Previous Pause Next

24 Kasım 2008

AntivirusTrigger

Gönderen admin zaman: 01:56




Zararlı İsmi : AntivirusTrigger




Hijackthis raporunda görünen girdileri :
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com
O2 - BHO: 512686 helper - {51B15F5A-E98B-4658-B9CB-9307B74773A7} - C:\WINDOWS\system32\512686\512686.dll
O2 - BHO: (no name) - {64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C} - C:\Program Files\WebMediaViewer\hpmun.dll
O2 - BHO: AvirTrWarningBHO Class - {3A267370-076E-4af4-B986-77626B8E89DF} - C:\Program Files\AvirTrsoftware\AvirTrWarning.dll
O3 - Toolbar: Browser Toolbar - {2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E} - C:\Program Files\WebMediaViewer\browseul.dll
O4 - HKCU\..\Run: [AvirTr] "C:\Program Files\AvirTrsoftware\AvirTr.exe"
O4 - HKCU\..\Run: [wblogon] C:\WINDOWS\system32\algg.exe
O4 - HKLM\..\Policies\Explorer\Run: [QuickTime Task] C:\Program Files\WebMediaViewer\qttask.exe
O4 - HKLM\..\Policies\Explorer\Run: [VMware hptray] C:\Program Files\WebMediaViewer\hpmon.exe
O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)
O22 - SharedTaskScheduler: crimsonness - {e0feeb92-908e-46d2-8a66-88c5295f2629 - C:\WINDOWS\system32\tiltmeo.dll




Ek Bilgiler : Rogue Security Program(Sahte Güvenlik Programı)
http://www.virustemizligi.com/2008/07/nedir-rogue-sahte-yazlm.html



Temizlik :


http://www.malwarebytes.org/mbam/program/mbam-setup.exe
veya
http://rapidshare.com/files/156856918/mbam-setup1.30.zip

İlk olarak yukarıdan Malwarebytes'Anti Malware'i indirin.(2 mb)
Programı kurun.



Update bölümünden güncelleyin.



Perform full scan diyip bütün sürücüleri işaretleyip ; taramanın bitmesini bekliyorsunuz.



Tarama bittiğinde show results diyince bulduğu zararlıları görebilirsiniz.



Remove selected deyip ; biraz bekliyorsunuz.

Bilgisayarınızı yeniden başlatın.
Restart sonunda Bulduğu nesneler karantinaya geldi..
Buradakileri de delete all diyerek uçurabilirsiniz.
Başlat > Programlar menüsünde kalan artıkları ( tıklanınca hatalı kısayol uyarısı veren kısayol ve klasörü el ile silin)


 Malwarebytes' Anti-Malware ile temizleyebileceğiniz AntivirusTrigger girdileri

Kayıt Defteri Girdileri:
HKEY_CURRENT_USER\Software\AvirTrsoft
HKEY_CURRENT_USER\Software\AvirTrsoft\Update
HKEY_CLASSES_ROOT\AvirTrWarning.WarningBHO
HKEY_CLASSES_ROOT\AvirTrWarning.WarningBHO.1
HKEY_CLASSES_ROOT\CLSID\{22C447D3-73A8-E1C7-C391-21BE4338CEBC}
HKEY_CLASSES_ROOT\CLSID\{3A267370-076E-4af4-B986-77626B8E89DF}
HKEY_CLASSES_ROOT\Interface\{764BC8B4-1159-4736-8AF1-F124A7C8C3A8}
HKEY_CLASSES_ROOT\Interface\{DF3F06C6-D443-48A8-BDF2-4E31F0554EBF}
HKEY_CLASSES_ROOT\TypeLib\{3ED86073-2FA7-4CF4-810B-28B030671678}
HKEY_LOCAL_MACHINE\SOFTWARE\Licenses
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RFC1156Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AvirTrsoft
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A267370-076E-4af4-B986-77626B8E89DF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AvirTrsoft
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "AvirTr"
HKEY_CLASSES_ROOT\webmedia.chl
HKEY_CLASSES_ROOT\z444.z444mgr
HKEY_CLASSES_ROOT\z444.z444mgr.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3B8FB116-D358-48A3-A5C7-DB84F15CBB04}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{096CBA44-4A4C-49f7-8903-1E75550ABCB7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51B15F5A-E98B-4658-B9CB-9307B74773A7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer add-on
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Online Alert Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "wblogon"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusTriggerBin "(Default)"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler "{e0feeb92-908e-46d2-8a66-88c5295f2629}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run "QuickTime Task"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run "VMware hptray"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser "ITBar7Layout"


Klasörler :
c:\Program Files\AvirTrsoftware
c:\Program Files\WebMediaViewer
 %UserProfile%\Start Menu\Programs\AntivirusTrigger 2.1

Dosyalar :
c:\Program Files\AvirTrsoftware\AvirTr.exe
c:\Program Files\AvirTrsoftware\AvirTrWarning.dll
c:\Program Files\AvirTrsoftware\uninst.exe
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusTrigger 2.1.lnk
%UserProfile%\Desktop\AntivirusTrigger 2.1.lnk
%UserProfile%\Start Menu\AntivirusTrigger 2.1.lnk
%UserProfile%\Start Menu\Programs\AntivirusTrigger 2.1\AntivirusTrigger 2.1.lnk
c:\Program Files\WebMediaViewer\browseu.exe
c:\Program Files\WebMediaViewer\browseul.dll
c:\Program Files\WebMediaViewer\hpmom.exe
c:\Program Files\WebMediaViewer\hpmon.exe
c:\Program Files\WebMediaViewer\hpmun.dll
c:\Program Files\WebMediaViewer\hpmun.exe
c:\Program Files\WebMediaViewer\myd.ico
c:\Program Files\WebMediaViewer\mym.ico
c:\Program Files\WebMediaViewer\myp.ico
c:\Program Files\WebMediaViewer\myv.ico
c:\Program Files\WebMediaViewer\ot.ico
c:\Program Files\WebMediaViewer\qttask.exe
c:\Program Files\WebMediaViewer\qttaskm.exe
c:\Program Files\WebMediaViewer\qttasku.exe
c:\Program Files\WebMediaViewer\ts.ico
c:\WINDOWS\system32\512686
c:\WINDOWS\system32\512686\512686.dll
c:\WINDOWS\system32\algg.exe
c:\WINDOWS\system32\tiltmeo.dll
c:\Documents and Settings\All Users\Desktop\Antivirus Scan.url
c:\Documents and Settings\All Users\Desktop\Online Antispyware Test.url
c:\Documents and Settings\All Users\Start Menu\Antivirus Scan.url
c:\Documents and Settings\All Users\Start Menu\Online Antispyware Test.url
%UserProfile%\Favorites\Antivirus Scan.url
%UserProfile%\My Documents\My Documents.url
%UserProfile%\My Documents\My Music\My Music.url
%UserProfile%\My Documents\My Pictures\My Pictures.url
%UserProfile%\My Documents\My Videos
%UserProfile%\My Documents\My Videos\My Video.url
Buraya E-mail adresinizi girerek;virustemizligi.com'da yayınlanan her konunun mail'inize gelmesini sağlayabilirsiniz.

E-Mail Adresiniz:

Etiketler: , ,

0 yorum:

Yorum Gönder

Konu ile ilgili görüşlerinizi , soru ve sorunlarınızı
buradan bize iletebilir , diğer ziyaretçiler ile de
paylaşabilirsiniz.

Kaydol: Kayıt Yorumları (Atom)