Possible_fakeav6?

Yesterday while doing a web search on google via foxfire an unidentified window popped up saying my puter was running slow and there was a virus on it, not recognizing the souce I just X to close it, rather than clicking on" No" for install options as NO does not mean NO to these pop ups, immediately it started a download anyway??? :o >:( I closed it before it could complete the download and checked everywhere to see if it had installed, Nothing showing. Ran Avast, Nothing! This morning still feeling uncomfortable about something installing that I had no idea from where, I ran Trendmicro and sure enough this is what showed “Possible_fakeav6” Is this an Avast file? Googled it and really didnn’t find anywhing, even trend says No data on it but it show’s it as Malware to be removed, which I did. Why did Avast allow this to download without any warnings???

Should I run the repair option on Avast to see if Avast was compromised? I’m running avast Home & up to date but I don’t know how to run rootkit from it or should I install rootkit seperately?

This is a whole family of crap which as several unusual ways to bypass AV’s using P2p IM your clipboard, etc
Avast may detect as Fraudo

rt click the ball and update>programs
then open avast and schedule a boot time scan
reboot
move any hits to the chest
post the log

go to malwarebytes.org
download update and run Malwarebytes Anti Malware
put a check mark next to any hits
then
click
REMOVE SELECTED a backup will be made
post the log here

then
download install update and scan with SUPERANTISPYWARE
CLEAN and QUARANTINE
post the log

you can rescan with Trend Micro- good app
you can also run Trend Micro anti rootkit app

MBAM should knock down all but the latest varieties
after we see the logs we can go from there

Hi wyrmrider & puter illit,

This is a TrendMicro heuristic alert to a file which characteristics could be possible malware, it need not be but it has the characteristics of a Bancos like Trojan or a dropper of some sort. Isolate the file and upload to virustotal for an online scan to see if other scanner might flag it as well, making it more obvious you are really handling genuine malware here, the instructions of wyrmrider can be followed as well, but before doing anything in these lines post a hijackthis logfile in a next posting attachment,

polonus

download hjt from here: http://www.filehippo.com/download_hijackthis/download/58170ee6e58bba306c943f5b6d745c99/

First thank you both for responding so quickly :wink:
Well 1st - I reran trend after it found it and removed and and nothing showed.
2nd and probably more importantly I could not find a file for it anywhere on my puter as I mentioned in my post so I can’t send it to virustotal, even if I knew what virustotal was, lol.
3rd I installed & ran SUPERantispyware this morning and it only showed tracking Cookies which I removed.
and last but not least I just installed and ran HJT as both have suggested, but haven’t the faintest idea of what it means :-[ or what to look for. Don’t like to play with things I don’t understand :-\ and I don’t know how to post it to this post either?

HJT Information HiJackThis Tutorial.

Post the contents of the log file (cut and paste or attach) into this topic, you may need to split it over two or more posts if using cut and paste depending on how large it is.

These fake alerts are best dealt with by specialist tools like.
RogueRemover, available here http://www.malwarebytes.org/rogueremover.php and also MalwareBytes Anti-Malware freeware version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.

OK- I tried a NEW M$ WGA Validation Crack this morning (I am the curious one) with a fresh XP PRO install. Internet settings hanging up afterwards and I booted with BART to check it out. My results show up as “JS:FakeAV-J [trj]” in temp INET files (Scan still going right now, maybe more). While attempting to check the Windows Update Site, it would not let me do so. Along comes the typical BS window claiming my computer has over 340 infected files and blah blah etc… The executible does not show to be infected with regular AVAST! Scan. The file is named “WGA_v1.9.40.0.exe” and I cannot remember exactly where I got it. WooHoo! I thought I would share this with you guys and actually become a participating member! I like to test the crapware out there on a regular basis, it’s educational and fun! TTFN until the next one comes along!

If it is legit and clean, it would be downloaded and used by Windows Update. Otherwise, it’s crap and malware.