Online-antivir-scan09.com (Personal Antivirus) – Cum scap de el ?

V-am prezentat pana acum diferite programe rogue si metoda de a scapa de ele.
De data asta va voi aduce la cunostinta alta metoda de a pacali utilizatorul.
Online-antivir-scan09.com este un asa-zis sis a scanner antivirus online ce distribuie anti-spyware-ul fals Personal Antivirus. La accesarea site-ului o multitudine de ferestre pop-up vor apare. Daca veti da click pe vreuna din ele browser-ul va fi automat redirectionat spre un site ce contine Online-antivir-scan09.com URL in bara de adrese.

Acest program pretinde scanarea integrala a Pc-ului si afiseaza diversi virusi detectati, solicitand achizitionarea soft-ului pentru remedierea problemelor.
Ca si celelalte programe de acest fel utilizeaza icon-uri, denumiri si ferestre foarte asemanatoare cu ale altor programe antivirus consacrate sau chiar mimeaza Windows Explorer.

Pentru eliminarea acestui virus urmati instructiunile de mai jos:

personal antivirus

Acest program rogue creeaza o multime de fisiere\foldere dupa cum urmeaza:

  • %Documents and Settings%\All Users\Desktop\Personal Antivirus.lnk
  • %Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus
  • %Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus Home Page.lnk
  • %Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus.lnk
  • %Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus\Purchase License.lnk
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Personal Antivirus.lnk
  • %UserProfile%\Application Data\Personal Antivirus
  • %UserProfile%\Application Data\Personal Antivirus\settings.ini
  • %UserProfile%\Application Data\Personal Antivirus\uill.ini
  • %UserProfile%\Application Data\Personal Antivirus\unins000.exe
  • %UserProfile%\Application Data\Personal Antivirus\Uninstall Personal Antivirus.lnk
  • %UserProfile%\Application Data\Personal Antivirus\db
  • %UserProfile%\Application Data\Personal Antivirus\db\config.cfg
  • %UserProfile%\Application Data\Personal Antivirus\db\Timeout.inf
  • %UserProfile%\Application Data\Personal Antivirus\db\Urls.inf
  • %UserProfile%\Local Settings\Application Data\Microsoft\Windows\log.txt
  • %UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
  • %UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
  • %Program Files%\Personal Antivirus
  • %Program Files%\Personal Antivirus\activate.ico
  • %Program Files%\Personal Antivirus\Explorer.ico
  • %Program Files%\Personal Antivirus\PerAvir.exe
  • %Program Files%\Personal Antivirus\unins000.dat
  • %Program Files%\Personal Antivirus\uninstall.ico
  • %Program Files%\Personal Antivirus\working.log
  • %Program Files%\Personal Antivirus\db
  • %Program Files%\Personal Antivirus\db\DBInfo.ver
  • %Program Files%\Personal Antivirus\db\ia080614.db
  • %Program Files%\Personal Antivirus\db\ia080618x.db
  • %Program Files%\Personal Antivirus\Languages
  • %Program Files%\Personal Antivirus\Languages\IAEs.lng
  • %Program Files%\Personal Antivirus\Languages\IAFr.lng
  • %Program Files%\Personal Antivirus\Languages\IAGer.lng
  • %Program Files%\Personal Antivirus\Languages\IAIt.lng
  • %WINDOWS%\system32\log.txt
  • %UserProfile%\Application Data\Microsoft\Windows\winlogon.exe
  • %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png
  • %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png
  • %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png
  • %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe
  • %UserProfile%\Local Settings\Application Data\Microsoft\Windows\log.txt
  • %UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
  • %UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe



In plus sunt create cheile registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Personal Antivirus_is1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ITGRDENGINE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ITGrdEngine
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “PrS”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Personal Antivirus”

Intrarile ce pot apare in log-ul HijackThis:

O4 – HKCU\..\Run: [Personal Antivirus] “C:\Program Files\Personal Antivirus\PerAvir.exe” /s
O4 – HKCU\..\Run: [Microsoft Windows logon process] C:\Documents and Settings\Bleeping\Application Data\Microsoft\Windows\winlogon.exe
O4 – HKCU\..\Policies\Explorer\Run: [iv] “C:\Documents and Settings\Bleeping\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe”
O23 – Service: Guard Service (ITGrdEngine) – Unknown owner – %UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe

DEVIRUSARE: Descarcati, instalati si scanati Pc-ul cu Malwarebytes Anti-Malware. Stergeti la final toate infectiile gasite, apasand “Remove selected”.

Daca ai reusit sa cureti aceasta infectie, iti recomand sa cumperi versiunea PRO a Malwarebytes Anti-Malware pentru a te proteja si pe viitor de astfel de amenintari, avand in vedere ca nu au fost detectate\eliminate de antivirusul tau actual.

Administrator FaraVirusi.com
voluntar al Comodo Malware Research Team, expert Malwarebytes Anti-Malware

One response to “Online-antivir-scan09.com (Personal Antivirus) – Cum scap de el ?”

  1. Devirusare

    Bine ca a reactionat rapid host-ul si le-a inchis alora barlogul de rogue.

Leave a Reply