Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FakeAlert.AK trojan found on Standard User account possible rootkit infection?


  • Please log in to reply
3 replies to this topic

#1 Niko54

Niko54

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 22 July 2015 - 04:47 PM

Yesterday I decided to scan my computer(Windows 7) for possible malware. I ran TDSSKiller and it found nothing. Afterward I ran JRT(Junkware Removal Tool) I will post the log after this post.  Then I ran the eset online Scanner during the scan it found the HTML/FakeAlert.AK trojan on a Standard User account and deleted it. After that I ran Malwarebytes anti-rootkit and during the scan the program began to hang eventually I went into my Task Manager and tried the end the process but it continued to hang. So I decided to reboot my computer.  Today after booting up my computer I ran Malwarebytes and it found nothing during it's scan. I think I might have a rootkit. 

 

Other information about the computer: The standard user profile where the infection was found isn't accessed very often.

The administrator account hasn't shown any symptoms of infection.

All the scans were preformed on the Adminstrator account.

 

 

Here is the log for the eset Online Scanner

C:\Users\User 2\AppData\Local\Mozilla\Firefox\Profiles\uks5xd3m.default\cache2\entries\00652827AB1B5306CBC6F7241DE42BEC15E67772    HTML/FakeAlert.AK trojan    cleaned by deleting - quarantined


Edited by Niko54, 22 July 2015 - 08:07 PM.


BC AdBot (Login to Remove)

 


m

#2 Niko54

Niko54
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 22 July 2015 - 08:06 PM

Here is the JRT log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 7 Home Premium x64
Ran by Soren on Tue 07/21/2015 at 20:42:30.98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Soren\AppData\Roaming\mozilla\firefox\profiles\adfp9jio.default\extensions\{0aa9101c-d3c1-4129-a9b7-d778c6a17f82}



~~~ Chrome


[C:\Users\Soren\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Soren\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Soren\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Soren\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 07/21/2015 at 20:50:36.44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#3 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:30 AM

Posted 23 July 2015 - 05:28 AM

Scan with Malwarebytes AntiRootkit
 
Please download MBAR and save it to your desktop.
 
Run tool as Administrator, tool will extract itself, and then launch.
 
Click Next to accept terms and conditions, and click Update to obtain latest definitions.
 
If malware is found click on Cleanup button , but make sure that Create restore point option is checked before proceeding !
 
Program will ask you to restart, allow it to do so.

Note: If you're experiencing internet connection issues or other anomalies after running MBAR and removal of rootkits, it is recommended to run fixdamage.exe located inside mbar folder. Run it as Administrator and press Y if asks you do you want to continue

 

Step 2

 

Scan with Norton Power Eraser

CAUTION: NPE uses aggressive methods to detect and remove malware,so do not touch any of settings !

Download NPE.exe and save it to your desktop.

Run the tool as Administrator,accept license agreement,and click big Scan button.

Program will ask you to reboot to continue scanning (includes rootkit scan),so allow it to restart.

After restart program will automatically launch itself and start scanning. Scanning takes 5-10 minutes,so be patient !

If malware is detected,make sure that Create restore point option is checked,if yes click Fix button. To remove infections,click on Restart now to complete removal.

 

Step 3

 

Scan with Zemana Antimalware
 
Download Zemana Antimalware and install it on your system.
 
Under Scan type choose Full Scan and let the tool scan system.
 
If malware is found click Next to remove it and let the tool restart your computer.
 
If no malware is found , exit the program.
 
NOTE: Leave actions at default.



#4 Niko54

Niko54
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 23 July 2015 - 05:12 PM

I tried running MBAR it scanned for a while but then it crashed.

Edited by Niko54, 23 July 2015 - 05:14 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users