richtx64.exe is a component of trojan FakeAlert. Once installed, it will display a Security Center Alert that stats that “Windows Firewall has blocked some features of this program” (Trojan-Downloader.JS.Multi.ca, Net-Worm.Win32.Mytob.t, Net-Worm.Win32.DipNet.d, Rootkit.Win32.Agent.pp) as an attempt to make you think your computer has a security problem. Some of the alerts:
Security Center Alert
To help protect your computer, Windows Firewall has blocked some features of this program.
Do you want to block this suspicious software?
Name: Trojan-Downloader.JS.Multi.ca
Risk Level: Middle Risk
Security Center Alert
To help protect your computer, Windows Firewall has blocked some features of this program.
Do you want to block this suspicious software?
Name: Net-Worm.Win32.Mytob.t
Risk Level: Middle Risk
Security Center Alert
To help protect your computer, Windows Firewall has blocked some features of this program.
Do you want to block this suspicious software?
Name: Net-Worm.Win32.DipNet.d
Risk Level: Middle Risk
Security Center Alert
To help protect your computer, Windows Firewall has blocked some features of this program.
Do you want to block this suspicious software?
Name: Rootkit.Win32.Agent.pp
Risk Level: Middle Risk
Of course, all of these alerts are fake and should be ignored!
What is more, the trojan will also download and install AntiMalware or Malware Defense automatically without your permission. AntiMalware and Malware Defense are rogue antispyware programs, that reports false infections and shows fake security alerts as method to to trick you into purchase so-called “full” version of the software.
If your computer is infected, then use these removal instructions below, which will remove richtx64.exe trojan and other components of trojan FakeAlert for free.
More screen shoots of richtx64.exe (trojan FakeAlert)
Symptoms in a HijackThis Log
O4 – HKCU\..\Run: [richtx64.exe] C:\DOCUME~1\comp\LOCALS~1\Temp\richtx64.exe
Use the following instructions to remove richtx64.exe trojan FakeAlert (Uninstall instructions)
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
richtx64.exe (trojan FakeAlert) creates the following files and folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\richtx64.exe
richtx64.exe (trojan FakeAlert) creates the following registry keys and values
%Temp%\richtx64.exe
%Temp%\wscsvc32.exe
Took me a while to find this place, but boy am I thankfull I did. This trojan was a nasty one for sure.
P.S. This trojan does block Malwarebytes software from running. To be able to launch it, go to “C:/Program files/[wherever you chose to install it]/” folder, and rename executable file mbam.exe to anything else .exe, and then run it.
P.P.S. God, I wish I could get my hands around the neck of a bastard who created that worm…
I have a problem I read everything you said but when I install Malwarebytes it gets to the point where it says finishing installation then it stops but I can still move mt mouse around and I open task manager and it still says its running what do I do???
Dave, ask for help in our Spyware removal forum.