FakeAlert-PL Description

FakeAlert-PL is a malicious computer Trojan which poses a severe threat to PC security. FakeAlert-PL attempts to establish a connection with the remote host and requests other files from Internet. FakeAlert-PL also creates a startup registry entry to make sure the corrupt program runs every time the PC is turned on. Use an updated malware remover to make sure your PC is free of all threats, including FakeAlert-PL.


Rogue:Win32/FakeVimes (Microsoft)

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %AppData%\hotfix.exe
    2 [file and pathname of the sample #1] 737,280 bytes MD5: 0x414DF2C09DBC801AE83A0A76F9949C31
    3 packed with UPX [Kaspersky Lab] 2 %AppData%\jsfhjjsd.bat 177 bytes MD5: 0x9B816FDFFAD9F9D670C9D7533D332086
    4 SHA-1: 0x053121300F09E52FC7280B5BA2AAA49D01820249 (not available) 15 %Windir%\Tasks\At20.job 404 bytes MD5: 0xA3086F8D2241FAA5581C9738D26292C1
    5 SHA-1: 0x19B5003701C43360BEF89A5AB2DA6C624A94045F (not available) 20 %Windir%\Tasks\At3.job 404 bytes MD5: 0x6881A16C8C58EEF47F7C1C58A52748A8
    6 SHA-1: 0x3761F6F8AC7E54F309A55B1D22452107C381732E (not available) 5 %Windir%\Tasks\At11.job 404 bytes MD5: 0x92661693F7F4E07F70498E0E65517243
    7 SHA-1: 0x41B2F8BAA7F4BFFDB5BAD41BED99CFCE9D45F827
    8 SHA-1: 0x46C18DA4C149CE564E74B4B680734A815E3E2872 (not available) 18 %Windir%\Tasks\At23.job 404 bytes MD5: 0xAD3C47E520FE6BE21AB49C3E90B3E579
    9 SHA-1: 0x50FCE91B7033D18BAC602A6CB0840BAAA915C353 (not available) 8 %Windir%\Tasks\At14.job 404 bytes MD5: 0xFC2929CCFDA047D19952E753B596E454
    10 SHA-1: 0x5267105062E60553211D30381098C49355152AC7 (not available) 9 %Windir%\Tasks\At15.job 404 bytes MD5: 0x1D321A503782ED348270472A23A8B58F
    11 SHA-1: 0x577DB45EE77A6714A0B88BDB679DDFFCFE5BBB26 (not available) 12 %Windir%\Tasks\At18.job 404 bytes MD5: 0xED7599C1E2FB271ECCF7D319CEE43B3E
    12 SHA-1: 0x5A010D2C629C09E7E1396614CC61B7767C1E5EB9 (not available) 23 %Windir%\Tasks\At6.job 404 bytes MD5: 0x3DDD5DE0CC40AFFF8C2338535EC2D206
    13 SHA-1: 0x6345E04476CD865CEB2017BB6091EEE2B80759F6 (not available) 19 %Windir%\Tasks\At24.job 404 bytes MD5: 0x610C921EB1A69621F844F5C7C6AC5E79
    14 SHA-1: 0x6568F33BD98D0BAE131644FE0B264792F3BBD093 (not available) 10 %Windir%\Tasks\At16.job 404 bytes MD5: 0x6D3CE808B9E0250A29FEF611A1739479
    15 SHA-1: 0x6EBA8D6AEA22EB90E807321A8166EDB75D45878D (not available) 24 %Windir%\Tasks\At7.job 404 bytes MD5: 0x02C92CE2850B2363C5A89089E973274F
    16 SHA-1: 0x6F45871601AB4A13FC933BE121FFA3D7A19DD3ED (not available) 6 %Windir%\Tasks\At12.job 404 bytes MD5: 0x857E8181375D303FD1BD8EB673F60FC6
    17 SHA-1: 0x7D4EF99A972B7AE22661A2B4339962D2FDD0F11F (not available) 17 %Windir%\Tasks\At22.job 404 bytes MD5: 0x74976AB4413C2CDC3CE8A46F87D88FED
    18 SHA-1: 0x968FC35BFF6B037ADB88347B0BC5B73B69085F9F (not available) 16 %Windir%\Tasks\At21.job 404 bytes MD5: 0xE5A0608AB7610C56EB0E1940D8CC9049
    19 SHA-1: 0xA0DADF84A50F527F516000E408C448456678EF3E (not available) 7 %Windir%\Tasks\At13.job 404 bytes MD5: 0x1BC8F55331A889EDEED1C7794CB0FEEF
    20 SHA-1: 0xC2DDB15DFDAD044BDD015D6B94DDE296508F9354 (not available) 3 %Windir%\Tasks\At1.job 404 bytes MD5: 0x282227689DBB0FC9248D7E01D044B7B2
    21 SHA-1: 0xC81D9C5C0393723DFFF66D9A919E37D4BE4BA7A3 (not available) 21 %Windir%\Tasks\At4.job 404 bytes MD5: 0xB07FB69F4BB399D1BFF9CC29C4C10B79
    22 SHA-1: 0xD3CE762AFEA4B26AB420617D7F3CFB7FC7E83BF2 (not available) 4 %Windir%\Tasks\At10.job 404 bytes MD5: 0x7F4110C9524CA539C5F5E8FE7C0A443D
    23 SHA-1: 0xDB31462F556A6DF736F1B29070126CDA3536763F SecurityEssentialFraud [Symantec]
    24 SHA-1: 0xDB89256677ED4BDD75BAE69E8F307F23B104C679 (not available) 22 %Windir%\Tasks\At5.job 404 bytes MD5: 0x6A2801EDD6CBAECDAA39C96A91508F18
    25 SHA-1: 0xDE1D98B24C8A75A9A95629846774B9EEAE2A0E3D (not available) 11 %Windir%\Tasks\At17.job 404 bytes MD5: 0xECBA5C85B9223404EAAD01B2D4CDB9A7
    26 SHA-1: 0xEC0E018E03278C0B2C37DABA158E3440D89D8026 (not available) 25 %Windir%\Tasks\At8.job 404 bytes MD5: 0x047B9DFF02F7E561D2B005F51192DC2F
    27 SHA-1: 0xEC9558837515E84AE941E3F3137F99069E9AD233 (not available) 26 %Windir%\Tasks\At9.job 404 bytes MD5: 0x5859BE524296F093FC82FB3D1E143A3C
    28 SHA-1: 0xF37D7681227D0B3A47928B558D1205C8382FC080 (not available) 14 %Windir%\Tasks\At2.job 404 bytes MD5: 0x96B6C12CEE6FB5F18B015CB62E15B490
    29 SHA-1: 0xFA09692C1D293CC0674D4B920909C6118C6917FF (not available) 13 %Windir%\Tasks\At19.job 404 bytes MD5: 0xCD2F0F951FEF2205633E387F2E6B139B

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to FakeAlert-PL may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Posted: October 19, 2010

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.