SafetyKeeper – Instructiuni pentru Devirusare

SafetyKeeper este clasificat ca un program anti-spyware deoarece utilizeaza Troieni pentru a afisa alerte false, creeaza fisiere corupte pe care apoi le detecteaza in mod eronat ca infectate. Alertele de securitate poarta denumirea de Security Center Alerts sau Infiltration Alerts si pretind ca acel computer este sub un atac al virusilor, iar singura solutie ar fi achizitionarea programului.
Virusul va afisa de asemenea o fereastra ce va pretinde ca este alerta legitima a Windows Microsoft Security Center. Diferenta dintre cele doua este ca cea falsa promoveaza SafetyKeeper si sugereaza cumpararea lui.

Scapati imediat de acest antivirus fals urmand instructiunile de mai jos:

safetykeeper

Programul creeaza urmatoarele fisiere\foldere:

  • %Program Files%\SafetyKeeper Software
  • %Program Files%\SafetyKeeper Software\SafetyKeeper
  • %Program Files%\SafetyKeeper Software\SafetyKeeper\license.txt
  • %Program Files%\SafetyKeeper Software\SafetyKeeper\safetykeeper.exe
  • %Program Files%\SafetyKeeper Software\SafetyKeeper\uninstall.exe
  • %WINDOWS%\102z6w59m3c4.cpl
  • %WINDOWS%\1044zhackt9ol5b2.dll
  • %WINDOWS%\10683v9rzs656.cpl
  • %WINDOWS%\10915hief309z.cpl
  • %Documents and Settings%\All Users\Desktop\SafetyKeeper.lnk
  • %Documents and Settings%\All Users\Start Menu\Programs\SafetyKeeper
  • %Documents and Settings%\All Users\Start Menu\Programs\SafetyKeeper\1 SafetyKeeper.lnk
  • %Documents and Settings%\All Users\Start Menu\Programs\SafetyKeeper\2 SafetyKeeper.lnk
  • %Documents and Settings%\All Users\Start Menu\Programs\SafetyKeeper\3 Uninstall.lnk



Sunt create si utilizate de catre virus si cheile registry:

  • HKEY_CURRENT_USER\Software\SafetyKeeper
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SafetyKeeper
  • HKEY_LOCAL_MACHINE\SOFTWARE\SafetyKeeper
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SAFETYKEEPERSVC
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SafetyKeeperSvc
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “ha8tozmj.exe”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “SafetyKeeper”

In plus log-ul HijackThis va afisa urmatoarele intrari (denumirea gbn976rl.exe este diferita pe fiecare PC infectat):

O4 – HKCU\..\Run: [gbn976rl.exe] C:\WINDOWS\system32\gbn976rl.exe
O4 – HKCU\..\Run: [SafetyKeeper] C:\Program Files\SafetyKeeper Software\SafetyKeeper\SafetyKeeper.exe -min
O23 – Service: SafetyKeeper Security Service (SafetyKeeperSvc) – Unknown owner – C:\Program Files\SafetyKeeper Software\SafetyKeeper\SafetyKeeperSvc.exe (file missing)

DEVIRUSARE: Descarcati, instalati si scanati Pc-ul cu Malwarebytes Anti-Malware. Stergeti la final toate infectiile gasite, apasand “Remove selected”.

Daca ai reusit sa cureti aceasta infectie, iti recomand sa cumperi versiunea PRO a Malwarebytes Anti-Malware pentru a te proteja si pe viitor de astfel de amenintari, avand in vedere ca nu au fost detectate\eliminate de antivirusul tau actual.

Administrator FaraVirusi.com
voluntar al Comodo Malware Research Team, expert Malwarebytes Anti-Malware

One response to “SafetyKeeper – Instructiuni pentru Devirusare”

  1. TrustWarrior – Noua amenintare Rogue (Ghid pentru Devirusare)

    […] noutatile de pe aceasta pagina.Trust Warrior este un nou rogue din familia Winisoft (SoftSafeness, SafetyKeeper, SaveKeeper, Quick Heal Cleaner, System Cop, SaveDefense, Trust Ninja, SaveSoldier, SaveKeep, […]

Leave a Reply