Eylül 2008-Virustemizligi

Eylül 2008 içindeki 26 yayından en yeni 7 tanesi gösteriliyor. Daha eski yayınları göster

29 Eylül 2008

PersonalAntiSpy

Gönderen admin zaman: 06:26

Zararlı İsmi : PersonalAntiSpy

Url :
personalantispy.com

Konum :
C:\Program Files\PersonalAntiSpy Free\pas.exe
C:\Program Files\PersonalAntiSpy Free\upascw.exe
C:\Program Files\Common Files\PersonalAntiSpy\pbm.exe

Hijackthis Raporunda Görünen Girdileri :
O4 - HKLM\..\Run: [PersonalAntiSpy Free] "C:\Program Files\PersonalAntiSpy Free\pas.exe" /min
O4 - HKLM\..\Run: [upascw] C:\Program Files\PersonalAntiSpy Free\upascw.exe -c
O4 - HKLM\..\Run: [PASMonitor] "C:\Program Files\Common Files\PersonalAntiSpy\pbm.exe" dm=http://personalantispy.com;http://load.personalantispy.com ad=http://personalantispy.com;http://load.personalantispy.com sd=http://log.personalantispy.com

Ek Bilgiler : Rogue Security Program(Sahte Güvenlik Programı)
http://www.virustemizligi.com/2008/07/nedir-rogue-sahte-yazlm.html

Temizlik :

http://www.malwarebytes.org/mbam/program/mbam-setup.exe
veya
http://rapidshare.com/files/156856918/mbam-setup1.30.zip

İlk olarak yukarıdan Malwarebytes'Anti Malware'i indirin.(2 mb)
Programı kurun.

Update bölümünden güncelleyin.

Perform full scan diyip bütün sürücüleri işaretleyip ; taramanın bitmesini bekliyorsunuz.

Tarama bittiğinde show results diyince bulduğu zararlıları görebilirsiniz.

Remove selected deyip ; biraz bekliyorsunuz.

Bilgisayarınızı yeniden başlatın.
Restart sonunda Bulduğu nesneler karantinaya geldi..
Buradakileri de delete all diyerek uçurabilirsiniz.
Başlat > Programlar menüsünde kalan artıkları ( tıklanınca hatalı kısayol uyarısı veren kısayol ve klasörü el ile silin)

Malwarebytes' Anti-Malware ile temizleyebileceğiniz PersonalAntiSpy girdileri :

Kayıt Defteri Girdileri:
HKEY_CURRENT_USER\Software\PersonalAntiSpy Free
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ExplorerUPAS
HKEY_CLASSES_ROOT\CLSID\{_CLSID_WAShellExecuteCheck}
HKEY_CLASSES_ROOT\CLSID\{1924FA29-9740-4F6B-A683-90FB42FC1237}
HKEY_CLASSES_ROOT\CLSID\{5CAB6A79-7710-405a-9B08-A13E908534E9}
HKEY_CLASSES_ROOT\CLSID\{ABCD4567-76B5-4bc7-AAC5-396D70925B11}
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\ExplorerUPAS
HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\ExplorerUPAS
HKEY_CLASSES_ROOT\Interface\{4567AB12-A884-4CA6-B739-CEDB12FEF096}
HKEY_CLASSES_ROOT\Interface\{ABCD4567-4D73-43E9-85E5-53A2DBD95411}
HKEY_CLASSES_ROOT\Interface\{ABCD4567-D8E8-4DF1-A3EA-D0AA72F42611}
HKEY_CLASSES_ROOT\TypeLib\{4567AB12-AE24-4FD6-B479-E2B464F32DA6}
HKEY_CLASSES_ROOT\TypeLib\{ABCD4567-7437-43EF-AB74-4AB1D3A37411}
HKEY_CLASSES_ROOT\TypeLib\{C766ED4F-EF37-4C77-8F71-288661A2D513}
HKEY_CLASSES_ROOT\upashellext.ShellHook
HKEY_CLASSES_ROOT\upashellext.ShellHook.1
HKEY_CLASSES_ROOT\upashellext.WASContextMenu
HKEY_CLASSES_ROOT\upashellext.WASContextMenu.1
HKEY_CLASSES_ROOT\uwasfsd.CreationNotifier
HKEY_CLASSES_ROOT\uwasfsd.CreationNotifier.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
PersonalAntiSpy Free_is1
HKEY_LOCAL_MACHINE\SOFTWARE\PersonalAntiSpy Free
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uwasfsd
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uwasfsd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Internet Settings\5.0\User Agent\Post Platform "UPAS 3.2.155.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "PASMonitor"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "PersonalAntiSpy Free"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "upascw"

Klasörler :
c:\END
c:\Program Files\Common Files\PersonalAntiSpy
c:\Program Files\PersonalAntiSpy Free
c:\Documents and Settings\All Users\Application Data\PersonalAntiSpy
c:\Documents and Settings\All Users\Application Data\PersonalAntiSpy\Data
c:\Documents and Settings\All Users\Application Data\PersonalAntiSpy\Data\Abbr
c:\Documents and Settings\All Users\Application Data\PersonalAntiSpy\Data\ProductCode
c:\Documents and Settings\All Users\Application Data\SalesMon
c:\Documents and Settings\All Users\Application Data\SalesMon\Data
c:\Documents and Settings\All Users\Start Menu\Programs\PersonalAntiSpy
C:\Documents and Settings\Kullanıcı Adı\Application Data\\PersonalAntiSpy Free
C:\Documents and Settings\Kullanıcı Adı\Application Data\\PersonalAntiSpy Free\Logs

Dosyalar :
c:\Program Files\Common Files\PersonalAntiSpy\pbm.exe
c:\Program Files\PersonalAntiSpy Free\Activate.dat
c:\Program Files\PersonalAntiSpy Free\AsAgents.dll
c:\Program Files\PersonalAntiSpy Free\AsAgents.xml
c:\Program Files\PersonalAntiSpy Free\atl71.dll
c:\Program Files\PersonalAntiSpy Free\AutoProcess.dat
c:\Program Files\PersonalAntiSpy Free\bnlink.dat
c:\Program Files\PersonalAntiSpy Free\err.log
c:\Program Files\PersonalAntiSpy Free\InstHelp.exe
c:\Program Files\PersonalAntiSpy Free\lapv.dat
c:\Program Files\PersonalAntiSpy Free\license.rtf
c:\Program Files\PersonalAntiSpy Free\mfc71.dll
c:\Program Files\PersonalAntiSpy Free\monstate.dat
c:\Program Files\PersonalAntiSpy Free\msvcp71.dll
c:\Program Files\PersonalAntiSpy Free\msvcr71.dll
c:\Program Files\PersonalAntiSpy Free\pas.exe
c:\Program Files\PersonalAntiSpy Free\pas.ini
c:\Program Files\PersonalAntiSpy Free\pas.xml
c:\Program Files\PersonalAntiSpy Free\pv.dat
c:\Program Files\PersonalAntiSpy Free\readme.rtf
c:\Program Files\PersonalAntiSpy Free\scanlog.xml
c:\Program Files\PersonalAntiSpy Free\shellext.dll
c:\Program Files\PersonalAntiSpy Free\shellext.xml
c:\Program Files\PersonalAntiSpy Free\sr.log
c:\Program Files\PersonalAntiSpy Free\Summary.dat
c:\Program Files\PersonalAntiSpy Free\unins000.dat
c:\Program Files\PersonalAntiSpy Free\unins000.exe
c:\Program Files\PersonalAntiSpy Free\up.dat
c:\Program Files\PersonalAntiSpy Free\upascw.exe
c:\Program Files\PersonalAntiSpy Free\updater.dat
c:\Program Files\PersonalAntiSpy Free\updaterdb.dat
c:\Program Files\PersonalAntiSpy Free\UserAgent.dll
c:\Program Files\PersonalAntiSpy Free\uwasffNT.exe
c:\Program Files\PersonalAntiSpy Free\vbpv.dat
c:\Program Files\PersonalAntiSpy Free\database
c:\Program Files\PersonalAntiSpy Free\database\appupdate.dat
c:\Program Files\PersonalAntiSpy Free\database\dbupdate.dat
c:\Program Files\PersonalAntiSpy Free\database\enemies.dat
c:\Program Files\PersonalAntiSpy Free\database\knownfiles.dat
c:\Program Files\PersonalAntiSpy Free\database\tasks.dat
c:\Program Files\PersonalAntiSpy Free\database\TEBase.dat
c:\Program Files\PersonalAntiSpy Free\database\threatnet.dat
c:\Program Files\PersonalAntiSpy Free\quaratine.dat
c:\Program Files\PersonalAntiSpy Free\quaratine.dat\#post_quarantine
c:\WINDOWS\system32\atl71.dll
c:\WINDOWS\system32\gdiplus.dll
c:\WINDOWS\system32\mfc71.dll
c:\WINDOWS\system32\msvcp71.dll
c:\WINDOWS\system32\drivers\uwasfsd.sys
c:\Documents and Settings\All Users\Start Menu\Programs\PersonalAntiSpy\
PersonalAntiSpy.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\PersonalAntiSpy\
Uninstall PersonalAntiSpy.lnk
C:\Documents and Settings\Kullanıcı Adı\Application Data\\PersonalAntiSpy Free\Logs\
update.log
C:\Documents and Settings\Kullanıcı Adı\Desktop\PersonalAntiSpy.lnk

26 Eylül 2008

Spyware Secure

Gönderen admin zaman: 20:43

Zararlı İsmi : Spyware Secure

Url :
spyware-secure.com

Konum :
C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe
C:\Program Files\Spyware-Secure\sqlite3.dll
C:\Program Files\Spyware-Secure\unrar.dll

Hijackthis Raporunda Görünen Girdileri :
O4 - HKLM\..\Run: [Spyware-Secure] C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe

Ek Bilgiler : Rogue Security Program(Sahte Güvenlik Programı)
http://www.virustemizligi.com/2008/07/nedir-rogue-sahte-yazlm.html

Update bölümünden güncelleyin.

Perform full scan diyip bütün sürücüleri işaretleyip ; taramanın bitmesini bekliyorsunuz.

Tarama bittiğinde show results diyince bulduğu zararlıları görebilirsiniz.

Remove selected deyip ; biraz bekliyorsunuz.

Gelen uyarıya evet diyerek , bilgisayarınızı yeniden başlatın.
Restart sonunda Bulduğu nesneler karantinaya geldi..
Buradakileri de delete all diyerek uçurabilirsiniz.
Başlat > Programlar menüsünde kalan artıkları ( tıklanınca hatalı kısayol uyarısı veren kısayol ve klasörü el ile silin)

Malwarebytes' Anti-Malware ile temizleyebileceğiniz Spyware Secure girdileri :

Kayıt Defteri Girdileri:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
spyware-secure
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Spyware-Secure
HKEY_LOCAL_MACHINE\SOFTWARE\Spyware-Secure
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
spyware-secure

Klasörler :
C:\Program Files\Spyware-Secure
C:\Program Files\Spyware-Secure\help
C:\Program Files\Spyware-Secure\help\help_Trial_EN
C:\Program Files\Spyware-Secure\help\help_Trial_EN\images
C:\Program Files\Spyware-Secure\help\help_Trial_EN\images\EN
C:\Program Files\Spyware-Secure\help\help_Trial_EN\rubs
C:\Program Files\Spyware-Secure\resources

