1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

found JS/TrojanDownloader.FakeAlert.NAK any methods to remove it?

Discussion in 'Virus & Other Malware Removal' started by nabl3t, Mar 2, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. nabl3t

    nabl3t Thread Starter

    Joined:
    Nov 30, 2008
    Messages:
    229
    Hello. Couple days ago I started receiving nod32 alerts about infection found:
    JS/TrojanDownloader.FakeAlert.NAK trojan horse

    What it does is slowing down, or completely blocking ability to surf internet pages. NOD also shows messages that it threat was found at websites something like static/facebook.com or static/google.com, or something like that I dont remember exactly, will update here if it shows up again.
    EDIT: just got one poped up again, this time its youtube:
    name of object: www.youtube.com
    threat: JS/TrojanDownloader.FakeAlert.NAK trojan horse :S
    EDIT2: and here they keep coming:
    name of object: https://static.ak.facebook.com
    threat: JS/TrojanDownloader.FakeAlert.NAK trojan horse

    I did full system scan with nod32, but didnt find anything.. Maybe because my version is few months outdated, because I ran out of licence? (but this seems old threat, so shouldnt be because few missing updates)
    Did full spywareterminator scan.
    Malware bytes scan, downloaded this because of this issue and got trial only.
    Did Eset online scanner full scan too, this did find some infected files and removed them, however problem persists. Even after few more scans with this. Last time I did that, it found nothing.

    Much appreciation for any help in advance.

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Enterprise, Service Pack 1, 64 bit
    Processor: AMD FX(tm)-8350 Eight-Core Processor, AMD64 Family 21 Model 2 Stepping 0
    Processor Count: 8
    RAM: 8092 Mb
    Graphics Card: NVIDIA GeForce GTX 660, -2048 Mb
    Hard Drives: C: Total - 228833 MB, Free - 67351 MB; D: Total - 953866 MB, Free - 178 MB;
    Motherboard: ASUSTeK COMPUTER INC., M5A99X EVO R2.0
    Antivirus: ESET NOD32 Antivirus 7.0, Not Updated
     
  2. nabl3t

    nabl3t Thread Starter

    Joined:
    Nov 30, 2008
    Messages:
    229
    I should mention new finding. This trojan is attacking mainly 3 websites which Im using regularly, and prevents me from accessing them. These are mentioned as bellow google, youtube,and facebook. Whenever I try access any of these sites I receive pop message by NOD32 saying warnings as bellow:

    message:
    name of object: www.google.com
    threat: JS/TrojanDownloader.FakeAlert.NAK trojan horse

    message:
    name of object: www.youtube.com
    threat: JS/TrojanDownloader.FakeAlert.NAK trojan horse

    message:
    name of object: https://static.ak.facebook.com
    threat: JS/TrojanDownloader.FakeAlert.NAK trojan horse

    As you can see all are regular websites except facebook, which has static.ak before name of domain. This is apparently important as well because when I tried to google it, I found it is some virus website or something, however I couldnt access it either way.
     
  3. nabl3t

    nabl3t Thread Starter

    Joined:
    Nov 30, 2008
    Messages:
    229
    bumpp. can someone help me? :s
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hello and welcome to TSG,

    Use the instructions in the following link to show hidden files:

    http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

    Next,

    Download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

    Let me see those logs in your reply...

    Kevin...
     
  5. nabl3t

    nabl3t Thread Starter

    Joined:
    Nov 30, 2008
    Messages:
    229
    Hello. I have done FRST. Will post logs in a moment. Step one, show hidden files I cant do right now because I cant close all running programs, because of currently in proccess of backing up and scanning pc with various tools.
     
  6. nabl3t

    nabl3t Thread Starter

    Joined:
    Nov 30, 2008
    Messages:
    229
  7. nabl3t

    nabl3t Thread Starter

    Joined:
    Nov 30, 2008
    Messages:
    229
    Ok, I just noticed I had Show Hidden Files or Folders ticked already so they are present in logs, if thats what this step was for.

    I did have unchecked checkmark from the checkbox labeled Hide extensions for known file types too.

    I just didnt have unchecked checkmark from the checkbox labeled Hide protected operating system files (Recommended).

    Do I need to redo scans with FRST, or is that okay enough?
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    You have illegal software installed and running on your system, that software was originally created to hack Microsoft office. It is now capable of hacking Windows Operating Systems.
    Whatever you are currently using AutoKMS to hack is a direct breach of forum protocol, we do not offer any further help...

    Thank you,

    Kevin...
     
  9. nabl3t

    nabl3t Thread Starter

    Joined:
    Nov 30, 2008
    Messages:
    229
    I am not aware of that. Couldnt that be part of infection? I can delete that right away if you tell me how, and will you help me then?
     
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    AutoKMS is not part of any infection, it has to be installed and run to either activate Windows OS or Microsoft Office..

    I cannot offer any further help, you will have to contact one of the moderators for further advice...

    Thank you,

    Kevin...
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Run the following and post the produced logs direct to your reply, do not use any 3rd party sites such as PasteBin..

    Download CKScanner from here: http://downloads.malwareremoval.com/CKScanner.exe
    Important - Save it to your desktop.
    Doubleclick CKScanner.exe (Right click and "Run as administrator" in Vista/Win7).
    Give permission if necessary, and click Search For Files.
    After a very short time, when the cursor hourglass disappears, click Save List To File.
    A message box will verify the file saved. Please run the program once only.
    Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

    Next,

    Run the MGA Diagnostic Tool and post back the report it creates:

    • Download MGADiag from here: http://go.microsoft.com/fwlink/?linkid=52012 and save it to your desktop.
    • Double-click on MGADiag.exe to launch the program
    • Click "Continue"
    • Ensure that the "Windows" tab is selected (it should be by default).
    • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard. (Do not worry about any errors at this point, paste will still work)
    • Paste the MGA Diagnostic Report back here in your next reply.
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - found TrojanDownloader FakeAlert
  1. Eccho
    Replies:
    1
    Views:
    1,702
  2. dogluver
    Replies:
    29
    Views:
    2,946
  3. bigchalupa
    Replies:
    19
    Views:
    16,128
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1144068

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice