Microsoft Security Essentials 2011 – Program Rogue (Ghid pentru Devirusare)

Microsoft Security Essentials 2011 nu este noua versiune a programului gratuit de la Microsoft, ci este un program antivirus fals (rogue). Este promovat prin intermediul unor Troieni care pretind sa fie codec-uri video sau actualizari flash absolut necesare pentru a urmari continutul online.
Programul va afisa numeroase alerte false si va efectua scanari ale PC-ului detectand in mod eronat sute de infectii.

Toate acestea au scopul de a induce in eroare utilizatorul, cu scopul de a achizitiona acest program. Fisierele detectate sunt fie inexistente, fie curate, iar alertele nu trebuie luate in considerare.

Pentru a scapa de acest nepoftit cititi detaliile de mai jos:

Microsoft Security Essentials 2011

Programul afiseaza urmatoarele mesaje:

System warning!
Continue working in unprotected mode is very dangerous. Viruses can damage your confidential data and work on your computer. Click here to protect your computer.

Critical Warning!
Critical System Warning! Your system is probably infected with a version of Trojan-Spy.HTML.Visafraud.a. This may result in website access passwords being stolen from Interner Explorer, Mozilla Firefox, Outlook etc. Click Yes to scan and remove threats. (recommended)



Programul creeaza urmatoarele fisiere\foldere:

  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Essentials 2011.lnk
  • %UserProfile%\Application Data\Security Essentials 2011\
  • %UserProfile%\Application Data\Security Essentials 2011\SE2010.exe
  • %UserProfile%\Application Data\Security Essentials 2011\sejgdls\
  • %UserProfile%\Application Data\Security Essentials 2011\sejgdls\semblgbls.cfg
  • %UserProfile%\Desktop\Security Essentials 2011.lnk
  • %UserProfile%\Start Menu\Security Essentials 2011.lnk
  • c:\Program Files\Securityessentials2010



Ii sunt asociate cheile registry:

HKEY_CURRENT_USER\Software\SE2010
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\SE2010.DocHostUIHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “updatesst”
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = “%UserProfile%\Application Data\Security Essentials 2011\SE2010.exe” /hide”

In log-ul HijackThis apare urmatoarea intrare:

O4 – HKCU\..\Run: [updatesst] “%UserProfile%\Application Data\Security Essentials 2011\SE2010.exe”

DEVIRUSARE:

1. Descarcati si rulati rkill.com. Acest lucru este ncesar pentru a opri procesul activ folosit de virus. Veti primi probabil o atentionare ca rkill.com este infectat. Ignorati-l, este doar o alarma falsa generata de Microsoft Security Essentials 2011.

2. Descarcati si instalati Malwarebytes Anti-Malware. Scanati PC-ul complet si stergeti la final infectiile gasite apasandRemove selected.

Daca ai reusit sa cureti aceasta infectie, iti recomand sa cumperi versiunea PRO a Malwarebytes Anti-Malwarepentru a te proteja si pe viitor de astfel de amenintari, avand in vedere ca nu au fost detectate\eliminate de antivirusul tau actual.

Administrator FaraVirusi.com
voluntar al Comodo Malware Research Team, expert Malwarebytes Anti-Malware

2 responses to “Microsoft Security Essentials 2011 – Program Rogue (Ghid pentru Devirusare)”

  1. Alin

    Eu nu vad ca apare Microsoft in numele programului rogue.

  2. Ovidiu

    pwned

Leave a Reply