VN Click Forum
Chào mừng bạn đến với VN Click Forum
Để có thể nhìn thấy link, download file đính kèm hay không có quảng cáo bạn cần đăng ký và (hoặc) đăng nhập
Chúc bạn tìm được những điều bổ ích và lý thú khi ở đây.
Cảm ơn bạn đã ghé thăm forum
BQT Forum
Thân!

Một số Antivirus giả mạo

View previous topic View next topic Go down

Mặc định Re: Một số Antivirus giả mạo

Post by minhnguyenquang75 on Wed Sep 22, 2010 1:13 pm

11. WiniBlueSoft

Tên gọi:: WiniBlueSoft, Wini Blue Soft, WiniBlue Soft
Kiểu: giả anti-spyware
Nguồn gốc: Russian
Ngày phát hiện: 18-4-09

1. Giao diện:



2. cách diệt:
* Xóa các file do WiniBlueSoft tạo ra:

Code:
always_skip.xml
data.bin
License.txt
main_config.xml
uninstall.exe
WiniBlueSoft.exe
c:Homepage.lnk
c:Uninstall.lnk
c:WiniBlueSoft.lnk
102959roz2b45.ocx
10325virusz955.ocx
10355h9eat227z2.cpl
111znot-a-v5rus998.dll
115z1vi9us3e85.ocx
11797tzoj595.dll
1197addwaze16915.ocx
127b95ief305z.ocx
12946sz5mbot79c.dll
129cvir1z58.dll
12bbszy5ar91941.dll
13323w95mz1b.ocx
135zvir1929.cpl
1393z5or9df.ocx
13951spzmb9t5a2.exe
14041hackt5zl99.exe
19199hackt5zl7a1.bin
19524spyze9.exe
19544spy6fbz.ocx
19945hzcktool65b.dll
19991not-a-v5rzs1c9.exe
19z43hacktoo965f.exe
1a59dow9lozder1735.ocx
1b20z9a5se2186.bin

Xóa các khóa do WiniBlueSoft đăng ký vào registry

HKEY_CURRENT_USER\Software\WiniBlueSoft
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\WiniBlueSoft
HKEY_LOCAL_MACHINE\SOFTWARE\WiniBlueSoft
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run “setup2.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run “WiniBlueSoft”


12. Extra Antivirus
Tên gọi: Extra Antivirus, ExtraAntivirus, Extra-Antivirus
Kiểu: Giả anti-spyware
Nguồn gốc: Russian
Ngày phát hiện:21-4-09
1. Giao diện:








2. Cách diệt:

* Xóa các file do Remove Extra Antivirus tạo ra:
Code:
57.mof
ExtraAV.exe
vd952342.bd
extrav.cfg
Instructions.ini
Extra Antivirus.lnk
Extra Antivirus.lnk
ANTIGEN.sys
cb.exe
delfile.drv
delfile.sys
exec.dll
fix.dll
hymt.exe
PE.dll
PE.sys
SICKBOY.sys
sld.sys
SM.sys
std.drv
tjd.exe
Extra Antivirus.lnk
Extra Antivirus.lnk
Tally software LTD
Extra Antivirus
BASE
DELETED
LOG
LOG\20090420152913215.log
SAVED
Desktop\Install_1_1_.exe

* Xóa các khóa do Extra Antivirus đăng ký vào registry

HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\ExtraAV.DocHostUIHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings\5.0\User Agent\Post Platform “889809903″
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run “Extra Antivirus”
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\uninstall\Extra Antivirus 3.0
HKEY_CURRENT_USER\Software\Tally software LTD\Extra Antivirus

13. Malware Bell

Malware Type:giả Anti-Spyware
Threat Level: High
ngày phát hiện: 21-4-09

Giao diện:



Cách diệt:
Xoá các file do Malware Bell tạo ra

Code:
* smp.bat
    * A4-tmpaoi.exe
    * ps16sys.dll
    * Malware Bell 3.2.lnk
    * ps16sys.dll
    * malwarebell.exe
    * mb.db1
    * mb.db2
    * mb.db3
    * mb.db4
    * mb.db5
    * mbuninst.exe

Xoá các khoá registry do Malware Bell đăng ký

* HKEY_CURRENT_USER\Software\MalwareBell
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Malware Bell
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{53E30863-280F-4CFA-99AB-55CAEB95271C}

14. Malware Cleaner

Malware Type: giả Anti-Spyware
Tác giả: chưa rõ
Threat Level: High
Ngày phát hiện: 21-04-0
9


Cách diệt:
- xoá các file:


* Malware Cleaner.lnk
* malwarecleaner.exe

Xoá các khoá registry

* HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre nt Version\Malware Cleaner
* HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\”Malware Cleaner”

15. Spyware.ISpynow
Tên gọi: Perfect Defender 2009, Spyware.ISpynow[
Kiểu:: giả Anti-Spyware
Xuất xứ: Chưa rõ
Tác giả: Chưa rõ
Mức độ:Nguy hiêm cao
1, Giao diên:

2. Các diệt:
Xoá các file:

* %WINDOWS%\system32\drivers\svchost.exe
* %UserProfile%\Application Data\Google\ijdkq13324484.exe

Xoá các khoá
* HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\Perfect Defender 2009

Tran Quang Ha (Bkav)

-------------------------------------- Signature --------------------------------------
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.][You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.][You must be registered and logged in to see this link.]

My Blog: [You must be registered and logged in to see this link.]
avatar
minhnguyenquang75
Super Member
Super Member

Ngày tham gia : 2010-04-22
Tổng số bài gửi : 124
Tiếng vang : 20413
Độ uy tín : 69
Đến từ : Quarantine

View user profile

Back to top Go down

Mặc định Re: Một số Antivirus giả mạo

Post by minhnguyenquang75 on Wed Sep 22, 2010 1:17 pm

16. Recommendations Alert

Kiểu: Cảnh báo an ninh giả
Tác giả: Chưa rõ
Mức độ nguy hiểm: Cao



2. cách diệt.

Xoá các file:

Code:
* %Program Files%\WiniBlueSoft Software
    * %Program Files%\WiniBlueSoft Software\WiniBlueSoft
    * %Program Files%\WiniBlueSoft Software\WiniBlueSoft\always_skip.xml
    * %Program Files%\WiniBlueSoft Software\WiniBlueSoft\data.bin
    * %Program Files%\WiniBlueSoft Software\WiniBlueSoft\License.txt
    * %Program Files%\WiniBlueSoft Software\WiniBlueSoft\main_config.xml
    * %Program Files%\WiniBlueSoft Software\WiniBlueSoft\uninstall.exe
    * %Program Files%\WiniBlueSoft Software\WiniBlueSoft\WiniBlueSoft.exe
    * %Documents and Settings%\All Users\Desktop\WiniBlueSoft.lnk
    * %Documents and Settings%\All Users\Start Menu\Programs\WiniBlueSoft
    * %Documents and Settings%\All Users\Start Menu\Programs\WiniBlueSoft\Homepage.lnk
    * %Documents and Settings%\All Users\Start Menu\Programs\WiniBlueSoft\Uninstall.lnk
    * %Documents and Settings%\All Users\Start Menu\Programs\WiniBlueSoft\WiniBlueSoft.lnk
    * %WINDOWS%\102959roz2b45.ocx
    * %WINDOWS%\10325virusz955.ocx
    * %WINDOWS%\10355h9eat227z2.cpl
    * %WINDOWS%\111znot-a-v5rus998.dll
    * %WINDOWS%\115z1vi9us3e85.ocx
    * %WINDOWS%\11797tzoj595.dll
    * %WINDOWS%\1197addwaze16915.ocx
    * %WINDOWS%\127b95ief305z.ocx
    * %WINDOWS%\12946sz5mbot79c.dll
    * %WINDOWS%\129cvir1z58.dll
    * %WINDOWS%\12bbszy5ar91941.dll
    * %WINDOWS%\13323w95mz1b.ocx
    * %WINDOWS%\135zvir1929.cpl
    * %WINDOWS%\1393z5or9df.ocx
    * %WINDOWS%\13951spzmb9t5a2.exe
    * %WINDOWS%\14041hackt5zl99.exe
    * %WINDOWS%\system32\19199hackt5zl7a1.bin
    * %WINDOWS%\system32\19524spyze9.exe
    * %WINDOWS%\system32\19544spy6fbz.ocx
    * %WINDOWS%\system32\19945hzcktool65b.dll
    * %WINDOWS%\system32\19991not-a-v5rzs1c9.exe
    * %WINDOWS%\system32\19z43hacktoo965f.exe
    * %WINDOWS%\system32\1a59dow9lozder1735.ocx
    * %WINDOWS%\system32\1b20z9a5se2186.bin

- Xoá các khoá:

* HKEY_CURRENT_USER\Software\WiniBlueSoft
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\WiniBlueSoft
* HKEY_LOCAL_MACHINE\SOFTWARE\WiniBlueSoft
* HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run “setup2.exe”
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run “WiniBlueSoft”

17. Advanced Spyware Detect

Kiểu: Spyware
Mức độ nguy hiểm: cao

* Giao diện:


* cách gỡ bỏ:
-Xoá các file;

Code:
c:\Program Files\Advansed Spyware Detector
    c:\Program Files\Advansed Spyware Detector\alert.wav
    c:\Program Files\Advansed Spyware Detector\asd.chm
    c:\Program Files\Advansed Spyware Detector\asd.exe
    c:\Program Files\Advansed Spyware Detector\asd.exe.manifest
    c:\Program Files\Advansed Spyware Detector\asd.log
    c:\Program Files\Advansed Spyware Detector\av.db
    c:\Program Files\Advansed Spyware Detector\sqlite3.dll
    c:\Program Files\Advansed Spyware Detector\wallpapper.jpg
    c:\Documents and Settings\All Users\Start Menu\Programs\Advansed Spyware Detector
    c:\Documents and Settings\All Users\Start Menu\Programs\Advansed Spyware Detector\Advansed Spyware Detector Help.lnk
    c:\Documents and Settings\All Users\Start Menu\Programs\Advansed Spyware Detector\Advansed Spyware Detector.lnk
    c:\Documents and Settings\All Users\Start Menu\Programs\Advansed Spyware Detector\Uninstall.lnk
    %UserProfile%\Desktop\Manual scanner.lnk

-Xoá các khóa:

HKEY_CURRENT_USER\Software\AdvSpywareDetect
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Start Page" => "http://samorukova.com?id=1228468452073"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" => "C:\WINDOWS\system32\userinit.exe,C:\Program Files\Advansed Spyware Detector\asd.exe -m"

18. MS AntiSpyware 2009




Khi nhiễm sẽ:
Tạo các file:
%PROGRAMDATA%\crucialsoft ltd\ms antispyware 2009\msas2009.exe
%ALLUSERSPROFILE%\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe
c:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe
msas2009.exe

Đăng ký các khóa:
Software\Microsoft\Windows\CurrentVersion\Drivers\ Video\Options\4E8D9EBF-122C-42BD-A8CB-7E59C9CC08BA
Microsoft\Windows\CurrentVersion\uninstall\MS AntiSpyware 2009 5.7
Microsoft\Windows\CurrentVersion\Explorer\MenuOrde r\Start Menu2\Programs\MS AntiSpyware 2009
CrucialSoft Ltd\MS AntiSpyware 2009
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\uninstall\MS AntiSpyware 2009 5.7
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run "MS AntiSpyware 2009"
HKEY_CURRENT_USER\Software\CrucialSoft Ltd\MS AntiSpyware 2009
HKEY_CURRENT_USER\Software\CrucialSoft Ltd

19. ErrorEasy

Tên khác: ErrorEasy, Error Easy, Error-Easy
Loại:giả anti-spyware
Nguồn gốc:: Russian
Giao diện:


Cách diệt:
Xoá các files and dll’s do ErrorEasy tao ra:
erroreasy.exe
ErrorEasy.lnk

Xoá các khoá do ErrorEasy đăng ký vào registry values:

HKEY_CURRENT_USER\Software\ErrorEasy
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run “ErrorEasy”

20. Badware Protector
Tên khác: Badware Protector, BadwareProtector, Badware-Protector
Loại: Rogue anti-spyware
NGuồn gốc: Russian
ngày phát hiện:April 27th, 2009

Cách diệt:

Xoá các files and dll’s
BP.lnk
Help.lnk
Registration.lnk
Uninstall BP.lnk
BP.lnk
badware-protector.exe
krln32.exe
scvh0st.exe

Xoá các khoá registry values:

HKEY_CURRENT_USER\Software\0113DE8367022C285A1AF91 E4E1C285C
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Uninstall\BP
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run “0113DE8367022C285A1AF91E4E1C285C”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\5.0\User Agent\Post Platform “AV3?

Tran Quang Ha (Bkav)

-------------------------------------- Signature --------------------------------------
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.][You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.][You must be registered and logged in to see this link.]

My Blog: [You must be registered and logged in to see this link.]
avatar
minhnguyenquang75
Super Member
Super Member

Ngày tham gia : 2010-04-22
Tổng số bài gửi : 124
Tiếng vang : 20413
Độ uy tín : 69
Đến từ : Quarantine

View user profile

Back to top Go down

Mặc định Re: Một số Antivirus giả mạo

Post by minhnguyenquang75 on Wed Sep 22, 2010 1:20 pm

21. Coreguard Antivirus 2009




Tạo các file:
Code:
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Coreguard 2009.lnk
%UserProfile%\Desktop\Coreguard 2009.lnk
%UserProfile%\Local Settings\Temp\[RANDOM CHARACTERS].mof
%UserProfile%\Local Settings\Temp\c.dat
%UserProfile%\Start Menu\Programs\Coreguard Antivirus 2009\Coreguard 2009.lnk
%UserProfile%\Start Menu\Programs\Coreguard Antivirus 2009\Uninstall Coreguard Antivirus 2009.lnk
%ProgramFiles%\Coreguard Antivirus 2009\blacklist.cga
%ProgramFiles%\Coreguard Antivirus 2009\core.cga
%ProgramFiles%\Coreguard Antivirus 2009\CoreExt.dll
%ProgramFiles%\Coreguard Antivirus 2009\Coreguard 2009.exe
%ProgramFiles%\Coreguard Antivirus 2009\firewall.dll
%ProgramFiles%\Coreguard Antivirus 2009\Help\images\buttons\offline.gif
%ProgramFiles%\Coreguard Antivirus 2009\Help\images\buttons\online.gif
%ProgramFiles%\Coreguard Antivirus 2009\Help\images\buttons\voice.gif
%ProgramFiles%\Coreguard Antivirus 2009\Help\images\delete.png
%ProgramFiles%\Coreguard Antivirus 2009\Help\images\info.png
%ProgramFiles%\Coreguard Antivirus 2009\Help\images\plus_circle.png
%ProgramFiles%\Coreguard Antivirus 2009\Help\images\tick.png
%ProgramFiles%\Coreguard Antivirus 2009\Help\images\warn.png
%ProgramFiles%\Coreguard Antivirus 2009\Help\reg.html
%ProgramFiles%\Coreguard Antivirus 2009\Help\support.png
%ProgramFiles%\Coreguard Antivirus 2009\Help\unreg.html
%ProgramFiles%\Coreguard Antivirus 2009\Uninstall.exe

Đăng kí một số khoá vào registry:
HKEY_CURRENT_USER\Software\CoreGuard
HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Coreguard Antivirus 2009

22. PCPrivacy Defender rogue anti-spyware


Cách diệt:
Xoá các file:

Code:
* %Program Files%\PCPrivacyDefender\PCPrivacyDefender.exe
    * %Program Files%\PCPrivacyDefender\PCPrivacyDefender.url
    * %UserProfile%\Start Menu\Programs\PCPrivacyDefender
    * %UserProfile%\Start Menu\PCPrivacyDefender.lnk
    * %UserProfile%\Start Menu\Programs\PCPrivacyDefender\PCPrivacyDefender.  lnk
    * %UserProfile%\Start Menu\Programs\PCPrivacyDefender\PCPrivacyDefender Website.lnk
    * %UserProfile%\Desktop\PCPrivacyDefenderScannerSetu  p.exe

Xoá các khoá:
* HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Uninstall\PC Privacy Defender
* HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run “PC Privacy Defender″

