Online-antivir-scan09.com (Personal Antivirus) – Cum scap de el ?

Online-antivir-scan09.com este un asa-zis sis a scanner antivirus online ce distribuie anti-spyware-ul fals Personal Antivirus. La accesarea site-ului o multitudine de ferestre pop-up vor apare. Daca veti da click pe vreuna din ele browser-ul va fi automat redirectionat spre un site ce contine Online-antivir-scan09.com URL in bara de adrese.
Acest program pretinde scanarea integrala a Pc-ului si afiseaza diversi virusi detectati, solicitand achizitionarea soft-ului pentru remedierea problemelor.
Ca si celelalte programe de acest fel utilizeaza icon-uri, denumiri si ferestre foarte asemanatoare cu ale altor programe antivirus consacrate sau chiar mimeaza Windows Explorer.
Pentru eliminarea acestui virus urmati instructiunile de mai jos:
Acest program rogue creeaza o multime de fisiere\foldere dupa cum urmeaza:
* %Documents and Settings%\All Users\Desktop\Personal Antivirus.lnk
* %Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus
* %Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus Home Page.lnk
* %Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus.lnk
* %Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus\Purchase License.lnk
* %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Personal Antivirus.lnk
* %UserProfile%\Application Data\Personal Antivirus
* %UserProfile%\Application Data\Personal Antivirus\settings.ini
* %UserProfile%\Application Data\Personal Antivirus\uill.ini
* %UserProfile%\Application Data\Personal Antivirus\unins000.exe
* %UserProfile%\Application Data\Personal Antivirus\Uninstall Personal Antivirus.lnk
* %UserProfile%\Application Data\Personal Antivirus\db
* %UserProfile%\Application Data\Personal Antivirus\db\config.cfg
* %UserProfile%\Application Data\Personal Antivirus\db\Timeout.inf
* %UserProfile%\Application Data\Personal Antivirus\db\Urls.inf
* %UserProfile%\Local Settings\Application Data\Microsoft\Windows\log.txt
* %UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
* %UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
* %Program Files%\Personal Antivirus
* %Program Files%\Personal Antivirus\activate.ico
* %Program Files%\Personal Antivirus\Explorer.ico
* %Program Files%\Personal Antivirus\PerAvir.exe
* %Program Files%\Personal Antivirus\unins000.dat
* %Program Files%\Personal Antivirus\uninstall.ico
* %Program Files%\Personal Antivirus\working.log
* %Program Files%\Personal Antivirus\db
* %Program Files%\Personal Antivirus\db\DBInfo.ver
* %Program Files%\Personal Antivirus\db\ia080614.db
* %Program Files%\Personal Antivirus\db\ia080618x.db
* %Program Files%\Personal Antivirus\Languages
* %Program Files%\Personal Antivirus\Languages\IAEs.lng
* %Program Files%\Personal Antivirus\Languages\IAFr.lng
* %Program Files%\Personal Antivirus\Languages\IAGer.lng
* %Program Files%\Personal Antivirus\Languages\IAIt.lng
* %WINDOWS%\system32\log.txt
* %UserProfile%\Application Data\Microsoft\Windows\winlogon.exe
* %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png
* %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png
* %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png
* %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe
* %UserProfile%\Local Settings\Application Data\Microsoft\Windows\log.txt
* %UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
* %UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
In plus sunt create cheile registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Personal Antivirus_is1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ITGRDENGINE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ITGrdEngine
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “PrS”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Personal Antivirus”
Intrarile ce pot apare in log-ul HijackThis:
O4 – HKCU\..\Run: [Personal Antivirus] “C:\Program Files\Personal Antivirus\PerAvir.exe” /s
O4 – HKCU\..\Run: [Microsoft Windows logon process] C:\Documents and Settings\Bleeping\Application Data\Microsoft\Windows\winlogon.exe
O4 – HKCU\..\Policies\Explorer\Run: [iv] “C:\Documents and Settings\Bleeping\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe”
O23 – Service: Guard Service (ITGrdEngine) – Unknown owner – %UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
DEVIRUSARE: Descarcati, instalati si scanati Pc-ul cu
Malwarebytes Anti-Malware! Stergeti la final toate infectiile gasite, apasand “Remove selected”.