Home > General > Win32:Fakeinit-H[TRJ]

Win32:Fakeinit-H[TRJ]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. DRVSTORE is a system folder. C:\Documents and Settings\All Users\Start Menu\TSC (Rogue.Total.Security) -> No action taken. The following files were created in the system: # File Name DetectionCount 1 PAVRM.exe 281 2 frmwrk32.exe 225 3 ntdll64.dll 187 4 userinit.exe 172 5 winupdate86.exe 166 6 ntdll64.exe 159 7 Check This Out

Regardless of their method of purchase, Microsoft will ensure that all current customers remain protected through the life of their subscriptions. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> No action taken. C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> No action taken. http://www.techsupportforum.com/forums/tags/Win32%3AFakeinit-H%5BTRJ%5D.html

C:\Documents and Settings\Owner\Start Menu\Programs\Windows Police Pro\Windows Police Pro.lnk (Rogue.WindowsPolicePro) -> No action taken. Copy/paste the text in the code box below into notepad: File:: c:\windows\widapiqabu.dat c:\windows\jibyvivywa.com C:\mtlff.exe c:\windows\system32\pimimoso.exe c:\windows\system32\wezavova.exe Driver:: cerc6 Name the Notepad file CFScript.txt and Save it to your desktop. C:\Documents and Settings\Owner\Application Data\svcst.exe (Backdoor.Bot) -> No action taken. Password Site Map Posting Help Register Rules Today's Posts Search Site Map Home Forum Rules Members List Contact Us Community Links Pictures & Albums Members List Search Forums Show Threads

  1. Win32.FakeAV-ZY.Trj virus is promoted via spam e-mails, malicious or hacked Web pages, peer-to-peer networks.
  2. C:\WINDOWS\system32\winupdate.exe (Trojan.Downloader) -> No action taken.
  3. HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> No action taken.
  4. This threat stops legitimate anti-virus programs from execution and thus it gives users limited chances for removal.
  5. Cheers!
  6. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
  7. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hufowohas (Trojan.Vundo.H) -> No action taken.
  8. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged
  9. Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers.
  10. Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.

Recently I have been hit by this Win32:fakeinit-H[TRJ] and I am not sure how to manually remove it. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. Manual removal steps1.

C:\Documents and Settings\All Users\Start Menu\TSC\Total Security.lnk (Rogue.Total.Security) -> No action taken. C:\Documents and Settings\All Users\Start Menu\TSC\Help.lnk (Rogue.Total.Security) -> No action taken. C:\WINDOWS\system32\winupdate.exe (Trojan.Downloader) -> No action taken. DOWNLOAD NOW » Learn more about SpyHunter's Spyware Detection Tooland steps to uninstall SpyHunter.

It is NOT to be used on another computer, as it may cause damage that could result in a format! C:\Program Files\QVCUSTOM.DLL (Spyware.OnlineGames) -> No action taken. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter. If I've saved you time & money, please make a donation so I can keep helping people just like you!

Logged queedeRat Newbie Posts: 1 Win32 Fakeinit HTRJ Bredolab ZBot MNS « Reply #12 on: January 21, 2010, 08:39:15 PM » Thank you.BTW, when I try the regular SUPERAntiSpyware way, about HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\mewezilu.dll -> No action taken. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".[*]To disable SYMANTEC ENDPOINT PROTECTION Right click on the icon in the taskbar notification area HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

You can donate using a credit card and PayPal. his comment is here Scan your computer with your antivirus program3. C:\WINDOWS\win32k.sys (Trojan.Dropper) -> No action taken. C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> No action taken.

C:\Documents and Settings\Owner\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> No action taken. Therefore, you'd better perform a manual Win32.FakeAV-ZY.Trj removal way to remove Win32.FakeAV-ZY.Trj once upon detecion. avast! this contact form Threads Tagged with Win32:Fakeinit-H[TRJ] Thread / Thread Starter Last Post Replies Views Forum Win32:Fakeinit-H[TRJ] - Need Help For Total Removal of Virus ( 1 2) vista87 Last Post By:

Thank you! Click Start, then Run and type Notepad and click OK. After performing the new scan, click the Logs tab and copy/paste the contents of the new report in your next reply.

C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.cfg (Rogue.AntiVirusPro2010) -> No action taken.

Trojan.FakeInit Trojan.FakeInit Description Trojan.FakeInit is a form of malware that promotes rogue anti-spyware programs. Cheers! How to remove Win32.FakeAV-ZY.Trj ?Unlike your common spyware infections of the past, this rogue is part of a new breed of spyware that is highly intelligent.It places a number of random C:\Documents and Settings\Owner\Desktop\Windows Police Pro.lnk (Rogue.WindowsPolicePro) -> No action taken.

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum. VPS:VPS 110814-0 ~ 110820-1 投稿者:Iso-G 投稿日時: 2011-08-16 15:11:00 (1093 ヒット)VPS 110814-0 ( 14 Aug 2011 18:52:44 )VPS 110814-1 ( 15 Aug 2011 07:07:17 )VPS 110815-0 ( 15 Aug 2011 20:09:08 )VPS 110815-1 typo If I've saved you time & money, please make a donation so I can keep helping people just like you! http://relite.org/general/win32-trojan-rxe.php It's 01-14-2010 11:51 AM by tetonbob 1 1,122 Resolved HJT Threads » Recent Discussions Driver problem MTP USB (Android...

Here is some useful tips for you.1. Don't forgot to reboot afterwards. Thanks.