Dezinstaleaza My Security Shield – Ghid pentru Devirusare Completa

My Security Shield este un program anti-spyware de tip rogue.
Acest program fals este promovat prin intermediul scannerelor antivirus online (false de asemenea) care pretind ca PC-ul este infectat si ofera ca solutie pentru devirusare acest produs.

Odata instalat va crea o sumedenie de fisiere, ce vor fi apoi detectate ca infectate:
%UserProfile%\Recent\cid.drv
%UserProfile%\Recent\CLSV.tmp
%UserProfile%\Recent\DBOLE.exe
%UserProfile%\Recent\delfile.sys
%UserProfile%\Recent\fan.dll
%UserProfile%\Recent\grid.sys
%UserProfile%\Recent\kernel32.exe
%UserProfile%\Recent\kernel32.sys
%UserProfile%\Recent\PE.dll
%UserProfile%\Recent\PE.tmp
%UserProfile%\Recent\runddlkey.drv
%UserProfile%\Recent\SICKBOY.drv
%UserProfile%\Recent\std.dll
%UserProfile%\Recent\tempdoc.tmp
%UserProfile%\Recent\tjd.sys

Toate acestea au scopul de a induce in eroare utilizatorul, cu scopul de a achizitiona acest program. Fisierele detectate sunt curate, sau nefunctionale, iar alertele nu trebuie luate in considerare. NU achizitionati acest produs, iar daca ati fost infectati, urmati ghidul de mai jos:

My Security Shield

Programul creeaza urmatoarele fisiere\foldere:

  • c:\Documents and Settings\All Users\Application Data\345d567\
  • c:\Documents and Settings\All Users\Application Data\345d567\4475.mof
  • c:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
  • c:\Documents and Settings\All Users\Application Data\345d567\MS345d_2129.exe
  • c:\Documents and Settings\All Users\Application Data\345d567\MSS.ico
  • c:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll
  • c:\Documents and Settings\All Users\Application Data\345d567\BackUp\
  • c:\Documents and Settings\All Users\Application Data\345d567\MSSSys\
  • c:\Documents and Settings\All Users\Application Data\345d567\MSSSys\vd952342.bd
  • c:\Documents and Settings\All Users\Application Data\345d567\Quarantine Item\
  • c:\Documents and Settings\All Users\Application Data\MSHBXRCOBWS\
  • c:\Documents and Settings\All Users\Application Data\MSHBXRCOBWS\MSJYQMS.cfg
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\My Security Shield.lnk
  • %UserProfile%\Application Data\My Security Shield\
  • %UserProfile%\Application Data\My Security Shield\cookies.sqlite
  • %UserProfile%\Application Data\My Security Shield\Instructions.ini
  • %UserProfile%\Desktop\My Security Shield.lnk
  • %UserProfile%\Recent\cid.drv
  • %UserProfile%\Recent\CLSV.tmp
  • %UserProfile%\Recent\DBOLE.exe
  • %UserProfile%\Recent\delfile.sys
  • %UserProfile%\Recent\fan.dll
  • %UserProfile%\Recent\grid.sys
  • %UserProfile%\Recent\kernel32.exe
  • %UserProfile%\Recent\kernel32.sys
  • %UserProfile%\Recent\PE.dll
  • %UserProfile%\Recent\PE.tmp
  • %UserProfile%\Recent\runddlkey.drv
  • %UserProfile%\Recent\SICKBOY.drv
  • %UserProfile%\Recent\std.dll
  • %UserProfile%\Recent\tempdoc.tmp
  • %UserProfile%\Recent\tjd.sys
  • %UserProfile%\Start Menu\My Security Shield.lnk
  • %UserProfile%\Start Menu\Programs\My Security Shield.lnk



Ii sunt asociate cheile registry:

HKEY_CURRENT_USER\Software\3
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\MS345d_2129.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=2129&q={searchTerms}”
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=2129&q={searchTerms}”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “PRS” = “http://127.0.0.1:27777/?inj=%ORIGINAL%”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “control/7.02129”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “My Security Shield”
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=2129&q={searchTerms}”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = “no”

In log-ul HijackThis apare urmatoarea intrare:

O4 – HKCU\..\Run: [My Security Shield] “C:\Documents and Settings\All Users\Application Data\345d567\MS345d_2129.exe” /s /d

DEVIRUSARE:

1.Descarcati si rulati rkill.com. Acest lucru este ncesar pentru a opri procesul activ folosit de virus. Veti primi probabil o atentionare ca rkill.com este infectat. Ignorati-l, este doar o alarma falsa generata de My Security Shield.
Rulati rkill.com din nou, pana cand virusul nu mai este activ. Alternativ puteti incerca eXplorer.exe sau iExplore.exe


2. Descarcati Malwarebytes Anti-Malware. Scanati PC-ul complet si stergeti la final infectiile gasite apasand Remove selected.

Daca ai reusit sa cureti aceasta infectie, iti recomand sa cumperi versiunea PRO a Malwarebytes Anti-Malware pentru a te proteja si pe viitor de astfel de amenintari, avand in vedere ca nu au fost detectate\eliminate de antivirusul tau actual.

Administrator FaraVirusi.com
voluntar al Comodo Malware Research Team, expert Malwarebytes Anti-Malware

3 responses to “Dezinstaleaza My Security Shield – Ghid pentru Devirusare Completa”

  1. Gigi

    Si lui Cristi i-am spus: MSS modifica ‘hosts’ astfel incat trebuie modificate permisiunile asupra fisierului. Deci devirusarea nu e chiar completa; youtube e printre saiturile blocate.

  2. Eze

    Salut, am aceeasi problema… cine ma poate ajuta va rog, dati-mi add, multumesc.

  3. x

    foarte tare 10 +

Leave a Reply