Categories

Blogger news

cum se face un site partea 4

My Blog List

14:54    

SafetyKeeper – Instructiuni pentru Devirusare

SafetyKeeper este clasificat ca un program anti-spyware deoarece utilizeaza Troieni pentru a afisa alerte false, creeaza fisiere corupte pe care apoi le detecteaza in mod eronat ca infectate. Alertele de securitate poarta denumirea de Security Center Alerts sau Infiltration Alerts si pretind ca acel computer este sub un atac al virusilor, iar singura solutie ar fi achizitionarea programului.
Virusul va afisa de asemenea o fereastra ce va pretinde ca este alerta legitima a Windows Microsoft Security Center. Diferenta dintre cele doua este ca cea falsa promoveaza SafetyKeeper si sugereaza cumpararea lui.

Scapati imediat de acest antivirus fals urmand instructiunile de mai jos:






Programul creeaza urmatoarele fisiere\foldere:

•%Program Files%\SafetyKeeper Software
•%Program Files%\SafetyKeeper Software\SafetyKeeper
•%Program Files%\SafetyKeeper Software\SafetyKeeper\license.txt
•%Program Files%\SafetyKeeper Software\SafetyKeeper\safetykeeper.exe
•%Program Files%\SafetyKeeper Software\SafetyKeeper\uninstall.exe
•%WINDOWS%\102z6w59m3c4.cpl
•%WINDOWS%\1044zhackt9ol5b2.dll
•%WINDOWS%\10683v9rzs656.cpl
•%WINDOWS%\10915hief309z.cpl
•%Documents and Settings%\All Users\Desktop\SafetyKeeper.lnk
•%Documents and Settings%\All Users\Start Menu\Programs\SafetyKeeper
•%Documents and Settings%\All Users\Start Menu\Programs\SafetyKeeper\1 SafetyKeeper.lnk
•%Documents and Settings%\All Users\Start Menu\Programs\SafetyKeeper\2 SafetyKeeper.lnk
•%Documents and Settings%\All Users\Start Menu\Programs\SafetyKeeper\3 Uninstall.lnk


Sunt create si utilizate de catre virus si cheile registry:

•HKEY_CURRENT_USER\Software\SafetyKeeper
•HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SafetyKeeper
•HKEY_LOCAL_MACHINE\SOFTWARE\SafetyKeeper
•HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SAFETYKEEPERSVC
•HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SafetyKeeperSvc
•HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “ha8tozmj.exe”
•HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “SafetyKeeper”
In plus log-ul HijackThis va afisa urmatoarele intrari (denumirea gbn976rl.exe este diferita pe fiecare PC infectat):

O4 – HKCU\..\Run: [gbn976rl.exe] C:\WINDOWS\system32\gbn976rl.exe
O4 – HKCU\..\Run: [SafetyKeeper] C:\Program Files\SafetyKeeper Software\SafetyKeeper\SafetyKeeper.exe -min
O23 – Service: SafetyKeeper Security Service (SafetyKeeperSvc) – Unknown owner – C:\Program Files\SafetyKeeper Software\SafetyKeeper\SafetyKeeperSvc.exe (file missing)

DEVIRUSARE: Descarcati, instalati si scanati Pc-ul cu Malwarebytes Anti-Malware. Stergeti la final toate infectiile gasite, apasand “Remove selected”.