Nisan 2009-Virustemizligi

Nisan 2009 içindeki 25 yayından en yeni 7 tanesi gösteriliyor. Daha eski yayınları göster

30 Nisan 2009

CoreGuard Antivirus 2009

Gönderen admin zaman: 21:11

Zararlı İsmi : CoreGuard Antivirus 2009

Hijackthis raporunda görünen girdileri :
O4 - HKCU\..\Run: [Coreguard Antivirus 2009] C:\Program Files\Coreguard Antivirus 2009\Coreguard 2009.exe
O10 - Unknown file in Winsock LSP: c:\program files\coreguard antivirus 2009\firewall.dll
O10 - Unknown file in Winsock LSP: c:\program files\coreguard antivirus 2009\firewall.dll

Etiketler :

User's activity loggers detected!
It's strongly recommended to remove detected threats right now!

Most of the viruses and worms on your PC because of visiting pornosites or warez/torrent sites.

ANTIVIRUS IS RUN IN DEMO MODE. ACTIVATE YOUR ANTIVIRUS OTHERWISE ALL THE DATA WILL BE LOST OR DAMAGED!

DANGEROUS! ANTIVIRUS DETECTED SOME HARMFUL PROGRAMS ON YOUR PC! THEY MAY CORRUPT YOUR INFORMATION OR SEND IT TO HACKERS.

PLEASE, OPTIMIZE YOUR PC. IT RUN ONLY 10%.

There is unauthorized antivirus software detected on your computer. It is recommended you to remove it, otherwise it could conflict with CoreGusard Antivirus 2009.

Ek Bilgiler : Rogue Security Program(Sahte Güvenlik Programı)
http://www.virustemizligi.com/2008/07/nedir-rogue-sahte-yazlm.html

Temizlik :

Aşama 1 :

http://www.malwarebytes.org/mbam/program/mbam-setup.exe
veya
http://rapidshare.com/files/219420665/mbam-setup1.36.zip

İlk olarak yukarıdan Malwarebytes'Anti Malware'i indirin.(3 mb)
Programı kurun.

Update bölümünden güncelleyin.

Perform full scan diyip bütün sürücüleri işaretleyip ; taramanın bitmesini bekliyorsunuz.

Tarama bittiğinde show results diyince bulduğu zararlıları görebilirsiniz.

SmitFraudFix.exe dosyasını çalıştırın

Klavyeden herhangi bir tuşa basın.

Gelen ekranda 2 yazıp enter'layın.

Do you want to clean the registry ? sorusuna Y yazıp enter diyerek cevaplayın.

Eğer Replace infected file ? diye uyarı alırsan ona da aynı şekilde Y yazıp enter'layın.

İşlem bittikten sana (bir .txt dosyası açtıktan sonra) bilgisayarını kapatabilirsiniz.

Malwarebytes' Anti-Malware ve SmitFraudFix temizleyebileceğiniz girdileri CoreGuard Antivirus 2009 girdileri

Kayıt Defteri Girdileri:
HKEY_CURRENT_USER\Software\CoreGuard
HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coreguard Antivirus 2009
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Coreguard Antivirus 2009"

Klasörler :
c:\Program Files\Coreguard Antivirus 2009
c:\Program Files\Coreguard Antivirus 2009\Help
c:\Program Files\Coreguard Antivirus 2009\Help\images
%UserProfile%\Start Menu\Programs\Coreguard Antivirus 2009

Dosyalar :
c:\Program Files\Coreguard Antivirus 2009\blacklist.cga
c:\Program Files\Coreguard Antivirus 2009\core.cga
c:\Program Files\Coreguard Antivirus 2009\CoreExt.dll
c:\Program Files\Coreguard Antivirus 2009\Coreguard 2009.exe
c:\Program Files\Coreguard Antivirus 2009\firewall.dll
c:\Program Files\Coreguard Antivirus 2009\Uninstall.exe
c:\Program Files\Coreguard Antivirus 2009\Help\reg.html
c:\Program Files\Coreguard Antivirus 2009\Help\support.png
c:\Program Files\Coreguard Antivirus 2009\Help\unreg.html
c:\Program Files\Coreguard Antivirus 2009\Help\images\delete.png
c:\Program Files\Coreguard Antivirus 2009\Help\images\info.png
c:\Program Files\Coreguard Antivirus 2009\Help\images\plus_circle.png
c:\Program Files\Coreguard Antivirus 2009\Help\images\tick.png
c:\Program Files\Coreguard Antivirus 2009\Help\images\warn.png
c:\Program Files\Coreguard Antivirus 2009\Help\images\buttons
c:\Program Files\Coreguard Antivirus 2009\Help\images\buttons\offline.gif
c:\Program Files\Coreguard Antivirus 2009\Help\images\buttons\online.gif
c:\Program Files\Coreguard Antivirus 2009\Help\images\buttons\voice.gif
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Coreguard 2009.lnk
%UserProfile%\Desktop\Coreguard 2009.lnk
%UserProfile%\Start Menu\Programs\Coreguard Antivirus 2009\Coreguard 2009.lnk
%UserProfile%\Start Menu\Programs\Coreguard Antivirus 2009\Uninstall Coreguard Antivirus 2009.lnk

