Jump to content
ACalcutt

Trojan.FakeAlert

Recommended Posts

A program I created for our campus faculty computers is being flagged as Trojan.FakeAlert. The purpose of the script is to prompt a policy reminder when a users plugs in a usb thumbdrive (or equivilent).

The program is based off the code here: http://www.autoitscript.com/forum/index.php?showtopic=42580

The program is attached. autoit source code is included

Share this post


Link to post
Share on other sites

OK , the file itself is not being detected but because it is being stored in root it is under far greater heuristics . A lot of malware runs from root so that location lets you get away with a lot less in MBAM .

I an whitelist this for you but in the future staying away from root would be a good idea , even C:\apps\ would bypass this .

Share this post


Link to post
Share on other sites

BTW and on the subject of flash drives , you can bypass flash drive malware by formatting to them to NTFS , setting up an autorun file and then crippling that file's permissions . I don't know if this is what you are trying to do but with all the malware going around that can jump to flash its not a bad idea .

Share this post


Link to post
Share on other sites

Ok, moving the file into a folder wouldn't be a problem if that is the only reason. Thanks

Also, on your other comment, the program just gives a message box with a reminder of our policy when a usb drive is plugged into the computer. (see the image below)

Thanks for your help

-Andrew

post-6372-1229021166_thumb.jpg

post-6372-1229021166_thumb.jpg

Share this post


Link to post
Share on other sites

Thanks again, that did work. I'm glad this was caught before it was distributed to all faculty though SMS :-)

Share this post


Link to post
Share on other sites
BTW and on the subject of flash drives , you can bypass flash drive malware by formatting to them to NTFS , setting up an autorun file and then crippling that file's permissions . I don't know if this is what you are trying to do but with all the malware going around that can jump to flash its not a bad idea .

We do have an FAQ on this (sans the permissions and autorun) subject here: Format USB Thumbdrive to NTFS

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.