Postări
Personal Antivirus se instaleaza printr-un troian numit Zlob, ce incearca sa pacaleasca utilizatorul determinandu-l sa cumpere acest program. Odata infectat cu troianul respectiv, va apare un mesaj fals de securitate similar cu notificarile Windows spunand cu Pc-ul a fost infectat cu virusi. Mesajele Personal Antivirus sunt folosite pentru a determina utilizatorul sa cumpere, descarce si instaleze acest program pentru a sterge un spyware\virus imaginar detectat.
Programul creeaza urmatorul folder:
%ProgramFiles%\PersonalAV
In plus sunt create urmatoarele procese ce este necesar sa fie oprite din Task Manager:
%PROGRAMFILES%\PAV\pav.exe pav.exe PersonalAntivirus[1].exe %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe %UserProfile%\Application Data\Microsoft\Windows\winlogon.exe %UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe %UserProfile%\Application Data\Personal Antivirus\unins000.exe c:\Program Files\Personal Antivirus\PerAvir.exe
De asemenea sunt create urmatoarele chei regist
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ITGRDENGINE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ITGrdEngine HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Personal Antivirus_is1 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Personal Antivirus” HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “PrS”
Urmatoarele alte fisiere si foldere sunt create:
wincontrol.dll pav.exe PersonalAntivirus[1].exe %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe %UserProfile%\Application Data\Microsoft\Windows\winlogon.exe %UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe %UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini %UserProfile%\Local Settings\Application Data\Microsoft\Windows\log.txt %UserProfile%\Application Data\Personal Antivirus\db\Urls.inf %UserProfile%\Application Data\Personal Antivirus\db\Timeout.inf %UserProfile%\Application Data\Personal Antivirus\db\config.cfg %UserProfile%\Application Data\Personal Antivirus\db %UserProfile%\Application Data\Personal Antivirus\Uninstall Personal Antivirus.lnk %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png %UserProfile%\Application Data\Personal Antivirus\uill.ini %UserProfile%\Application Data\Personal Antivirus\settings.ini %UserProfile%\Application Data\Personal Antivirus\unins000.exe %UserProfile%\Application Data\Personal Antivirus %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Personal Antivirus.lnk c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus Home Page.lnk c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus.lnk c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus\Purchase License.lnk c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus c:\Documents and Settings\All Users\Desktop\Personal Antivirus.lnk c:\WINDOWS\system32\log.txt c:\Program Files\Personal Antivirus\Languages\IAIt.lng c:\Program Files\Personal Antivirus\Languages\IAGer.lng c:\Program Files\Personal Antivirus\Languages\IAFr.lng c:\Program Files\Personal Antivirus\Languages\IAEs.lng c:\Program Files\Personal Antivirus\Languages c:\Program Files\Personal Antivirus\db\ia080618x.db c:\Program Files\Personal Antivirus\db\ia080614.db c:\Program Files\Personal Antivirus\db\DBInfo.ver c:\Program Files\Personal Antivirus\db c:\Program Files\Personal Antivirus\working.log c:\Program Files\Personal Antivirus\unins000.dat c:\Program Files\Personal Antivirus\Explorer.ico c:\Program Files\Personal Antivirus\activate.ico c:\Program Files\Personal Antivirus\uninstall.ico c:\Program Files\Personal Antivirus\PerAvir.exe c:\Program Files\Personal Antivirus %PROGRAMFILES%\PAV\pav.exe
DEVIRUSARE:
1. Manuala: Stergeti toate fisierele, folderele si cheile registry de mai sus.
Mergeti la Start >> Run, scrieti: cmd, apasati Enter.
In noua fereastra ce va apare scrieti: regsvr32 /u wincontrol.dll
2. Automata: Descarcati si scanati complet PC-ul cu Malwarebytes Anti-Malware
