GenericFakeAlert!htm(Trojan) - Detected by McAfee

Discussion in 'Malware Help (A Specialist Will Reply)' started by Jabinjax, Sep 2, 2009.

  1. Jabinjax

    Jabinjax Private E-2

    On 9/2/09 I was acccessing a website called (I think) inselhaus.com, when Mcafee detected a GenericFakeAlert(trojan). McAfee claims they quarantined the two files in question, but I would appreciate it if you would check my attached logs to make sure I'm clean.

    I do not appear to be having any problems at the present time.

    I had a similar problem on 7/18 and Tim W helped me resolve those issues. For reference here is a link to that thread if you think it would be of assistance in analyzing today's threat:

    http://home.mcafee.com/Root/Newslet...d=n2SUt+8iJAmCYpwOrEbpYn4MUB8KSrbLRsZgpPJip1M

    I followed all the steps in the READ and RUN ME FIRST guide and all my log files are attached.

    All the scans ran in normal mode on my PC. I did encounter a couple of anomolies during the runs as follows:

    1. When I had the problems back on 7/16 I could only get SUPERAntispyware to run by downloading the free version from the SAS website and renaming it to Text.exe and running in SAFE mode. With today's problem I decided to download a fresh version of SAS to clean things up, but during the install process I got a message saying SAS already existed on my computer and the older version needed to be uninstalled. The SAS uninstall process did not work. I assume this may have something to do with my renaming the earlier version to Text.exe. Note the old version still works and I can update it o.k. and I ran it to produce the attached log. I just don't know if the free version from SAS is the same version I would get by downloading SAS from the MajorGeeks website.

    Any advice?

    2. While running Malwarebytes, McAfee detected a trojan called : Artemis!2ED4528CB45C. This may be a file or script in ComboFix(?).

    I assume this was an erroneous detection by McAfee.

    Is that correct?


    That's it. Hopefully, I'm clean. Let me know.

    Thanks for all your help!
     

    Attached Files:

    Jabinjax, Sep 2, 2009
    #1
  2. Jabinjax

    Jabinjax Private E-2

    Attached is the MGtools log file. The other four logs were attached in the previous message.
     

    Attached Files:

    Jabinjax, Sep 2, 2009
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your logs are clean. But you did kind of muck things up when you renamed SAS.

    We need to remove the old version before you can download and install the latest version.

    Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    Now use windows explorer to find and delete:
    C:\SpywareTools\Super AntiSpyware\Text.exe
    C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs
    C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

    Now run CCleaner.

    Then download this SUPERAntiSpyware
    Install this new version. It may tell you that you need to reboot to complete the installation. You must reboot at this time.
    After the reboot, run SUPERAntiSpyware and immediately click the Check for Updates button to get more updates for the database.

    If you need further assistance, please post in the software forum.
     
    TimW, Sep 6, 2009
    #3
  4. Jabinjax

    Jabinjax Private E-2

    Tim W,

    Thanks for the instructions...


    1. I got a "successful entered" response for the regedit function.

    2. When I try to delete C:\SpywareTools\Super AntiSpyware\Text.exe, I get a message stating:

    Cannot delete Text: Access is denied

    Make sure the disk is not full or write-protected and that the file is not
    currently in use.

    SuperAntiSpyware starts up automatically when I boot my PC. So, I tried to end the application and then tried to delete the file again. Same message.


    3. I did not try to delete the other 4 files in your message as I wasn't sure if order made a difference.


    Anyway, stuck not being able to delete the Text.exe file????

    I checked and SAS still runs o.k. on my PC.
     
    Jabinjax, Sep 9, 2009
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You can use a start up manager to stop if from running at start up.

    Startup Manager

    Startup_CPL

    Once that is done, start removing the files/folders that I listed.

    If you continue to have problems with removing it, I suggest that you post in the software forum for further assistance.
     
    TimW, Sep 9, 2009
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds