Devirusare System Defragmenter – Program Fals pentru Defragmentare

In cadrul programelor rogue, nu exista doar antivirusi sau antispyware falsi. Recent si-a facut aparitia un program de defragmentare fals, denumit System Defragmenter.
Acesta pretinde ca verifica si remediaza erorile sistemului de operare.

La incercarea de a rula orice executabil, veti primi eroarea:

System Error!
Exe file is corrupted and can’t be run. Hard drive scan required.

Scan Hard Drive

systemdefragmenter devirusare

Dupa incercari repetate de a rula un program, acesta va fi lansat. System Defragmenter va afisa diverse mesaje:

Read time of hard drive clusters less than 500 ms
32% of HDD space is unreadable
Hard drive does not respond to system commands
GPU RAM temperature is critically high. Urgent RAM memory optimization is required to prevent system crash
Bad sectors on hard drive or damaged file allocation table
Ram Temperature is 83 C. Optimization is required for normal operation.
Data Safety Problem. System integrity is at risk.
Drive C initializing error
Requested registry access is not allowed. Registry defragmentation required
Registry Error – Critical Error


Programul creeaza urmatoarele fisiere\foldere:

  • %Temp%\<random>
  • %Temp%\<random>.exe
  • %Temp%\exe.exe
  • %Temp%\exe.log
  • %Temp%\maindll.dll
  • %UserProfile%\Desktop\System Defragmenter.lnk
  • %UserProfile%\Start Menu\Programs\System Defragmenter
  • %UserProfile%\Start Menu\Programs\System Defragmenter\System Defragmenter.lnk

Ii sunt asociate cheile registry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “<random>”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “exe.exe”

In log-ul HijackThis apar urmatoarele intrari:

O4 – HKCU\..\Run: [exe.exe] %Temp%\exe.exe
O4 – HKCU\..\Run: [<random>] %Temp%\<random>.exe

DEVIRUSARE:

1. Descarcati si rulati rkill.com. Acest lucru este ncesar pentru a opri procesul activ folosit de virus. Veti primi probabil o atentionare ca rkill.com este infectat. Ignorati-l, este doar o alarma falsa generata de System Tool.


2. Descarcati si instalati Malwarebytes Anti-Malware. Scanati PC-ul complet si stergeti la final infectiile gasite apasandRemove selected.

Daca ai reusit sa cureti aceasta infectie, iti recomand sa cumperi versiunea PRO a Malwarebytes Anti-Malwarepentru a te proteja si pe viitor de astfel de amenintari, avand in vedere ca nu au fost detectate\eliminate de antivirusul tau actual.

Administrator FaraVirusi.com
voluntar al Comodo Malware Research Team, expert Malwarebytes Anti-Malware

2 responses to “Devirusare System Defragmenter – Program Fals pentru Defragmentare”

  1. Cristi

    Multumesc mult e un articol foarte bun.
    Radu verifica-ti mail-ul te rog.

  2. happyday

    vaz ca astia evolueaza. pe cand un sistem de operare rogue? 😀

Leave a Reply