Home / Parasites / Trojans / Trojan.FakeInit
Click on screenshot to zoom
Danger level 10
Type: Trojans
Common infection symptoms:
  • Connects to the internet without permission
  • Shows commercial adverts
  • Slow internet connection
  • System crashes
  • Annoying Pop-up's
  • Slow Computer
  • Block exe files from running
  • Changes background
  • Installs itself without permissions

Trojan.FakeInit

Trojan.FakeInit is a dangerous computer infection that can easily attack and damage your system. This infection can open up backdoors for other malware to invade your computer. It is also capable of intruding your privacy, which could be harmful both for your financial wellbeing and the security of your identity. Therefore, you have to remove Trojan.FakeInit as soon as possible. Even though Trojan.FakeInit has various means of entering Windows, it is most likely you got this dangerous infection through a bundled download, so be careful when downloading files from unreliable sources.

Download Spyware Removal Tool to Remove* Trojan.FakeInit
  • Quick & tested solution for Trojan.FakeInit removal.
  • 100% Free Scan for Windows

Once Trojan.FakeInit reaches your computer, it infiltrates your system and successfully hides itself using a rootkit technique. This way it can act without your notice, and your PC becomes vulnerable to various additional infections. It can be difficult detecting sinister Trojan operating and controlling parts of your system, especially because it does not have an interface of a fake antivirus program that Trojan.FakeInit can initiate (e.g. Internet Security 2010, Antivirus AntiSyware 2011). However, there are some factors that could make you doubt your system’s functionality. At first, your PC slows down, and soon enough you see that something is controlling your Windows, and your Task Manger is blocked!

There is a number of files that Trojan.FakeInit hides in your system, but be extra careful if you notice frmwrk32.exe or ntdll64.exe process files running. These files are very harmful! frmwrk32.exe can read your emails and phone book details, putting your personal data at risk. Do not have a doubt that Trojan.FakeInit will collect this sensitive information, allowing hackers to use it to profit from you. The malicious file also works as a malware downloader, stops Windows Defender, modifies your desktop and can hide itself from active security tools.

Another malicious file modifies the legitimate Windows DLL component mousehook.dll using its original name, and is found in c:\windows. The malware is capable of resisting detection of legitimate security tool, but you can determine the authenticity of this file by looking at its size, as the original file size is 3,584 bytes, and the file active via Trojan.FakeInit is nearly eight times bigger (27,648 bytes). All of the malicious files work together to make your system as vulnerable as possible, and mousehook.dll is an important part of Trojan.FakeInit, as it helps malware communicate inside the system.

Trojan.FakeInit is a very dangerous and cryptic Trojan, and if you manage to detect it in your Windows, it is not recommended that you try removing it yourself. Only an updated legitimate antispyware and antivirus software combination could do the job properly. Do not wait before it is too late and remove Trojan.FakeInit immediately. Get rid of it, and do not let this malicious infection take over your system and breach your personal security!

Download Spyware Removal Tool to Remove* Trojan.FakeInit
  • Quick & tested solution for Trojan.FakeInit removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Trojan.FakeInit

Files associated with Trojan.FakeInit infection:

ClamAVFile
helpers32.dll
Abaddon.exe
winupdate.exe
ntdll64.dll
frmwrk32.exe
winlogon32.exe
winupdate86.exe
PAVRM.exe
mousehook.dll
Userinit.exe
ntdll64.exe

Trojan.FakeInit DLL's to remove:

helpers32.dll
ntdll64.dll
mousehook.dll

Trojan.FakeInit processes to kill:

Abaddon.exe
winupdate.exe
frmwrk32.exe
winlogon32.exe
winupdate86.exe
PAVRM.exe
Userinit.exe
ntdll64.exe

Remove Trojan.FakeInit registry entries:

HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN Advanced Virus Remover
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN winupdate86.exe
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSNTCURRENTVERSIONWINDOWSAPPINIT_DLLS AppInit_DLLs
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSNTCURRENTVERSIONWINLOGONUSERINIT userinit
HKEY_LOCAL_MACHINESYSTEMCURRENTCONTROLSETSERVICESWINSOCK2PARAMETERSSYSTEMCurrentControlSetServicesWinSock2ParametersProtocol_Catalog9Catalog_Entries00000000001
HKEY_LOCAL_MACHINESYSTEMCURRENTCONTROLSETSERVICESWINSOCK2PARAMETERSSYSTEMCurrentControlSetServicesWinSock2ParametersProtocol_Catalog9Catalog_Entries00000000012
HKEY_LOCAL_MACHINESYSTEMCURRENTCONTROLSETSERVICESWINSOCK2PARAMETERSSYSTEMCurrentControlSetServicesWinSock2ParametersProtocol_Catalog9Catalog_Entries00000000013
HKEY_LOCAL_MACHINESYSTEMCURRENTCONTROLSETSERVICESWINSOCK2PARAMETERSSYSTEMCurrentControlSetServicesWinSock2ParametersProtocol_Catalog9Catalog_Entries00000000017
HKEY_LOCAL_MACHINESYSTEMCURRENTCONTROLSETSERVICESWINSOCK2PARAMETERSSYSTEMCurrentControlSetServicesWinSock2ParametersProtocol_Catalog9Catalog_Entries00000000019
HKEY_LOCAL_MACHINESYSTEMCURRENTCONTROLSETSERVICESWINSOCK2PARAMETERSSYSTEMCurrentControlSetServicesWinSock2ParametersProtocol_Catalog9Catalog_Entries00000000021
HKEY_LOCAL_MACHINESYSTEMCURRENTCONTROLSETSERVICESWINSOCK2PARAMETERSSYSTEMCurrentControlSetServicesWinSock2ParametersProtocol_Catalog9Catalog_Entries00000000023
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINDOWS\APPINIT_DLLS\ AppInit_DLLs
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\USERINIT\ userinit
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Advanced Virus Remover
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ winupdate86.exe
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catal
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000023
RUNNING PROGRAMExplorer.EXE
RUNNING PROGRAMntdll64.exe
RUNNING PROGRAM\Explorer.EXE
RUNNING PROGRAM\ntdll64.exe
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
 This is a captcha-picture. It is used to prevent mass-access by robots.

 
© 2006-2024 pcthreat.com  |  Terms of use |  Privacy policy |  About us |  Link to US