Dosyalar :
C:\Program Files\Spyware-Secure\config.s3db
C:\Program Files\Spyware-Secure\Gfx_en.bin
C:\Program Files\Spyware-Secure\language
C:\Program Files\Spyware-Secure\nbmw
C:\Program Files\Spyware-Secure\quarantine.s3db
C:\Program Files\Spyware-Secure\skin
C:\Program Files\Spyware-Secure\Spyware-Secure.url
C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe
C:\Program Files\Spyware-Secure\sqlite3.dll
C:\Program Files\Spyware-Secure\sws_translations.xml
C:\Program Files\Spyware-Secure\uninst.exe
C:\Program Files\Spyware-Secure\unrar.dll
C:\Program Files\Spyware-Secure\help\help_Trial_EN.zip
C:\Program Files\Spyware-Secure\help\help_Trial_EN\explo_intro.htm
C:\Program Files\Spyware-Secure\help\help_Trial_EN\explo_menu.htm
C:\Program Files\Spyware-Secure\help\help_Trial_EN\file.gif
C:\Program Files\Spyware-Secure\help\help_Trial_EN\fleche.gif
C:\Program Files\Spyware-Secure\help\help_Trial_EN\folder.gif
C:\Program Files\Spyware-Secure\help\help_Trial_EN\folder_f.gif
C:\Program Files\Spyware-Secure\help\help_Trial_EN\folder_o.gif
C:\Program Files\Spyware-Secure\help\help_Trial_EN\index.htm
C:\Program Files\Spyware-Secure\help\help_Trial_EN\menu.gif
C:\Program Files\Spyware-Secure\help\help_Trial_EN\menu3.js
C:\Program Files\Spyware-Secure\help\help_Trial_EN\spy.gif
C:\Program Files\Spyware-Secure\help\help_Trial_EN\trait_coud.gif
C:\Program Files\Spyware-Secure\help\help_Trial_EN\trait_droit.gif
C:\Program Files\Spyware-Secure\help\help_Trial_EN\trait_vert.gif
C:\Program Files\Spyware-Secure\help\help_Trial_EN\images\fleche.gif
C:\Program Files\Spyware-Secure\help\help_Trial_EN\images\folder.gif
C:\Program Files\Spyware-Secure\help\help_Trial_EN\images\key.gif
C:\Program Files\Spyware-Secure\help\help_Trial_EN\images\menu.gif
C:\Program Files\Spyware-Secure\help\help_Trial_EN\images\support.gif
C:\Program Files\Spyware-Secure\help\help_Trial_EN\images\title-hepfile.gif
C:\Program Files\Spyware-Secure\help\help_Trial_EN\images\EN\dowload-file-antispyware.gif
C:\Program Files\Spyware-Secure\help\help_Trial_EN\images\EN\menu.gif
C:\Program Files\Spyware-Secure\help\help_Trial_EN\images\EN\scstep2.gif
C:\Program Files\Spyware-Secure\help\help_Trial_EN\rubs\3differentscan.htm
C:\Program Files\Spyware-Secure\help\help_Trial_EN\rubs\contactus.htm
C:\Program Files\Spyware-Secure\help\help_Trial_EN\rubs\found-objects.htm
C:\Program Files\Spyware-Secure\help\help_Trial_EN\rubs\lexic.htm
C:\Program Files\Spyware-Secure\help\help_Trial_EN\rubs\navigtabs.htm
C:\Program Files\Spyware-Secure\help\help_Trial_EN\rubs\quarantine.htm
C:\Program Files\Spyware-Secure\help\help_Trial_EN\rubs\register.htm
C:\Program Files\Spyware-Secure\resources\cookies_1-12.dat
C:\Program Files\Spyware-Secure\resources\filesDesc_1-12.dat
C:\Program Files\Spyware-Secure\resources\filesDesc_1-12.dic
C:\Program Files\Spyware-Secure\resources\filesExt_1-12.dat
C:\Program Files\Spyware-Secure\resources\filesMulti_1-12.idx
C:\Program Files\Spyware-Secure\resources\filesSimple_1-12.idx
C:\Program Files\Spyware-Secure\resources\malwaresDB_1-12
C:\Program Files\Spyware-Secure\resources\register_1-12.dat
C:\Documents and Settings\Kullanıcı Adı\Desktop\Spyware-Secure trial.lnk

PCCleanPro

Gönderen admin zaman: 13:54

Zararlı İsmi : PCCleanPro

Url :
pc-clean-pro.com

Konum :
C:\Program Files\PC Clean Pro\PC Clean Pro.exe

Ek Bilgiler : Rogue Security Program(Sahte Güvenlik Programı)
http://www.virustemizligi.com/2008/07/nedir-rogue-sahte-yazlm.html

Perform full scan diyip bütün sürücüleri işaretleyip ; taramanın bitmesini bekliyorsunuz.

Tarama bittiğinde show results diyince bulduğu zararlıları görebilirsiniz.

Remove selected deyip ; biraz bekliyorsunuz.

Bilgisayarınızı yeniden başlatın.
Restart sonunda Bulduğu nesneler karantinaya geldi..
Buradakileri de delete all diyerek uçurabilirsiniz.
Başlat > Programlar menüsünde kalan artıkları ( tıklanınca hatalı kısayol uyarısı veren kısayol ve klasörü el ile silin)

Malwarebytes' Anti-Malware ile temizleyebileceğiniz PCCleanPro girdileri :

Kayıt Defteri Girdileri:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
pc clean pro
HKEY_CLASSES_ROOT\CLSID\{dce7b43c-6b53-4124-ba30-d2d2881d9944}
HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\pcprosd.dll
HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\
shellex\ContextMenuHandlers\pcprosd.dll
HKEY_CURRENT_USER\SOFTWARE\PC Clean Pro
HKEY_LOCAL_MACHINE\SOFTWARE\PC Clean Pro
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pc clean pro
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Shell Extensions\Approved\{dce7b43c-6b53-4124-ba30-d2d2881d9944}

Klasörler :
C:\Program Files\PC Clean Pro
C:\Program Files\PC Clean Pro\com
C:\Documents and Settings\Kullanıcı Adı\Application Data\PC Clean Pro

Dosyalar :
C:\Program Files\PC Clean Pro\PC Clean Pro.db
C:\Program Files\PC Clean Pro\PC Clean Pro.exe
C:\Program Files\PC Clean Pro\pccleanpro.pkg
C:\Program Files\PC Clean Pro\program.info
C:\Program Files\PC Clean Pro\Uninstall.exe
C:\Program Files\PC Clean Pro\com\pcprosd.dll
C:\Documents and Settings\Kullanıcı Adı\Application Data\PC Clean Pro\log.dat
C:\Documents and Settings\Kullanıcı Adı\Application Data\PC Clean Pro\settings.dat
C:\Documents and Settings\Kullanıcı Adı\Desktop\PC Clean Pro.lnk

25 Eylül 2008

SystemOptimizer2008

Gönderen admin zaman: 21:46

Zararlı İsmi : SystemOptimizer2008

Url :
systemoptimizer2008.com

Konum :
C:\Program Files\Common Files\SystemOptimizer2008\stmon.exe

Hijackthis raporundan görünen girdiler :
O3 - Toolbar: SystemOptimizer2008 toolbar - {4AD56E6F-7074-41EE-8A40-583C2C76EFCD} - C:\Program Files\SystemOptimizer2008\SCToolbar.dll
O4 - HKLM\..\Run: [cwriter] C:\Program Files\Common Files\SystemOptimizer2008\
cwriter.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\SystemOptimizer2008\
stmon.exe" dm=http://systemoptimizer2008.com ad=http://systemoptimizer2008.com sd=http://logpc.systemoptimizer2008.com/
O4 - HKCU\..\Run: [SystemOptimizer2008] C:\Program Files\SystemOptimizer2008\
main.exe

Ek Bilgiler : Rogue Security Program(Sahte Güvenlik Programı)
http://www.virustemizligi.com/2008/07/nedir-rogue-sahte-yazlm.html

Perform full scan diyip bütün sürücüleri işaretleyip ; taramanın bitmesini bekliyorsunuz.

