R
Richard
[See in line replies]
You're welcome. (There is more peace of mind with that method.
See my correction below about rejoining split lines.
Correction: Note that the "Internet Settings" part of that line SHOULD have
a space between "Internet" and "Settings" when rejoined. I tried it without
the space and it created a new "InternetSettings" key, which is incorrect. I
tried a new sample value/data merge without re-joining the lines and it
failed to add the new entry. (Nothing was added.) This is a problem for
posting such things in newsgroups which limit line length to 76 characters,
except where there are no spaces for it to automatically wrap lines. (Some
people set their newsreader line lengths to 70 or 72 characters.) A solution
for this particular path/key is to change "HKEY_LOCAL_MACHINE" to its
4-letter abbreviation and you have a 72 character line:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones]
That would still be a problem for newsreaders set to 70 characters or less,
and also, when quoting, extra ">" characters added would cause the line
length to increase, exceeding the limit. Of course, not rejoining the split
lines within square brackets caused no harm, because nothing happened with
that test. The software that controls the merge simply ignored that test
key. I would advise people that need to post such things as registry fixes,
batch files and such like, to include specific instruction on which lines
need to be rejoined, and how. Of course a link to a ready to use file on a
secure website would work too.
That is still a valid way to reset Internet Security values, as long as the
several trojan files have been eliminated so the values don't get changed
again. There is also a "Reset Web settings" button on the "Programs" tab,
and a "Restore Defaults" button on the "Advanced" tab. The "Privacy" tab
settings may need to be reset back to the default "Medium" or higher
settings. And possibly the Pop-up Blocker settings may need to be changed
back to Medium or higher.
IE8 has better security, but that does not keep people from mistakenly
activating such a trojan by choice, thinking it to be a valid anti-virus
product. Too late for you, but the first search hit I got for that trojan
had this solution (note step#2
Need HELP - removing virus Trojan_Fakeavalert - Yahoo! Answers
http://answers.yahoo.com/question/index?qid=20090609002202AAiS45k
| Resolved Question
| Need HELP - removing virus Trojan.Fakeavalert?
| My system got infected with the trojan.fakeavalert virus. I tried
| the instructions on symantec, ran adware and spybot but it is still on
| my PC and I have pop ups all over my system. Anyone knows how to get
| rid of this? Anything that you can send my way to delete?
| Please Help...Thank you so much.
| [3 weeks ago]
| - - -
| Best Answer - Chosen by Asker
| You can remove this virus from your computer by following
| these steps
|
| 1 Download and intall the Malwarebytes on your computer.
| 2 Update your Malwarebytes.
| 3 Scan your computer for all the malwares in your computer.
| 4 Remove all the malwares, found while scanning with the malwarebytes.
| 5 Restart your computer.
| Source(s):
| http://www.iyogi.ca
| [3 weeks ago]
| - - -
| Asker's Rating: ***** Asker's Comment:
| Great; this worked out for me. I also ran it in safe mode. Thanks !
- - -
Malwarebytes anti-malware
http://www.malwarebytes.org/mbam.php
Here is another page, that quotes the Symantec technical page, and does not
have a fix, except to format and reinstall, but does have a lot of links to
helpful security precautions to avoid future problems:
Virus trojan_fakeavalert now unvalidated
http://social.microsoft.com/Forums/...p/thread/a817d263-7d83-4e03-a50c-f07772b57221
Note this comment from the Moderator reply:
"Once an attack has commenced, if your anti-malware scanner was unable to
deal with the situation at first, it is impossible to identify the aftermath
of the matter."
Here is another caution from the HELP file on WinXP computers:
[begin quote:]
Why you should not run your computer as an administrator
Running Windows 2000 or Windows XP as an administrator makes the system
vulnerable to Trojan horses and other security risks. The simple act of
visiting an Internet site can be extremely damaging to the system. An
unfamiliar Internet site may have Trojan horse code that can be downloaded
to the system and executed. If you are logged on with administrator
privileges, a Trojan horse could do things like reformat your hard drive,
delete all your files, create a new user account with administrative access,
and so on.