23. XP SecurityCenter


Cách diệt:
- Xoá các file
:
Code:
* %WINDOWS%\gulozerela._sy
    * %WINDOWS%\ixosata.scr
    * %WINDOWS%\system32\ynory.bin
    * %Program Files%\XPSecurityCenter
    * %Program Files%\Common Files\wopok.exe
    * %Program Files%\Common Files\ycisyh.com
    * %Program Files%\Common Files\ykogapusij.scr
    * %Program Files%\XPSecurityCenter\htmlayout.dll
    * %Program Files%\XPSecurityCenter\install.exe
    * %Program Files%\XPSecurityCenter\pthreadVC2.dll
    * %Program Files%\XPSecurityCenter\un.ico
    * %Program Files%\XPSecurityCenter\unzip32.dll
    * %Program Files%\XPSecurityCenter\XP_SecurityCenter.cfg
    * %Program Files%\XPSecurityCenter\XPSecurityCenter.dll
    * %Program Files%\XPSecurityCenter\XPSecurityCenter.exe
    * %Program Files%\XPSecurityCenter\data
    * %Program Files%\XPSecurityCenter\data\daily.cvd
    * %Program Files%\XPSecurityCenter\Microsoft.VC80.CRT
    * %Program Files%\XPSecurityCenter\Microsoft.VC80.CRT\Microso  ft.VC80.CRT.manifest
    * %Program Files%\XPSecurityCenter\Microsoft.VC80.CRT\msvcm80  .dll
    * %Program Files%\XPSecurityCenter\Microsoft.VC80.CRT\msvcp80  .dll
    * %Program Files%\XPSecurityCenter\Microsoft.VC80.CRT\msvcr80  .dll
    * %UserProfile%\Application Data\ovyfa._dl
    * %UserProfile%\Application Data\ynuquv.scr
    * %UserProfile%\Cookies\bexej.reg
    * %UserProfile%\Cookies\egymohe.inf
    * %UserProfile%\Cookies\sibufub.dll
    * %UserProfile%\Cookies\xoba.bin
    * %UserProfile%\Local Settings\Application Data\enarihow.scr
    * %UserProfile%\Local Settings\Application Data\molepucob.sys
    * %UserProfile%\Local Settings\Application Data\ujujynira.dl
    * %UserProfile%\Local Settings\Application Data\yruvabeqi.db
    * %UserProfile%\Local Settings\Temp\Binaries1.zip
    * %UserProfile%\Local Settings\Temp\Binaries2.zip
    * %UserProfile%\Local Settings\Temp\Binaries3.zip
    * %UserProfile%\Local Settings\Temporary Internet Files\onut.lib
    * %Documents and Settings%\All Users\Application Data\adokaxe._dl
    * %Documents and Settings%\All Users\Application Data\dixaneh.ban
    * %Documents and Settings%\All Users\Application Data\qivaz.dat
    * %Documents and Settings%\All Users\Application Data\yfizydup.sys
    * %Documents and Settings%\All Users\Desktop\XPSecurityCenter.lnk
    * %Documents and Settings%\All Users\Documents\kareq.bat
    * %Documents and Settings%\All Users\Documents\tibikuv.dll
    * %Documents and Settings%\All Users\Start Menu\Programs\XPSecurityCenter
    * %Documents and Settings%\All Users\Start Menu\Programs\XPSecurityCenter\Uninstall.lnk
    * %Documents and Settings%\All Users\Start Menu\Programs\XPSecurityCenter\XPSecurityCenter.lnk

- Xoá các khoá:


* HKEY_LOCAL_MACHINE\SOFTWARE\XP_SecurityCenter
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run “XP SecurityCenter”

24. Antivir System PRO

Loại:giả Anti-Spyware
Tác giả: Magic software Inc
Mức độ nguy hiểm: Cao
Ngày phát hiện: 6-5-09


Cách diệt:
Xóa các file
Code:
* %ProgramFiles%\Antivir System PRO\conf.cfg
    * %ProgramFiles%\Antivir System PRO\mbase.vdb
    * %ProgramFiles%\Antivir System PRO\quarantine.vdb
    * %ProgramFiles%\Antivir System PRO\queue.vdb
    * %ProgramFiles%\Antivir System PRO\antivirsystempro.exe
    * %ProgramFiles%\Antivir System PRO\uninstall.exe

Xóa các khóa:

* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Antivir System PRO
* HKEY_LOCAL_MACHINE\SOFTWARE\Antivir System PRO
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run “Antivir System PRO”
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad “ieModule”

25. PCPrivacy Defender

* Tên gọc khác: PCPrivacy Defender, PCPrivacyDefender, PC Privacy Defender
* Type: Rogue anti-spyware
* nguồn gốc: Russia


Cách diệt:
Xóa các file:
Code:
activate.dat
ATL80.dll
AV.dat
bnlink.dat
lapv.dat
license.rtf
mfc80.dll
Microsoft.VC80.ATL.manifest
Microsoft.VC80.CRT.manifest
Microsoft.VC80.MFC.manifest
msvcp80.dll
msvcr80.dll
PP.exe
pv.dat
readme.rtf
remnag.dat
ScanReport.dat
Schedule.dat
softwaredetect.dat
unins000.dat
unins000.exe
uninstall.ico
up.dat
updater.dat
UPSPDAP.exe
UPSPDAP.url
UPSPDAP.xml
UserAgent.dll
vbpv.dat
Appbase
AE_CD_Cr.dat
AReadr4.dat
AReadr5.dat
ASDSEEpv.dat
ASPack.dat
Babylon.dat
BDelphi5.dat
CatchUp.dat
CBuildr5.dat
CCGA.dat
CManager.dat
CuteFTP4.dat
CuteHTML.dat
DAcceler.dat
DiscJug.dat
ECDCreat4.dat
Far.dat
FFTsks.dat
FlashFXP.dat
FrntPage.dat
FrontPEx.dat
FtpEXP.dat
FtpVoya.dat
GetRight.dat
GoZilla.dat
GravMRU.dat
H_TxtPad.dat
HomeSite.dat
HotDogPr.dat
IconExtr.dat
iMesh.dat
ImgReady3.dat
InsShExp.dat
JASC_P_P.dat
KaZaA.dat
LView.dat
MacDir.dat
MacDrWea.dat
MicAng.dat
MicDes.dat
MM_CON.dat
MMUnDisk.dat
Morpheus.dat
MPaint.dat
MPicPub.dat
MPImaGal.dat
MSExplorer.dat
MSoffice.dat
MSRegEdit.dat
MSWMP.dat
MSWordPad.dat
Nero.dat
NetShow.dat
NTBackup.dat
pfilelst.xda
PhotShel.dat
PHPCoder.dat
PowerZIP.dat
RapidBr.dat
RealAuPl.dat
RealDown.dat
SecurCRT.dat
SL_BlWin.dat
SmartClr.dat
Sonique.dat
StuffIt.dat
TelepPro.dat
UGifAnim.dat
UltraEd.dat
UMedStud.dat
UPhImpV.dat
UPhotoEx.dat
UVidStud.dat
VNC.dat
WebFeret.dat
WebReap.dat
WinACE.dat
WinGate.dat
WinRAR.dat
WinZIP.dat
WiseInst.dat
wordslst.xda
YahooPl.dat
ZipMagic.dat
PCPrivacyDefender Freeware.lnk
PCPrivacyDefender HomePage.url
Uninstall PCPrivacyDefender.lnk
PCPrivacyDefender Freeware.lnk

Xóa các khóa

HKEY_CURRENT_USER\Software\PCPrivacyDefender Freeware
HKEY_LOCAL_MACHINE\SOFTWARE\Cleaner2009 Freeware
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\UPSPDAP_install_is1
HKEY_LOCAL_MACHINE\SOFTWARE\PCPrivacyDefender Freeware
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\5.0\User Agent\Post Platform “UPSPDAP 1.0.18.0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run “PCPrivacyDefender Freeware”

Tran Quang Ha (Bkav)


Last edited by minhnguyenquang75 on Wed Sep 22, 2010 1:25 pm; edited 1 time in total

-------------------------------------- Signature --------------------------------------
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.][You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.][You must be registered and logged in to see this link.]

