Browse: Home / , , / Online-antivir-scan09.com (Personal Antivirus) – Cum scap de el ?

Online-antivir-scan09.com (Personal Antivirus) – Cum scap de el ?

By Radu FaraVirusi(com) on September 20, 2009

V-am prezentat pana acum diferite programe rogue si metoda de a scapa de ele.
De data asta va voi aduce la cunostinta alta metoda de a pacali utilizatorul.
Online-antivir-scan09.com este un asa-zis sis a scanner antivirus online ce distribuie anti-spyware-ul fals Personal Antivirus. La accesarea site-ului o multitudine de ferestre pop-up vor apare. Daca veti da click pe vreuna din ele browser-ul va fi automat redirectionat spre un site ce contine Online-antivir-scan09.com URL in bara de adrese.

Acest program pretinde scanarea integrala a Pc-ului si afiseaza diversi virusi detectati, solicitand achizitionarea soft-ului pentru remedierea problemelor.
Ca si celelalte programe de acest fel utilizeaza icon-uri, denumiri si ferestre foarte asemanatoare cu ale altor programe antivirus consacrate sau chiar mimeaza Windows Explorer.

Pentru eliminarea acestui virus urmati instructiunile de mai jos:

personal antivirus

Acest program rogue creeaza o multime de fisiere\foldere dupa cum urmeaza:

  • %Documents and Settings%\All Users\Desktop\Personal Antivirus.lnk
  • %Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus
  • %Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus Home Page.lnk
  • %Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus.lnk
  • %Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus\Purchase License.lnk
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Personal Antivirus.lnk
  • %UserProfile%\Application Data\Personal Antivirus
  • %UserProfile%\Application Data\Personal Antivirus\settings.ini
  • %UserProfile%\Application Data\Personal Antivirus\uill.ini
  • %UserProfile%\Application Data\Personal Antivirus\unins000.exe
  • %UserProfile%\Application Data\Personal Antivirus\Uninstall Personal Antivirus.lnk
  • %UserProfile%\Application Data\Personal Antivirus\db
  • %UserProfile%\Application Data\Personal Antivirus\db\config.cfg
  • %UserProfile%\Application Data\Personal Antivirus\db\Timeout.inf
  • %UserProfile%\Application Data\Personal Antivirus\db\Urls.inf
  • %UserProfile%\Local Settings\Application Data\Microsoft\Windows\log.txt
  • %UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
  • %UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
  • %Program Files%\Personal Antivirus
  • %Program Files%\Personal Antivirus\activate.ico
  • %Program Files%\Personal Antivirus\Explorer.ico
  • %Program Files%\Personal Antivirus\PerAvir.exe
  • %Program Files%\Personal Antivirus\unins000.dat
  • %Program Files%\Personal Antivirus\uninstall.ico
  • %Program Files%\Personal Antivirus\working.log
  • %Program Files%\Personal Antivirus\db
  • %Program Files%\Personal Antivirus\db\DBInfo.ver
  • %Program Files%\Personal Antivirus\db\ia080614.db
  • %Program Files%\Personal Antivirus\db\ia080618x.db
  • %Program Files%\Personal Antivirus\Languages
  • %Program Files%\Personal Antivirus\Languages\IAEs.lng
  • %Program Files%\Personal Antivirus\Languages\IAFr.lng
  • %Program Files%\Personal Antivirus\Languages\IAGer.lng
  • %Program Files%\Personal Antivirus\Languages\IAIt.lng
  • %WINDOWS%\system32\log.txt
  • %UserProfile%\Application Data\Microsoft\Windows\winlogon.exe
  • %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png
  • %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png
  • %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png
  • %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe
  • %UserProfile%\Local Settings\Application Data\Microsoft\Windows\log.txt
  • %UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
  • %UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe



In plus sunt create cheile registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Personal Antivirus_is1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ITGRDENGINE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ITGrdEngine
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “PrS”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Personal Antivirus”

Intrarile ce pot apare in log-ul HijackThis:

O4 – HKCU\..\Run: [Personal Antivirus] “C:\Program Files\Personal Antivirus\PerAvir.exe” /s
O4 – HKCU\..\Run: [Microsoft Windows logon process] C:\Documents and Settings\Bleeping\Application Data\Microsoft\Windows\winlogon.exe
O4 – HKCU\..\Policies\Explorer\Run: [iv] “C:\Documents and Settings\Bleeping\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe”
O23 – Service: Guard Service (ITGrdEngine) – Unknown owner – %UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe

DEVIRUSARE: Descarcati, instalati si scanati Pc-ul cu Malwarebytes Anti-Malware. Stergeti la final toate infectiile gasite, apasand “Remove selected”.

Daca ai reusit sa cureti aceasta infectie, iti recomand sa cumperi versiunea PRO a Malwarebytes Anti-Malware pentru a te proteja si pe viitor de astfel de amenintari, avand in vedere ca nu au fost detectate\eliminate de antivirusul tau actual.

Posted in , , | 1 Response

Administrator FaraVirusi.com, voluntar al Comodo Malware Research Team

One response to “Online-antivir-scan09.com (Personal Antivirus) – Cum scap de el ?”

  1. Devirusare
    Devirusare
    September 20, 2009 at 1:49 PM | | Reply

    Bine ca a reactionat rapid host-ul si le-a inchis alora barlogul de rogue.

Leave a Reply