Extra Antivir 2.8

Zararlı İsmi : Extra Antivir 2.8



Hijackthis raporunda görünen girdileri :

	Ek Bilgiler : Rogue Security Program(Sahte Güvenlik Programı) http://www.virustemizligi.com/2008/07/nedir-rogue-sahte-yazlm.html

Temizlik :


http://www.malwarebytes.org/mbam/program/mbam-setup.exe
veya
http://rapidshare.com/files/156856918/mbam-setup1.30.zip

İlk olarak yukarıdan Malwarebytes'Anti Malware'i indirin.(2 mb)
Programı kurun.



Update bölümünden güncelleyin.



Perform full scan diyip bütün sürücüleri işaretleyip ; taramanın bitmesini bekliyorsunuz.



Tarama bittiğinde show results diyince bulduğu zararlıları görebilirsiniz.




Remove selected deyip ; biraz bekliyorsunuz.

Bilgisayarınızı yeniden başlatın.
Restart sonunda Bulduğu nesneler karantinaya geldi..
Buradakileri de delete all diyerek uçurabilirsiniz.
Başlat > Programlar menüsünde kalan artıkları ( tıklanınca hatalı kısayol uyarısı veren kısayol ve klasörü el ile silin)


Malwarebytes' Anti-Malware ile temizleyebileceğiniz Extra Antivir 2.8 girdileri

Kayıt Defteri Girdileri:
HKEY_CURRENT_USER\Software\Extra Antivir

Klasörler :
%UserProfile%\Application Data\Extra Antivir

Dosyalar :
%UserProfile%\Application Data\install_511_MHwzNnwxMDAwMDAwMDAwfHx8fHx8fHw_
%UserProfile%\Application Data\Extra Antivir\Extra Antivir.ini
%UserProfile%\Application Data\install_511_MHwzNnwxMDAwMDAwMDAwfHx8fHx8fHw_\base.dat
%UserProfile%\Application Data\install_511_MHwzNnwxMDAwMDAwMDAwfHx8fHx8fHw_\base2.dat
%UserProfile%\Application Data\install_511_MHwzNnwxMDAwMDAwMDAwfHx8fHx8fHw_\Desc.dat
%UserProfile%\Application Data\install_511_MHwzNnwxMDAwMDAwMDAwfHx8fHx8fHw_\spline.dat

Winweb Security

Zararlı İsmi : Winweb Security



Hijackthis raporunda görünen girdileri :
O2 - BHO: BHOws Object - {D5DF7C9D-6069-4552-8B0C-D02A912FC889} - ws.dll (file missing)
O4 - HKLM\..\Run: [WinwebSecurity] "C:\Documents and Settings\All Users\Application Data\WinwebSecurity\WinwebSecurity.exe"

	Ek Bilgiler : Rogue Security Program(Sahte Güvenlik Programı) http://www.virustemizligi.com/2008/07/nedir-rogue-sahte-yazlm.html

Temizlik :


http://www.malwarebytes.org/mbam/program/mbam-setup.exe
veya
http://rapidshare.com/files/156856918/mbam-setup1.30.zip

İlk olarak yukarıdan Malwarebytes'Anti Malware'i indirin.(2 mb)
Programı kurun.



Update bölümünden güncelleyin.



Perform full scan diyip bütün sürücüleri işaretleyip ; taramanın bitmesini bekliyorsunuz.



Tarama bittiğinde show results diyince bulduğu zararlıları görebilirsiniz.




Remove selected deyip ; biraz bekliyorsunuz.