My Blog: [You must be registered and logged in to see this link.]
avatar
minhnguyenquang75
Super Member
Super Member

Ngày tham gia : 2010-04-22
Tổng số bài gửi : 124
Tiếng vang : 20413
Độ uy tín : 69
Đến từ : Quarantine

View user profile

Back to top Go down

Mặc định Re: Một số Antivirus giả mạo

Post by minhnguyenquang75 on Wed Sep 22, 2010 1:24 pm

26. Malware Professional 2010
- Giao diện:


- Cách diệt:
+ Xoá các file:

%Documents and Settings%\All Users\Start Menu\Programs\Malware Professional 2010
%Program Files%\Malware Professional 2010
+ Xoá các key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Malware Professional 2010

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run “Malware Professional 2010″

HKEY_CURRENT_USER\Software\Malware Professional 2010

27. Additional Guard

Giao diện:




- Cách diệt:

+ Xoá các file:
Code:
%UserProfile%\Application Data\2565da61\AG345d.exe
%UserProfile%\Application Data\2565da61\278.mof
%UserProfile%\Application Data\2565da61\mozcrt19.dll
%UserProfile%\Application Data\2565da61\sqlite3.dll
%UserProfile%\Application Data\2565da61\AG.ico
%UserProfile%\Application Data\2565da61\AGSys
%UserProfile%\Application Data\2565da61\AGSys\vd952342.bd
%UserProfile%\Application Data\2565da61\ag.cfg
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Additional Guard.lnk
%UserProfile%\Application Data\Additional Guard\cookies.sqlite
%UserProfile%\Desktop\Additional Guard.lnk
%UserProfile%\Recent\cb.exe
%UserProfile%\Recent\CLSV.tmp
%UserProfile%\Recent\ddv.dll
%UserProfile%\Recent\dudl.drv
%UserProfile%\Recent\energy.dll
%UserProfile%\Recent\energy.sys
%UserProfile%\Recent\exec.exe
%UserProfile%\Recent\fan.drv
%UserProfile%\Recent\FS.dll
%UserProfile%\Recent\PE.drv
%UserProfile%\Recent\ppal.exe
%UserProfile%\Recent\SICKBOY.tmp
%UserProfile%\Recent\tjd.sys
%UserProfile%\Start Menu\Additional Guard.lnk
%UserProfile%\Start Menu\Programs\Additional Guard.lnk
%Program Files%\Mozilla Firefox\searchplugins\search.xml

+ Xoá các key:

  • HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
  • HKEY_CLASSES_ROOT\xp_7a9be.DocHostUIHandler
  • HKEY_CURRENT_USER\Software\Classes\Software\Micros oft\Internet Explorer\SearchScopes “URL” = “http://search-gala.com/?&uid=220&q={searchTerms}”
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
  • HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://search-gala.com/?&uid=220&q={searchTerms}”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run “Additional Guard”
28. AntiAdd
Giao diện:



- Cách diện:

+ Xoá các file:
Code:
%Documents and Settings%\All Users\Start Menu\Programs\AntiAdd
%Program Files%\AntiAdd Software
%Program Files%\AntiAdd Software\AntiAdd
%Documents and Settings%\All Users\Desktop\AntiAdd.lnk
%Documents and Settings%\All Users\Start Menu\Programs\AntiAdd\1 AntiAdd.lnk
%Documents and Settings%\All Users\Start Menu\Programs\AntiAdd\2 Homepage.lnk
%Program Files%\AntiAdd Software\AntiAdd\AntiAdd.exe
%Program Files%\AntiAdd Software\AntiAdd\uninstall.exe
+ Xoá cách key:

  • HKEY_CURRENT_USER\Software\AntiAdd
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\AntiAdd
  • HKEY_LOCAL_MACHINE\SOFTWARE\AntiAdd
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run “AntiAdd.exe”
30. ECO Antivirus 2010
Giao diện:


- Cách diệt:
+ Xóa các file:
Code:
%Documents and Settings%\All Users\Application Data\eca
%Documents and Settings%\All Users\Application Data\eca\Base.dat
%Documents and Settings%\All Users\Application Data\eca\msdl.exe
%Documents and Settings%\All Users\Application Data\eca\msll.exe
%Documents and Settings%\All Users\Application Data\eca\vec.exe
%Documents and Settings%\All Users\Application Data\Microsoft\Machine
%Documents and Settings%\All Users\Application Data\Microsoft\Machine\WStech.dll
%Documents and Settings%\All Users\Start Menu\Programs\Eco AntiVirus
%Documents and Settings%\All Users\Desktop\Eco AntiVirus.lnk

+ Xóa các key:
Code:
HKEY_CURRENT_USER\Software\ECO
HKEY_CLASSES_ROOT\AppID\{29256442-2C14-48CA-B756-3EE0F8BDC774}
HKEY_CLASSES_ROOT\AppID\WStech.DLL
HKEY_CLASSES_ROOT\CLSID\{A5DBD8CB-DF8A-4992-A655-B155216F6AFB}
HKEY_CLASSES_ROOT\Interface\{051C9A06-FB08-486F-B09B-8B33B261637D}
HKEY_CLASSES_ROOT\TypeLib\{512E801E-2F02-4ADE-ACAA-58F08A22B2F8}
HKEY_CLASSES_ROOT\WStech.WStechB
HKEY_CLASSES_ROOT\WStech.WStechB.1
HKEY_LOCAL_MACHINE\SOFTWARE\Eco
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr  entVersion\Explorer\Browser Helper Objects\{A5DBD8CB-DF8A-4992-A655-B155216F6AFB}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Cl  ass\{4D36E96E-E325-11CE-BFC1-08002BE10318}\S
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr  entVersion\Run “mxcll”

Tran Quang Ha (Bkav)

-------------------------------------- Signature --------------------------------------
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.][You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.][You must be registered and logged in to see this link.]

My Blog: [You must be registered and logged in to see this link.]
avatar
minhnguyenquang75
Super Member
Super Member

Ngày tham gia : 2010-04-22
Tổng số bài gửi : 124
Tiếng vang : 20413
Độ uy tín : 69
Đến từ : Quarantine

View user profile

Back to top Go down

Mặc định Re: Một số Antivirus giả mạo

Post by minhnguyenquang75 on Wed Sep 22, 2010 1:27 pm

31. Personal Security

- Giao diện:




[/b]
- Khi nhiễm vào PC:
tạo các file:
Code:
%Program Files%\PSecurity
%Program Files%\PSecurity\psecurity.exe
%Program Files%\Common Files\PSecurityUninstall
%Program Files%\Common Files\PSecurityUninstall\Uninstall.lnk
%WINDOWS%\system32\win32extension.dll
%Documents and Settings%\All Users\Start Menu\PSecurity
%Documents and Settings%\All Users\Start Menu\PSecurity\Computer Scan.lnk
%Documents and Settings%\All Users\Start Menu\PSecurity\Help.lnk
%Documents and Settings%\All Users\Start Menu\PSecurity\Personal Security.lnk
%Documents and Settings%\All Users\Start Menu\PSecurity\Registration.lnk
%Documents and Settings%\All Users\Start Menu\PSecurity\Security Center.lnk
%Documents and Settings%\All Users\Start Menu\PSecurity\Settings.lnk
%Documents and Settings%\All Users\Start Menu\PSecurity\Update.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\PSecurity.lnk
%UserProfile%\Desktop\Personal Security.lnk

Thêm các key:

  • HKEY_CLASSES_ROOT\CLSID\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
  • HKEY_LOCAL_MACHINE\SOFTWARE\5FFB10D58FFCF482208906 E6A889FD56
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run “PSecurity”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\5.0\User Agent\post platform “WinTSI 01.12.2009″
32. Anti Keep

- Giao diện:



- Khi nhiễm vào PC:
Tạo các file:
Code:
%Documents and Settings%\All Users\Start Menu\Programs\AntiKeep
%Program Files%\AntiKeep Software
%Program Files%\AntiKeep Software\AntiKeep
%Documents and Settings%\All Users\Desktop\AntiKeep.lnk
%Documents and Settings%\All Users\Start Menu\Programs\AntiKeep\1 AntiKeep.lnk
%Documents and Settings%\All Users\Start Menu\Programs\AntiKeep\2 Homepage.lnk
%Program Files%\AntiKeep Software\AntiKeep\AntiKeep.exe
%Program Files%\AntiKeep Software\AntiKeep\uninstall.exe
Thêm các key:

  • HKEY_CURRENT_USER\Software\AntiKeep
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\AntiKeep
  • HKEY_LOCAL_MACHINE\SOFTWARE\AntiKeep
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run “AntiKeep.exe”
33. Live PC Care

- Giao diện:



- Khi nhiễm vào PC:
tạo các file:
Code:
%Documents and Settings%\All Users\Application Data\117fc
%Documents and Settings%\All Users\Application Data\117fc\LP339.exe
%Documents and Settings%\All Users\Application Data\117fc\LPCG.ico
%Documents and Settings%\All Users\Application Data\117fc\8233.mof
%Documents and Settings%\All Users\Application Data\117fc\mozcrt19.dll
%Documents and Settings%\All Users\Application Data\117fc\sqlite3.dll
%Documents and Settings%\All Users\Application Data\117fc\LPCGSys\vd952342.bd
%Documents and Settings%\All Users\Application Data\LPCGSys
%Documents and Settings%\All Users\Application Data\LPCGSys\lpcg.cfg
%UserProfile%\Application Data\Live PC Care
%UserProfile%\Application Data\Live PC Care\cookies.sqlite
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Live PC Care.lnk
%UserProfile%\Desktop\Live PC Care.lnk
%UserProfile%\Recent\cb.drv
%UserProfile%\Recent\CLSV.sys
%UserProfile%\Recent\DBOLE.exe
%UserProfile%\Recent\DBOLE.sys
%UserProfile%\Recent\exec.dll
%UserProfile%\Recent\fan.exe
%UserProfile%\Recent\FW.dll
%UserProfile%\Recent\hymt.drv
%UserProfile%\Recent\kernel32.drv
%UserProfile%\Recent\PE.tmp
%UserProfile%\Recent\ppal.dll
%UserProfile%\Recent\ppal.sys
%UserProfile%\Recent\runddl.dll
%UserProfile%\Recent\SM.dll
%UserProfile%\Start Menu\Live PC Care.lnk
%UserProfile%\Start Menu\Programs\Live PC Care.lnk
%Program Files%\Mozilla Firefox\searchplugins\search.xml
Ghi các key:

  • HKEY_CURRENT_USER\Software\3
  • HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
  • HKEY_CLASSES_ROOT\xp_5ea56.DocHostUIHandler
  • HKEY_CURRENT_USER\Software\Classes\Software\Micros oft\Internet Explorer\SearchScopes “URL” = “http://search-gala.com/?&uid=7&q={searchTerms}”
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings\5.0\User Agent\Post Platform “[xSP_2_7]“
  • HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://search-gala.com/?&uid=7&q={searchTerms}”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run “Live PC Care”
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = “no”
34.Safety Anti-Spyware
- Giao diện:


- Khi nhiễm vào PC:
Tạo các file:


  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Safety Anti-Spyware 3.lnk
  • %UserProfile%\Desktop\Safety Anti-Spyware 3.lnk
  • %UserProfile%\Start Menu\Safety Anti-Spyware 3
  • %UserProfile%\Start Menu\Safety Anti-Spyware 3\Safety Anti-Spyware 3.lnk
  • %Program Files%\Safety Anti-Spyware 3
  • %Program Files%\Safety Anti-Spyware 3\Safety Anti-Spyware 3.exe
Đăng ký các khoá:

  • HKEY_CURRENT_USER\Software\[random string of symbols]
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Uninstall\Safety Anti-Spyware 3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run “Safety Anti-Spyware 3″
35. Internet Security 2010
- Giao diện:


- Khi nhiễm vào PC:
Tạo các file:
Code:
%Program Files%\InternetSecurity2010
%Program Files%\InternetSecurity2010\IS2010.exe
%WINDOWS%\system32\41.exe
%WINDOWS%\system32\winhelper86.dll
%WINDOWS%\system32\winlogon86.exe
%WINDOWS%\system32\winupdate86.exe
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk
%UserProfile%\Desktop\Internet Security 2010.lnk
%UserProfile%\Start Menu\Internet Security 2010.lnk
Đăng ký các khoá:

  • HKEY_CURRENT_USER\Software\IS2010
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run “Internet Security 2010″
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run “winupdate86.exe”
Tran Quang Ha (Bkav)


Last edited by minhnguyenquang75 on Thu Sep 23, 2010 8:07 am; edited 1 time in total

-------------------------------------- Signature --------------------------------------
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.][You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.][You must be registered and logged in to see this link.]

My Blog: [You must be registered and logged in to see this link.]
avatar
minhnguyenquang75
Super Member
Super Member

Ngày tham gia : 2010-04-22
Tổng số bài gửi : 124
Tiếng vang : 20413
Độ uy tín : 69
Đến từ : Quarantine

View user profile

Back to top Go down

Mặc định Re: Một số Antivirus giả mạo

Post by minhnguyenquang75 on Wed Sep 22, 2010 1:29 pm

36. Malware Defense:

- Giao diện:



- Khi "được" cài đặt vào PC:

+ Tạo các file:
Code:
%Program Files%\Malware Defense
%Program Files%\Malware Defense\help.ico
%Program Files%\Malware Defense\md.db
%Program Files%\Malware Defense\mdefense.exe
%Program Files%\Malware Defense\mdext.dll
%Program Files%\Malware Defense\uninstall.exe
%UserProfile%\Desktop\Malware Defense Support.lnk
%UserProfile%\Desktop\Malware Defense.lnk
%UserProfile%\Start Menu\Programs\Malware Defense
%UserProfile%\Start Menu\Programs\Malware Defense\Malware Defense Support.lnk
%UserProfile%\Start Menu\Programs\Malware Defense\Malware Defense.lnk
%UserProfile%\Start Menu\Programs\Malware Defense\Uninstall Malware Defense.lnk
+ Đăng ký các khoá:

  • HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Si mpleShlExt
  • HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
  • HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandle rs\SimpleShlExt
  • HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run “Malware Defense”
37. Anti-Virus Elite

- Giao diện:



- Khi "được" cài đặt:

+ Tạo các file:
Code:
%Program Files%\Anti-Virus Elite
%Program Files%\Anti-Virus Elite\UninstlDll.dll
%Program Files%\Anti-Virus Elite\unins000.exe
%Program Files%\Anti-Virus Elite\unins000.dat
%Program Files%\Anti-Virus Elite\adgutils.dll
%Program Files%\Anti-Virus Elite\Anti-Virus Elite.exe
%Program Files%\Anti-Virus Elite\noadware4_081909.na
%UserProfile%\Desktop\Anti-Virus Elite.lnk
%UserProfile%\Start Menu\Programs\Anti-Virus Elite
%UserProfile%\Start Menu\Programs\Anti-Virus Elite\Anti-Virus Elite.lnk
%UserProfile%\Start Menu\Programs\Anti-Virus Elite\Uninstall Anti-Virus Elite.lnk

+ Đăng ký khóa:


  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Anti-Virus Elite 5.0_is1
  • HKEY_CURRENT_USER\Software\Anti-Virus Elite

38. Rootkit.Win32.Agent.pp

- Giao diện:


- Khi "lây nhiễm" vào PC:
+ Tạo các file:
Code:
%Program Files%\Malware Defense
%Program Files%\Malware Defense\help.ico
%Program Files%\Malware Defense\md.db
%Program Files%\Malware Defense\mdefense.exe
%Program Files%\Malware Defense\mdext.dll
%Program Files%\Malware Defense\uninstall.exe
%UserProfile%\Desktop\Malware Defense Support.lnk
%UserProfile%\Desktop\Malware Defense.lnk
%UserProfile%\Start Menu\Programs\Malware Defense
%UserProfile%\Start Menu\Programs\Malware Defense\Malware Defense Support.lnk
%UserProfile%\Start Menu\Programs\Malware Defense\Malware Defense.lnk
%UserProfile%\Start Menu\Programs\Malware Defense\Uninstall Malware Defense.lnk

+ Đăng ký thêm khóa:

  • HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Si mpleShlExt
  • HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
  • HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandle rs\SimpleShlExt
  • HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run “Malware Defense”

39. APC Protect
- Ngày phát hiện: 24/12/2009
- Giao diện:



- Khi "được" cài vào PC:
+ Tạo các file:
Code:
%Documents and Settings%\All Users\Desktop\APCProtect.lnk
%Documents and Settings%\All Users\Start Menu\Programs\APCProtect
%Documents and Settings%\All Users\Start Menu\Programs\APCProtect\1 APCProtect.lnk
%Documents and Settings%\All Users\Start Menu\Programs\APCProtect\2 Homepage.lnk
%Documents and Settings%\All Users\Start Menu\Programs\APCProtect\3 Uninstall.lnk
%Program Files%\APCProtect Software
%Program Files%\APCProtect Software\APCProtect
%Program Files%\APCProtect Software\APCProtect\APCProtect.exe
%Program Files%\APCProtect Software\APCProtect\uninstall.exe
+ Đăng ký các khóa:

  • HKEY_CURRENT_USER\Software\APCProtect
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\APCProtect
  • HKEY_LOCAL_MACHINE\SOFTWARE\APCProtect
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run “APCProtect.exe”
[b]40. SystemCleanerPRO

- Giao diện:



