Wednesday, April 9, 2014

Remove LNK:FakeFolder-B [Trj] (FakeFolder Trojan)

LNK:FakeFolder-B [Trj] Outlines


LNK:FakeFolder-B [Trj] has been recently found to spread via portable devices. Once an affected device is connected to a machine, .lnk extension will be caught to be added to all folders. It had also been found that the files and data copied from a machine were gone when they were about to be pasted onto another machine; and the only stuff that showed up were loads of .tmp files. Though the FakeFolder Trojan can be detected and quarantined by installed anti-virus program, the files stay affected on hard drives. In other word, LNK:FakeFolder-B [Trj] has not been removed completely.

As its name suggests, LNK:FakeFolder-B [Trj] attackes shortcut vulnerability. And once the FakeFolder Trojan settles down on a machine, it would generate items and documents that appear to be normal, awaiting unwitting clicks to execute its vicious codes and payloads:
  • Download and execute additional modules from the C&C server.
  • It works in multithreading mode to communicate with the malicious driver.
  • It sends an encrypted buffer to the malicious driver to be written so that the vicious items could dodge from easy detection and inject vicious codes into processes. 
With these payloads, FakeFolder Trojan manages to prevent from automatic removal by installed security utilities. Thus manual removal method is highly recommended.



LNK:FakeFolder-B [Trj] Affection Consequences 


Delay in removing LNK:FakeFolder-B [Trj] is not wise for the below reasons:
Such Trojan has backdoor program to bring in additional malicious items.
Security services have been disabled to some extent when the Trojan horse was infiltrating into a target system as corresponding drivers have been overwritten with virulent code.

In other word, installed anti-virus programs are not that powerful enough to stop additional infiltrations and more infections, Trojan horse particularly, will be anticipated before long.

What you think it penetrates into your computer for? To destroy machines for fun? Of course not. There are two purposes to bring in additional items. One is to get profitable commission and the other is to steal information jointly. By selling collected information, whether it is system configuration or online whereabouts, the author behind LNK:FakeFolder-B [Trj] could make easy money out of it. In sum, the consequences you might encounter after being attacked by FakeFolder Trojan are as follows:
  • Identity theft and information loss.
  • Weak security defense.
  • More virus.
  • Sluggish PC performance.
  • Crashed browsers.
  • Highly consumed CPU.
  • Browser redirects and hijacks.

Below is the recommended way to help remove LNK:FakeFolder-B [Trj]. It is not advisable to carry on the below steps if you are a rookie. Should it be the case, please do feel free to get specialized technical help by contacting a recommended PC Technology Support Center.
live chat to get expert help in removing LNK:FakeFolder-B [Trj]



Effective Thread to Remove LNK:FakeFolder-B [Trj] (FakeFolder Trojan)


1. please close down System Restore function as LNK:FakeFolder-B [Trj] could inject its vicious code into every detected restore points. 



2. run full scan with anti-virus program and note down the path name directing to LNK:FakeFolder-B [Trj]. 



3. unveil all hidden items and remove items generated by LNK:FakeFolder-B [Trj] from local disk. 

Windows 7/XP/Vista - Control Panel > user accounts and family safety > Folder Options > View tab > tick ‘Show hidden files and folders’ > non-tick ‘Hide protected operating system files (Recommended)’ > OK button.

Windows 8 - Windows Explorer > View tab > tick ‘File name extensions’ and ‘Hidden items’ > OK button.
Access the detected path and remove all the items there.
Access C:\Windows, C:\Windows\System32, C:\windows\winstart.bat, C:\windows\wininit.ini and C:\windows\Autoexec.bat to remove all the files and folders detected on the date when LNK:FakeFolder-B [Trj] was firstly found. 



4. access Database to remove the items generated by LNK:FakeFolder-B [Trj].

Press down Win key and R key together > type “regedit” > hit Enter key > remove the values under the following entries:
HKEY_CLASSES_ROOTWindowFiles\Check_Associations
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetINTEXPLORE.pif\ToP
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun\[random numbers and letters]
HKEY_CLASSES_ROOTCLSID{random numbers} shellOpenHomePageCommand.



Be noted that LNK:FakeFolder-B [Trj] is capable of using multiple payloads and providing a botnet for rent to earn easy money, as a result, browser problems emerge to surface. In such case, solving browser problems before removing LNK:FakeFolder-B [Trj] will not move towards success. To take down all the incurred problems, it is recommended to remove FakeFolder Trojan in the first place. Also, solve incurred issues are necessary to hinder the Trojan;s re-image; otherwise, vulnerability could be taken advantage for return. Last but not least, the above instruction is exclusively applicable to LNK:FakeFolder-B [Trj], should you need to take down incurred issues, you may need more steps and virus knowledge; otherwise, seek quick fix by contacting VilmaTech Online Support.
live chat to get expert help in removing LNK:FakeFolder-B [Trj]





No comments: