Dezinstalare Internet Security 2011 – Ghid pentru devirusare completa

Internet Security 2011 este un program antivirus fals (rogue). Este promovat prin intermediul unor Troieni care pretind sa fie codec-uri video sau actualizari flash absolut necesare pentru a urmari continutul online.
Programul va afisa numeroase alerte false si va efectua scanari ale PC-ului detectand in mod eronat sute de infectii.

Toate acestea au scopul de a induce in eroare utilizatorul, cu scopul de a achizitiona acest program. Fisierele detectate sunt fie inexistente, fie curate, iar alertele nu trebuie luate in considerare.
Programul rogue este dificil de indepartat deoarece vine la pachet cu un rootkit.

Pentru a scapa de acest nepoftit cititi detaliile de mai jos:

Microsoft Security Essentials 2011

Programul afiseaza urmatoarele mesaje la incercarea de a rula un program legitim din PC:

Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.

Daca vedeti acest mesaj puteti folosi urmatoarea comanda (command prompt) pentru a utiliza programul:
cacls */calea completa spre program/* /G Everyone:F


Programul mai afiseaza si urmatoarele mesaje:

Attention! Network attack detected!
Your computer is being attacked from remote host. Attack has been classified as Remote code execution attempt.

Attention! Threat detected!
NOTEPAD.EXE is infected with Trojan-BNK.Keylogger.gen
Private data can be stolen by third parties including card details and passwords.
It is strongly recommended to perform threat removal on your system.

Windows Security Alert
Your computer is making unauthorized copies of your system and Internet files.
You should immediately run full scanning of your system to prevent any unauthorized access to your data.
Click YES to run Antivirus scanner right now.

Programul creeaza urmatoarele fisiere\foldere:

  • c:\Documents and Settings\All Users\Application Data\.wtav
  • c:\WINDOWS\WinSxS\x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909\
  • c:\windows\WinSxS\x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909\shsvcs.dll
  • c:\WINDOWS\assembly\GAC\__AssemblyInfo__.ini
  • c:\WINDOWS\system32\exefile.exe
  • c:\WINDOWS\system32\mswmqnei.dll
  • c:\WINDOWS\system32\us?rinit.exe (A nu se confunda cu fisierul legitim C:\Windows\System32\userinit.exe)
  • c:\WINDOWS\system32\drivers\vbma22b4.sys


Ii sunt asociate cheile registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9CB00F85-D96F-1C82-F5A4-A31D57D6528D}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\userinit
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vbma22b4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiSpywareOverride” = ‘1’

In log-ul HijackThis apare urmatoarea intrare:

O23 – Service: Antivirus 2010 (userinit) – Unknown owner – \\.\globalrootC:\WINDOWS\system32\us?rinit.exe

DEVIRUSARE:

1. Accesati Windows Recovery Console. Pentru Windows XP aveti detalii aici.
Daca utilizati Windows Vista sau 7 folositi instructiunile acestea.

Ajunsi acolo redenumiti urmatoarele fisiere:
c:\windows\WinSxS\x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909\shsvcs.dll
c:\WINDOWS\system32\drivers\vbma22b4.sys

2. Apasati Exit si porniti Windowsul normal. Accesati Control Panel > Add\Remove Programs (Windows XP) sau Programs and Features (Vista si 7)
Cautati Antivirus 2010 sau Internet Security 2011 si dezinstalati-l.

3. Descarcati si rulati urmatoarele fisiere:
Remediere XP (daca aveti Windows XP)
Remediere Vista-7 (Daca rulati Windows Vista sau 7)

4. Descarcati si instalati Malwarebytes Anti-Malware. Scanati PC-ul complet si stergeti la final infectiile gasite apasandRemove selected.

Daca ai reusit sa cureti aceasta infectie, iti recomand sa cumperi versiunea PRO a Malwarebytes Anti-Malwarepentru a te proteja si pe viitor de astfel de amenintari, avand in vedere ca nu au fost detectate\eliminate de antivirusul tau actual.

Administrator FaraVirusi.com
voluntar al Comodo Malware Research Team, expert Malwarebytes Anti-Malware

Leave a Reply