Dezinstaleaza User Protection – Ghid pentru Devirusare Completa

User Protection este un program anti-spyware de tip rogue. Este promovat prin intermediul unor Troieni care pretind sa fie codec-uri video sau actualizari flash absolut necesare pentru a urmari continutul online.
Programul va afisa numeroase alerte false si va efectua scanari ale PC-ului detectand in mod eronat sute de infectii.
De asemenea va incerca sa dezinstaleze programul antivirus instalat in acel sistem.

Toate acestea au scopul de a induce in eroare utilizatorul, cu scopul de a achizitiona acest program. Fisierele detectate sunt fie inexistente, fie curate, iar alertele nu trebuie luate in considerare.

User Protection


Programul afiseaza si urmatoarele alerte:

Antivirus Alert – Critical threat detected
Warning: Network attack detected
Network attack has been detected. Process is attempting to access your private data.

Your computer is being attacked from a remote PC.
Process is trying to steal your passwords listed below. It is highly recommended to block this threat now.

User’s activity loggers detected!
It’s strongly recommended to remove detected threats right now!

Zlob.Porn.Ad adware has been detected. This adware module advertises websites with explicit content. Be advised of such content being possibly illegal. Please click the button below to locate and remove this threat now.

Most of the viruses and worms on your PC because of visiting pornosites or warez/torrent sites.

ANTIVIRUS IS RUN IN DEMO MODE. ACTIVATE YOUR ANTIVIRUS OTHERWISE ALL THE DATA WILL BE LOST OR DAMAGED!

Pentru a scapa de acest nepoftit cititi detaliile de mai jos:

Programul creeaza urmatoarele fisiere\foldere:

  • c:\Documents and Settings\All Users\Application Data\fiosejgfse.dll
  • c:\Program Files\User Protection
  • c:\Program Files\User Protection\about.ico
  • c:\Program Files\User Protection\activate.ico
  • c:\Program Files\User Protection\buy.ico
  • c:\Program Files\User Protection\help.ico
  • c:\Program Files\User Protection\scan.ico
  • c:\Program Files\User Protection\settings.ico
  • c:\Program Files\User Protection\splash.mp3
  • c:\Program Files\User Protection\uninstall.exe
  • c:\Program Files\User Protection\update.ico
  • c:\Program Files\User Protection\usr.db
  • c:\Program Files\User Protection\usrext.dll
  • c:\Program Files\User Protection\usrhook.dll
  • c:\Program Files\User Protection\usrprot.exe
  • c:\Program Files\User Protection\virus.mp3
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\User Protection.lnk
  • %UserProfile%\Desktop\User Protection Support.lnk
  • %UserProfile%\Desktop\User Protection.lnk
  • %UserProfile%\Desktop\usrprot.exe.txt
  • %UserProfile%\Local Settings\Temp\4otjesjty.mof
  • %UserProfile%\Local Settings\Temp\usr.dat
  • %UserProfile%\Local Settings\Temp\usrr.dat
  • %UserProfile%\Start Menu\Programs\User Protection
  • %UserProfile%\Start Menu\Programs\User Protection\About.lnk
  • %UserProfile%\Start Menu\Programs\User Protection\Activate.lnk
  • %UserProfile%\Start Menu\Programs\User Protection\Buy.lnk
  • %UserProfile%\Start Menu\Programs\User Protection\Scan.lnk
  • %UserProfile%\Start Menu\Programs\User Protection\Settings.lnk
  • %UserProfile%\Start Menu\Programs\User Protection\Update.lnk
  • %UserProfile%\Start Menu\Programs\User Protection\User Protection Support.lnk
  • %UserProfile%\Start Menu\Programs\User Protection\User Protection.lnk



Ii sunt asociate cheile registry:

HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\User Protection
HKEY_LOCAL_MACHINE\SOFTWARE\User Protection
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “User Protection”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved “{5E2121EE-0300-11D4-8D3B-444553540000}”

In log-ul HijackThis apar urmatoarele intrari:

O4 – HKCU\..\Run: [User Protection] “C:\Program Files\User Protection\usrprot.exe” -noscan

DEVIRUSARE:

1.Descarcati si rulati rkill.com. Acest lucru este ncesar pentru a opri procesul activ folosit de virus. Veti primi probabil o atentionare ca rkill.com este infectat. Ignorati-l, este doar o alarma falsa generata de Paladin Antivirus.
Rulati rkill.com din nou, pana cand virusul nu mai este activ.

2. Descarcati Malwarebytes Anti-Malware. Redenumiti-l in Explorer.exe. Apoi rulati-l, dar nu modificati nici o setare in timpul procesului de instalare, iar la final nu restartati PC-ul daca vi se va solicita acest lucru.

3. Virusul va incerca sa modifice executabilul principal MBAM, de aceea veti primi la final o eroare (CreateProcess failes; code: 2 – Unable to execute C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe)
Apasati butonul OK.


4. Descarcati executabilul Malwarebytes Anti-Malware de la urmatoarea locatie.
Se va genera un fisier de tip .exe, cu denumiri diferite.
Salvati-l in folder-ul C:\program files\Malwarebytes’ Anti-Malware\
Retineti denumirea fisierului.

5. Rulati fisierul descarcat in folder-ul: C:\program files\Malwarebytes’ Anti-Malware\ Malwarebytes’ Anti-Malware va porni. Scanati PC-ul complet si stergeti la final infectiile gasite apasand Remove selected.

Daca ai reusit sa cureti aceasta infectie, iti recomand sa cumperi versiunea PRO a Malwarebytes Anti-Malware pentru a te proteja si pe viitor de astfel de amenintari, avand in vedere ca nu au fost detectate\eliminate de antivirusul tau actual.

Administrator FaraVirusi.com
voluntar al Comodo Malware Research Team, expert Malwarebytes Anti-Malware

2 responses to “Dezinstaleaza User Protection – Ghid pentru Devirusare Completa”

  1. Tweets that mention FaraVirusi.com » Dezinstaleaza User Protection – Ghid pentru Devirusare Completa -- Topsy.com

    […] This post was mentioned on Twitter by YO9FAH-George, C R. C R said: Dezinstaleaza User Protection – Ghid pentru Devirusare Completa: User Protection este un program anti-spyware de t… http://bit.ly/atFC8W […]

  2. valyxxu

    sunteti superi tari sa traiti

Leave a Reply