29 Nisan 2009

PCPrivacy Defender

Gönderen admin zaman: 16:08

Zararlı İsmi : PC Privacy Defender 1.0.18.0

Hijackthis raporunda görünen girdileri :
O4 - HKLM\..\Run: [PCPrivacyDefender Freeware] "C:\Program Files\PCPrivacyDefender Freeware\UPSPDAP.exe" /min

Etiketler :
PC Privacy Defender Freeware
pc-privacydefender. com
PCPrivacyDefenderScannerSetup.exe

Ek Bilgiler : Rogue Security Program(Sahte Güvenlik Programı)
http://www.virustemizligi.com/2008/07/nedir-rogue-sahte-yazlm.html

Temizlik :

http://www.malwarebytes.org/mbam/program/mbam-setup.exe
veya
http://rapidshare.com/files/219420665/mbam-setup1.36.zip

İlk olarak yukarıdan Malwarebytes'Anti Malware'i indirin.(3 mb)
Programı kurun.

Update bölümünden güncelleyin.

Perform full scan diyip bütün sürücüleri işaretleyip ; taramanın bitmesini bekliyorsunuz.

Tarama bittiğinde show results diyince bulduğu zararlıları görebilirsiniz.

Remove selected deyip ; biraz bekliyorsunuz.

Bilgisayarınızı yeniden başlatın.
Restart sonunda Bulduğu nesneler karantinaya geldi..
Buradakileri de delete all diyerek uçurabilirsiniz.
Başlat > Programlar menüsünde kalan artıkları ( tıklanınca hatalı kısayol uyarısı veren kısayol ve klasörü el ile silin)

Malwarebytes' Anti-Malware ile temizleyebileceğiniz PcPrivacy Defender girdileri

Kayıt Defteri Girdileri:
HKEY_LOCAL_MACHINE\SOFTWARE\cleaner2009 freeware
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
UPSPDAP_install_is1
HKEY_CURRENT_USER\SOFTWARE\PCPrivacyDefender Freeware
HKEY_LOCAL_MACHINE\SOFTWARE\PCPrivacyDefender Freeware
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
pcprivacydefender freeware
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\
C:\Program Files\PCPrivacyDefender Freeware\ATL80.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\
C:\Program Files\PCPrivacyDefender Freeware\mfc80.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\
C:\Program Files\PCPrivacyDefender Freeware\msvcp80.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\
C:\Program Files\PCPrivacyDefender Freeware\msvcr80.dll

Klasörler :
C:\Program Files\PCPrivacyDefender Freeware
C:\Program Files\PCPrivacyDefender Freeware\Appbase
C:\Documents and Settings\All Users\Application Data\PCPrivacyDefender Freeware
C:\Documents and Settings\All Users\Application Data\PCPrivacyDefender Freeware\Data