- Khi nhiễm vào PC sẽ tạo:
+ Các file:
Code:
%Documents and Settings%\All Users\Application Data\AuxCo\SystemCleanerPRO\BASE
%Documents and Settings%\All Users\Application Data\AuxCo\SystemCleanerPRO\DELETED
%Documents and Settings%\All Users\Application Data\AuxCo\SystemCleanerPRO\LOG
%Documents and Settings%\All Users\Application Data\AuxCo\SystemCleanerPRO\SAVED
%Documents and Settings%\All Users\Start Menu\Programs\SystemCleanerPRO\SystemCleanerPRO.ln  k
%Documents and Settings%\All Users\Start Menu\Programs\SystemCleanerPRO\Uninstall SystemCleanerPRO.lnk
%Program Files%\SystemCleanerPRO\killtask.bat
%Program Files%\SystemCleanerPRO\sysclpro.exe
%Program Files%\SystemCleanerPRO\unins000.dat
%Program Files%\SystemCleanerPRO\unins000.exe
+ Đăng ký các khoá:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\SystemCleanerPRO_is1
  • HKEY_CURRENT_USER\Software\AuxCo
  • HKEY_CURRENT_USER\Software\AuxCo\SystemCleanerPRO
  • HKEY_CURRENT_USER\Software\AuxCo\SystemCleanerPRO\ 2.2
  • HKEY_CURRENT_USER\Software\AuxCo\SystemCleanerPRO\ 2.2\config

-------------------------------------- Signature --------------------------------------
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.][You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.][You must be registered and logged in to see this link.]

My Blog: [You must be registered and logged in to see this link.]
avatar
minhnguyenquang75
Super Member
Super Member

Ngày tham gia : 2010-04-22
Tổng số bài gửi : 124
Tiếng vang : 20413
Độ uy tín : 69
Đến từ : Quarantine

View user profile

Back to top Go down

Mặc định Re: Một số Antivirus giả mạo

Post by minhnguyenquang75 on Thu Sep 23, 2010 8:12 am

41. Antispyware Shield Pro

- Giao diện:



- Khi nhiễm vào PC sẽ tạo:
+ Các file:
Code:
%Documents and Settings%\All Users\Application Data\INTKGI\restore.exe
%Documents and Settings%\All Users\Application Data\Microsoft\Restore\storage.dat
%Documents and Settings%\All Users\Start Menu\Programs\Antispyware Shield Pro\Antispyware Shield Pro.lnk
%Documents and Settings%\All Users\Start Menu\Programs\Antispyware Shield Pro\Uninstall.lnk
%Documents and Settings%\All Users\Desktop\Antispyware Shield Pro.lnk
%Program Files%\Antispyware Shield Pro\uninst.exe
%Program Files%\Antispyware Shield Pro\License.rtf
%Program Files%\Antispyware Shield Pro\antispyshield.exe

+ Đăng ký các khoá:


  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Antispyware Shield Pro
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Restore
  • HKEY_CURRENT_USER\Software\Entire Safe Scripts Ltd
  • HKEY_CURRENT_USER\Software\Entire Safe Scripts Ltd\Antispyware Shield Pro

42. Spyware.ISpynow manually

- Giao diện:



- Khi nhiễm vào PC sẽ:
+ Tạo các file:


  • %WINDOWS%\system32\drivers\svchost.exe
  • %UserProfile%\Application Data\Google\ijdkq13324484.exe
+ Đăng ký thêm khoá:


  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Perfect Defender 2009
43. SpyEraser

- Giao diện:



- Khi nhiễm vào PC:
+ tạo các file:
Code:
%ProgramFiles%\SpyEraser\data.dll
%ProgramFiles%\SpyEraser\SpyEraser.exe
%ProgramFiles%\SpyEraser\Uninstall.exe
%AllUsersProfile%\Desktop\SpyEraser.lnk
%AllUsersProfile%\Start Menu\Programs\SpyEraser\SpyEraser\Launch SpyEraser.exe.lnk
%AllUsersProfile%\Start Menu\Programs\SpyEraser\SpyEraser\SpyEraser Uninstall.exe.lnk
%UserProfile%\Local Settings\Application Data\Downloaded Installations\{E5FF35CB-AAE1-4CD6-BFDE-D0BCE9CCBA4C}\SpyEraser.msi
%SystemRoot%\Installer\{6A2724E2-5E36-4F2E-9B3D-4A716774B3F9}\SpyEraser.exe1_5D3FA81F1A6D4924AD525  0A57005F147.exe


+ Ghi các khóa:
Code:
HKEY_LOCAL_MACHINE\software\Classes\Installer\Feat  ures\2E4272A663E5E2F4B9D3A41776473B9F
HKEY_LOCAL_MACHINE\software\Classes\Installer\Prod  ucts\2E4272A663E5E2F4B9D3A41776473B9F
HKEY_LOCAL_MACHINE\software\Classes\Installer\Prod  ucts\2E4272A663E5E2F4B9D3A41776473B9F\SourceList
HKEY_LOCAL_MACHINE\software\Classes\Installer\Prod  ucts\2E4272A663E5E2F4B9D3A41776473B9F\SourceList\M  edia
HKEY_LOCAL_MACHINE\software\Classes\Installer\Prod  ucts\2E4272A663E5E2F4B9D3A41776473B9F\SourceList\N  et
HKEY_LOCAL_MACHINE\software\Classes\Installer\Upgr  adeCodes\21B289D0EDBF1BD48A4C39C60AF74DE9
HKEY_LOCAL_MACHINE\software\microsoft\SpyEraser
HKEY_LOCAL_MACHINE\software\microsoft\Windows\Curr  entVersion\Installer\UpgradeCodes\21B289D0EDBF1BD4  8A4C39C60AF74DE9
HKEY_LOCAL_MACHINE\software\microsoft\Windows\Curr  entVersion\Installer\UserData\S-1-5-18\Components\EA061871792C67E4997020ED0AF0253E
HKEY_LOCAL_MACHINE\software\microsoft\Windows\Curr  entVersion\Installer\UserData\S-1-5-18\Components\EBAB827A17F9D9B40B5A18854589281C
HKEY_LOCAL_MACHINE\software\microsoft\Windows\Curr  entVersion\Installer\UserData\S-1-5-18\Products\2E4272A663E5E2F4B9D3A41776473B9F
HKEY_LOCAL_MACHINE\software\microsoft\Windows\Curr  entVersion\Installer\UserData\S-1-5-18\Products\2E4272A663E5E2F4B9D3A41776473B9F\Featu  res
HKEY_LOCAL_MACHINE\software\microsoft\Windows\Curr  entVersion\Installer\UserData\S-1-5-18\Products\2E4272A663E5E2F4B9D3A41776473B9F\Insta  llProperties
HKEY_LOCAL_MACHINE\software\microsoft\Windows\Curr  entVersion\Installer\UserData\S-1-5-18\Products\2E4272A663E5E2F4B9D3A41776473B9F\Patch  es
HKEY_LOCAL_MACHINE\software\microsoft\Windows\Curr  entVersion\Installer\UserData\S-1-5-18\Products\2E4272A663E5E2F4B9D3A41776473B9F\Usage
HKEY_LOCAL_MACHINE\software\microsoft\Windows\Curr  entVersion\Uninstall\{6A2724E2-5E36-4F2E-9B3D-4A716774B3F9}