Tarama bittiğinde show results diyince bulduğu zararlıları görebilirsiniz.

VirusGuardPlus

Gönderen admin zaman: 21:33

Zararlı İsmi : VirusGuardPlus

Url :
virusguardplus.com

Konum :
C:\Program Files\VirusGuardPlus\pgs.exe

Hijackthis raporundan görünen girdiler :
O2 - BHO: CIEIntegrator Object - {5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E} - C:\Program Files\VirusGuardPlus\Tools\pblock.dll
O2 - BHO: IEFW Object - {6F87F145-DC2D-4766-AF03-3A3B96FFAD98} - C:\Program Files\VirusGuardPlus\Tools\sbiebho.dll
O4 - HKLM\..\Run: [VirusGuardPlus] C:\Program Files\VirusGuardPlus\pgs.exe
O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\COMMON~1\VIRUSG~1\ugac.exe" -start
O4 - HKLM\..\Run: [BMN] "C:\Program Files\Common Files\VirusGuardPlus\bm.exe" dm=http://virusguardplus.com ad=http://virusguardplus.com sd=http://ykeeper.virusguardplus.com
O4 - HKLM\..\Run: [ptask] C:\Program Files\VirusGuardPlus\ptask.exe
O4 - HKLM\..\RunOnce: [overinstall] "C:\Program Files\VirusGuardPlus\pgs.exe" /empty

Ek Bilgiler : Rogue Security Program(Sahte Güvenlik Programı)
http://www.virustemizligi.com/2008/07/nedir-rogue-sahte-yazlm.html

Perform full scan diyip bütün sürücüleri işaretleyip ; taramanın bitmesini bekliyorsunuz.

Tarama bittiğinde show results diyince bulduğu zararlıları görebilirsiniz.

Remove selected deyip ; biraz bekliyorsunuz.

Bilgisayarınızı yeniden başlatın.
Restart sonunda Bulduğu nesneler karantinaya geldi..
Buradakileri de delete all diyerek uçurabilirsiniz.

Malwarebytes' Anti-Malware ile temizleyebileceğiniz VirusGuardPlus girdileri :

Kayıt Defteri Girdileri:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
{5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
{6F87F145-DC2D-4766-AF03-3A3B96FFAD98}
HKEY_CURRENT_USER\Software\Opera Software
HKEY_CURRENT_USER\Software\VirusGuardPlus
HKEY_CLASSES_ROOT\AppID\{EA7522F6-87CF-411e-8A55-19EE4344B676}
HKEY_CLASSES_ROOT\AppID\pblock.DLL
HKEY_CLASSES_ROOT\CLSID\{079AA557-4A18-424A-8EEE-E39F0A8D41B9}\TypeLib
HKEY_CLASSES_ROOT\CLSID\{3124C396-FB13-4836-A6AD-1317F1713688}\TypeLib
HKEY_CLASSES_ROOT\CLSID\{3D813DFE-6C91-4A4E-8F41-04346A841D9C}\TypeLib
HKEY_CLASSES_ROOT\CLSID\{3E784A01-F3AE-4DC0-9354-9526B9370EBA}\TypeLib
HKEY_CLASSES_ROOT\CLSID\{4DD441AD-526D-4A77-9F1B-9841ED802FB0}\TypeLib
HKEY_CLASSES_ROOT\CLSID\{5C3F6257-3E00-45c2-88D5-CB0F3A17BF0E}
HKEY_CLASSES_ROOT\CLSID\{6F87F145-DC2D-4766-AF03-3A3B96FFAD98}
HKEY_CLASSES_ROOT\Interface\{2933BF96-7B36-11D2-B20E-00C04F983E60}
HKEY_CLASSES_ROOT\Interface\{2B8DE2FE-8D2D-11d1-B2FC-00C04FD915A9}
HKEY_CLASSES_ROOT\Interface\{3EFAA428-272F-11D2-836F-0000F87A7782}
HKEY_CLASSES_ROOT\Interface\{3EFAA429-272F-11D2-836F-0000F87A7782}
HKEY_CLASSES_ROOT\Interface\{C90352F7-643C-4FBC-BB23-E996EB2D51FD}
HKEY_CLASSES_ROOT\PopupBlocker.IEGPB
HKEY_CLASSES_ROOT\PopupBlocker.IEGPB.1
HKEY_CLASSES_ROOT\SBIEBHO.IEFW
HKEY_CLASSES_ROOT\SBIEBHO.IEFW.2
HKEY_CLASSES_ROOT\TypeLib\{D761645B-6B20-4698-AEE8-729981152A82}
HKEY_CLASSES_ROOT\TypeLib\{EA7522F6-87CF-411E-8A55-19EE4344B676}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Browser Helper Objects\{5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Browser Helper Objects\{6F87F145-DC2D-4766-AF03-3A3B96FFAD98}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
UAVUN_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Products
HKEY_LOCAL_MACHINE\SOFTWARE\ugac
HKEY_LOCAL_MACHINE\SOFTWARE\VirusGuardPlus
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dhlp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dhlp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Internet Settings\5.0\User Agent\Post Platform "UGA6P11 2.2.366.12"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "BMN"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ugac"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "VirusGuardPlus"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce "overinstall"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls "C:\WINDOWS\system32\atl71.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls "C:\WINDOWS\system32\capicom.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls "C:\WINDOWS\system32\mfc71.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls "C:\WINDOWS\system32\msvcp71.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls "C:\WINDOWS\system32\msxml3.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls "C:\WINDOWS\system32\msxml3a.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls "C:\WINDOWS\system32\msxml3r.dll"

Klasörler :
c:\VirusGuardPlus
c:\VirusGuardPlus\AVQuar
d:\VirusGuardPlus
d:\VirusGuardPlus\AVQuar
c:\Program Files\VirusGuardPlus
c:\Program Files\Common Files\VirusGuardPlus
c:\Program Files\VirusGuardPlus\Config
c:\Program Files\VirusGuardPlus\Dat
c:\Program Files\VirusGuardPlus\Engines
c:\Program Files\VirusGuardPlus\Engines\AWBase
c:\Program Files\VirusGuardPlus\Engines\PGBase
c:\Program Files\VirusGuardPlus\Engines\plugins
c:\Program Files\VirusGuardPlus\Graphics
c:\Program Files\VirusGuardPlus\LA
c:\Program Files\VirusGuardPlus\Tools
c:\Program Files\VirusGuardPlus\Up
c:\Documents and Settings\All Users\Application Data\SalesMon
c:\Documents and Settings\All Users\Application Data\SalesMon\Data
c:\Documents and Settings\All Users\Start Menu\Programs\VirusGuardPlus
C:\Documents and Settings\Kullanıcı Adı\Application Data\VirusGuardPlus
C:\Documents and Settings\Kullanıcı Adı\Application Data\VirusGuardPlus\Logs

Dosyalar :
c:\Program Files\Common Files\VirusGuardPlus\bm.exe
c:\Program Files\Common Files\VirusGuardPlus\ugac.exe
c:\Program Files\VirusGuardPlus\Activate.exe
c:\Program Files\VirusGuardPlus\al.dat
c:\Program Files\VirusGuardPlus\dhlp.dll
c:\Program Files\VirusGuardPlus\FWSettings.bin
c:\Program Files\VirusGuardPlus\history.db
c:\Program Files\VirusGuardPlus\main.log
c:\Program Files\VirusGuardPlus\pgs.exe
c:\Program Files\VirusGuardPlus\ptask.exe
c:\Program Files\VirusGuardPlus\reload.exe
c:\Program Files\VirusGuardPlus\ResErrors.log
c:\Program Files\VirusGuardPlus\scnkrnl.dll
c:\Program Files\VirusGuardPlus\settings.ini
c:\Program Files\VirusGuardPlus\sqlite3.dll
c:\Program Files\VirusGuardPlus\unins000.dat
c:\Program Files\VirusGuardPlus\unins000.exe
c:\Program Files\VirusGuardPlus\Config\pgs.xml
c:\Program Files\VirusGuardPlus\Dat\Activate.dat
c:\Program Files\VirusGuardPlus\Dat\BkSites.dat
c:\Program Files\VirusGuardPlus\Dat\bnlink.dat
c:\Program Files\VirusGuardPlus\Dat\cd.dat
c:\Program Files\VirusGuardPlus\Dat\incmp.dat
c:\Program Files\VirusGuardPlus\Dat\index.dat
c:\Program Files\VirusGuardPlus\Dat\pv.dat
c:\Program Files\VirusGuardPlus\Engines\AWBase\vbpv.dat
c:\Program Files\VirusGuardPlus\Engines\AWBase\database
c:\Program Files\VirusGuardPlus\Engines\AWBase\database\enemies.dat
c:\Program Files\VirusGuardPlus\Engines\PGBase\vbpv.dat
c:\Program Files\VirusGuardPlus\Engines\plugins\BORLNDMM.DLL
c:\Program Files\VirusGuardPlus\Engines\plugins\SCANADWR.DLL
c:\Program Files\VirusGuardPlus\Engines\plugins\SCANBCDR.DLL
c:\Program Files\VirusGuardPlus\Engines\plugins\SCANDLDR.DLL
c:\Program Files\VirusGuardPlus\Engines\plugins\SCANDOS1.DLL
c:\Program Files\VirusGuardPlus\Engines\plugins\SCANEMUL.DLL
c:\Program Files\VirusGuardPlus\Engines\plugins\SCANFUNC.DLL
c:\Program Files\VirusGuardPlus\Engines\plugins\SCANKRNL.DLL
c:\Program Files\VirusGuardPlus\Engines\plugins\SCANMCR1.DLL
c:\Program Files\VirusGuardPlus\Engines\plugins\SCANOTHR.DLL
c:\Program Files\VirusGuardPlus\Engines\plugins\SCANSCR.DLL
c:\Program Files\VirusGuardPlus\Engines\plugins\SCANTOOL.DLL
c:\Program Files\VirusGuardPlus\Engines\plugins\SCANTROJ.DLL
c:\Program Files\VirusGuardPlus\Engines\plugins\SCANWIN1.DLL
c:\Program Files\VirusGuardPlus\Engines\plugins\UNACPU.DLL
c:\Program Files\VirusGuardPlus\Engines\plugins\UNADBX.DLL
c:\Program Files\VirusGuardPlus\Engines\plugins\unamscan.dll
c:\Program Files\VirusGuardPlus\Engines\plugins\UNMIME.DLL
c:\Program Files\VirusGuardPlus\Engines\plugins\UNPACK.DLL
c:\Program Files\VirusGuardPlus\Engines\plugins\UNPACKS.DLL
c:\Program Files\VirusGuardPlus\Engines\plugins\UNPACKS2.DLL
c:\Program Files\VirusGuardPlus\Engines\plugins\UNPEPACK.DLL
c:\Program Files\VirusGuardPlus\Engines\plugins\vbpv.dat
c:\Program Files\VirusGuardPlus\Engines\plugins\UpDate
c:\Program Files\VirusGuardPlus\Engines\plugins\UpDate\UA27601.DLL
c:\Program Files\VirusGuardPlus\Engines\plugins\UpDate\UA27602.DLL
c:\Program Files\VirusGuardPlus\Engines\plugins\UpDate\UA27603.DLL
c:\Program Files\VirusGuardPlus\Engines\plugins\UpDate\UA27604.DLL
c:\Program Files\VirusGuardPlus\Engines\plugins\UpDate\UADAILY.DLL
c:\Program Files\VirusGuardPlus\Graphics\cross.gif
c:\Program Files\VirusGuardPlus\Graphics\ga6p.gif
c:\Program Files\VirusGuardPlus\Graphics\kb.url
c:\Program Files\VirusGuardPlus\Graphics\main.ico
c:\Program Files\VirusGuardPlus\Graphics\mini.ico
c:\Program Files\VirusGuardPlus\Graphics\Online.url
c:\Program Files\VirusGuardPlus\Graphics\support.ico
c:\Program Files\VirusGuardPlus\Graphics\Support.url
c:\Program Files\VirusGuardPlus\Graphics\uninstall.ico
c:\Program Files\VirusGuardPlus\LA\lapv.dat
c:\Program Files\VirusGuardPlus\LA\License.rtf
c:\Program Files\VirusGuardPlus\Tools\pblock.dll
c:\Program Files\VirusGuardPlus\Tools\sbiebho.dll
c:\Program Files\VirusGuardPlus\Up\ASupdater.dat
c:\Program Files\VirusGuardPlus\Up\gup.exe
c:\Program Files\VirusGuardPlus\Up\PGupdater.dat
c:\Program Files\VirusGuardPlus\Up\UBupdater.dat
c:\Program Files\VirusGuardPlus\Up\up.dat
c:\Program Files\VirusGuardPlus\Up\updater.dat
c:\WINDOWS\system32\atl71.dll
c:\WINDOWS\system32\capicom.dll
c:\WINDOWS\system32\mfc71.dll
c:\WINDOWS\system32\msvcp71.dll
c:\WINDOWS\system32\msxml3a.dll
c:\WINDOWS\system32\drivers\dhlp.sys
c:\Documents and Settings\All Users\Desktop\VirusGuardPlus.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\VirusGuardPlus\
Contact Customer Support.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\VirusGuardPlus\
Uninstall VirusGuardPlus.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\VirusGuardPlus\
VirusGuardPlus.lnk
C:\Documents and Settings\Kullanıcı Adı\Application Data\VirusGuardPlus\Logs\threats.log

