AVG Antivirus 2011 are un frate geaman fals – Ghid pentru Devirusare

AVG Antivirus 2011 este un program antivirus de tip rogue. Da, ati auzit bine, este un program fals.
Totusi, nu vorbesc acum despre programul legitim al celor de la AVG, ci despre o clona.
Antivirusii falsi au ajuns la un nou nivel, imita aproape perfect interfata grafica si denumirea programelor legitime, incat devine foarte dificil sa le deosebesti, daca esti neavizat.

Programul va afisa numeroase alerte false si va efectua scanari ale PC-ului detectand in mod eronat sute de infectii.

Toate acestea au scopul de a induce in eroare utilizatorul, cu scopul de a achizitiona acest program. Fisierele detectate sunt fie inexistente, fie curate, iar alertele nu trebuie luate in considerare.

Iata cum arata “geamanul”:

avg antivirus 2011 rogue


avg antivirus 2011 rogue

Pentru a scapa de acest nepoftit cititi detaliile de mai jos:
Orice incercare de a rula un program legitim va duce la afisarea unei erori false, dupa cum urmeaza:

Warning! Active Virus Detected!
Threat Detected: Email-Worm.Zhelatin
Infected file:
Action taken: Application Blocked
Description: Worm Email-Worm.Zhelatin.vy is virus-like malware with destructive code, and is able to mutate, replacing its own code by itself. This makes Email-Worm.Zhelatin.vy very dangerous, hard to find, and difficult to delete. Like most viruses, worm Email-Worm-Zhelatin.vy may spread to other computers by secretly emailing themselves to Internet users in your address book.

De asemenea, afiseaza urmatoarele mesaje:

Warning!
Once installed on your machine, NetPumper may start monitoring your web browsing habits, such as what pages you usually load and what search terms you usually type in the search page. NetPumper may also deliver excessive pop-up advertisements even when you are not browsing the Internet. NetPumper also an ability to slow down your computer performance by using your hard drive recourses in order to deliver advertisements on your computer screen.

Programul creeaza urmatoarele fisiere\foldere:

  • c:\Documents and Settings\All Users\Start Menu\AVG Antivirus 2011\
  • c:\Documents and Settings\All Users\Start Menu\AVG Antivirus 2011\AVG Antivirus 2011.lnk
  • c:\Documents and Settings\All Users\Start Menu\AVG Antivirus 2011\Uninstall.lnk
  • c:\Program Files\AVG Antivirus 2011\
  • c:\Program Files\AVG Antivirus 2011\avg.exe
  • c:\WINDOWS\system32\iesafemode.exe
  • %UserProfile%\Desktop\AVG Antivirus 2011.lnk
  • %Temp%\OQ4C92F6.exe



Ii sunt asociate cheile registry:

HKEY_CURRENT_USER\Software\A88246
HKEY_CURRENT_USER\Software\Mon246
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “AVG Antivirus 2011” = ‘C:\Program Files\AVG Antivirus 2011\avg.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “WinNT-A8I 28.01.2011”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe “Debugger” = ‘iesafemode.exe -sb’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe “Debugger” = ‘iesafemode.exe -sb’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe “Debugger” = ‘iesafemode.exe -sb’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe “Debugger” = ‘iesafemode.exe -sb’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe “Debugger” = ‘iesafemode.exe -sb’

In log-ul HijackThis apare urmatoarea intrare:

O4 – HKCU\..\Run: [AVG Antivirus 2011] C:\Program Files\AVG Antivirus 2011\avg.exe

DEVIRUSARE:

1. Porniti PC-ul in Safe Mode with Networking. Pentru aceasta restartati PC-ul si apasati tasta F8 de mai multe ori inainte de incarcarea Windows-ului pana obtineti ecranul de mai jos.
Dupa alegerea modului mentionat apasati tasta Enter si asteptati incarcarea completa a Windowsului.

safe mode

2. Descarcati si rulati rkill.com. Acest lucru este ncesar pentru a opri procesul activ folosit de virus. Veti primi probabil o atentionare ca rkill.com este infectat. Ignorati-l, este doar o alarma falsa generata de System Tool.

3. Descarcati si instalati Malwarebytes Anti-Malware. Scanati PC-ul complet si stergeti la final infectiile gasite apasandRemove selected.

Administrator FaraVirusi.com
voluntar al Comodo Malware Research Team, expert Malwarebytes Anti-Malware

5 responses to “AVG Antivirus 2011 are un frate geaman fals – Ghid pentru Devirusare”

  1. Silviu

    asistam din ce in ce mai des la virusi rogue ce imita foarte bine antivirusii de renume. daca te fereai de telefoane contrafacute acuma trebuie sa te feresti si de copiile antivirusilor:))))

  2. Johane

    @silviu:Oare cine pune utilizatorul ala prost sa ia antivirul de pe orice porcarie de site? De ce oare au chiar si antivirusii free pagini dedicate? Sa nu ia prostu de pe orice site.

    1. Gigi

      Chiar crezi ca utilizatorul a instalat singur antivirusul? 😀

  3. Silviu

    @Johane: ai fi uimit cati redusi sunt in lumea asta:))))

  4. McAVG 2011 – Ghid pentru Devirusare

    […] Ghid pentru DevirusareBy Radu FaraVirusi(com) on February 2, 2011Nu demult va povesteam despre AVG Antivirus 2011, versiunea rogue, care imita foarte bine celebrul antivirus AVG. Creatorii acestor programe false […]

Leave a Reply