44. Ghost Antivirus:




- KHi nhiễm vào PC sẽ:
+ Tạo ra các file:
Code:
%Program Files%\Ghost Antivirus\
%Program Files%\Ghost Antivirus\ghostav.exe
%Program Files%\Ghost Antivirus\register.ico
%Program Files%\Ghost Antivirus\unins000.dat
%Program Files%\Ghost Antivirus\uninst.ico
%Program Files%\Ghost Antivirus\web.ico
%Program Files%\Ghost Antivirus\working.log
%Program Files%\Ghost Antivirus\Languages\
%Program Files%\Ghost Antivirus\lib\
%Program Files%\Ghost Antivirus\lib\ghost.sql
%Program Files%\Ghost Antivirus\lib\Infected.wav
%Program Files%\Ghost Antivirus\lib\listing.cfg
%Program Files%\Ghost Antivirus\lib\version.db
%Program Files%\Ghost Antivirus\lib\WMILib.dll
%WINDOWS%\System32\[random symbols].dll
%Documents and Settings%\All Users\Desktop\Ghost Antivirus.lnk
%Documents and Settings%\All Users\Start Menu\Programs\Ghost Antivirus\
%Documents and Settings%\All Users\Start Menu\Programs\Ghost Antivirus\Ghost Antivirus Home Page.lnk
%Documents and Settings%\All Users\Start Menu\Programs\Ghost Antivirus\Ghost Antivirus.lnk
%Documents and Settings%\All Users\Start Menu\Programs\Ghost Antivirus\Purchase License.lnk
%Documents and Settings%\All Users\Application Data\Ghost Antivirus\
%Documents and Settings%\[User Name]\Application Data\Ghost Antivirus\settings.ini
%Documents and Settings%\[User Name]\Application Data\Ghost Antivirus\uill.ini
%Documents and Settings%\[User Name]\Application Data\Ghost Antivirus\unins000.exe
%Documents and Settings%\[User Name]\Application Data\Ghost Antivirus\Uninstall Ghost Antivirus.lnk
%Documents and Settings%\[User Name]\Application Data\Ghost Antivirus\lib\
%Documents and Settings%\[User Name]\Application Data\Ghost Antivirus\lib\links.txt
%Documents and Settings%\[User Name]\Application Data\Ghost Antivirus\lib\properties
%Documents and Settings%\[User Name]\Application Data\Ghost Antivirus\lib\times.conf
%Documents and Settings%\[User Name]\Application Data\Microsoft\Internet Explorer\Quick Launch\Ghost Antivirus.lnk
%Documents and Settings%\[User Name]\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png
%Documents and Settings%\[User Name]\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png
%Documents and Settings%\[User Name]\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png
%Documents and Settings%\[User Name]\Local Settings\Application Data\Microsoft\Windows\pguard.ini
%Documents and Settings%\[User Name]\Local Settings\Application Data\Microsoft\Windows\services.exe
[random symbols]onin.exe
+ Đăng ký các khóa:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Ghost Antivirus_is1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
  • HKEY_CURRENT_USER\Software\Microsoft\FTP “SearchDir” = “%Program Files%\Ghost Antivirus\”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\Run “onin”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run “Ghost Antivirus”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\RunOnce “3P_UDEC”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\5.0\User Agent “URIAPRO[1.1.3.9]“
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe “Debugger” = “?”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe “RealDebugger” = “?”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon “RealLogonType” = “1″
45. Win Security 360:




- Khi nhiễm vào PC sẽ tạo:
+ Các file:


  • %Program Files%\WinSecurity360\
  • %Program Files%\WinSecurity360\sk.lst
  • %Program Files%\WinSecurity360\Win Security 360 Help.url
  • %Program Files%\WinSecurity360\Win Security 360.url
  • %Program Files%\WinSecurity360\WinSecurity360.exe
  • %Documents and Settings%\[User Name]\Desktop\Win Security 360.lnk
  • %Documents and Settings%\[User Name]\Start Menu\Programs\Startup\Win Security 360.lnk
  • %Documents and Settings%\[User Name]\Start Menu\Programs\Win Security 360\Website.lnk
  • %Documents and Settings%\[User Name]\Start Menu\Programs\Win Security 360\Win Security 360 Help.lnk
  • %Documents and Settings%\[User Name]\Start Menu\Programs\Win Security 360\Win Security 360.lnk
  • %Documents and Settings%\[User Name]\Application Data\WinSecurity360\WinSecurity360.ini
  • %Documents and Settings%\[User Name]\Application Data\WinSecurity360\vlc.dat
  • %Documents and Settings%\[User Name]\Application Data\WinSecurity360\history.dat
+ Đăng ký thêm các khóa:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Win Security 360
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Win Security 360
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run “WinSecurity360.exe”

-------------------------------------- Signature --------------------------------------
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.][You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.][You must be registered and logged in to see this link.]

My Blog: [You must be registered and logged in to see this link.]
avatar
minhnguyenquang75
Super Member
Super Member

Ngày tham gia : 2010-04-22
Tổng số bài gửi : 124
Tiếng vang : 20413
Độ uy tín : 69
Đến từ : Quarantine

View user profile

Back to top Go down

Mặc định Re: Một số Antivirus giả mạo

Post by minhnguyenquang75 on Thu Feb 24, 2011 1:23 pm

46. Defense Center




Code:
[/b][/b][b]How to remove Defense Center manually:[/b]
Manual removal of Defense Center is a feasible objective if you have
sufficient expertise in dealing with program files, processes, .dll
files and registry entries.
 [u]The files to be deleted are listed below:[/u]
 
[list]
[*]%Documents and Settings%\[UserName]\Desktop\Defense Center Support.lnk
[*]%Documents and Settings%\[UserName]\Desktop\Defense Center.lnk
[*]%Documents and Settings%\[UserName]\Start Menu\Programs\Defense Center
[*]%Documents and Settings%\[UserName]\Start Menu\Programs\Defense Center\About.lnk
[*]%Documents and Settings%\[UserName]\Start Menu\Programs\Defense Center\Activate.lnk
[*]%Documents and Settings%\[UserName]\Start Menu\Programs\Defense Center\Buy.lnk
[*]%Documents and Settings%\[UserName]\Start Menu\Programs\Defense Center\Defense Center Support.lnk
[*]%Documents and Settings%\[UserName]\Start Menu\Programs\Defense Center\Defense Center.lnk
[*]%Documents and Settings%\[UserName]\Start Menu\Programs\Defense Center\Scan.lnk
[*]%Documents and Settings%\[UserName]\Start Menu\Programs\Defense Center\Settings.lnk
[*]%Documents and Settings%\[UserName]\Start Menu\Programs\Defense Center\Update.lnk
[*]%Documents and Settings%\[UserName]\Application Data\Microsoft\Internet Explorer\Quick Launch\Defense Center.lnk
[*]%Program Files%\Defense Center
[*]%Program Files%\Defense Center\about.ico
[*]%Program Files%\Defense Center\activate.ico
[*]%Program Files%\Defense Center\buy.ico
[*]%Program Files%\Defense Center\def.db
[*]%Program Files%\Defense Center\defext.dll
[*]%Program Files%\Defense Center\defhook.dll
[*]%Program Files%\Defense Center\defcnt.exe
[*]%Program Files%\Defense Center\help.ico
[*]%Program Files%\Defense Center\scan.ico
[*]%Program Files%\Defense Center\settings.ico
[*]%Program Files%\Defense Center\splash.mp3
[*]%Program Files%\Defense Center\uninstall.exe
[*]%Program Files%\Defense Center\update.ico
[*]%Program Files%\Defense Center\virus.mp3
[/list] [u]The registry entries that need to be removed are as follows:[/u]
 
[list]
[*]HKEY_CURRENT_USER\Software\Classes\secfile
[*]HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandle  rs\SimpleShlExt
[*]HKEY_CLASSES_ROOT\secfile
[*]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr  entVersion\Uninstall\Defense Center
[*]HKEY_LOCAL_MACHINE\SOFTWARE\Defense Center
[*]HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre  ntVersion\Policies\System “DisableTaskMgr” = “1″
[*]HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre  ntVersion\Run “Defense Center”
[/list]
[b]47. [b]Sysinternals Antivirus



Code:
[b]How to remove Sysinternals Antivirus manually:[/b]
Manual removal of Sysinternals Antivirus is a feasible objective if you
have sufficient expertise in dealing with program files, processes, .dll
 files and registry entries.
 [u]The files to be deleted are listed below:[/u]
 