You should add yourself to the Users or Power Users group. When you log on
as a member of the Users group, you can perform routine tasks, including
running programs and visiting Internet sites, without exposing your computer
to unnecessary risk. As a member of the Power Users group, you can perform
routine tasks and you can also install programs, add printers, and use most
Control Panel items. If you need to perform administrative tasks, such as
upgrading the operating system or configuring system parameters, then log
off and log back on as an administrator.
[:end quote]
And another case of someone whose problems began on or before 17Jun2009,
that was unable to get rid of the trojan by following the Symantec page, and
mentioned that Symantec offered to help her get rid of the trojan for
"$169.00". (Ouch!
Trojan FakeAValert - can't get rid of it
http://forums.majorgeeks.com/showthread.php?p=1346942
Wow. Now that I see how discombobulated that page is, I'm sorry I suggested
following their (quote/unquote) "guidance". The error was not on your part,
but is the fault of Symantec, since they did not provide correct "previous"
values for a lot of those registry items. Also, on the removal page, they
failed to make distinction between registry values that were "created" and
those "modified", but lumped them together in sub-part 5. The previous
"technical" page (&tabid=2) did make the distinction. The "created" entries,
(clearly indicated on the technical page,) do not need to be changed back to
a previous value, but simple should be deleted. Their "removal" page is
virtually useless, as it stands. They need to make a ".reg" file with the
correct values and deletions, that people can download and merge, to set
things back to default conditions. (But that might make them legally liable
if the registry got messed up.) I clicked on the "Contact Us" link at the
bottom of the page and got sent on a wild goose chase to various self-help
pages that neither had an email link or form reply to send comments.
Yes. And thanks for the reminder. (While I was monkeying around with my
registry, test merging split and joined lines in IE Zones, I had IE open.
Oops. I did have a backup copy of the registry though.
You're welcome. (If only we didn't walk so close to the edge!
--Richard
You're welcome. (There is more peace of mind with that method.
See my correction below about rejoining split lines.
Correction: Note that the "Internet Settings" part of that line SHOULD have
a space between "Internet" and "Settings" when rejoined. I tried it without
the space and it created a new "InternetSettings" key, which is incorrect. I
tried a new sample value/data merge without re-joining the lines and it
failed to add the new entry. (Nothing was added.) This is a problem for
posting such things in newsgroups which limit line length to 76 characters,
except where there are no spaces for it to automatically wrap lines. (Some
people set their newsreader line lengths to 70 or 72 characters.) A solution
for this particular path/key is to change "HKEY_LOCAL_MACHINE" to its
4-letter abbreviation and you have a 72 character line:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones]
That would still be a problem for newsreaders set to 70 characters or less,
and also, when quoting, extra ">" characters added would cause the line
length to increase, exceeding the limit. Of course, not rejoining the split
lines within square brackets caused no harm, because nothing happened with
that test. The software that controls the merge simply ignored that test
key. I would advise people that need to post such things as registry fixes,
batch files and such like, to include specific instruction on which lines
need to be rejoined, and how. Of course a link to a ready to use file on a
secure website would work too.
That is still a valid way to reset Internet Security values, as long as the
several trojan files have been eliminated so the values don't get changed
again. There is also a "Reset Web settings" button on the "Programs" tab,
and a "Restore Defaults" button on the "Advanced" tab. The "Privacy" tab
settings may need to be reset back to the default "Medium" or higher
settings. And possibly the Pop-up Blocker settings may need to be changed
back to Medium or higher.
peg2009 said:
IE8 has better security, but that does not keep people from mistakenly
activating such a trojan by choice, thinking it to be a valid anti-virus
product. Too late for you, but the first search hit I got for that trojan
had this solution (note step#2
Need HELP - removing virus Trojan_Fakeavalert - Yahoo! Answers
http://answers.yahoo.com/question/index?qid=20090609002202AAiS45k
| Resolved Question
| Need HELP - removing virus Trojan.Fakeavalert?
