What is Win32/FakeAlert.MX

Win32/FakeAlert.MX is a trojan that downloads and executes arbitrary files. It can block certain security websites and redirect user search queries to malware-related websites.

How Win32/FakeAlert.MX propagates

Win32/FakeAlert.MX checks whether the following Internet browser executables exist on the system, in order to customize replies received from the web servers:

chrome.exe
explorer.exe
firefox.exe
iexplore.exe
maxthon.exe
myie2.exe
opera.exe

It also monitors and may manipulate “GoogleDesktop.exe” results.

It checks for Internet connectivity by attempting to access www.microsoft.com. If unsuccessful, the trojan does not continue with its payload.

Win32/FakeAlert.MX is also known as

Clbd LB (CA Anti-Spyware), TrojanDropper:Win32/Alureon.J (MS OneCare), Rootkit.Win32.Clbd.lb (Kaspersky), Backdoor.Tidserv (Symantec)