Folder AVG Forums » Other topics » Virus Removal, Tools for Removing » Trojan Horse FakeAlert.RO
April 20, 2010 16:12 Trojan Horse FakeAlert.RO #83103
Reply with Quote | Quick Reply | Top
PeterJM3

Avatar

Novice
Join Date: 20.4.2010
Posts: 3
Running AVG Free 9.0 today detected 9 "Trojan Horse FakeAlert.RO" infections. It moved 4 of them to the virus vault, but not the other 5. When I attempted to move any of the the 5 to the virus manually, it gave me a dialog box saying "Threat cannot be removed by standard user rights. Do you want to remove threat as power user?" I decided not to do this until I got some advice. What should I do? I am running AVG Free 9.0.801 with virus DB 271.1.12822. I am running Windows Vista 64-bit with Service Pack 2. The theats that were not quarantined are:
"C:\Windows\SysWOW64\agrsmdel.exe";"Trojan horse FakeAlert.RO";"Infected"
"C:\Windows\System32\DriverStore\FileRepository\agrmdv64.inf_f2f785a8\agrsmdel.exe";"Trojan horse FakeAlert.RO";"Infected"
"C:\Windows\System32\DriverStore\FileRepository\agrmdv64.inf_a2fcddf3\agrsmdel.exe";"Trojan horse FakeAlert.RO";"Infected"
"C:\Windows\System32\DriverStore\FileRepository\agrmdv64.inf_4c61853a\agrsmdel.exe";"Trojan horse FakeAlert.RO";"Infected"
"C:\Windows\agrsmdel.exe";"Trojan horse FakeAlert.RO";"Infected"
The threats that were moved to the virus vault are:
"C:\SwSetup\MMODEM\Agere\Vista64\agrsmdel.exe";"Trojan horse FakeAlert.RO";"Moved to Virus Vault"
"C:\SwSetup\MMODEM\Agere\Vista32\agrsmdel.exe";"Trojan horse FakeAlert.RO";"Moved to Virus Vault"
"C:\SwSetup\Drivers\Modem\flat\LSI\Vista64\agrsmdel.exe";"Trojan horse FakeAlert.RO";"Moved to Virus Vault"
"C:\SwSetup\Drivers\Modem\flat\LSI\Vista32\agrsmdel.exe";"Trojan horse FakeAlert.RO";"Moved to Virus Vault"
Thanks for your assistance
April 20, 2010 17:52 Re: Trojan Horse FakeAlert.RO #83119
Reply with Quote | Quick Reply | Top
rdinan77

Avatar

Novice
Join Date: 20.4.2010
Posts: 1
agrsmdel.exe virus?..

Try running the AVG update and re-scanning. I think the latest update will not report this file as a virus.

We had several users report this. It seemed like it might be a legit file so I ran the update and then re-scanned and it didn't get flagged.
April 20, 2010 20:21 Re: Trojan Horse FakeAlert.RO #83153
Reply with Quote | Quick Reply | Top
BIG AL 43

Avatar

Moderator
Join Date: 18.6.2009
Posts: 23803
@ PeterJM3

As per user rdinan77 try updating the AVG on your system to vdb 271.1.1/2823 & scan again.


AVG Free Volunteer ModeratorAVG Free Forum member since - Nov. 27, 2004My total posts on the Old AVG Free Forum - 27,063
Alan

April 22, 2010 00:54 Re: Trojan Horse FakeAlert.RO #83511
Reply with Quote | Quick Reply | Top
PeterJM3

Avatar

Novice
Join Date: 20.4.2010
Posts: 3
Somehow all nine "trojan horse" files now show in the list of what's in my virus vault. My update is now up to 2827, but won't AVG Free just skip over what's in my virus vault? Should I restore the 9 files first, then re-scan? So what is agrsmdel.exe? Why do I have versions for Vista32 when my OS is Vista64? And what does "FakeAlert.RO" mean?
April 22, 2010 05:58 Re: Trojan Horse FakeAlert.RO #83547
Reply with Quote | Quick Reply | Top
jirka82

Avatar

Administrator
Join Date: 19.6.2009
Posts: 3892
Hi,

the Trojan Horse FakeAlert.RO (unique name of the infection) has not been reported as a false alarm so far. Please send us one of the reported files for analysis as described here.