Bilgisayarınızı yeniden başlatın.
Restart sonunda Bulduğu nesneler karantinaya geldi..
Buradakileri de delete all diyerek uçurabilirsiniz.
Başlat > Programlar menüsünde kalan artıkları ( tıklanınca hatalı kısayol uyarısı veren kısayol ve klasörü el ile silin)


Malwarebytes' Anti-Malware ile temizleyebileceğiniz Winweb Security girdileri

Kayıt Defteri Girdileri:
HKEY_CLASSES_ROOT\CLSID\{D5DF7C9D-6069-4552-8B0C-D02A912FC889}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Browser Helper Objects\{D5DF7C9D-6069-4552-8B0C-D02A912FC889}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "WinwebSecurity"

Klasörler :
c:\Documents and Settings\All Users\Application Data\WinwebSecurity
c:\Documents and Settings\All Users\Application Data\WinwebSecurity\Languages

Dosyalar :
c:\Documents and Settings\All Users\Application Data\WinwebSecurity\config.udb
c:\Documents and Settings\All Users\Application Data\WinwebSecurity\init.udb
c:\Documents and Settings\All Users\Application Data\WinwebSecurity\WinwebSecurity.exe
c:\Documents and Settings\All Users\Application Data\WinwebSecurity\Languages\English.lng

AntiSpywareGuard

Zararlı İsmi : AntiSpywareGuard



Hijackthis raporunda görünen girdileri :
O4 - HKLM\..\Run: [AntiSpywareGuard] C:\Program Files\AntiSpywareGuard\asg.exe

	Ek Bilgiler : Rogue Security Program(Sahte Güvenlik Programı) http://www.virustemizligi.com/2008/07/nedir-rogue-sahte-yazlm.html

Temizlik :


http://www.malwarebytes.org/mbam/program/mbam-setup.exe
veya
http://rapidshare.com/files/156856918/mbam-setup1.30.zip

İlk olarak yukarıdan Malwarebytes'Anti Malware'i indirin.(2 mb)
Programı kurun.



Update bölümünden güncelleyin.



Perform full scan diyip bütün sürücüleri işaretleyip ; taramanın bitmesini bekliyorsunuz.



Tarama bittiğinde show results diyince bulduğu zararlıları görebilirsiniz.




Remove selected deyip ; biraz bekliyorsunuz.

Bilgisayarınızı yeniden başlatın.
Restart sonunda Bulduğu nesneler karantinaya geldi..
Buradakileri de delete all diyerek uçurabilirsiniz.
Başlat > Programlar menüsünde kalan artıkları ( tıklanınca hatalı kısayol uyarısı veren kısayol ve klasörü el ile silin)


Malwarebytes' Anti-Malware ile temizleyebileceğiniz AntiSpywareGuard girdileri

Kayıt Defteri Girdileri:
HKEY_CURRENT_USER\Software\AntiSpywareGuard
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
AntiSpywareGuard
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "3P_UASG 1.0.6.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "AntiSpywareGuard"

Klasörler :
c:\Program Files\AntiSpywareGuard
c:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareGuard

Dosyalar :

c:\Program Files\AntiSpywareGuard\asg.exe
c:\Program Files\AntiSpywareGuard\asg.ini
c:\Program Files\AntiSpywareGuard\BL.dat
c:\Program Files\AntiSpywareGuard\PP.exe
c:\Program Files\AntiSpywareGuard\WL.dat
c:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareGuard\
AntiSpywareGuard.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareGuard\
Uninstall AntiSpywareGuard.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\
Quick Launch\AntiSpywareGuard.lnk
%UserProfile%\Desktop\AntiSpywareGuard.lnk