VirtualPCGuard

Gönderen admin zaman: 21:12

Zararlı İsmi : VirtualPCGuard

Url :
virtualpcguard.com

Konum :
C:\Program Files\VirtualPCGuard\pgs.exe

Hijackthis raporundan görünen girdiler :
O2 - BHO: CIEIntegrator Object - {5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E} - C:\Program Files\VirtualPCGuard\Tools\pblock.dll
O2 - BHO: IEFW Object - {6F87F145-DC2D-4766-AF03-3A3B96FFAD98} - C:\Program Files\VirtualPCGuard\Tools\sbiebho.dll
O4 - HKLM\..\Run: [VirtualPCGuard] C:\Program Files\VirtualPCGuard\pgs.exe
O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\COMMON~1\VIRTUA~1\ugac.exe" -start
O4 - HKLM\..\Run: [BMN] "C:\Program Files\Common Files\VirtualPCGuard\bm.exe" dm=http://virtualpcguard.com ad=http://virtualpcguard.com sd=http://ykeeper.virtualpcguard.com
O4 - HKLM\..\Run: [ptask] C:\Program Files\VirtualPCGuard\ptask.exe
O4 - HKLM\..\RunOnce: [overinstall] "C:\Program Files\VirtualPCGuard\pgs.exe" /empty

Ek Bilgiler : Rogue Security Program(Sahte Güvenlik Programı)
http://www.virustemizligi.com/2008/07/nedir-rogue-sahte-yazlm.html

Perform full scan diyip bütün sürücüleri işaretleyip ; taramanın bitmesini bekliyorsunuz.

Tarama bittiğinde show results diyince bulduğu zararlıları görebilirsiniz.

Remove selected deyip ; biraz bekliyorsunuz.

Bilgisayarınızı yeniden başlatın.
Restart sonunda Bulduğu nesneler karantinaya geldi..
Buradakileri de delete all diyerek uçurabilirsiniz.

Malwarebytes' Anti-Malware ile temizleyebileceğiniz VirtualPCGuard girdileri :

Kayıt Defteri Girdileri:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
{5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
{6F87F145-DC2D-4766-AF03-3A3B96FFAD98}
HKEY_CURRENT_USER\Software\Opera Software
HKEY_CURRENT_USER\Software\VirtualPCGuard
HKEY_CURRENT_USER\Software\VirtualPCGuard\Settings
HKEY_CLASSES_ROOT\AppID\{EA7522F6-87CF-411e-8A55-19EE4344B676}
HKEY_CLASSES_ROOT\AppID\pblock.DLL
HKEY_CLASSES_ROOT\CLSID\{079AA557-4A18-424A-8EEE-E39F0A8D41B9}\TypeLib
HKEY_CLASSES_ROOT\CLSID\{3124C396-FB13-4836-A6AD-1317F1713688}\TypeLib
HKEY_CLASSES_ROOT\CLSID\{3D813DFE-6C91-4A4E-8F41-04346A841D9C}\TypeLib
HKEY_CLASSES_ROOT\CLSID\{3E784A01-F3AE-4DC0-9354-9526B9370EBA}\TypeLib
HKEY_CLASSES_ROOT\CLSID\{4DD441AD-526D-4A77-9F1B-9841ED802FB0}\TypeLib
HKEY_CLASSES_ROOT\CLSID\{FC220AD8-A72A-4EE8-926E-0B7AD152A020}\TypeLib
HKEY_CLASSES_ROOT\CLSID\{5C3F6257-3E00-45c2-88D5-CB0F3A17BF0E}
HKEY_CLASSES_ROOT\CLSID\{6F87F145-DC2D-4766-AF03-3A3B96FFAD98}
HKEY_CLASSES_ROOT\Interface\{2933BF96-7B36-11D2-B20E-00C04F983E60}
HKEY_CLASSES_ROOT\Interface\{2B8DE2FE-8D2D-11d1-B2FC-00C04FD915A9}
HKEY_CLASSES_ROOT\Interface\{3EFAA428-272F-11D2-836F-0000F87A7782}
HKEY_CLASSES_ROOT\Interface\{3EFAA429-272F-11D2-836F-0000F87A7782}
HKEY_CLASSES_ROOT\Interface\{C90352F7-643C-4FBC-BB23-E996EB2D51FD}
HKEY_CLASSES_ROOT\PopupBlocker.IEGPB
HKEY_CLASSES_ROOT\PopupBlocker.IEGPB.1
HKEY_CLASSES_ROOT\SBIEBHO.IEFW
HKEY_CLASSES_ROOT\SBIEBHO.IEFW.2
HKEY_CLASSES_ROOT\TypeLib\{D761645B-6B20-4698-AEE8-729981152A82}
HKEY_CLASSES_ROOT\TypeLib\{EA7522F6-87CF-411E-8A55-19EE4344B676}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Browser Helper Objects\{5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Browser Helper Objects\{6F87F145-DC2D-4766-AF03-3A3B96FFAD98}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
UAVUN_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Products
HKEY_LOCAL_MACHINE\SOFTWARE\ugac
HKEY_LOCAL_MACHINE\SOFTWARE\VirtualPCGuard
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dhlp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dhlp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Internet Settings\5.0\User Agent\Post Platform "UGA6P11 2.2.366.12"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "BMN"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ptask"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ugac"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "VirtualPCGuard"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce "overinstall"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls "C:\WINDOWS\system32\atl71.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls "C:\WINDOWS\system32\capicom.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls "C:\WINDOWS\system32\mfc71.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls "C:\WINDOWS\system32\msvcp71.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls "C:\WINDOWS\system32\msxml3.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls "C:\WINDOWS\system32\msxml3a.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls "C:\WINDOWS\system32\msxml3r.dll"

