Dezinstalare PC Live Guard – Ghid pentru Devirusare Completa

PC Live Guard este un program anti-spyware de tip rogue. Este promovat prin intermediul unor Troieni care pretind sa fie codec-uri video sau actualizari flash absolut necesare pentru a urmari continutul online.
Programul va afisa numeroase alerte false si va efectua scanari ale PC-ului detectand in mod eronat sute de infectii.

Toate acestea au scopul de a induce in eroare utilizatorul, cu scopul de a achizitiona acest program. Fisierele detectate sunt fie inexistente, fie curate, iar alertele nu trebuie luate in considerare.

Iata unele din alerte:

System alert!
malicious applications, which may contains Trojans, were found
on your computer and are to be removed immediately. Click
here to remove these potentially harmful items using PC Live
Guard.

System alert
Click here to remove potentially harmful programs found
immediately using PC Live Guard.

Warning
Warning! Virus detected
Threat detected: Trojan-Spy.HTML.Paypal.hn

Pentru a scapa de acest nepoftit cititi detaliile de mai jos:

Programul creeaza urmatoarele fisiere\foldere:

  • c:\Documents and Settings\All Users\Application Data\117fc\
  • c:\Documents and Settings\All Users\Application Data\117fc\PC339.exe
  • c:\Documents and Settings\All Users\Application Data\117fc\PCLG.ico
  • c:\Documents and Settings\All Users\Application Data\117fc\573.mof
  • c:\Documents and Settings\All Users\Application Data\117fc\mozcrt19.dll
  • c:\Documents and Settings\All Users\Application Data\117fc\sqlite3.dll
  • c:\Documents and Settings\All Users\Application Data\117fc\PCLGSys
  • c:\Documents and Settings\All Users\Application Data\117fc\PCLGSys\vd952342.bd
  • c:\Documents and Settings\All Users\Application Data\117fc\BackUp\
  • c:\Documents and Settings\All Users\Application Data\117fc\Quarantine Items\
  • c:\Documents and Settings\All Users\Application Data\PCYZDUHBELG
  • c:\Documents and Settings\All Users\Application Data\PCYZDUHBELG\PCAWWLG.cfg
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Live Guard.lnk
  • %UserProfile%\Application Data\PC Live Guard
  • %UserProfile%\Application Data\PC Live Guard\cookies.sqlite
  • %UserProfile%\Desktop\PC Live Guard.lnk
  • %UserProfile%\Recent\gid.tmp
  • %UserProfile%\Recent\SICKBOY.tmp
  • %UserProfile%\Recent\sld.drv
  • %UserProfile%\Start Menu\PC Live Guard.lnk
  • %UserProfile%\Start Menu\Programs\PC Live Guard.lnk
  • c:\Program Files\Mozilla Firefox\searchplugins\search.xml



Ii sunt asociate cheile registry:

HKEY_CURRENT_USER\Software\3
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\xp_edb11.DocHostUIHandler
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://search-gala.com/?&uid=7&q={searchTerms}”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “IIL”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “[xSP_2:117fc3395e69e29f71abba93a68c4181_7]”
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://search-gala.com/?&uid=7&q={searchTerms}”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “PC Live Guard”

In log-ul HijackThis apar urmatoarele intrari:

O4 – HKLM\..\Run: [PC Live Guard] “C:\Documents and Settings\All Users\Application Data\117fc\PC339.exe” /s /d


DEVIRUSARE:

1. Descarcati si instalati Malwarebytes Anti-Malware. Scanati PC-ul complet si stergeti la final infectiile gasite apasand Remove selected.

Daca ai reusit sa cureti aceasta infectie, iti recomand sa cumperi versiunea PRO a Malwarebytes Anti-Malware pentru a te proteja si pe viitor de astfel de amenintari, avand in vedere ca nu au fost detectate\eliminate de antivirusul tau actual.

Administrator FaraVirusi.com
voluntar al Comodo Malware Research Team, expert Malwarebytes Anti-Malware

Leave a Reply