AVG does not scan the Virus Vault content. It would be automatically restored if confirmed to be a false alarm. It is either new false alarm or a real infection if it is still in the Virus Vault.

Why do I have versions for Vista32 when my OS is Vista64?

This depends on vendor of the application (it seems to be some software for your modem).

Thanks.

***************AVG Team
April 22, 2010 16:30 Trojan Horse FakeAlert.RO #83751
Reply with Quote | Quick Reply | Top
Captain Cato_Sicarius

Avatar

Novice
Join Date: 22.4.2010
Posts: 1
Just found this issue myself- however, whether it is because of the Trojan horse FakeAlert RO or not, my internet on the infected PC does not work. Resident Shield comes up with warnings about it, but when I click "move to vault," it comes up with the message: Do you want to force this threat removal? Forced removal can cause system instability or even crash." Since the internet will not work (despite a NetGear key), I cannot install the latest AVG mentioned above to rectify the issue. Does anyone have any suggestions?
April 22, 2010 21:01 Re: Trojan Horse FakeAlert.RO #83801
Reply with Quote | Quick Reply | Top
dusano123

Avatar

Moderator
Join Date: 30.9.2009
Posts: 3566
Hello,

You could update your AVG from directory:
http://free.avg.com/ww-en/kb.num-2420

Should the issue persist with latest update, please try to send us the file for analysis. (Using some computer with working connection).

Thanks
April 27, 2010 19:25 Re: Trojan Horse FakeAlert.RO #84929
Reply with Quote | Quick Reply | Top
PeterJM3

Avatar

Novice
Join Date: 20.4.2010
Posts: 3
jirka82 wrote
Hi,

the Trojan Horse FakeAlert.RO (unique name of the infection) has not been reported as a false alarm so far. Please send us one of the reported files for analysis as described here.

AVG does not scan the Virus Vault content. It would be automatically restored if confirmed to be a false alarm. It is either new false alarm or a real infection if it is still in the Virus Vault.

Why do I have versions for Vista32 when my OS is Vista64?

This depends on vendor of the application (it seems to be some software for your modem).

Thanks.

***************AVG Team


Today my network connections (both wired and wireless) stopped connecting, so I returned to this problem. I disabled Resident Shield and tried to "restore" the nine files in my virus vault. Six restored but three did not. I scanned each of the six with AVG and they were each found "not infected". Now my wired connection works but my wireless still does not. The three files I could not restore are:
C:\Windows\System32\DriverStore\FileRepository\agrmdv64.inf_f2f785a8\agrsmdel.exe
C:\Windows\System32\DriverStore\FileRepository\agrmdv64.inf_a2fcddf3\agrsmdel.exe
C:\Windows\System32\DriverStore\FileRepository\agrmdv64.inf_4c61853a\agrsmdel.exe
Can you suggest what I do next? I have two problems: 1) I cannot scan these files to see if they are infected; 2) My wireless connection does not work. Thanks.
Oh, I just realized I can send each of files to AVG for inspection by right-clicking on the file in the virus vaulth display and selecting "send for analysis" (nice feature!). I've done that with each of the three and I've included my email address so I'll look forward to learning the analysis results. That still leaves problem 2) unsolved - what can you suggest?
April 27, 2010 21:46 Re: Trojan Horse FakeAlert.RO #84965
Reply with Quote | Quick Reply | Top
dusano123

Avatar

Moderator
Join Date: 30.9.2009
Posts: 3566
Hello,

Could you try to uninstall your wireless networking drivers via device manager
(Start - run - type "devmgmt.msc" - enter)
Locate the wireless network adapter and choose uninstall.

Afterwards, restart your computer.

If the wireless network card is not autodetected and reinstalled, try to run windows update.
If it still doesnt work, please install drivers manually (Should be either on installation CD which you likely obtained with your computer or drivers can be downloaded from manufacturers website)

Thanks