Categories

Blogger news

cum se face un site partea 4

My Blog List

15:07    

Omega AntiVir – Instructiuni pentru Devirusare

Omega AntiVir (cunoscut ca si Omega AntiVirus sau OmegaAntiVir) este cel mai nou si periulos anti-spyware fals apartinand familiei de programe rogue din care fac parte si Windows Additional Guard, Windows Guard Pro si Windows Protection Suite.
Omega AntiVir se raspandeste de regula intr-un mod destul de ascuns si foloseste un Troian pentru a fi descarcat in PC-ul victimei fara ca aceasta sa sesizeze.
Odata instalat Omega AntiVir porneste cu Windows-ul si afiseaza zeci de ferestre cu detectii false, solicitand achizitionarea produsului pentru indepartarea lor.
Tactica este identica la toate programele de acest fel, asa ca nu trebuie sa va lasati pacaliti.

Este interesant ca foloseste o interfata grafica asemanatoare NOD32 Antivirus si o denumire asemanatoare Avira AntiVir. In plus, pagina oficiala pretinde ca programul a primit certificari\premii din partea SoftPedia, PC Magazine, etc.

Scapati cat mai rapid de acest virus folosind instructiunile de mai jos.






Fisierele create sunt urmatoarele:

•%Documents and Settings%\All Users\Application Data\OAV
•%Documents and Settings%\All Users\Application Data\OAV\oav.cfg
•%Documents and Settings%\Bleeping\Application Data\Microsoft\Internet Explorer\Quick Launch\Omega AntiVir.lnk
•%Documents and Settings%\Bleeping\Application Data\Omega AntiVir
•%Documents and Settings%\Bleeping\Application Data\Omega AntiVir\cookies.sqlite
•%Documents and Settings%\Bleeping\Desktop\Omega AntiVir.lnk
•%Documents and Settings%\All Users\Application Data\61a60
•%Documents and Settings%\All Users\Application Data\61a60\mozcrt19.dll
•%Documents and Settings%\All Users\Application Data\61a60\OM83b.exe
•%Documents and Settings%\All Users\Application Data\61a60\OMEGA-AV.ico
•%Documents and Settings%\All Users\Application Data\61a60\sqlite3.dll
•%Documents and Settings%\Bleeping\Start Menu\Omega AntiVir.lnk
•%Documents and Settings%\Bleeping\Start Menu\Programs\Omega AntiVir.lnk

Cheile registry apartinand acestui virus sunt:

•HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Omega AntiVir
•HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
•HKEY_CLASSES_ROOT\SetupPack.DocHostUIHandler
•HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “8789107703″
•HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Omega AntiVir”
Intrarile ce apar intr-un log HijackThis:

O1 – Hosts: 74.125.45.100 4-open-davinci.com
O1 – Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 – Hosts: 74.125.45.100 privatesecuredpayments.com
O1 – Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 – Hosts: 74.125.45.100 getantivirusplusnow.com
O1 – Hosts: 74.125.45.100 secure-plus-payments.com
O1 – Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 – Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 – Hosts: 74.125.45.100 www.getavplusnow.com
O1 – Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 – Hosts: 74.125.45.100 secure.paysecuresystem.com
O4 – HKCU\..\Run: [Omega AntiVir] “C:\Documents and Settings\All Users\Application Data\61a60\OM83b.exe” /s

DEVIRUSARE: Descarcati, instalati si scanati Pc-ul cu Malwarebytes Anti-Malware. Stergeti la final toate infectiile gasite, apasand “Remove selected”.