| My system got infected with the trojan.fakeavalert virus. I tried
| the instructions on symantec, ran adware and spybot but it is still on
| my PC and I have pop ups all over my system. Anyone knows how to get
| rid of this? Anything that you can send my way to delete?
| Please Help...Thank you so much.
| [3 weeks ago]
| - - -
| Best Answer - Chosen by Asker
| You can remove this virus from your computer by following
| these steps
|
| 1 Download and intall the Malwarebytes on your computer.
| 2 Update your Malwarebytes.
| 3 Scan your computer for all the malwares in your computer.
| 4 Remove all the malwares, found while scanning with the malwarebytes.
| 5 Restart your computer.
| Source(s):
| http://www.iyogi.ca
| [3 weeks ago]
| - - -
| Asker's Rating: ***** Asker's Comment:
| Great; this worked out for me. I also ran it in safe mode. Thanks !
- - -
Malwarebytes anti-malware
http://www.malwarebytes.org/mbam.php
Here is another page, that quotes the Symantec technical page, and does not
have a fix, except to format and reinstall, but does have a lot of links to
helpful security precautions to avoid future problems:
Virus trojan_fakeavalert now unvalidated
http://social.microsoft.com/Forums/...p/thread/a817d263-7d83-4e03-a50c-f07772b57221
Note this comment from the Moderator reply:
"Once an attack has commenced, if your anti-malware scanner was unable to
deal with the situation at first, it is impossible to identify the aftermath
of the matter."
Here is another caution from the HELP file on WinXP computers:
[begin quote:]
Why you should not run your computer as an administrator
Running Windows 2000 or Windows XP as an administrator makes the system
vulnerable to Trojan horses and other security risks. The simple act of
visiting an Internet site can be extremely damaging to the system. An
unfamiliar Internet site may have Trojan horse code that can be downloaded
to the system and executed. If you are logged on with administrator
privileges, a Trojan horse could do things like reformat your hard drive,
delete all your files, create a new user account with administrative access,
and so on.
You should add yourself to the Users or Power Users group. When you log on
as a member of the Users group, you can perform routine tasks, including
running programs and visiting Internet sites, without exposing your computer
to unnecessary risk. As a member of the Power Users group, you can perform
routine tasks and you can also install programs, add printers, and use most
Control Panel items. If you need to perform administrative tasks, such as
upgrading the operating system or configuring system parameters, then log
off and log back on as an administrator.
[:end quote]
And another case of someone whose problems began on or before 17Jun2009,
that was unable to get rid of the trojan by following the Symantec page, and
mentioned that Symantec offered to help her get rid of the trojan for
"$169.00". (Ouch!
Trojan FakeAValert - can't get rid of it
http://forums.majorgeeks.com/showthread.php?p=1346942
Wow. Now that I see how discombobulated that page is, I'm sorry I suggested
following their (quote/unquote) "guidance". The error was not on your part,
but is the fault of Symantec, since they did not provide correct "previous"
values for a lot of those registry items. Also, on the removal page, they
failed to make distinction between registry values that were "created" and
those "modified", but lumped them together in sub-part 5. The previous
"technical" page (&tabid=2) did make the distinction. The "created" entries,
(clearly indicated on the technical page,) do not need to be changed back to
a previous value, but simple should be deleted. Their "removal" page is
virtually useless, as it stands. They need to make a ".reg" file with the
correct values and deletions, that people can download and merge, to set
things back to default conditions. (But that might make them legally liable
if the registry got messed up.) I clicked on the "Contact Us" link at the
bottom of the page and got sent on a wild goose chase to various self-help
pages that neither had an email link or form reply to send comments.
Yes. And thanks for the reminder. (While I was monkeying around with my
registry, test merging split and joined lines in IE Zones, I had IE open.
Oops. I did have a backup copy of the registry though.
You're welcome. (If only we didn't walk so close to the edge!
--Richard