AntivirusTrigger

Zararlı İsmi : AntivirusTrigger




Hijackthis raporunda görünen girdileri :
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com
O2 - BHO: 512686 helper - {51B15F5A-E98B-4658-B9CB-9307B74773A7} - C:\WINDOWS\system32\512686\512686.dll
O2 - BHO: (no name) - {64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C} - C:\Program Files\WebMediaViewer\hpmun.dll
O2 - BHO: AvirTrWarningBHO Class - {3A267370-076E-4af4-B986-77626B8E89DF} - C:\Program Files\AvirTrsoftware\AvirTrWarning.dll
O3 - Toolbar: Browser Toolbar - {2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E} - C:\Program Files\WebMediaViewer\browseul.dll
O4 - HKCU\..\Run: [AvirTr] "C:\Program Files\AvirTrsoftware\AvirTr.exe"
O4 - HKCU\..\Run: [wblogon] C:\WINDOWS\system32\algg.exe
O4 - HKLM\..\Policies\Explorer\Run: [QuickTime Task] C:\Program Files\WebMediaViewer\qttask.exe
O4 - HKLM\..\Policies\Explorer\Run: [VMware hptray] C:\Program Files\WebMediaViewer\hpmon.exe
O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)
O22 - SharedTaskScheduler: crimsonness - {e0feeb92-908e-46d2-8a66-88c5295f2629 - C:\WINDOWS\system32\tiltmeo.dll

	Ek Bilgiler : Rogue Security Program(Sahte Güvenlik Programı) http://www.virustemizligi.com/2008/07/nedir-rogue-sahte-yazlm.html

Temizlik :


http://www.malwarebytes.org/mbam/program/mbam-setup.exe
veya
http://rapidshare.com/files/156856918/mbam-setup1.30.zip

İlk olarak yukarıdan Malwarebytes'Anti Malware'i indirin.(2 mb)
Programı kurun.



Update bölümünden güncelleyin.



Perform full scan diyip bütün sürücüleri işaretleyip ; taramanın bitmesini bekliyorsunuz.



Tarama bittiğinde show results diyince bulduğu zararlıları görebilirsiniz.



Remove selected deyip ; biraz bekliyorsunuz.

Bilgisayarınızı yeniden başlatın.
Restart sonunda Bulduğu nesneler karantinaya geldi..
Buradakileri de delete all diyerek uçurabilirsiniz.
Başlat > Programlar menüsünde kalan artıkları ( tıklanınca hatalı kısayol uyarısı veren kısayol ve klasörü el ile silin)


Malwarebytes' Anti-Malware ile temizleyebileceğiniz AntivirusTrigger girdileri

Kayıt Defteri Girdileri:
HKEY_CURRENT_USER\Software\AvirTrsoft
HKEY_CURRENT_USER\Software\AvirTrsoft\Update
HKEY_CLASSES_ROOT\AvirTrWarning.WarningBHO
HKEY_CLASSES_ROOT\AvirTrWarning.WarningBHO.1
HKEY_CLASSES_ROOT\CLSID\{22C447D3-73A8-E1C7-C391-21BE4338CEBC}
HKEY_CLASSES_ROOT\CLSID\{3A267370-076E-4af4-B986-77626B8E89DF}
HKEY_CLASSES_ROOT\Interface\{764BC8B4-1159-4736-8AF1-F124A7C8C3A8}
HKEY_CLASSES_ROOT\Interface\{DF3F06C6-D443-48A8-BDF2-4E31F0554EBF}
HKEY_CLASSES_ROOT\TypeLib\{3ED86073-2FA7-4CF4-810B-28B030671678}
HKEY_LOCAL_MACHINE\SOFTWARE\Licenses
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RFC1156Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AvirTrsoft
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A267370-076E-4af4-B986-77626B8E89DF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AvirTrsoft
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "AvirTr"
HKEY_CLASSES_ROOT\webmedia.chl
HKEY_CLASSES_ROOT\z444.z444mgr
HKEY_CLASSES_ROOT\z444.z444mgr.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3B8FB116-D358-48A3-A5C7-DB84F15CBB04}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{096CBA44-4A4C-49f7-8903-1E75550ABCB7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51B15F5A-E98B-4658-B9CB-9307B74773A7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer add-on
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Online Alert Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "wblogon"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusTriggerBin "(Default)"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler "{e0feeb92-908e-46d2-8a66-88c5295f2629}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run "QuickTime Task"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run "VMware hptray"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser "ITBar7Layout"


