FakeAlert Trojan-Can't Log on to computer

**DMichael** · **DMichael** on 27th January 2010, 1:31 pm

It seems my computer became infected with the FakeAlert Trojan (Internet Security 2010) several days ago. It had prevented me from running Taskmgr and initially seemed to prevent me from using regedit to change settings for taskmgr. After a few attempt to run regedit I was finally able to. Before discovering this site I located a site that gave directions on how to manually delete files associated with it and edit Registry settings. I followed the directions and was able to locate and delete everything except helper32.dll file. I decided to disable helper32.dll before rebooting the computer in safe mode. My attempts to re-boot have failed. When I re-boot in safe mode I cannot use my mouse or keyboard. When I re-boot normally, I get logged off immediately after trying to log on to my user account or others on my machine. I assume my next step is to re-boot from a re-boot disk if possible. I do have the reinstallation CD from when I bought the computer but i'm not sure I can use it to boot up the computer without losing all my data on the computer. What do I do??? Once I am on the infected computer I will then run Hijack This for additional help removing the virus.

**DMichael** · **DMichael** on 27th January 2010, 3:11 pm

While I have been waiting for a response, I have been reading about similar problems others are having - in particular Robyn1112's issue. I have tried booting from my XP-CD that came with the computer when I bought it. I can reach the setup screen. When I "press R" to enter the Recovery Console, I get no response. Any suggestions?

**Dr Jay** · **Dr Jay** on 27th January 2010, 3:18 pm

These are links to Anti-virus vendors that offer free LiveCD or Rescue CD files that are used to boot from for repair of unbootable and damaged systems, rescue data, scan the system for virus infections. Burn it as an image to a disk to get a bootable CD. All (except Avira) are in the ISO Image file format. Avira uses an EXE that has built-in CD burning capability.

Avira AntiVir Rescue System - Tutorial for Avira Rescue CD.
If you encounter problems running the Rescue Disk, you can get further assistance at the Avira Support Forum.
Dr Web LiveCD. Be sure to print out and follow the instructions provided in the User Manual.
F-Secure Rescue CD - Rescue CD 3.01 released.
Video: How to Remove Malware with F-Secure Rescue CD
If you encounter problems running the Rescue CD, you can get further assistance at the F-Secure Support Forum.
BitDefender LiveCD - Index of /rescue_cd
If you encounter problems running the Rescue CD, you can get further assistance at the BitDefender Support Forum.
Kaspersky RescueDisk - Index of /devbuilds/RescueDisk/
If you encounter problems running the RescueDisk, you can get further assistance at the Kaspersky Support Forum.

If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.

Let me know how it goes.

**DMichael** · **DMichael** on 28th January 2010, 1:50 pm

Thanks you for helping.

I first tried to scan with Kaspersky RescueDisk but was unable to update it before scanning so I then used F-secure Rescue CD (which was updated). My scan came back saying that no malware was detected. I then tried to re-boot my computer normally. When I tried to log on to my user account, I could see my desktop background image for about 10 secs before I was logged off. When I tried a second time, I was logged off immediately.

What do I do next please?

**Dr Jay** · **Dr Jay** on 28th January 2010, 4:43 pm

Try the Avira Rescue disc, please. It will fix some system files.

**DMichael** · **DMichael** on 28th January 2010, 5:12 pm

I downloaded Avira AntiVir RescueSystem and re-booted the computer to run the disk. It began to load but after about 10 secs my monitor went black and the indicator light turned yellow. I tried this twice.

Now what?

**Dr Jay** · **Dr Jay** on 28th January 2010, 5:30 pm

Do you have your XP disc?

We need to do a Recovery for a system file, a safe process involving no data loss.

**DMichael** · **DMichael** on 28th January 2010, 5:37 pm

I have the re-installation CD. What do you want me to do?

**Dr Jay** · **Dr Jay** on 28th January 2010, 6:36 pm

Insert the Windows XP CD-ROM into the CD-ROM drive, and then restart the computer. Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted to do so.
When the "Welcome to Setup" screen appears, press R to start the Recovery Console.
If you have a dual-boot or multiple-boot computer, select the installation that you want to access from the Recovery Console.
When you are prompted to do so, type the Administrator password. If the administrator password is blank, just press ENTER.
At the Recovery Console command prompt,

Type cd system~1\_resto~1 and press "Enter".

Type dir and press "Enter".

After
you press enter you will see a list of folders (like rp1, rp2) If the
list of restore points has more than one page then press the "Enter" key until you reach the end of the list

Type cd rp {number of the second to last folder in the list} and press "Enter".
Note: Example: cd rp9 if the last restore point is rp10

Type cd snapshot and press "Enter".

Type copy _registry_machine_system c:\windows\system32\config\system and press "Enter".

Type copy _registry_machine_software c:\windows\system32\config\software and press "Enter".

Type exit and press "Enter".

Your PC will reboot. Let me know if it boots. If not, then try the process again but choose a lower restore point (ex rp6)

=======================

If you get an access denied error when doing the above, then do the following at the recovery console:

Type cd \ and press "Enter".

Type cd windows\system32\config and press "Enter".

Type ren system system.bak and press "Enter".

Type exit and press "Enter".

Your PC will reboot, go back into the Recovery Console and start from the beginning.

**DMichael** · **DMichael** on 28th January 2010, 6:51 pm

I have booted from the disk and pressed R for recovery console. I see:

1: C:\windows

Which Windows installation would you like to log onto
(to cancel, press ENTER)?

I enter 1?? Is that correct?

15 minutes later...
I entered 1 and got the prompt for the administrator PW. I tried not entering one and I couldn't get in as Administrator. I don't remember what the PW is (bought the computer about 6 yrs ago).

What can I do to continue from here?