Eco AntiVirus 2010 – are grija de mediul inconjurator (Oare ?!)

Eco AntiVirus este un antivirus fals ce inlocuieste mai vechiul Green AV. Aplicatia raporteaza brese de securitate si virusi descoperiti in sistem, toate acestea fiind insa false. De asemenea foloseste si alte tactici, descrisa mai jos, cu scopul de a coninge utilizatorul sa cumpere aest produs.

Acest program foloseste o pretentie interesanta: este primul antivirus care are grija de mediul inconjurator. Drept pentru care 2$ din pretul sau vor fi donati pentru salvarea padurilor din Amazon. Nu-i asa ca suna induiasator?

Eco Antivirus 2010

Odata instalat va afisa cateva ferestre cu mesajele urmatoare:

Spyware activity alert!
Trojan.IEMonster activity detected. It is spyware that attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs, including logins and passwords from online banking sessions, eBay, PayPal.

Privacy Violation alert!
Eco AntiVirus detected a Privacy Violation. A program is secretly sending your private data to an untrusted internet host. click here to block this activity by removing the threat (Recommended).

Acest antivirus fals, va afisa o fereastra falsa de tip Windows Security Center, ce pretinde ca Eco AV nu este inregistrat si astfel PC-ul este neprotejat.

Security Center fals

Nu in ultimul rand va manipula Internet Explorer si va afisa alerte legate de amenintari tip phishing sau probleme de securitate.

alerte IE false

Programul creeaza urmatoarele fisiere\foldere:

  • c:\Documents and Settings\All Users\Application Data\eca
  • c:\Documents and Settings\All Users\Application Data\eca\Base.dat
  • c:\Documents and Settings\All Users\Application Data\eca\msdl.exe
  • c:\Documents and Settings\All Users\Application Data\eca\msll.exe
  • c:\Documents and Settings\All Users\Application Data\eca\vec.exe
  • c:\Documents and Settings\All Users\Application Data\Microsoft\Machine
  • c:\Documents and Settings\All Users\Application Data\Microsoft\Machine\WStech.dll
  • c:\Documents and Settings\All Users\Start Menu\Programs\ Eco AntiVirus
  • c:\Documents and Settings\All Users\Desktop\ Eco AntiVirus .lnk
  • %APPDATA%\mozilla\firefox\profiles\<profile-name>\gsl.dll



Ii sunt asociate cheile registry:

HKEY_CURRENT_USER\Software\ECO
HKEY_CLASSES_ROOT\AppID\{29256442-2C14-48CA-B756-3EE0F8BDC774}
HKEY_CLASSES_ROOT\AppID\WStech.DLL
HKEY_CLASSES_ROOT\CLSID\{A5DBD8CB-DF8A-4992-A655-B155216F6AFB}
HKEY_CLASSES_ROOT\Interface\{051C9A06-FB08-486F-B09B-8B33B261637D}
HKEY_CLASSES_ROOT\TypeLib\{512E801E-2F02-4ADE-ACAA-58F08A22B2F8}
HKEY_CLASSES_ROOT\WStech.WStechB
HKEY_CLASSES_ROOT\WStech.WStechB.1
HKEY_LOCAL_MACHINE\SOFTWARE\Eco
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5DBD8CB-DF8A-4992-A655-B155216F6AFB}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\S
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “mxcll”

In log-ul HijackThis apar urmatoarele intrari:

O2 – BHO: WStechB – {A5DBD8CB-DF8A-4992-A655-B155216F6AFB} – C:\Documents and Settings\All Users\Application Data\Microsoft\Machine\WStech.dll
O4 – HKLM\..\Run: [mxcll] C:\Documents and Settings\All Users\Application Data\eca\vec.exe

DEVIRUSARE: Descarcati, instalati si scanati Pc-ul cu Malwarebytes Anti-Malware. Stergeti la final toate infectiile gasite, apasand “Remove selected”.

Daca ai reusit sa cureti aceasta infectie, iti recomand sa cumperi versiunea PRO a Malwarebytes Anti-Malware pentru a te proteja si pe viitor de astfel de amenintari, avand in vedere ca nu au fost detectate\eliminate de antivirusul tau actual.

Administrator FaraVirusi.com
voluntar al Comodo Malware Research Team, expert Malwarebytes Anti-Malware

One response to “Eco AntiVirus 2010 – are grija de mediul inconjurator (Oare ?!)”

  1. Florin

    Hai ca asta chiar a fost tare. Au adaugat ceva in plus fata de “default”.

Leave a Reply