How to Remove FakeAlert-AVPSec.e Trojan?
# This article How to Remove FakeAlert-AVPSec.e Virus is an article in Spyware Removal Instructions, the original author is Security-Wire.com .You can read more information in the following:
FakeAlert-AVPSec.e Trojan Information:
FakeAlert-AVPSec.e is a dangerous Trojan that poses a severe threat to computer security. FakeAlert-AVPSec.e can silently install itself on the victims computer and runs a fabricated virus scan that states your computer is seriously infected with malware. FakeAlert-AVPSec.e also gives fake alert warnings which prompt you to purchase the registered version of a rogue program called My Security Engine. If you find your computer is infected by FakeAlert-AVPSec.e, its removal instruction is listed below.
Manual Removal
Note: If you are not proficient with computer, it’s suggested that you backup your registry before manually removing FakeAlert-AVPSec.e Trojan. And double check the entries that you are going to delete, or your computer can’t work for missing some files.
Files you need to delete:
c:\Documents and Settings\%user%\Local Settings\Temp\packupdate_build107_328.exe
c:\Documents and Settings\All Users\Application Data\b45b499\MSb45b.exe
c:\Documents and Settings\%user%\Start Menu\Programs\My Security Engine.lnk
c:\Documents and Settings\%user%\Start Menu\My Security Engine.lnk
c:\Documents and Settings\%user%\Local Settings\Temp\packupdate_build107_328.exe
c:\Documents and Settings\%user%\Desktop\My Security Engine.lnk
c:\Documents and Settings\%user%\Application Data\My Security Engine\Instructions.ini
c:\Documents and Settings\%user%\Application Data\Microsoft\Internet Explorer\Quick Launch\My Security Engine.lnk
c:\Documents and Settings\All Users\Application Data\MSTLDEE\MSHIBFFJWSE.cfg
c:\Documents and Settings\All Users\Application Data\b45b499\MSESys\vd952342.bd
c:\Documents and Settings\All Users\Application Data\b45b499\BackUp\Adobe Reader Speed Launch.lnk
c:\Documents and Settings\All Users\Application Data\b45b499\MSE.ico
c:\Documents and Settings\All Users\Application Data\b45b499\MSb45b.exe
c:\Documents and Settings\All Users\Application Data\b45b499\3411.mof
c:\Documents and Settings\%user%\Application Data\My Security Engine
c:\Documents and Settings\All Users\Application Data\MSTLDEE
c:\Documents and Settings\All Users\Application Data\b45b499
Registry Entries you need to delete:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Firewall Policy\StandardProfile\AuthorizedApplications\List [MSb45b.ex] Data:
MSb45b.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\Firewall Policy\StandardProfile\AuthorizedApplications\List [MSb45b.exe] Data:
MSb45b.exe
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF} [(Default)] Data: Implements DocHostUIHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run [My Security Engine] Data: MSb45b.exe /s /d
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download [RunInvalidSignatures] Data: 01, 00, 00, 00
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation [MSCompatibilityMode] Data: 00, 00, 00, 00
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer [PRS] Data: http://127.0.0.1:27777/?inj=%ORIGINAL%
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer [ltTST] Data: A5, 81, 00, 00
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer [ltHI] Data: 00, 00, 00, 00
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer [IIL] Data: 00, 00, 00, 00
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes [URL] Data: http://find[removed].com/?&uid=328&q={searchTerms}
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes [URLs] Data: http://find[removed].com/?&uid=328&q={searchTerms}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Image File Execution
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG
HKEY_CURRENT_USER\Software\3 HKEY_CLASSES_ROOT\MSb45b.DocHostUIHandler
Please, be aware that manual removal of FakeAlert-AVPSec.e Trojan is a cumbersome task and can not always ensure complete removal of the malware, due to the fact that some files might be hidden or may get reanimated automatically afterwards.Moreover, lack of the required skills and even the slightest deviation from the instructions may lead to irreparable system damage. That’s why it’s strongly recommended automatic removal of FakeAlert-AVPSec.e Trojan, which will save your time and enable avoiding any system malfunctions and guarantee the needed result.
Automatic FakeAlert-AVPSec.e Trojan Removal:
1. Restart your computer and keep pressing F8 Key before Windows launches. Use the arrow keys to select the “Safe Mode with Networking” option, and then hit ENTER Key to continue.
2. Download FakeAlert-AVPSec.e Virus Remover, install it and update its database to the latest. After that, restart your computer so as to make FakeAlert-AVPSec.e Virus Remover fully functional. Repeat Step 1 into Safe Mode and run an Online Scan of your computer so that FakeAlert-AVPSec.e Virus Remover can detect all potential malware in your system.
NOTE: If you have problem installing FakeAlert-AVPSec.e Virus Remover, you can download this correction script, unzip it and then double click to run it. It will correct your registry settings that the virus has modified. Then double click the program and finish the installation.
3. After the Online Scan finishes, click “Details” for the malware detected to make sure that your important data are not infected and removed. Ignore or select the scan result and click “Remove” to remove the threats. Reboot your computer and let FakeAlert-AVPSec.e Virus Remover delete all detected virus.
4. Click to repair your corrupted registry
Why should you need to repair the registry?
As we all know, virus and Trojans modify and destroy system registry and make the computer malfunction so that the computer will not perform normally. Even if the virus and Trojans are removed, the registry is still destroyed or modified, so the computer still has problems. That’s the very reason why you need to repair the registry. At the meanwhile, some virus and Trojans leave some DLL files in the registry and this will cause strange DLL errors and affect the computer performance.
To make your computer run as perfectly as before or much faster than before:
1. Download and install Multi-Awarded Registry Tool.
2. Run a full scan of your registry.
3. Click “Repair Problems” and repair all errors detected.
After these 3 easy steps, your computer will run much faster than before within minutes!
Related posts:
Krishnamohan Bhat on October 11th, 2010
Thank you for the information.