Exterminate It! Antimalware

malpedia

Known threats:700,086 Last Update:March 16, 12:51

Testimonials

Hello, I wanted to say thanks for the time you guys spent on getting that Vundo trojan off my computer.

Thanks again, I am highly recommending your software to friends and partners because of the extra effort I know you went to.

Michael M.

FakeAlert- Registry Values List

This is a complete list of FakeAlert registry values collected by Exterminate It!. If you find any of these registry values on your PC, your computer is very likely to be infected with the FakeAlert - trojan,downloader,hoax.

IMPORTANT: Because the registry is a core component of your Windows system, it is strongly recommended that you back up the registry before you begin deleting keys and values. For information about backing up the Windows registry, refer to the Registry Editor online help.
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Monopod=[%PROFILE_TEMP%]\8CB.tmp.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System tool=[%PROGRAM_FILES%]\tkyaqc\xsswsysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System tool=[%PROGRAM_FILES%]\tkyaqc\xsswsysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Monopod=[%PROFILE_TEMP%]\E.tmp.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System tool=[%PROGRAM_FILES%]\fstlxf\asfcsysguard.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System tool=[%PROGRAM_FILES%]\hirkff\ngbtsysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System tool=[%PROGRAM_FILES%]\hirkff\ngbtsysguard.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System tool=[%PROGRAM_FILES%]\fcxven\osumsysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System tool=[%PROGRAM_FILES%]\fcxven\osumsysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System tool=[%PROGRAM_FILES%]\fnmcyg\agwlsysguard.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System tool=[%PROGRAM_FILES%]\fnmcyg\agwlsysguard.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System tool=[%PROGRAM_FILES%]\yuleat\etobsysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System tool=[%PROGRAM_FILES%]\wujfnk\ikarsysguard.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System tool=[%PROGRAM_FILES%]\wujfnk\ikarsysguard.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System tool=[%PROGRAM_FILES%]\ehbjds\rajnsysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System tool=[%PROGRAM_FILES%]\ehbjds\rajnsysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Monopod=[%PROFILE_TEMP%]\C.tmp.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System tool=[%PROGRAM_FILES%]\oyxuhn\oiobsysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System tool=[%PROGRAM_FILES%]\oyxuhn\oiobsysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System tool=[%PROGRAM_FILES%]\eaypim\wdcpsysguard.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System tool=[%PROGRAM_FILES%]\eaypim\wdcpsysguard.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]{ab9235f6-db9f-4fdc-aafb-a3baf1849e34}=(EMPTY)
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System tool=[%PROGRAM_FILES%]\gadgbm\qwqbsysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WINSS="[%COMMON_APPDATA%]\9aa888e\WinSecSuite.exe" /s
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Monopod=[%PROFILE_TEMP%]\175.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]msWindows restore service=[%PROFILE_TEMP%]\bfi5rpf.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WINSS="[%COMMON_APPDATA%]\a608f48\WinSecSuite.exe" /s
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Monopod=[%PROFILE_TEMP%]\18.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System tool=[%PROGRAM_FILES%]\dirxbg\raybsysguard.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System tool=[%PROGRAM_FILES%]\dirxbg\raybsysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Monopod=[%PROFILE_TEMP%]\16.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cognac=[%PROFILE_TEMP%]\EF.tmp.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System tool=[%PROGRAM_FILES%]\gsnoku\fewbsysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System tool=[%PROGRAM_FILES%]\gsnoku\fewbsysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Monopod=[%PROFILE_TEMP%]\38.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cognac=[%PROFILE_TEMP%]\h.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SMrhc1w8j0ec95=[%PROGRAM_FILES%]\rhc1w8j0ec95\rhc1w8j0ec95.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Monopod=[%SYSTEM_DRIVE%]\Temp\775.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System tool=[%PROGRAM_FILES%]\krftca\cvyqsysguard.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System tool=[%PROGRAM_FILES%]\krftca\cvyqsysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cognac=[%PROFILE_TEMP%]\36.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System tool=[%PROGRAM_FILES%]\wgfdvr\ragssysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System tool=[%PROGRAM_FILES%]\wgfdvr\ragssysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]vxdhm="[%APPDATA%]\Google\xtgoj6119471.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WINSS="[%COMMON_APPDATA%]\dea36cd\WinSecSuite.exe" /s
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cognac=[%PROFILE_TEMP%]\1\~tmpb.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]lphcp0wj0ev4n=[%SYSTEM%]\lphcp0wj0ev4n.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]MSFox=[%PROFILE_TEMP%]\1\yyy10909.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cognac=[%PROFILE_TEMP%]\47.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]MSFox=[%PROFILE_TEMP%]\xxx41.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ColdWare=[%WINDOWS%]\mst.exe
  • [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]AppInit_DLLs=karna.dat,avgrsstx.dll
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cognac=[%PROFILE_TEMP%]\73.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]MSFox=[%PROFILE_TEMP%]\xxx9167.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]MSFox=[%PROFILE_TEMP%]\xxx481.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cognac=[%PROFILE_TEMP%]\3B25.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Monopod=[%PROFILE_TEMP%]\3BF.tmp.exe
  • [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]AppInit_DLLs=karna.dat [%SYSTEM%]\kalerazo.dll [%SYSTEM%]\monelare.dll [%SYSTEM%]\bajiyise.dll,[%SYSTEM%]\fujegifu.dll
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]msWindows restore service=[%PROFILE_TEMP%]\je47dr.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]msWindows restore service=[%PROFILE_TEMP%]\yw3o9mc.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cognac=(EMPTY)
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cognac=[%PROFILE_TEMP%]\3C7.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cognac=[%PROFILE_TEMP%]\1F.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cognac=[%PROFILE_TEMP%]\5B.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ColdWare=[%WINDOWS%]\msi.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cognac=[%PROFILE_TEMP%]\2.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]lphce8aj0ecfd=[%SYSTEM%]\lphce8aj0ecfd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Somefox=[%PROFILE_TEMP%]\video1152.cfg.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ColdWare=[%PROFILE_TEMP%]\o.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]msWindows restore service=[%PROFILE_TEMP%]\cwx90b8u3.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cognac=[%PROFILE_TEMP%]\105.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cognac=[%WINDOWS%]\temp\b.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ColdWare=[%PROFILE_TEMP%]\e.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Cognac=[%PROFILE_TEMP%]\10.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cognac=[%PROFILE_TEMP%]\1.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]cognac=[%PROFILE_TEMP%]\b .exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cognac=[%PROFILE_TEMP%]\C7.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]msWindows restore service=[%PROFILE_TEMP%]\k1f7t.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ColdWare=[%WINDOWS%]\msf.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ColdWare=[%PROFILE_TEMP%]\987.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cognac=[%PROFILE_TEMP%]\r.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cognac=[%PROFILE_TEMP%]\21.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cognac=[%PROFILE_TEMP%]\E7.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]MSFox=[%PROFILE_TEMP%]\yyy6809.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]MSFox=[%PROFILE_TEMP%]\ert519624.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cognac=[%PROFILE_TEMP%]\43.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cognac=[%PROFILE_TEMP%]\g.exe
  • [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]AppInit_DLLs=[%WINDOWS%]\karna.dat
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cognac=[%PROFILE_TEMP%]\b .exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ColdWare=[%WINDOWS%]\temp\592375.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Somefox=[%PROFILE_TEMP%]\video1153.cfg.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ColdWare=[%WINDOWS%]\temp\4352147.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cognac=[%WINDOWS%]\TEMP\l.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]MSFox=(EMPTY)
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cognac=[%PROFILE_TEMP%]\6156.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ColdWare=[%WINDOWS%]\temp\5463108.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cognac=[%PROFILE_TEMP%]\j.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]lphc5toj0e104=[%SYSTEM%]\lphc5toj0e104.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cognac=[%PROFILE_TEMP%]\5F5.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cognac=[%PROFILE_TEMP%]\24.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cognac=[%PROFILE_TEMP%]\4.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cognac=[%PROFILE_TEMP%]\99F2.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]MSFox=[%PROFILE_TEMP%]\video1054.cfg.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SMrhceqvj0etdc=[%PROGRAM_FILES%]\rhceqvj0etdc\rhceqvj0etdc.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]lphcaqvj0etdc=[%SYSTEM%]\lphcaqvj0etdc.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cognac=[%PROFILE_TEMP%]\18.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]lphcjsrj0etf7=[%SYSTEM%]\lphcjsrj0etf7.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cognac=[%PROFILE_TEMP%]\6A.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cognac=[%PROFILE_TEMP%]\5445.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]realteks="[%APPDATA%]\Google\uqrke8412012.exe" 2
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]MSFox=[%PROFILE_TEMP%]\yyy8794.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Cognac=[%PROFILE_TEMP%]\152.tmp.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]realtehs="[%APPDATA%]\Google\vgwsn871850.exe" 2
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]{7d787886-3b24-401c-a7bc-af950a1c3cac}=(EMPTY)
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Cognac=[%PROFILE_TEMP%]\C2.tmp.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]realteks="[%APPDATA%]\Google\vnalx1545269.exe" 2
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Cognac=[%PROFILE_TEMP%]\27.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Cognac=[%PROFILE_TEMP%]\49.tmp.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SMrhcn55j0e189=[%PROGRAM_FILES%]\rhcn55j0e189\rhcn55j0e189.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Cognac=[%PROFILE_TEMP%]\989.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Cognac=[%PROFILE_TEMP%]\159.tmp.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] ctpmon=(EMPTY)