found JS/TrojanDownloader.FakeAlert.NAK any methods to remove it?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

nabl3t

Thread Starter
Joined
Nov 30, 2008
Messages
229
Hello. Couple days ago I started receiving nod32 alerts about infection found:
JS/TrojanDownloader.FakeAlert.NAK trojan horse

What it does is slowing down, or completely blocking ability to surf internet pages. NOD also shows messages that it threat was found at websites something like static/facebook.com or static/google.com, or something like that I dont remember exactly, will update here if it shows up again.
EDIT: just got one poped up again, this time its youtube:
name of object: www.youtube.com
threat: JS/TrojanDownloader.FakeAlert.NAK trojan horse :S
EDIT2: and here they keep coming:
name of object: https://static.ak.facebook.com
threat: JS/TrojanDownloader.FakeAlert.NAK trojan horse

I did full system scan with nod32, but didnt find anything.. Maybe because my version is few months outdated, because I ran out of licence? (but this seems old threat, so shouldnt be because few missing updates)
Did full spywareterminator scan.
Malware bytes scan, downloaded this because of this issue and got trial only.
Did Eset online scanner full scan too, this did find some infected files and removed them, however problem persists. Even after few more scans with this. Last time I did that, it found nothing.

Much appreciation for any help in advance.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Enterprise, Service Pack 1, 64 bit
Processor: AMD FX(tm)-8350 Eight-Core Processor, AMD64 Family 21 Model 2 Stepping 0
Processor Count: 8
RAM: 8092 Mb
Graphics Card: NVIDIA GeForce GTX 660, -2048 Mb
Hard Drives: C: Total - 228833 MB, Free - 67351 MB; D: Total - 953866 MB, Free - 178 MB;
Motherboard: ASUSTeK COMPUTER INC., M5A99X EVO R2.0
Antivirus: ESET NOD32 Antivirus 7.0, Not Updated
 

nabl3t

Thread Starter
Joined
Nov 30, 2008
Messages
229
I should mention new finding. This trojan is attacking mainly 3 websites which Im using regularly, and prevents me from accessing them. These are mentioned as bellow google, youtube,and facebook. Whenever I try access any of these sites I receive pop message by NOD32 saying warnings as bellow:

message:
name of object: www.google.com
threat: JS/TrojanDownloader.FakeAlert.NAK trojan horse

message:
name of object: www.youtube.com
threat: JS/TrojanDownloader.FakeAlert.NAK trojan horse

message:
name of object: https://static.ak.facebook.com
threat: JS/TrojanDownloader.FakeAlert.NAK trojan horse

As you can see all are regular websites except facebook, which has static.ak before name of domain. This is apparently important as well because when I tried to google it, I found it is some virus website or something, however I couldnt access it either way.
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Hello and welcome to TSG,

Use the instructions in the following link to show hidden files:

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Let me see those logs in your reply...

Kevin...
 

nabl3t

Thread Starter
Joined
Nov 30, 2008
Messages
229
Hello. I have done FRST. Will post logs in a moment. Step one, show hidden files I cant do right now because I cant close all running programs, because of currently in proccess of backing up and scanning pc with various tools.
 

nabl3t

Thread Starter
Joined
Nov 30, 2008
Messages
229
Ok, I just noticed I had Show Hidden Files or Folders ticked already so they are present in logs, if thats what this step was for.

I did have unchecked checkmark from the checkbox labeled Hide extensions for known file types too.

I just didnt have unchecked checkmark from the checkbox labeled Hide protected operating system files (Recommended).

Do I need to redo scans with FRST, or is that okay enough?
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
C:\Windows\System32\Tasks\AutoKMS
Task: {499B68E7-FAB6-444A-8E0E-BFB2C69B847F} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
You have illegal software installed and running on your system, that software was originally created to hack Microsoft office. It is now capable of hacking Windows Operating Systems.
Whatever you are currently using AutoKMS to hack is a direct breach of forum protocol, we do not offer any further help...

Thank you,

Kevin...
 

nabl3t

Thread Starter
Joined
Nov 30, 2008
Messages
229
I am not aware of that. Couldnt that be part of infection? I can delete that right away if you tell me how, and will you help me then?
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
AutoKMS is not part of any infection, it has to be installed and run to either activate Windows OS or Microsoft Office..

I cannot offer any further help, you will have to contact one of the moderators for further advice...

Thank you,

Kevin...
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Run the following and post the produced logs direct to your reply, do not use any 3rd party sites such as PasteBin..

Download CKScanner from here: http://downloads.malwareremoval.com/CKScanner.exe
Important - Save it to your desktop.
Doubleclick CKScanner.exe (Right click and "Run as administrator" in Vista/Win7).
Give permission if necessary, and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved. Please run the program once only.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Next,

Run the MGA Diagnostic Tool and post back the report it creates:

  • Download MGADiag from here: http://go.microsoft.com/fwlink/?linkid=52012 and save it to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard. (Do not worry about any errors at this point, paste will still work)
  • Paste the MGA Diagnostic Report back here in your next reply.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top