operates, and b) advice for removing the virus from the web site. Thank you in advance for your expert advice.
Current thread:
- FakeAlert virus removal John Williams (Dec 02)
- Re: FakeAlert virus removal Alexander Swensen (Dec 02)
- RE: FakeAlert virus removal Sam Stern (Dec 02)
- Re: FakeAlert virus removal Michael Kennedy (Dec 02)
- Re: FakeAlert virus removal Captain Quirk (Dec 02)
- RE: FakeAlert virus removal Mike Staples (Dec 02)
- <Possible follow-ups>
- Re: FakeAlert virus removal Alexander Swensen (Dec 02)
- Re: FakeAlert virus removal jfvanmeter (Dec 03)
- Re: Re: FakeAlert virus removal Anonymous1941 (Dec 09)
- Re: FakeAlert virus removal Ansgar Wiechers (Dec 09)
- Re: FakeAlert virus removal Alexander Swensen (Dec 02)