Klasörler :
C:\VirtualPCGuard
C:\VirtualPCGuard\AVQuar
D:\VirtualPCGuard
D:\VirtualPCGuard\AVQuar
c:\Program Files\Common Files\VirtualPCGuard
c:\Program Files\VirtualPCGuard
c:\Program Files\VirtualPCGuard\Config
c:\Program Files\VirtualPCGuard\Dat
c:\Program Files\VirtualPCGuard\Engines
c:\Program Files\VirtualPCGuard\Engines\AWBase
c:\Program Files\VirtualPCGuard\Engines\PGBase
c:\Program Files\VirtualPCGuard\Engines\plugins
c:\Program Files\VirtualPCGuard\Graphics
c:\Program Files\VirtualPCGuard\LA
c:\Program Files\VirtualPCGuard\Tools
c:\Program Files\VirtualPCGuard\Up
c:\Program Files\VirtualPCGuard\Up\Download
c:\Documents and Settings\All Users\Start Menu\Programs\VirtualPCGuard
c:\Documents and Settings\All Users\Application Data\SalesMon
c:\Documents and Settings\All Users\Application Data\SalesMon\Data
C:\Documents and Settings\Kullanıcı Adı\Application Data\Application Data\VirtualPCGuard
C:\Documents and Settings\Kullanıcı Adı\Application Data\Application Data\
VirtualPCGuard\Logs

Dosyalar :
c:\Program Files\Common Files\VirtualPCGuard\bm.exe
c:\Program Files\Common Files\VirtualPCGuard\ugac.exe
c:\Program Files\VirtualPCGuard\Activate.exe
c:\Program Files\VirtualPCGuard\al.dat
c:\Program Files\VirtualPCGuard\dhlp.dll
c:\Program Files\VirtualPCGuard\FWSettings.bin
c:\Program Files\VirtualPCGuard\history.db
c:\Program Files\VirtualPCGuard\main.log
c:\Program Files\VirtualPCGuard\pgs.exe
c:\Program Files\VirtualPCGuard\ptask.exe
c:\Program Files\VirtualPCGuard\reload.exe
c:\Program Files\VirtualPCGuard\ResErrors.log
c:\Program Files\VirtualPCGuard\scnkrnl.dll
c:\Program Files\VirtualPCGuard\settings.ini
c:\Program Files\VirtualPCGuard\sqlite3.dll
c:\Program Files\VirtualPCGuard\sr.log
c:\Program Files\VirtualPCGuard\unins000.dat
c:\Program Files\VirtualPCGuard\unins000.exe
c:\Program Files\VirtualPCGuard\Config\pgs.xml
c:\Program Files\VirtualPCGuard\Dat\Activate.dat
c:\Program Files\VirtualPCGuard\Dat\BkSites.dat
c:\Program Files\VirtualPCGuard\Dat\bnlink.dat
c:\Program Files\VirtualPCGuard\Dat\cd.dat
c:\Program Files\VirtualPCGuard\Dat\incmp.dat
c:\Program Files\VirtualPCGuard\Dat\index.dat
c:\Program Files\VirtualPCGuard\Dat\pv.dat
c:\Program Files\VirtualPCGuard\Engines\AWBase\vbpv.dat
c:\Program Files\VirtualPCGuard\Engines\AWBase\database
c:\Program Files\VirtualPCGuard\Engines\AWBase\database\enemies.dat
c:\Program Files\VirtualPCGuard\Engines\PGBase\vbpv.dat
c:\Program Files\VirtualPCGuard\Engines\plugins\BORLNDMM.DLL
c:\Program Files\VirtualPCGuard\Engines\plugins\SCANADWR.DLL
c:\Program Files\VirtualPCGuard\Engines\plugins\SCANBCDR.DLL
c:\Program Files\VirtualPCGuard\Engines\plugins\SCANDLDR.DLL
c:\Program Files\VirtualPCGuard\Engines\plugins\SCANDOS1.DLL
c:\Program Files\VirtualPCGuard\Engines\plugins\SCANEMUL.DLL
c:\Program Files\VirtualPCGuard\Engines\plugins\SCANFUNC.DLL
c:\Program Files\VirtualPCGuard\Engines\plugins\SCANKRNL.DLL
c:\Program Files\VirtualPCGuard\Engines\plugins\SCANMCR1.DLL
c:\Program Files\VirtualPCGuard\Engines\plugins\SCANOTHR.DLL
c:\Program Files\VirtualPCGuard\Engines\plugins\SCANSCR.DLL
c:\Program Files\VirtualPCGuard\Engines\plugins\SCANTOOL.DLL
c:\Program Files\VirtualPCGuard\Engines\plugins\SCANTROJ.DLL
c:\Program Files\VirtualPCGuard\Engines\plugins\SCANWIN1.DLL
c:\Program Files\VirtualPCGuard\Engines\plugins\UNACPU.DLL
c:\Program Files\VirtualPCGuard\Engines\plugins\UNADBX.DLL
c:\Program Files\VirtualPCGuard\Engines\plugins\unamscan.dll
c:\Program Files\VirtualPCGuard\Engines\plugins\UNMIME.DLL
c:\Program Files\VirtualPCGuard\Engines\plugins\UNPACK.DLL
c:\Program Files\VirtualPCGuard\Engines\plugins\UNPACKS.DLL
c:\Program Files\VirtualPCGuard\Engines\plugins\UNPACKS2.DLL
c:\Program Files\VirtualPCGuard\Engines\plugins\UNPEPACK.DLL
c:\Program Files\VirtualPCGuard\Engines\plugins\vbpv.dat
c:\Program Files\VirtualPCGuard\Engines\plugins\UpDate
c:\Program Files\VirtualPCGuard\Engines\plugins\UpDate\UA27601.DLL
c:\Program Files\VirtualPCGuard\Engines\plugins\UpDate\UA27602.DLL
c:\Program Files\VirtualPCGuard\Engines\plugins\UpDate\UA27603.DLL
c:\Program Files\VirtualPCGuard\Engines\plugins\UpDate\UA27604.DLL
c:\Program Files\VirtualPCGuard\Engines\plugins\UpDate\UADAILY.DLL
c:\Program Files\VirtualPCGuard\Graphics\cross.gif
c:\Program Files\VirtualPCGuard\Graphics\ga6p.gif
c:\Program Files\VirtualPCGuard\Graphics\kb.url
c:\Program Files\VirtualPCGuard\Graphics\main.ico
c:\Program Files\VirtualPCGuard\Graphics\mini.ico
c:\Program Files\VirtualPCGuard\Graphics\Online.url
c:\Program Files\VirtualPCGuard\Graphics\support.ico
c:\Program Files\VirtualPCGuard\Graphics\Support.url
c:\Program Files\VirtualPCGuard\Graphics\uninstall.ico
c:\Program Files\VirtualPCGuard\LA\lapv.dat
c:\Program Files\VirtualPCGuard\LA\License.rtf
c:\Program Files\VirtualPCGuard\Tools\pblock.dll
c:\Program Files\VirtualPCGuard\Tools\sbiebho.dll
c:\Program Files\VirtualPCGuard\Up\ASupdater.dat
c:\Program Files\VirtualPCGuard\Up\gup.exe
c:\Program Files\VirtualPCGuard\Up\PGupdater.dat
c:\Program Files\VirtualPCGuard\Up\UBupdater.dat
c:\Program Files\VirtualPCGuard\Up\up.dat
c:\Program Files\VirtualPCGuard\Up\updater.dat
c:\WINDOWS\system32\atl71.dll
c:\WINDOWS\system32\capicom.dll
c:\WINDOWS\system32\mfc71.dll
c:\WINDOWS\system32\msvcp71.dll
c:\WINDOWS\system32\msxml3a.dll
c:\WINDOWS\system32\drivers\dhlp.sys
c:\Documents and Settings\All Users\Desktop\VirtualPCGuard.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\VirtualPCGuard\
Contact Customer Support.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\VirtualPCGuard\
Uninstall VirtualPCGuard.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\VirtualPCGuard\
VirtualPCGuard.lnk
C:\Documents and Settings\Kullanıcı Adı\Application Data\Application Data\VirtualPCGuard\
Logs\threats.log
C:\Documents and Settings\Kullanıcı Adı\Application Data\Application Data\VirtualPCGuard\
Logs\update.log

