Dezinstalare Security Essentials 2010 – Ghid pentru Devirusare Completa

Nu, nu este vorba de o versiune nou a programului antivirus recent lansat de Microsoft.
Security Essentials 2010 este un program anti-spyware de tip rogue. Este promovat prin intermediul unor Troieni care pretind sa fie codec-uri video sau actualizari flash absolut necesare pentru a urmari continutul online.
Programul va afisa numeroase alerte false si va efectua scanari ale PC-ului detectand in mod eronat sute de infectii.

Toate acestea au scopul de a induce in eroare utilizatorul, cu scopul de a achizitiona acest program. Fisierele detectate sunt fie inexistente, fie curate, iar alertele nu trebuie luate in considerare.

Virusul va opri rularea oricarui fisier executabil in PC-ul infectat, afisand eroarea:

Application cannot be executed. The file is infected. Please activate your antivirus software.

Pentru a scapa de acest nepoftit cititi detaliile de mai jos:

Programul afiseaza de asemenea unele alerte:

Your computer is infected! Windows has detected an infection of spyware! It is recommended to use special antispyware tools to prevent data loss. Windows will now download and install the most up-to-date antispyware for you.
Click here to protect your computer from spyware!

Attention! System detected a potential hazard (TrojanSPM/LX) on your computer that may infect executable files. You private information and PC safety is at risk. To get rid of unwanted spyware and keep your computer safe you need update your current security software. Click OK to download official intrusion detection system (IDS software)

Application Error.The instruction at 0x009a6f9a referenced memory at 0x00000000. The memory could not be written.Click on OK to terminate the program.

Security Warning!
Worm.Win32.NetSky detected on your machine.
This virus is distributed via the Internet through e-mail and Active-x objects.
The worm has its own SMTP engine which means it gathers e-mails from your local computer and re-distributes itself.
In worst cases this worm can allow attachers to access your computer, stealing passwords and personal data.
Viruses can damage your confidential data and work on your computer.
Continue working in unprotected mode is very dangerous.

Critical Warning!
Critical System Warning! Your system is probably infected with a version of Trojan-Spy.HTML.Visafraud.a. This may result in website access passwords being stolen from Interner Explorer, Mozilla Firefox, Outlook etc. Click Yes to scan and remove threats. (recommended)

Programul creeaza urmatoarele fisiere\foldere:

  • c:\s
  • c:\Program Files\Securityessentials2010\
  • c:\Program Files\Securityessentials2010\SE2010.exe
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Security essentials 2010.lnk
  • %UserProfile%\Desktop\Security essentials 2010.lnk
  • %UserProfile%\Start Menu\Security essentials 2010.lnk
  • c:\WINDOWS\system32\41.exe
  • c:\WINDOWS\system32\helpers32.dll
  • c:\WINDOWS\system32\smss32.exe
  • c:\WINDOWS\system32\warnings.html
  • c:\WINDOWS\system32\winlogon32.exe

Ii sunt asociate cheile registry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallpaper” = “1”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer “NoActiveDesktopChanges” = “1”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer “NoSetActiveDesktop” = “1”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = “1”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Security essentials 2010”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “smss32.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop “NoChangingWallpaper” = “1”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer “NoActiveDesktopChanges” = “1”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer “NoSetActiveDesktop” = “1”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “smss32.exe”

In log-ul HijackThis apar urmatoarele intrari:

F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
O4 – HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 – HKCU\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 – HKCU\..\Run: [Security essentials 2010] C:\Program Files\Securityessentials2010\SE2010.exe
O4 – HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe
O10 – Unknown file in Winsock LSP: c:\windows\system32\helpers32.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\helpers32.dll
O15 – Trusted Zone: https://*
O15 – Trusted Zone: https://*
O15 – Trusted Zone: https://*
O15 – Trusted Zone: https://*
O15 – Trusted Zone: https://*
O15 – Trusted Zone: https://* (HKLM)
O15 – Trusted Zone: https://* (HKLM)


1.Descarcati si rulati Acest lucru este ncesar pentru a opri procesul activ folosit de virus. Veti primi probabil o atentionare ca este infectat. Ignorati-l, este doar o alarma falsa generata de Security Essentials 2010.
Rulati din nou, pana cand virusul nu mai este activ.

2. Descarcati si instalati Malwarebytes Anti-Malware. Nu modificati nici o setare in timpul procesului de instalare, iar la final nu restartati PC-ul daca vi se va solicita acest lucru.

3. Virusul va incerca sa modifice executabilul principal MBAM, de aceea veti primi la final o eroare (CreateProcess failes; code: 2 – Unable to execute C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe)
Apasati butonul OK.

4. Descarcati executabilul Malwarebytes Anti-Malware de la urmatoarea locatie.
Se va genera un fisier de tip .exe, cu denumiri diferite.
Salvati-l in folder-ul C:\program files\Malwarebytes’ Anti-Malware\
Retineti denumirea fisierului.

5. Rulati fisierul descarcat in folder-ul: C:\program files\Malwarebytes’ Anti-Malware\. Malwarebytes’ Anti-Malware va porni. Scanati PC-ul complet si stergeti la final infectiile gasite apasand Remove selected.

Daca ai reusit sa cureti aceasta infectie, iti recomand sa cumperi versiunea PRO a Malwarebytes Anti-Malware pentru a te proteja si pe viitor de astfel de amenintari, avand in vedere ca nu au fost detectate\eliminate de antivirusul tau actual.

voluntar al Comodo Malware Research Team, expert Malwarebytes Anti-Malware

3 responses to “Dezinstalare Security Essentials 2010 – Ghid pentru Devirusare Completa”

  1. Daniel

    Foarte util situl, am gasit multe chestii interesante pe el.

    Ma-r interesa si un link exchange daca se poate. Astept doar o confirmare si voi adauga de indata linkul dvs.

  2. tipo

    sau putem folosi si hitman pro care de la build-ul 97 are “force breach” ( se tine apasat pe tasta Ctrl si se deschide hitman) si care are rolul de a stopa toate procesele neesentiale), dupa care il “rugam” sa ne scaneze PC.
    Build 89 (2010-02-12)

    * Added Force Breach. When holding the left Ctrl-key while starting Hitman Pro (hold until its window appears) will terminate all non-essential processes that run in the user’s context. This is particularly useful when a fake/rogue anti-malware application is killing every process you want to start. See movie.
    * Added resolution changer. In Safe Mode scenario’s where the computer boots in 640×480 the resolution is automatically increased by Hitman Pro to 800×600.
    * Added browser history crawler to correlate possible malware to visited (black listed) sites. The crawler currently supports Firefox and Internet Explorer.
    * Added ability to restore Desktop Wallpaper when repairing the Desktop Wallpaper policy.
    * Improved Early Warning Scoring.
    * Improved detection of remnants.
    * Several minor bug fixes.

Leave a Reply