Postări
V-am prezentat pana acum diferite programe rogue si metoda de a scapa de ele.
De data asta va voi aduce la cunostinta alta metoda de a pacali utilizatorul.
Online-antivir-scan09.com este un asa-zis sis a scanner antivirus online ce distribuie anti-spyware-ul fals Personal Antivirus. La accesarea site-ului o multitudine de ferestre pop-up vor apare. Daca veti da click pe vreuna din ele browser-ul va fi automat redirectionat spre un site ce contine Online-antivir-scan09.com URL in bara de adrese.
Acest program pretinde scanarea integrala a Pc-ului si afiseaza diversi virusi detectati, solicitand achizitionarea soft-ului pentru remedierea problemelor.
Ca si celelalte programe de acest fel utilizeaza icon-uri, denumiri si ferestre foarte asemanatoare cu ale altor programe antivirus consacrate sau chiar mimeaza Windows Explorer.
Pentru eliminarea acestui virus urmati instructiunile de mai jos:
De data asta va voi aduce la cunostinta alta metoda de a pacali utilizatorul.
Online-antivir-scan09.com este un asa-zis sis a scanner antivirus online ce distribuie anti-spyware-ul fals Personal Antivirus. La accesarea site-ului o multitudine de ferestre pop-up vor apare. Daca veti da click pe vreuna din ele browser-ul va fi automat redirectionat spre un site ce contine Online-antivir-scan09.com URL in bara de adrese.
Acest program pretinde scanarea integrala a Pc-ului si afiseaza diversi virusi detectati, solicitand achizitionarea soft-ului pentru remedierea problemelor.
Ca si celelalte programe de acest fel utilizeaza icon-uri, denumiri si ferestre foarte asemanatoare cu ale altor programe antivirus consacrate sau chiar mimeaza Windows Explorer.
Pentru eliminarea acestui virus urmati instructiunile de mai jos:
Acest program rogue creeaza o multime de fisiere\foldere dupa cum urmeaza:
•%Documents and Settings%\All Users\Desktop\Personal Antivirus.lnk
•%Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus
•%Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus Home Page.lnk
•%Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus.lnk
•%Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus\Purchase License.lnk
•%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Personal Antivirus.lnk
•%UserProfile%\Application Data\Personal Antivirus
•%UserProfile%\Application Data\Personal Antivirus\settings.ini
•%UserProfile%\Application Data\Personal Antivirus\uill.ini
•%UserProfile%\Application Data\Personal Antivirus\unins000.exe
•%UserProfile%\Application Data\Personal Antivirus\Uninstall Personal Antivirus.lnk
•%UserProfile%\Application Data\Personal Antivirus\db
•%UserProfile%\Application Data\Personal Antivirus\db\config.cfg
•%UserProfile%\Application Data\Personal Antivirus\db\Timeout.inf
•%UserProfile%\Application Data\Personal Antivirus\db\Urls.inf
•%UserProfile%\Local Settings\Application Data\Microsoft\Windows\log.txt
•%UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
•%UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
•%Program Files%\Personal Antivirus
•%Program Files%\Personal Antivirus\activate.ico
•%Program Files%\Personal Antivirus\Explorer.ico
•%Program Files%\Personal Antivirus\PerAvir.exe
•%Program Files%\Personal Antivirus\unins000.dat
•%Program Files%\Personal Antivirus\uninstall.ico
•%Program Files%\Personal Antivirus\working.log
•%Program Files%\Personal Antivirus\db
•%Program Files%\Personal Antivirus\db\DBInfo.ver
•%Program Files%\Personal Antivirus\db\ia080614.db
•%Program Files%\Personal Antivirus\db\ia080618x.db
•%Program Files%\Personal Antivirus\Languages
•%Program Files%\Personal Antivirus\Languages\IAEs.lng
•%Program Files%\Personal Antivirus\Languages\IAFr.lng
•%Program Files%\Personal Antivirus\Languages\IAGer.lng
•%Program Files%\Personal Antivirus\Languages\IAIt.lng
•%WINDOWS%\system32\log.txt
•%UserProfile%\Application Data\Microsoft\Windows\winlogon.exe
•%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png
•%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png
•%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png
•%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe
•%UserProfile%\Local Settings\Application Data\Microsoft\Windows\log.txt
•%UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
•%UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
In plus sunt create cheile registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Personal Antivirus_is1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ITGRDENGINE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ITGrdEngine
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “PrS”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Personal Antivirus”
Intrarile ce pot apare in log-ul HijackThis:
O4 – HKCU\..\Run: [Personal Antivirus] “C:\Program Files\Personal Antivirus\PerAvir.exe” /s
O4 – HKCU\..\Run: [Microsoft Windows logon process] C:\Documents and Settings\Bleeping\Application Data\Microsoft\Windows\winlogon.exe
O4 – HKCU\..\Policies\Explorer\Run: [iv] “C:\Documents and Settings\Bleeping\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe”
O23 – Service: Guard Service (ITGrdEngine) – Unknown owner – %UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
DEVIRUSARE: Descarcati, instalati si scanati Pc-ul cu Malwarebytes Anti-Malware. Stergeti la final toate infectiile gasite, apasand “Remove selected”.