20 Eylül 2008

AntiMalware 2009

Gönderen admin zaman: 08:10

Zararlı İsmi : AntiMalware 2009

Url :
antimalware2009.com

Konum :
C:\Program Files\thcp5aj0e3dr\thcp5aj0e3dr.exe
C:\WINDOWS\system32\pphcg5aj0e3dr.exe
C:\Program Files\thcp5aj0e3dr\MFC71.dll
C:\Program Files\thcp5aj0e3dr\msvcp71.dll
C:\Program Files\thcp5aj0e3dr\msvcr71.dll

Hijackthis raporundan görünen girdiler :
O4 - HKLM\..\Run: [SMthcrkrj0etfg] C:\Program Files\thcrkrj0etfg\thcrkrj0etfg.exe

Ek Bilgiler : Rogue Security Program(Sahte Güvenlik Programı)
http://www.virustemizligi.com/2008/07/nedir-rogue-sahte-yazlm.html

Perform full scan diyip bütün sürücüleri işaretleyip ; taramanın bitmesini bekliyorsunuz.

Tarama bittiğinde show results diyince bulduğu zararlıları görebilirsiniz.

Remove selected deyip ; biraz bekliyorsunuz.

Gelen uyarıya evet diyerek , Bilgisayarınızı yeniden başlatın.
Restart sonunda Bulduğu nesneler karantinaya geldi..
Buradakileri de delete all diyerek uçurabilirsiniz.
Başlat > Programlar menüsünde kalan artıkları ( tıklanınca hatalı kısayol uyarısı veren kısayol ve klasörü el ile silin)

Malwarebytes' Anti-Malware ile temizleyebileceğiniz AntiMalware 2009 girdileri :

Kayıt Defteri Girdileri:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
thcp5aj0e3dr
HKEY_LOCAL_MACHINE\SOFTWARE\thcp5aj0e3dr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
smthcp5aj0e3dr

Klasörler :
C:\Program Files\thcp5aj0e3dr
C:\Documents and Settings\Kullanıcı Adı\Application Data\thcp5aj0e3dr
C:\Documents and Settings\Kullanıcı Adı\Application Data\thcp5aj0e3dr\Quarantine
C:\Documents and Settings\Kullanıcı Adı\Application Data\thcp5aj0e3dr\Quarantine\
Autorun
C:\Documents and Settings\Kullanıcı Adı\Application Data\thcp5aj0e3dr\Quarantine\
Autorun\HKCU
C:\Documents and Settings\Kullanıcı Adı\Application Data\thcp5aj0e3dr\Quarantine\
Autorun\HKCU\RunOnce
C:\Documents and Settings\Kullanıcı Adı\Application Data\thcp5aj0e3dr\Quarantine\
Autorun\HKLM
C:\Documents and Settings\Kullanıcı Adı\Application Data\thcp5aj0e3dr\Quarantine\Autorun\
HKLM\RunOnce
C:\Documents and Settings\Kullanıcı Adı\Application Data\thcp5aj0e3dr\Quarantine\Autorun\
StartMenuAllUsers
C:\Documents and Settings\Kullanıcı Adı\Application Data\thcp5aj0e3dr\Quarantine\Autorun\
StartMenuCurrentUser
C:\Documents and Settings\Kullanıcı Adı\Application Data\thcp5aj0e3dr\Quarantine\
BrowserObjects
C:\Documents and Settings\Kullanıcı Adı\Application Data\thcp5aj0e3dr\Quarantine\Packages

Dosyalar :
C:\Program Files\thcp5aj0e3dr\database.dat
C:\Program Files\thcp5aj0e3dr\license.txt
C:\Program Files\thcp5aj0e3dr\MFC71.dll
C:\Program Files\thcp5aj0e3dr\MFC71ENU.DLL
C:\Program Files\thcp5aj0e3dr\msvcp71.dll
C:\Program Files\thcp5aj0e3dr\msvcr71.dll
C:\Program Files\thcp5aj0e3dr\thcp5aj0e3dr.exe
C:\Program Files\thcp5aj0e3dr\thcp5aj0e3dr.exe.local
C:\Program Files\thcp5aj0e3dr\uninstall.exe
C:\Documents and Settings\All Users\Desktop\AntiMalware2009.lnk
C:\Documents and Settings\Kullanıcı Adı\Application Data\Microsoft\Internet Explorer\
Quick Launch\AntiMalware2009.lnk
C:\WINDOWS\system32\pphcg5aj0e3dr.exe

Virustemizligi

29 Eylül 2008

PersonalAntiSpy

26 Eylül 2008

Spyware Secure

PCCleanPro

25 Eylül 2008

SystemOptimizer2008

VirusGuardPlus

VirtualPCGuard

20 Eylül 2008

AntiMalware 2009

Arama

Son Konular

Son Yorumlar

Abonelik