[Solutie] Windows Stability Alarm – Ghid pentru Devirusare

Programele de optimizare a PC-ului de tip rogue incep sa fie promovate prin email-uri primite, ce contin un link infectat. Windows Stability Alarm este un astfel de program.

Virusul nu porneste decat dupa restart cand afiseaza o fereastra denumita Microsoft Security Essentials Alert, ce pretinde ca a detectat un virus in calculator. Apoi vi se ofera spre instalare programul fals in discutie. Acesta va afisa numeroase alerte false si va efectua scanari ale PC-ului detectand in mod eronat sute de infectii.
Este promovat prin link-uri trimise prin email, de genul: http://dvdkaraoke.pl/lista/googlelink.php

Toate acestea au scopul de a induce in eroare utilizatorul, cu scopul de a achizitiona acest program. Fisierele detectate sunt fie inexistente, fie curate, iar alertele nu trebuie luate in considerare.

Pentru a scapa de acest nepoftit cititi detaliile de mai jos:

Windows Stability Alarm

Programul va porni doar dupa restartarea Windows-ului si va afisa o fereastra falsa

Microsoft Security Essentials Alert.

Orice incercare de a rula un program legitim va duce la afisarea unei erori false, dupa cum urmeaza:

Threat prevention solution found Security system analysis has revealed critical file system vulnerability caused by severe malware attacks. Risk of system files infection: The detected vulnerability may result in unauthorized access to private information and hard drive data with a serious possibility of irreversible data loss and unstable PC performance. To remove the malware please run a full system scan. Press ‘OK’ to install the software necessary to initiate system files check. To complete the installation process please reboot your computer.

De asemenea, afiseaza urmatoarele mesaje:

System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.

Warning!
Location: c:\windows\system32\taskmgr.exe
Viruses: Win32.Sality

Programul creeaza urmatoarele fisiere\foldere:

  • %UserProfile%\Application Data\Microsoft\<random>.exe

Ii sunt asociate cheile registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe “Debugger” = ‘svchost.exe’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = ‘0’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = ‘0’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore “DisableSR ” = ‘1’

DEVIRUSARE:

1. Descarcati Malwarebytes Anti-Malware. Redenumiti kitul de instalare in svchost.exe si apoi instalati-l. Nu-l rulati la finalul instalarii !!!

2. Navigati in folderul C:\Program Files\Malwarebytes’ Anti-Malware si redenumiti mbam.exe in explorer.exe.

3. Rulati noul fisier redenumit (explorer.exe) scanati PC-ul complet si stergeti la final infectiile gasite apasand Remove selected.

Daca ai reusit sa cureti aceasta infectie, iti recomand sa cumperi versiunea PRO a Malwarebytes Anti-Malwarepentru a te proteja si pe viitor de astfel de amenintari, avand in vedere ca nu au fost detectate\eliminate de antivirusul tau actual.

Administrator FaraVirusi.com
voluntar al Comodo Malware Research Team, expert Malwarebytes Anti-Malware

Leave a Reply