• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Trojan › Tutorials - HowTo › How to remove richtx64.exe trojan (Fake Security Center Alert)

How to remove richtx64.exe trojan (Fake Security Center Alert)

Myantispyware team December 9, 2009     3 Comments    

richtx64.exe is a component of trojan FakeAlert. Once installed, it will display a Security Center Alert that stats that “Windows Firewall has blocked some features of this program” (Trojan-Downloader.JS.Multi.ca, Net-Worm.Win32.Mytob.t, Net-Worm.Win32.DipNet.d, Rootkit.Win32.Agent.pp) as an attempt to make you think your computer has a security problem. Some of the alerts:

Security Center Alert
To help protect your computer, Windows Firewall has blocked some features of this program.
Do you want to block this suspicious software?
Name: Trojan-Downloader.JS.Multi.ca
Risk Level: Middle Risk

Security Center Alert
To help protect your computer, Windows Firewall has blocked some features of this program.
Do you want to block this suspicious software?
Name: Net-Worm.Win32.Mytob.t
Risk Level: Middle Risk

Security Center Alert
To help protect your computer, Windows Firewall has blocked some features of this program.
Do you want to block this suspicious software?
Name: Net-Worm.Win32.DipNet.d
Risk Level: Middle Risk

Security Center Alert
To help protect your computer, Windows Firewall has blocked some features of this program.
Do you want to block this suspicious software?
Name: Rootkit.Win32.Agent.pp
Risk Level: Middle Risk

Of course, all of these alerts are fake and should be ignored!

What is more, the trojan will also download and install AntiMalware or Malware Defense automatically without your permission. AntiMalware and Malware Defense are rogue antispyware programs, that reports false infections and shows fake security alerts as method to to trick you into purchase so-called “full” version of the software.

If your computer is infected, then use these removal instructions below, which will remove richtx64.exe trojan and other components of trojan FakeAlert for free.

More screen shoots of richtx64.exe (trojan FakeAlert)



Symptoms in a HijackThis Log

O4 – HKCU\..\Run: [richtx64.exe] C:\DOCUME~1\comp\LOCALS~1\Temp\richtx64.exe

Use the following instructions to remove richtx64.exe trojan FakeAlert (Uninstall instructions)

Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.

Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded you will see window similar to the one below.

malwarebytes-antimalware1
Malwarebytes Anti-Malware Window

Select Perform Quick Scan, then click Scan, it will start scanning your computer. This procedure can take some time, so please be patient.

When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.

TrojanFakeAlert_remover
Malwarebytes Anti-malware, list of infected items

Make sure that everything is checked, and click Remove Selected for start removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.

richtx64.exe (trojan FakeAlert) creates the following files and folders

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\richtx64.exe

richtx64.exe (trojan FakeAlert) creates the following registry keys and values

%Temp%\richtx64.exe
%Temp%\wscsvc32.exe

Trojan Tutorials - HowTo

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

3 Comments

  1. Paul
    ― January 4, 2010 - 7:53 am  Reply

    Took me a while to find this place, but boy am I thankfull I did. This trojan was a nasty one for sure.

    P.S. This trojan does block Malwarebytes software from running. To be able to launch it, go to “C:/Program files/[wherever you chose to install it]/” folder, and rename executable file mbam.exe to anything else .exe, and then run it.

    P.P.S. God, I wish I could get my hands around the neck of a bastard who created that worm…

  2. Dave
    ― January 21, 2010 - 4:01 pm  Reply

    I have a problem I read everything you said but when I install Malwarebytes it gets to the point where it says finishing installation then it stops but I can still move mt mouse around and I open task manager and it still says its running what do I do???

  3. Patrik
    ― January 21, 2010 - 11:01 pm  Reply

    Dave, ask for help in our Spyware removal forum.

Leave a Reply Cancel reply




New Guides

Samsung Mobile Promo Draw Scam Email
The Samsung Mobile Promo Draw Scam: Don’t Let Greed Blind You – Learn How to Avoid It!
Shaelan Xosha Factory Outlet Scam
Shaelan Factory Outlet: Reviews, Legitimacy, and Unveiling the Scam
Blowpush.com Click Allow Scam
Blowpush.com Virus Removal Guide
Joelact.com website
Joelact.com Review: Is Joelact a Legitimate Store or a Scam?
June Cash 2023 rewardsgiantusa
June Cash 2023 (Junecash2023.com) Review: Can You Really Earn $750 Quickly?

Follow Us

Search

Useful Guides

remove android virus
How to remove virus from Android phone
How to remove browser hijacker virus (Chrome, Firefox, IE, Edge)
This setting is enforced by your administrator (Removal guide)
How to reset Mozilla Firefox (Updated Apr. 2018)
browser redirect virus
How to remove Browser redirect virus [Chrome, Firefox, IE, Edge]

Recent Posts

How to remove AntiTroy (Uninstall instructions)
How to remove Antivirus Live (Uninstall instructions)
How to remove PC Live Guard (Uninstall instructions)
How to remove Live PC Care (Uninstall instructions)
How to remove AntiKeep (Uninstall instructions)

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2023 MASW - Myantispyware.com.