Online-antivir-scan09.com (Personal Antivirus) – Cum scap de el ?



Online-antivir-scan09.com este un asa-zis sis a scanner antivirus online ce distribuie anti-spyware-ul fals Personal Antivirus. La accesarea site-ului o multitudine de ferestre pop-up vor apare. Daca veti da click pe vreuna din ele browser-ul va fi automat redirectionat spre un site ce contine Online-antivir-scan09.com URL in bara de adrese.

Acest program pretinde scanarea integrala a Pc-ului si afiseaza diversi virusi detectati, solicitand achizitionarea soft-ului pentru remedierea problemelor.
Ca si celelalte programe de acest fel utilizeaza icon-uri, denumiri si ferestre foarte asemanatoare cu ale altor programe antivirus consacrate sau chiar mimeaza Windows Explorer.

Pentru eliminarea acestui virus urmati instructiunile de mai jos:


Acest program rogue creeaza o multime de fisiere\foldere dupa cum urmeaza:

* %Documents and Settings%\All Users\Desktop\Personal Antivirus.lnk
* %Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus
* %Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus Home Page.lnk
* %Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus.lnk
* %Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus\Purchase License.lnk
* %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Personal Antivirus.lnk
* %UserProfile%\Application Data\Personal Antivirus
* %UserProfile%\Application Data\Personal Antivirus\settings.ini
* %UserProfile%\Application Data\Personal Antivirus\uill.ini
* %UserProfile%\Application Data\Personal Antivirus\unins000.exe
* %UserProfile%\Application Data\Personal Antivirus\Uninstall Personal Antivirus.lnk
* %UserProfile%\Application Data\Personal Antivirus\db
* %UserProfile%\Application Data\Personal Antivirus\db\config.cfg
* %UserProfile%\Application Data\Personal Antivirus\db\Timeout.inf
* %UserProfile%\Application Data\Personal Antivirus\db\Urls.inf
* %UserProfile%\Local Settings\Application Data\Microsoft\Windows\log.txt
* %UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
* %UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
* %Program Files%\Personal Antivirus
* %Program Files%\Personal Antivirus\activate.ico
* %Program Files%\Personal Antivirus\Explorer.ico
* %Program Files%\Personal Antivirus\PerAvir.exe
* %Program Files%\Personal Antivirus\unins000.dat
* %Program Files%\Personal Antivirus\uninstall.ico
* %Program Files%\Personal Antivirus\working.log
* %Program Files%\Personal Antivirus\db
* %Program Files%\Personal Antivirus\db\DBInfo.ver
* %Program Files%\Personal Antivirus\db\ia080614.db
* %Program Files%\Personal Antivirus\db\ia080618x.db
* %Program Files%\Personal Antivirus\Languages
* %Program Files%\Personal Antivirus\Languages\IAEs.lng
* %Program Files%\Personal Antivirus\Languages\IAFr.lng
* %Program Files%\Personal Antivirus\Languages\IAGer.lng
* %Program Files%\Personal Antivirus\Languages\IAIt.lng
* %WINDOWS%\system32\log.txt
* %UserProfile%\Application Data\Microsoft\Windows\winlogon.exe
* %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png
* %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png
* %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png
* %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe
* %UserProfile%\Local Settings\Application Data\Microsoft\Windows\log.txt
* %UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
* %UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe


In plus sunt create cheile registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Personal Antivirus_is1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ITGRDENGINE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ITGrdEngine
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “PrS”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Personal Antivirus”

Intrarile ce pot apare in log-ul HijackThis:

O4 – HKCU\..\Run: [Personal Antivirus] “C:\Program Files\Personal Antivirus\PerAvir.exe” /s
O4 – HKCU\..\Run: [Microsoft Windows logon process] C:\Documents and Settings\Bleeping\Application Data\Microsoft\Windows\winlogon.exe
O4 – HKCU\..\Policies\Explorer\Run: [iv] “C:\Documents and Settings\Bleeping\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe”
O23 – Service: Guard Service (ITGrdEngine) – Unknown owner – %UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe

DEVIRUSARE: Descarcati, instalati si scanati Pc-ul cu Malwarebytes Anti-Malware! Stergeti la final toate infectiile gasite, apasand “Remove selected”.

Cum poti testa daca Antivirusul tau functioneaza?

De multe ori folosim versiunea trial a unui antivirus sau in cazurile mai rele o versiune cu crack\patch, iar cand expira il lasam sa ruleze pur si simplu, fara a-l dezinstala sau cauta alt program.

Problema este: mai va protejeaza el in perioada asta?
Alteori programul antivirus poate fi corupt\modificat de un virus, in ciuda faptului ca a multi producatori au adaugat protectie pentru propriile procese\fisiere. In acest caz, programul de securitate nu mai functioneaza.

Cum putem testa daca antivirusul nostru functioneaza? Cum putem stii daca mai suntem protejati, iar datele noastre sunt in siguranta?
Avem nevoie de un virus, nu-i asa?
Stiti ca e periculos sa te joci cu virusii si nici nu-i gasesti chiar pe toate drumurile (internetului). Deci ce e de facut?

Ei bine, exista o solutie sigura si eficienta. EICAR este un cod neviral (fara nici un efect asupra PC-ului), pe care toti antivirusii il detecteaza. De altfel detectia lor este de cele mai multe ori EICAR-Test-Signature, denumirea spunand ca este un fisier de test.

Pentru aceasta este nevoie sa realizam un fisier numit EICAR.COM.


Deschideti Notepad.

Copiati urmatorul cod in el.

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Salvati fisierul ca EICAR.COM. Acum dati dublu-click pe el.
Daca antivirusul functioneaza corect veti primi o alerta. In caz contrar, verificati setarile si daca antivirusul este inca activat si functional.

Succes!