Klasörler :
c:\Program Files\AvirTrsoftware
c:\Program Files\WebMediaViewer
%UserProfile%\Start Menu\Programs\AntivirusTrigger 2.1

Dosyalar :
c:\Program Files\AvirTrsoftware\AvirTr.exe
c:\Program Files\AvirTrsoftware\AvirTrWarning.dll
c:\Program Files\AvirTrsoftware\uninst.exe
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusTrigger 2.1.lnk
%UserProfile%\Desktop\AntivirusTrigger 2.1.lnk
%UserProfile%\Start Menu\AntivirusTrigger 2.1.lnk
%UserProfile%\Start Menu\Programs\AntivirusTrigger 2.1\AntivirusTrigger 2.1.lnk
c:\Program Files\WebMediaViewer\browseu.exe
c:\Program Files\WebMediaViewer\browseul.dll
c:\Program Files\WebMediaViewer\hpmom.exe
c:\Program Files\WebMediaViewer\hpmon.exe
c:\Program Files\WebMediaViewer\hpmun.dll
c:\Program Files\WebMediaViewer\hpmun.exe
c:\Program Files\WebMediaViewer\myd.ico
c:\Program Files\WebMediaViewer\mym.ico
c:\Program Files\WebMediaViewer\myp.ico
c:\Program Files\WebMediaViewer\myv.ico
c:\Program Files\WebMediaViewer\ot.ico
c:\Program Files\WebMediaViewer\qttask.exe
c:\Program Files\WebMediaViewer\qttaskm.exe
c:\Program Files\WebMediaViewer\qttasku.exe
c:\Program Files\WebMediaViewer\ts.ico
c:\WINDOWS\system32\512686
c:\WINDOWS\system32\512686\512686.dll
c:\WINDOWS\system32\algg.exe
c:\WINDOWS\system32\tiltmeo.dll
c:\Documents and Settings\All Users\Desktop\Antivirus Scan.url
c:\Documents and Settings\All Users\Desktop\Online Antispyware Test.url
c:\Documents and Settings\All Users\Start Menu\Antivirus Scan.url
c:\Documents and Settings\All Users\Start Menu\Online Antispyware Test.url
%UserProfile%\Favorites\Antivirus Scan.url
%UserProfile%\My Documents\My Documents.url
%UserProfile%\My Documents\My Music\My Music.url
%UserProfile%\My Documents\My Pictures\My Pictures.url
%UserProfile%\My Documents\My Videos
%UserProfile%\My Documents\My Videos\My Video.url

SpywareRemover2009

Zararlı İsmi : SpywareRemover2009



Hijackthis raporunda görünen girdileri :
O4 - HKLM\..\Run: [SpywareRemover2009] C:\Program Files\SpywareRemover2009\SR.exe

	Ek Bilgiler : Rogue Security Program(Sahte Güvenlik Programı) http://www.virustemizligi.com/2008/07/nedir-rogue-sahte-yazlm.html

Temizlik :


http://www.malwarebytes.org/mbam/program/mbam-setup.exe
veya
http://rapidshare.com/files/156856918/mbam-setup1.30.zip

İlk olarak yukarıdan Malwarebytes'Anti Malware'i indirin.(2 mb)
Programı kurun.



Update bölümünden güncelleyin.



Perform full scan diyip bütün sürücüleri işaretleyip ; taramanın bitmesini bekliyorsunuz.



Tarama bittiğinde show results diyince bulduğu zararlıları görebilirsiniz.




Remove selected deyip ; biraz bekliyorsunuz.

Bilgisayarınızı yeniden başlatın.
Restart sonunda Bulduğu nesneler karantinaya geldi..
Buradakileri de delete all diyerek uçurabilirsiniz.
Başlat > Programlar menüsünde kalan artıkları ( tıklanınca hatalı kısayol uyarısı veren kısayol ve klasörü el ile silin)


Malwarebytes' Anti-Malware ile temizleyebileceğiniz SpywareRemover2009 girdileri

Kayıt Defteri Girdileri:
HKEY_CURRENT_USER\Software\SpywareRemover2009
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
USRM_is1
HKEY_LOCAL_MACHINE\SOFTWARE\SpywareRemover2009
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Internet Settings\5.0\User Agent\Post Platform "USRM 1.0.165.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Run "SpywareRemover2009"

Klasörler :
c:\END
c:\Program Files\SpywareRemover2009
c:\Documents and Settings\All Users\Start Menu\Programs\SpywareRemover2009
c:\Documents and Settings\All Users\Application Data\SpywareRemover2009

Dosyalar :

c:\Program Files\SpywareRemover2009\cn.exe
c:\Program Files\SpywareRemover2009\cn.xml
c:\Program Files\SpywareRemover2009\InstUp.exe
c:\Program Files\SpywareRemover2009\license.rtf
c:\Program Files\SpywareRemover2009\mfc80.dll
c:\Program Files\SpywareRemover2009\Microsoft.VC80.CRT.manifest
c:\Program Files\SpywareRemover2009\Microsoft.VC80.MFC.manifest
c:\Program Files\SpywareRemover2009\msvcm80.dll
c:\Program Files\SpywareRemover2009\msvcp80.dll
c:\Program Files\SpywareRemover2009\msvcr80.dll
c:\Program Files\SpywareRemover2009\PaymentPage.exe
c:\Program Files\SpywareRemover2009\pv.dat
c:\Program Files\SpywareRemover2009\readme.rtf
c:\Program Files\SpywareRemover2009\settings.ini
c:\Program Files\SpywareRemover2009\SR.exe
c:\Program Files\SpywareRemover2009\SR.xml
c:\Program Files\SpywareRemover2009\unins000.dat
c:\Program Files\SpywareRemover2009\unins000.exe
c:\Program Files\SpywareRemover2009\updateapp.dat
c:\Program Files\SpywareRemover2009\updatedb.dat
c:\Program Files\SpywareRemover2009\Updater.dll
c:\Program Files\SpywareRemover2009\UserAgent.dll
c:\Program Files\SpywareRemover2009\database
c:\Program Files\SpywareRemover2009\database\AutoProcess.dat
c:\Program Files\SpywareRemover2009\database\enemies.dat
c:\Program Files\SpywareRemover2009\database\Summary.dat
c:\Program Files\SpywareRemover2009\database\vbpv.dat
c:\Program Files\SpywareRemover2009\database\quarantine.dat
c:\Program Files\SpywareRemover2009\database\quarantine.dat\#post_quarantine
c:\Program Files\SpywareRemover2009\Quarantine
c:\Program Files\SpywareRemover2009\quaratine.dat
%UserProfile%\Desktop\SpywareRemover2009.lnk
%UserProfile%\Local Settings\Temp\USRM
c:\Documents and Settings\All Users\Application Data\SpywareRemover2009\Data
c:\Documents and Settings\All Users\Application Data\SpywareRemover2009\Data\Abbr
c:\Documents and Settings\All Users\Application Data\SpywareRemover2009\Data\ActivationCode
c:\Documents and Settings\All Users\Application Data\SpywareRemover2009\Data\ProductCode
c:\Documents and Settings\All Users\Start Menu\Programs\SpywareRemover2009\Contact customer support.url
c:\Documents and Settings\All Users\Start Menu\Programs\SpywareRemover2009\SpywareRemover2009 Online Manual.url
c:\Documents and Settings\All Users\Start Menu\Programs\SpywareRemover2009\SpywareRemover2009.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\SpywareRemover2009\Uninstall SpywareRemover2009.lnk

XP Protection Center

Zararlı İsmi : XP Protection Center



Hijackthis raporunda görünen girdileri :
O4 - HKLM\..\Run: [XP Protection Center] "C:\Program Files\XPProtectionCenter\XPProtectionCenter.exe" /hide

	Ek Bilgiler : Rogue Security Program(Sahte Güvenlik Programı) http://www.virustemizligi.com/2008/07/nedir-rogue-sahte-yazlm.html

Temizlik :


http://www.malwarebytes.org/mbam/program/mbam-setup.exe
veya
http://rapidshare.com/files/156856918/mbam-setup1.30.zip

İlk olarak yukarıdan Malwarebytes'Anti Malware'i indirin.(2 mb)
Programı kurun.



Update bölümünden güncelleyin.



Perform full scan diyip bütün sürücüleri işaretleyip ; taramanın bitmesini bekliyorsunuz.



Tarama bittiğinde show results diyince bulduğu zararlıları görebilirsiniz.



Remove selected deyip ; biraz bekliyorsunuz.

Bilgisayarınızı yeniden başlatın.
Restart sonunda Bulduğu nesneler karantinaya geldi..
Buradakileri de delete all diyerek uçurabilirsiniz.
Başlat > Programlar menüsünde kalan artıkları ( tıklanınca hatalı kısayol uyarısı veren kısayol ve klasörü el ile silin)


Malwarebytes' Anti-Malware ile temizleyebileceğiniz XP Protection Center girdileri

Kayıt Defteri Girdileri:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
XPProtectionCenter
HKEY_LOCAL_MACHINE\SOFTWARE\XPProtectionCenter
HKEY_CURRENT_USER\Control Panel\don't load "scui.cpl"
HKEY_CURRENT_USER\Control Panel\don't load "wscui.cpl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Run "XP Protection Center"

Klasörler :
c:\Program Files\XPProtectionCenter
%UserProfile%\Start Menu\Programs\XPProtectionCenter

Dosyalar :
c:\Program Files\XPProtectionCenter\AVEngn.dll
c:\Program Files\XPProtectionCenter\htmlayout.dll
c:\Program Files\XPProtectionCenter\pthreadVC2.dll
c:\Program Files\XPProtectionCenter\Uninstall.exe
c:\Program Files\XPProtectionCenter\wscui.cpl
c:\Program Files\XPProtectionCenter\XPProtectionCenter.cfg
c:\Program Files\XPProtectionCenter\XPProtectionCenter.exe
c:\Program Files\XPProtectionCenter\data
c:\Program Files\XPProtectionCenter\data\daily.cvd
c:\Program Files\XPProtectionCenter\Microsoft.VC80.CRT
c:\Program Files\XPProtectionCenter\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\Program Files\XPProtectionCenter\Microsoft.VC80.CRT\msvcm80.dll
c:\Program Files\XPProtectionCenter\Microsoft.VC80.CRT\msvcp80.dll
c:\Program Files\XPProtectionCenter\Microsoft.VC80.CRT\msvcr80.dll
c:\WINDOWS\agof.sys
c:\WINDOWS\fykutejudi.sys
c:\WINDOWS\nojeneqy.bin
c:\WINDOWS\olis._dl
c:\WINDOWS\totewake.db
c:\WINDOWS\uzoxapylu.reg
c:\WINDOWS\system32\_scui.cpl
c:\WINDOWS\system32\foxubory.dll
c:\WINDOWS\system32\gihakigobu.dat
c:\Documents and Settings\All Users\Application Data\aqugomafa.reg
c:\Documents and Settings\All Users\Application Data\kiwivaxav.inf
c:\Documents and Settings\All Users\Documents\ozipajy.reg
%UserProfile%\Application Data\hewifehaby._dl
%UserProfile%\Application Data\ojas.scr
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\XPProtectionCenter.lnk
%UserProfile%\Cookies\esed._dl
%UserProfile%\Cookies\ogituqiv.dll
%UserProfile%\Cookies\ojow.dll
%UserProfile%\Cookies\zygewusyfa.pif
%UserProfile%\Desktop\XPProtectionCenter.lnk
%UserProfile%\Local Settings\Application Data\aboh.com
%UserProfile%\Local Settings\Application Data\alarefuqe.exe
%UserProfile%\Local Settings\Application Data\mokofyf.exe
%UserProfile%\Local Settings\Application Data\pyxixu.exe
%UserProfile%\Local Settings\Application Data\sefyjemasy.vbs
%UserProfile%\Local Settings\Application Data\tuqijorujo.reg
%UserProfile%\Local Settings\Application Data\weci.bat
%UserProfile%\Local Settings\Temporary Internet Files\lavev.exe
%UserProfile%\Local Settings\Temporary Internet Files\ruhuf.sys
%UserProfile%\Start Menu\Programs\XPProtectionCenter\Uninstall.lnk
%UserProfile%\Start Menu\Programs\XPProtectionCenter\XPProtectionCenter.lnk
c:\Program Files\Common Files\liguzynaku.pif
c:\Program Files\Common Files\palozace.vbs
c:\Program Files\Common Files\usuk.scr

VirusTrigger

Zararlı İsmi : VirusTrigger

URL:
74.50.110.184 Systemtrigger. com
74.50.110.184 Virtrigger. com
74.50.110.184 Virtriggersupport. com
74.50.110.184 Virus-trigger. com
74.50.110.184 Virus-triggers. com
74.50.110.184 Virustrigger2009. com


Hijackthis raporunda görünen girdileri :

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com
O2 - BHO: VirusTriggerBinWarningBHO Class - {096CBA44-4A4C-49f7-8903-1E75550ABCB7} - C:\Program Files\VirusTriggerBin\VirusTriggerBinWarning.dll
O2 - BHO: 512686 helper - {51B15F5A-E98B-4658-B9CB-9307B74773A7} - C:\WINDOWS\system32\512686\512686.dll
O2 - BHO: (no name) - {8710DF42-3171-4A3B-9079-3F7D7101552B} - C:\Program Files\Applications\iebt.dll
O3 - Toolbar: Internet Service - {E43B6656-814B-4839-8FF8-AFFDE0DA9A3F} - C:\Program Files\Applications\iebr.dll
O4 - HKCU\..\Run: [VirusTriggerBin] "C:\Program Files\VirusTriggerBin\VirusTriggerBin.exe"
O4 - HKCU\..\Run: [wblogon] C:\WINDOWS\system32\algg.exe
O4 - HKLM\..\Policies\Explorer\Run: [smile] C:\Program Files\Applications\wcs.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Applications\iebtm.exe

	Ek Bilgiler : Rogue Security Program(Sahte Güvenlik Programı) http://www.virustemizligi.com/2008/07/nedir-rogue-sahte-yazlm.html

Temizlik :


http://www.malwarebytes.org/mbam/program/mbam-setup.exe
veya
http://rapidshare.com/files/156856918/mbam-setup1.30.zip

İlk olarak yukarıdan Malwarebytes'Anti Malware'i indirin.(2 mb)
Programı kurun.



Update bölümünden güncelleyin.



Perform full scan diyip bütün sürücüleri işaretleyip ; taramanın bitmesini bekliyorsunuz.



Tarama bittiğinde show results diyince bulduğu zararlıları görebilirsiniz.



Remove selected deyip ; biraz bekliyorsunuz.

Bilgisayarınızı yeniden başlatın.
Restart sonunda Bulduğu nesneler karantinaya geldi..
Buradakileri de delete all diyerek uçurabilirsiniz.
Başlat > Programlar menüsünde kalan artıkları ( tıklanınca hatalı kısayol uyarısı veren kısayol ve klasörü el ile silin)


Malwarebytes' Anti-Malware ile temizleyebileceğiniz VirusTrigger girdileri

Kayıt Defteri Girdileri:
HKEY_CURRENT_USER\Software\VirusTriggerBin
HKEY_CLASSES_ROOT\CLSID\{096CBA44-4A4C-49f7-8903-1E75550ABCB7}
HKEY_CLASSES_ROOT\CLSID\{EE8A3F7B-E4AB-5C41-4926-3FAED82759F5}
HKEY_CLASSES_ROOT\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}
HKEY_CLASSES_ROOT\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}
HKEY_CLASSES_ROOT\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}
HKEY_CLASSES_ROOT\VirusTriggerBinWarning.WarningBHO
HKEY_CLASSES_ROOT\VirusTriggerBinWarning.WarningBHO.1
HKEY_LOCAL_MACHINE\SOFTWARE\Licenses
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
App Paths\VirusTriggerBin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Browser Helper Objects\{096CBA44-4A4C-49f7-8903-1E75550ABCB7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
VirusTriggerBin
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "VirusTriggerBin"

Klasörler :
c:\Program Files\VirusTriggerBin
c:\Documents and Settings\Kullanıcı Adı\Start Menu\Programs\VirusTrigger 2.1

Dosyalar :
c:\Program Files\VirusTriggerBin\uninst.exe
c:\Program Files\VirusTriggerBin\VirusTriggerBin.exe
c:\Program Files\VirusTriggerBin\VirusTriggerBinWarning.dll
c:\Documents and Settings\Kullanıcı Adı\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusTrigger 2.1.lnk
c:\Documents and Settings\Kullanıcı Adı\Desktop\VirusTrigger 2.1.lnk
c:\Documents and Settings\Kullanıcı Adı\Start Menu\VirusTrigger 2.1.lnk
c:\Documents and Settings\Kullanıcı Adı\Start Menu\Programs\VirusTrigger 2.1\VirusTrigger 2.1.lnk

Ultra Antivirus 2009

Zararlı İsmi : Ultra Antivirus 2009

URL: ultraantivirus2009. com




Hijackthis raporunda görünen girdileri :
O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\UltraAV\UltraAV.exe
O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files\UltraAV\UltraAV.exe

	Ek Bilgiler : Rogue Security Program(Sahte Güvenlik Programı) http://www.virustemizligi.com/2008/07/nedir-rogue-sahte-yazlm.html

Temizlik :


http://www.malwarebytes.org/mbam/program/mbam-setup.exe
veya
http://rapidshare.com/files/156856918/mbam-setup1.30.zip

İlk olarak yukarıdan Malwarebytes'Anti Malware'i indirin.(2 mb)
Programı kurun.



Update bölümünden güncelleyin.



Perform full scan diyip bütün sürücüleri işaretleyip ; taramanın bitmesini bekliyorsunuz.



Tarama bittiğinde show results diyince bulduğu zararlıları görebilirsiniz.



Remove selected deyip ; biraz bekliyorsunuz.



Bilgisayarınızı yeniden başlatın.
Restart sonunda Bulduğu nesneler karantinaya geldi..
Buradakileri de delete all diyerek uçurabilirsiniz.
Başlat > Programlar menüsünde kalan artıkları ( tıklanınca hatalı kısayol uyarısı veren kısayol ve klasörü el ile silin)


Malwarebytes' Anti-Malware ile temizleyebileceğiniz Ultra Antivirus 2009 girdileri

Kayıt Defteri Girdileri:
HKEY_CLASSES_ROOT\.key
HKEY_CURRENT_USER\Software\UltraAV
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
UltraAV
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "ANTIVIRUS"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ANTIVIRUS"

Klasörler :
c:\Program Files\UltraAV

Dosyalar :
c:\Program Files\UltraAV\UltraAV.cpl
c:\Program Files\UltraAV\UltraAV.exe
c:\Program Files\UltraAV\UltraAV.ooo
c:\Program Files\UltraAV\UltraAV0.dat
c:\Program Files\UltraAV\UltraAV1.dat
c:\Program Files\UltraAV\Uninstall.exe
c:\Documents and Settings\Kullanıcı Adı\Desktop\Ultra Antivirus 2009.lnk