Browse » Home
Saturday, July 28, 2012
How to Remove the Trojan Horse FakeAlert
Removing Trojan.Fake.Alert
1. Go to the 'Start' menu on your desktop, then 'Settings,' then 'Control Panel.' Once in Control Panel, go to 'Add/Remove Programs'; in there, find the Trojan.Fake.Alert program. Select that program and click 'Uninstall' to remove it from your computer.
2. Open your Task Manager by going to the 'Start' menu again and selecting 'Run.' In 'Run,' type in 'taskmgr'. Once in the Task Manager, click on the 'Process' tab and then select the Trojan.Fake.Alert processes that are running on your computer. They will be under the following names: users32.exe; rpnqrdnm.exe; susp.exe; tcpservice2.exe, and runsrv32.exe. Highlight these processes individually and hit the 'End Process' button for each process that is running. Exit Task Manager when you have finished.
3. Find where the the Trojan.Fake.Alert DLL files are located on your computer by going to the 'Start' menu and selecting 'Search.' Choose 'Search all files and folders,' and type in 'Trojan.Fake.Alert' to find what directory it is located in (e.g. C:\User\'YourName'\MyDocuments\Trojan.Fake.Alert.DLL). The DLL files you must find the location for are the following: zserv.dll; runsrv32.dll; pynix.dll; wstart.dll;bridge.dll; jao.dll; winflash.dll; questmod.dll, and udpmod.dll. Write down the full location of these files (e.g. 'C:\User\'YourName'\MyDocuments\WStart.DLL').
4. Go to the 'Start' menu and go to 'Run.' In the 'Run' box, type in 'cmd' and hit 'OK.' When this program opens, type in 'cd' where the cursor is blinking, and press 'Enter' to change the current directory to the one in which the Trojan.Fake.Alert DLL files exist. You'll be taken to something like C:\User\'YourName'>. Type in the rest of the Trojan.Fake.Alert DLL file location after the arrow (e.g. 'C:\User\'YourName'>MyDocuments\WStart.DLL) and press 'Enter.' Once you are at that file, type in 'regsvr32 /u' right in front of the file name, leaving a space between the 'u' and the file name (e.g. 'regsvr32 /u WStart.DLL'). Press 'Enter' to remove this file, and repeat this step for the remaining DLL files.
5. Open the 'Run' program again. Type in 'regedit' and press 'OK' to open the Registry Editor. Once you're in the Registry Editor, look for the following Trojan.Fake.Alert registry keys on the left side of the program: HKEY_CLASSES_ROOT\clsid\{60e2e76b-60e2e76b-60e2e76b-60e2e76b-60e2e76b}.Once you find these keys, right-click on them and select 'Modify,' then 'Delete.'