[list]
[*]%Program Files%\adc_w32.dll
[*]%Program Files%\alggui.exe
[*]%Program Files%\extra1.dat
[*]%Program Files%\extra2.dat
[*]%Program Files%\nuar.old
[*]%Program Files%\skynet.dat
[*]%Program Files%\svchost.exe
[*]%Program Files%\wp3.dat
[*]%Program Files%\wp4.dat
[*]%Program Files%\scdata
[*]%Program Files%\scdata\dbsinit.exe
[*]%Program Files%\scdata\wispex.html
[*]%Program Files%\scdata\images
[*]%Program Files%\scdata\images\i1.gif
[*]%Program Files%\scdata\images\i2.gif
[*]%Program Files%\scdata\images\i3.gif
[*]%Program Files%\scdata\images\j1.gif
[*]%Program Files%\scdata\images\j2.gif
[*]%Program Files%\scdata\images\j3.gif
[*]%Program Files%\scdata\images\jj1.gif
[*]%Program Files%\scdata\images\jj2.gif
[*]%Program Files%\scdata\images\jj3.gif
[*]%Program Files%\scdata\images\l1.gif
[*]%Program Files%\scdata\images\l2.gif
[*]%Program Files%\scdata\images\l3.gif
[*]%Program Files%\scdata\images\pix.gif
[*]%Program Files%\scdata\images\t1.gif
[*]%Program Files%\scdata\images\t2.gif
[*]%Program Files%\scdata\images\Thumbs.db
[*]%Program Files%\scdata\images\up1.gif
[*]%Program Files%\scdata\images\up2.gif
[*]%Program Files%\scdata\images\w1.gif
[*]%Program Files%\scdata\images\w11.gif
[*]%Program Files%\scdata\images\w2.gif
[*]%Program Files%\scdata\images\w3.jpg
[*]%Program Files%\scdata\images\word.doc
[*]%Program Files%\scdata\images\wt1.gif
[*]%Program Files%\scdata\images\wt2.gif
[*]%Program Files%\scdata\images\wt3.gif
[*]%Program Files%\Sysinternals Antivirus
[*]%Program Files%\Sysinternals Antivirus\Sysinternals Antivirus.exe
[*]%Documents and Settings%\[User Name]\Application Data\Microsoft\Internet Explorer\ccsmn.exe
[*]%Documents and Settings%\[User Name]\Application Data\Microsoft\Internet Explorer\ccsmn151.acf
[*]%Documents and Settings%\[User Name]\Application Data\Microsoft\Internet Explorer\ccsmn151.ltd
[*]%Documents and Settings%\[User Name]\Application Data\Microsoft\Internet Explorer\ccsmn151.lti
[*]%Documents and Settings%\[User Name]\Application Data\Microsoft\Internet Explorer\ccsmn151_0.acb
[*]%Documents and Settings%\[User Name]\Application Data\Microsoft\Internet Explorer\ccsmn151_0.aci
[*]%Documents and Settings%\[User Name]\Application Data\Microsoft\Internet Explorer\ccsmn151_0.mt
[*]%Documents and Settings%\[User Name]\Application Data\Microsoft\Internet Explorer\ccsrr.exe
[*]%Documents and Settings%\[User Name]\Application Data\Microsoft\Internet Explorer\lleod150
[*]%Documents and Settings%\[User Name]\Application Data\Microsoft\Internet Explorer\wmharun.log
[*]%Documents and Settings%\[User Name]\Application Data\Microsoft\Internet Explorer\wmrun.log
[*]%Documents and Settings%\[User Name]\Start Menu\Programs\Sysinternals Antivirus
[*]%Documents and Settings%\[User Name]\Start Menu\Programs\Sysinternals Antivirus\Sysinternals Antivirus.lnk
[/list] [u]The registry entries that need to be removed are as follows:[/u]
 
[list]
[*]HKEY_CURRENT_USER\Software\Sysinternals Antivirus
[*]HKEY_CLASSES_ROOT\CLSID\{149256D5-E103-4523-BB43-2CFB066839D6}
[*]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr 
entVersion\Explorer\Browser Helper
Objects\{149256D5-E103-4523-BB43-2CFB066839D6}
[*]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic  es\AdbUpd
[*]HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre  ntVersion\Run “novavapp”
[*]HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre  ntVersion\Run “novavappr”
[/list]48. Spycheck Anti-Spyware 2010

- Giao diện:


Code:
[/b][b]How to remove Spycheck Anti-Spyware 2010  manually:[/b]
Manual removal of Spycheck Anti-Spyware 2010 is a feasible objective if
 you have sufficient expertise in dealing with program files, processes,
  .dll files and registry entries.
 [u]The files to be deleted are  listed below:[/u]
 
[list]
[*]%Documents and Settings%\All Users\Start  Menu\Programs\Spycheck\Spycheck AntiSpyware\NewShortcut1.lnk
[*]%Documents and Settings%\[User Name]\My Documents\Spycheck\Spycheck  AntiSpyware\versiondb.txt
[*]%Documents and Settings%\[User Name]\My Documents\Spycheck\Spycheck  AntiSpyware\spycheck.exe
[*]%Documents and Settings%\[User Name]\My Documents\Spycheck\Spycheck  AntiSpyware\licencia.txt
[*]%Documents and Settings%\[User Name]\My Documents\Spycheck\Spycheck  AntiSpyware\lastscan.txt
[*]%Documents and Settings%\[User Name]\My Documents\Spycheck\Spycheck  AntiSpyware\fasdata8.dat
[*]%Documents and Settings%\[User Name]\My Documents\Spycheck\Spycheck  AntiSpyware\fasdata7.dat
[*]%Documents and Settings%\[User Name]\My Documents\Spycheck\Spycheck  AntiSpyware\fasdata6.dat
[*]%Documents and Settings%\[User Name]\My Documents\Spycheck\Spycheck  AntiSpyware\fasdata5.dat
[*]%Documents and Settings%\[User Name]\My Documents\Spycheck\Spycheck  AntiSpyware\fasdata4.dat
[*]%Documents and Settings%\[User Name]\My Documents\Spycheck\Spycheck  AntiSpyware\fasdata3.dat
[*]%Documents and Settings%\[User Name]\My Documents\Spycheck\Spycheck  AntiSpyware\fasdata2.dat
[*]%Documents and Settings%\[User Name]\My Documents\Spycheck\Spycheck  AntiSpyware\fasdata1.dat
[*]%WINDOWS%\Installer\4ccf8.msi
[*]%WINDOWS%\Installer\{691D8246-53FF-46F9-867B-C6D323F3CB6C}\NewShortcut1_221906E94E934D338020F88  956C574D7.exe
[*]%WINDOWS%\Installer\{691D8246-53FF-46F9-867B-C6D323F3CB6C}\ARPPRODUCTICON.exe
[/list] [u]The registry entries that  need to be removed are as follows:[/u]
 
[list]
[*]HKEY_CLASSES_ROOT\Installer\Products\6428D196FF359  F6468B76C3D323FBCC6
[*]HKEY_CLASSES_ROOT\Installer\Products\6428D196FF359  F6468B76C3D323FBCC6\SourceList
[*]HKEY_CLASSES_ROOT\Installer\Products\6428D196FF359  F6468B76C3D323FBCC6\SourceList\Net
[*]HKEY_CLASSES_ROOT\Installer\Products\6428D196FF359  F6468B76C3D323FBCC6\SourceList\Media
[*]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr  entVersion\Installer\Folders
[*]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr  entVersion\SharedDlls
[*]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr  entVersion\Uninstall\{691D8246-53FF-46F9-867B-C6D323F3CB6C}
[/list]49. [b]PC Defender Antivirus



Code:
[b]How to remove PC Defender Antivirus manually:[/b]
Manual removal of PC Defender Antivirus is a feasible objective if you 
have sufficient expertise in dealing with program files, processes, .dll
  files and registry entries.
 [u]The files to be deleted are listed below:[/u]
 
[list]
[*]%Documents and Settings%\[UserName]\Desktop\Pc Defender Antivirus.lnk
[*]%Documents and Settings%\[UserName]\Start Menu\Programs\Pc Defender Antivirus
[*]%Program Files%\Pc Defender Antivirus
[/list] [u]The registry entries that need to be removed are as follows:[/u]
 
[list]
[*]HKEY_LOCAL_MACHINE\SOFTWARE\Pc Defender Antivirus
[*]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Pc Defender Antivirus”
[/list]50. Earth AV



[/code]How to remove Earth AV manually:
Manual removal of Earth AV is a feasible objective if you have
sufficient expertise in dealing with program files, processes, .dll
files and registry entries.
The files to be deleted are listed below:


  • %Documents and Settings%\All Users\Start Menu\Programs\Earth AV
  • %Documents and Settings%\All Users\Desktop\Earth AV.lnk
  • %Documents and Settings%\All Users\Application Data\Earth AV
The registry entries that need to be removed are as follows:


  • HKEY_CURRENT_USER\Software\Earth AV
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run “Earth AV”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Earth AV[/code]

-------------------------------------- Signature --------------------------------------
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.][You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.][You must be registered and logged in to see this link.]

My Blog: [You must be registered and logged in to see this link.]
avatar
minhnguyenquang75
Super Member
Super Member

Ngày tham gia : 2010-04-22
Tổng số bài gửi : 124
Tiếng vang : 20413
Độ uy tín : 69
Đến từ : Quarantine

View user profile

Back to top Go down

Mặc định Re: Một số Antivirus giả mạo

Post by Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum