Cutremurul din Haiti produce noi victime – Dezinstalare Live PC Care

Cutremurul din Haiti a adus trafic nesperat pe multe site-uri si tragedia care a lovit arhipelagul american a indoliat multe familii.

Din pacate, “baietii rai” nu au scrupule si rezultatele Google sunt “otravite” cu multe site-uri false ce redirectioneaza spre produse antivirus de tip rogue.
Cel mai promovat este Live PC Care a carui descriere si devirusare o voi prezenta mai jos:

Live PC Care este un program anti-spyware de tip rogue. Este promovat prin intermediul unor Troieni care pretind sa fie codec-uri video sau actualizari flash absolut necesare pentru a urmari continutul online.
Programul va afisa numeroase alerte false si va efectua scanari ale PC-ului detectand in mod eronat sute de infectii, fisierele respective fiind create chiar de Live PC Care.

Toate acestea au scopul de a induce in eroare utilizatorul, cu scopul de a achizitiona acest program. Fisierele detectate sunt fie inexistente, fie curate, iar alertele nu trebuie luate in considerare.

Pentru a scapa de acest nepoftit cititi detaliile de mai jos:

Programul creeaza urmatoarele fisiere\foldere:

  • c:\Documents and Settings\All Users\Application Data\117fc
  • c:\Documents and Settings\All Users\Application Data\117fc\LP339.exe
  • c:\Documents and Settings\All Users\Application Data\117fc\LPCG.ico
  • c:\Documents and Settings\All Users\Application Data\117fc\8233.mof
  • c:\Documents and Settings\All Users\Application Data\117fc\mozcrt19.dll
  • c:\Documents and Settings\All Users\Application Data\117fc\sqlite3.dll
  • c:\Documents and Settings\All Users\Application Data\117fc\LPCGSys\vd952342.bd
  • c:\Documents and Settings\All Users\Application Data\LPCGSys
  • c:\Documents and Settings\All Users\Application Data\LPCGSys\lpcg.cfg
  • %UserProfile%\Application Data\Live PC Care
  • %UserProfile%\Application Data\Live PC Care\cookies.sqlite
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Live PC Care.lnk
  • %UserProfile%\Desktop\Live PC Care.lnk
  • %UserProfile%\Recent\cb.drv
  • %UserProfile%\Recent\CLSV.sys
  • %UserProfile%\Recent\DBOLE.exe
  • %UserProfile%\Recent\DBOLE.sys
  • %UserProfile%\Recent\exec.dll
  • %UserProfile%\Recent\fan.exe
  • %UserProfile%\Recent\FW.dll
  • %UserProfile%\Recent\hymt.drv
  • %UserProfile%\Recent\kernel32.drv
  • %UserProfile%\Recent\PE.tmp
  • %UserProfile%\Recent\ppal.dll
  • %UserProfile%\Recent\ppal.sys
  • %UserProfile%\Recent\runddl.dll
  • %UserProfile%\Recent\SM.dll
  • %UserProfile%\Start Menu\Live PC Care.lnk
  • %UserProfile%\Start Menu\Programs\Live PC Care.lnk
  • c:\Program Files\Mozilla Firefox\searchplugins\search.xml


Ii sunt asociate cheile registry:

HKEY_CURRENT_USER\Software\3
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\xp_5ea56.DocHostUIHandler
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://search-gala.com/?&uid=7&q={searchTerms}”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “[xSP_2:117fc3395e69e29f71abba93a68c4181_7]”
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://search-gala.com/?&uid=7&q={searchTerms}”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Live PC Care”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = “no”

In log-ul HijackThis apar urmatoarele intrari:

O4 – HKLM\..\Run: [Live PC Care] “C:\Documents and Settings\All Users\Application Data\117fc\LP339.exe” /s /d


DEVIRUSARE:

1. Descarcati si instalati Malwarebytes Anti-Malware. Scanati PC-ul complet si stergeti la final infectiile gasite apasand Remove selected.

Administrator FaraVirusi.com
voluntar al Comodo Malware Research Team, expert Malwarebytes Anti-Malware

3 responses to “Cutremurul din Haiti produce noi victime – Dezinstalare Live PC Care”

  1. Catalin Stanoiu

    Eu sincer sa fiu am o alta versiune vis-a-vis de ce s-a intamplat in Haiti, am scris si la mine pe site. Oricum, pacat de victime. Uneori rasa umana poate fi extrem de josnica…

  2. marius

    am luat si eu de doua zile prostia aia de live pc care…sper ca programul ala de care zici tu sa ma rezolve….

Leave a Reply