How to remove richtx64.exe trojan (Fake Security Center Alert)

richtx64.exe is a component of trojan FakeAlert. Once installed, it will display a Security Center Alert that stats that “Windows Firewall has blocked some features of this program” (Trojan-Downloader.JS.Multi.ca, Net-Worm.Win32.Mytob.t, Net-Worm.Win32.DipNet.d, Rootkit.Win32.Agent.pp) as an attempt to make you think your computer has a security problem. Some of the alerts:

Security Center Alert
To help protect your computer, Windows Firewall has blocked some features of this program.
Do you want to block this suspicious software?
Name: Trojan-Downloader.JS.Multi.ca
Risk Level: Middle Risk

Security Center Alert
To help protect your computer, Windows Firewall has blocked some features of this program.
Do you want to block this suspicious software?
Name: Net-Worm.Win32.Mytob.t
Risk Level: Middle Risk

Security Center Alert
To help protect your computer, Windows Firewall has blocked some features of this program.
Do you want to block this suspicious software?
Name: Net-Worm.Win32.DipNet.d
Risk Level: Middle Risk

Security Center Alert
To help protect your computer, Windows Firewall has blocked some features of this program.
Do you want to block this suspicious software?
Name: Rootkit.Win32.Agent.pp
Risk Level: Middle Risk

Of course, all of these alerts are fake and should be ignored!

What is more, the trojan will also download and install AntiMalware or Malware Defense automatically without your permission. AntiMalware and Malware Defense are rogue antispyware programs, that reports false infections and shows fake security alerts as method to to trick you into purchase so-called “full” version of the software.

If your computer is infected, then use these removal instructions below, which will remove richtx64.exe trojan and other components of trojan FakeAlert for free.

More screen shoots of richtx64.exe (trojan FakeAlert)

Symptoms in a HijackThis Log

O4 – HKCU\..\Run: [richtx64.exe] C:\DOCUME~1\comp\LOCALS~1\Temp\richtx64.exe

Use the following instructions to remove richtx64.exe trojan FakeAlert (Uninstall instructions)

Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.

Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded you will see window similar to the one below.

Malwarebytes Anti-Malware Window

Select Perform Quick Scan, then click Scan, it will start scanning your computer. This procedure can take some time, so please be patient.

When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.

Malwarebytes Anti-malware, list of infected items

Make sure that everything is checked, and click Remove Selected for start removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.

richtx64.exe (trojan FakeAlert) creates the following files and folders

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\richtx64.exe

richtx64.exe (trojan FakeAlert) creates the following registry keys and values

%Temp%\richtx64.exe
%Temp%\wscsvc32.exe