Click on screenshot to zoom
Danger level 7
Type: Trojans

Trojan.FakeRean

Trojan.FakeRean is the latest malicious infection which happens to be causing havoc on the internet community as we speak!

Trojan.FakeRean is the latest Trojan Downloader to be causing all sorts of problems for PC users. Trojan.FakeRean, unlike viruses is unable to self-replicate, but is just as dangerous to any computer system it has infected.

After execution, Trojan.FakeRean injects malicious code into the memory of the infected system, and continues to send sensitive information, from the system to a remote controller – awaiting the data.

Trojan.FakeRean tends to be distributed along the following channels: via emails, malicious web pages, Inter Relay Chat channels (IRC) and some peer-to-peer networks.

So what sets Trojan.FakeRean apart from most Trojan Downloader’s?
Well, based on the operating system of the infected computer system, Trojan.FakeRean will attempt to download a file from a particular address.

Once Trojan.FakeRean has entered into a suitable website, Trojan.FakeRean may drop a Rootkit component, which attaches itself to the System Service Descriptor Table – which enables Trojan.FakeRean to hide the registry keys it has created.

Trojan.FakeRean is also highly capable of downloading additional malware onto the infected computer system, usually from a remote internet website, which is ultimately executed on a local system.

It is important to bear in mind that Trojan.FakeRean has a number of varying functions – all of which are aimed at compromising the infected computer system, the user’s privacy and challenging the integrity of the computer itself.

Another function Trojan.FakeRean has been designed to implement is that Trojan.FakeRean is known to use backdoor techniques to infiltrate a computer system, and remain undetected whilst embedded within the system, this way it can carry out its malicious intent - undeterred.

If there is nothing else you gain nothing else from this article, keep this one point in mind: while a manual removal process may be quite a cumbersome and intricate process, best performed by an individual that knows how to navigate themselves around the registry files of a computer, the most important thing to do is to remove this infection, as soon as it has been detected.

One should ensure that a fully functional and reliable anti-spyware application is installed on the infected computer system. This way you will be able to deal with this threat, Trojan.FakeRean, and remove all its components from the infected system.

Download Spyware Removal Tool to Remove* Trojan.FakeRean
  • Quick & tested solution for Trojan.FakeRean removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Trojan.FakeRean

Files associated with Trojan.FakeRean infection:

Total PC Defender 2010.exe
setup.exe
m.2F7.tmp.exe
m.2BFB4.tmp.exe
m.228.tmp.exe
m.21E.tmp.exe
m.21A.tmp.exe
m.2121.tmp.exe
av.exe
30D5.tmp
installer_70108.exe
Abaddon.exe
ntdll64.dll
movie[1].exe
go[1].exe
antivirus[2].exe
ufcmj5vwe5bd.exe
XPProtectionCenter.exe
AntiSpywareXP2009.exe
XP_AntiSpyware.exe
winivstr.exe
winav.exe
pcdefender.exe
xpsecuritycenter.exe
AntivirusPro2009.exe

Trojan.FakeRean DLL's to remove:

ntdll64.dll

Trojan.FakeRean processes to kill:

Total PC Defender 2010.exe
setup.exe
m.2F7.tmp.exe
m.2BFB4.tmp.exe
m.228.tmp.exe
m.21E.tmp.exe
m.21A.tmp.exe
m.2121.tmp.exe
av.exe
installer_70108.exe
Abaddon.exe
movie[1].exe
go[1].exe
antivirus[2].exe
ufcmj5vwe5bd.exe
XPProtectionCenter.exe
AntiSpywareXP2009.exe
XP_AntiSpyware.exe
winivstr.exe
winav.exe
pcdefender.exe
XPSecurityCenter.exe
xpsecuritycenter.exe
AntivirusPro2009.exe

Remove Trojan.FakeRean registry entries:

HKEY_CURRENT_USERSOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN sysav
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ sysav
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN AntiSpywareXP 2009
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN Antivirus Pro 2009
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN XP Antispyware 2009
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN XP Protection Center
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN XP SecurityCenter
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ AntiSpywareXP 2009
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Antivirus Pro 2009
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ ufcmj5vwe5bd
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ XP Antispyware 2009
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ XP Protection Center
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ XP SecurityCenter
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catal
RUNNING PROGRAMwinivstr.exe
RUNNING PROGRAM\winivstr.exe
Disclaimer

Comments

  1. Dick Jul 30, 2010

    Microsoft security essentials was useless too!!!!

  2. John May 15, 2011

    Microsoft essential worked the first few times but now it wount work

  3. D Jun 16, 2011

    fakerean allows itself in security essentials and I cannot change the action

  4. Tim Jun 21, 2011

    MSSE has removed the same fakerean 3 times. Also found virtool:js/obfuscator.bn.

    Searches in IE and firefox redirect clicked links to junk search sites.

  5. John Jul 3, 2011

    have to kill a process named xit.exe

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.