Categories

Blogger news

cum se face un site partea 4

My Blog List

15:01    

PC AntiSpyware 2010 – Instructiuni pentru Devirusare

PC AntiSpyware 2010 este un program anti-spyware de tip rogue din aceeasi familie cu Home Antivirus 2010, fiind destul de raspandit la acest moment.
Odata instalat, creeaza o multime de fisiere corupte, dar inofensive pentru Pc, ce vor fi mai apoi detectate ca fiind infectate atunci cand acest program “va scana” computer-ul. Fisierele au denumiri aleatorii si apar in diverse locatii ale hard-disk-ului.

PC AntiSpyware 2010 va afisa de asemenea o fereastra ce copiaza destul de fidel Microsoft Windows Security Center. Diferenta dintre cele doua este ca cea falsa promoveaza PC AntiSpyware 2010 a carui achizitionare o sugereaza.
In plus Internet Explorer va afisa diverse pagini aleatorii ce afirma ca site-ul vizitat este infectat. Apoi va sugera din nou achizitionarea PC AntiSpyware 2010 pentru a va proteja calculatorul.





Scapati cat mai rapid de aceasta infectie folosind procedura de mai jos:

Fisierele create de acest virus sunt:

•c:\Program Files\Common Files\aqamodero.dat
•c:\Program Files\Common Files\hubeweqa.lib
•c:\Program Files\Common Files\jatikysup._dl
•c:\Program Files\Common Files\ofyxodaqa.dat
•c:\Program Files\Common Files\sahaso.bat
•c:\Program Files\Common Files\zotys.bin
•c:\Program Files\PC_Antispyware2010
•c:\Program Files\PC_Antispyware2010\AVEngn.dll
•c:\Program Files\PC_Antispyware2010\htmlayout.dll
•c:\Program Files\PC_Antispyware2010\PC_Antispyware2010.cfg
•c:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe
•c:\Program Files\PC_Antispyware2010\pthreadVC2.dll
•c:\Program Files\PC_Antispyware2010\Uninstall.exe
•c:\Program Files\PC_Antispyware2010\wscui.cpl
•c:\Program Files\PC_Antispyware2010\data
•c:\Program Files\PC_Antispyware2010\data\daily.cvd
•c:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT
•c:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
•c:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll
•c:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll
•c:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll
•c:\WINDOWS\akudyta.lib
•c:\WINDOWS\hoxigawax.inf
•c:\WINDOWS\kyci.dl
•c:\WINDOWS\nuxojih.scr
•c:\WINDOWS\qynomikov.bin
•c:\WINDOWS\seni.reg
•c:\WINDOWS\yfoneby.db
•c:\WINDOWS\system32\_scui.cpl
•c:\WINDOWS\system32\cocefezyj.dl
•c:\WINDOWS\system32\qebykiti.dl
•c:\Documents and Settings\All Users\Application Data\pybisezyr.db
•c:\Documents and Settings\All Users\Application Data\ulycozoho._dl
•c:\Documents and Settings\All Users\Documents\ekenubes.com
•c:\Documents and Settings\All Users\Documents\icosagula.reg
•%UserProfile%\Application Data\jugifyryve.exe
•%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\PC_Antispyware2010.lnk
•%UserProfile%\Cookies\ajeby.reg
•%UserProfile%\Cookies\yqeqaranym.vbs
•%UserProfile%\Cookies\zebav.pif
•%UserProfile%\Desktop\_scui.cpl.txt
•%UserProfile%\Desktop\PC_Antispyware2010.lnk
•%UserProfile%\Local Settings\Application Data\xoqupuwytu._dl
•%UserProfile%\Start Menu\Programs\PC_Antispyware2010
•%UserProfile%\Start Menu\Programs\PC_Antispyware2010\PC_Antispyware2010.lnk
•%UserProfile%\Start Menu\Programs\PC_Antispyware2010\Uninstall.lnk


Cheile registry apartinand virusului sunt:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC_Antispyware2010
HKEY_LOCAL_MACHINE\SOFTWARE\PC_Antispyware2010
HKEY_CURRENT_USER\Control Panel\don’t load “scui.cpl”
HKEY_CURRENT_USER\Control Panel\don’t load “wscui.cpl”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “PC Antispyware 2010″

Log-ul HijackThis va afisa intrarea:

O4 – HKLM\..\Run: [PC Antispyware 2010] “C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe” /hide

DEVIRUSARE: Descarcati, instalati si scanati Pc-ul cu Malwarebytes Anti-Malware. Stergeti la final toate infectiile gasite, apasand “Remove selected”.