Dosyalar :
C:\Program Files\PCPrivacyDefender Freeware\UPSPDAP.exe
C:\Documents and Settings\Administrator\Desktop\PCPrivacyDefenderScannerSetup.exe
C:\Program Files\PCPrivacyDefender Freeware\PP.exe
C:\Program Files\PCPrivacyDefender Freeware\activate.dat
C:\Program Files\PCPrivacyDefender Freeware\ATL80.dll
C:\Program Files\PCPrivacyDefender Freeware\AV.dat
C:\Program Files\PCPrivacyDefender Freeware\bnlink.dat
C:\Program Files\PCPrivacyDefender Freeware\lapv.dat
C:\Program Files\PCPrivacyDefender Freeware\license.rtf
C:\Program Files\PCPrivacyDefender Freeware\mfc80.dll
C:\Program Files\PCPrivacyDefender Freeware\Microsoft.VC80.ATL.manifest
C:\Program Files\PCPrivacyDefender Freeware\Microsoft.VC80.CRT.manifest
C:\Program Files\PCPrivacyDefender Freeware\Microsoft.VC80.MFC.manifest
C:\Program Files\PCPrivacyDefender Freeware\msvcp80.dll
C:\Program Files\PCPrivacyDefender Freeware\msvcr80.dll
C:\Program Files\PCPrivacyDefender Freeware\pv.dat
C:\Program Files\PCPrivacyDefender Freeware\readme.rtf
C:\Program Files\PCPrivacyDefender Freeware\remnag.dat
C:\Program Files\PCPrivacyDefender Freeware\ScanReport.dat
C:\Program Files\PCPrivacyDefender Freeware\Schedule.dat
C:\Program Files\PCPrivacyDefender Freeware\softwaredetect.dat
C:\Program Files\PCPrivacyDefender Freeware\unins000.dat
C:\Program Files\PCPrivacyDefender Freeware\unins000.exe
C:\Program Files\PCPrivacyDefender Freeware\uninstall.ico
C:\Program Files\PCPrivacyDefender Freeware\up.dat
C:\Program Files\PCPrivacyDefender Freeware\updater.dat
C:\Program Files\PCPrivacyDefender Freeware\UPSPDAP.url
C:\Program Files\PCPrivacyDefender Freeware\UPSPDAP.xml
C:\Program Files\PCPrivacyDefender Freeware\UserAgent.dll
C:\Program Files\PCPrivacyDefender Freeware\vbpv.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\AE_CD_Cr.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\AReadr4.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\AReadr5.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\ASDSEEpv.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\ASPack.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\Babylon.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\BDelphi5.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\CatchUp.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\CBuildr5.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\CCGA.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\CManager.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\CuteFTP4.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\CuteHTML.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\DAcceler.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\DiscJug.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\ECDCreat4.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\Far.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\FFTsks.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\FlashFXP.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\FrntPage.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\FrontPEx.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\FtpEXP.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\FtpVoya.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\GetRight.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\GoZilla.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\GravMRU.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\HomeSite.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\HotDogPr.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\H_TxtPad.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\IconExtr.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\iMesh.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\ImgReady3.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\InsShExp.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\JASC_P_P.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\KaZaA.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\LView.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\MacDir.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\MacDrWea.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\MicAng.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\MicDes.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\MMUnDisk.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\MM_CON.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\Morpheus.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\MPaint.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\MPicPub.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\MPImaGal.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\MSExplorer.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\MSoffice.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\MSRegEdit.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\MSWMP.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\MSWordPad.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\Nero.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\NetShow.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\NTBackup.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\pfilelst.xda
C:\Program Files\PCPrivacyDefender Freeware\Appbase\PhotShel.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\PHPCoder.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\PowerZIP.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\RapidBr.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\RealAuPl.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\RealDown.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\SecurCRT.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\SL_BlWin.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\SmartClr.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\Sonique.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\StuffIt.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\TelepPro.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\UGifAnim.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\UltraEd.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\UMedStud.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\UPhImpV.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\UPhotoEx.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\UVidStud.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\VNC.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\WebFeret.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\WebReap.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\WinACE.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\WinGate.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\WinRAR.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\WinZIP.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\WiseInst.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\wordslst.xda
C:\Program Files\PCPrivacyDefender Freeware\Appbase\YahooPl.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\ZipMagic.dat
C:\Documents and Settings\All Users\Application Data\PCPrivacyDefender Freeware\Data\ActivationCode
C:\Documents and Settings\Administrator\Desktop\PCPrivacyDefender Freeware.lnk

28 Nisan 2009

PCAntiMalware

Gönderen admin zaman: 01:23

Zararlı İsmi : PCAntiMalware

Hijackthis raporunda görünen girdileri :
O4 - HKLM\..\Run: [PCAntiMalware] "c:\program files\pcantimalware\pcam.exe" /min

Etiketler :
PCAntiMalware 4.1.228.0

Ek Bilgiler : Rogue Security Program(Sahte Güvenlik Programı)
http://www.virustemizligi.com/2008/07/nedir-rogue-sahte-yazlm.html

Update bölümünden güncelleyin.

Perform full scan diyip bütün sürücüleri işaretleyip ; taramanın bitmesini bekliyorsunuz.

Tarama bittiğinde show results diyince bulduğu zararlıları görebilirsiniz.

27 Nisan 2009

AntiVirus 360 Remover,MalwareRemovalBot vs

Gönderen admin zaman: 16:25

Bu konuda AntiVirus 360 Remover,MalwareRemovalBot, SmitFaud Fix Tool,Av360 Removal Tool,Remove Malware,Vundo Fix Tool,Remove Av 360 gibi isimlere sahip , adlarına onlarca sahte site kurulmuş ve arayüzü değiştirilerek onlarca sahte program yapılmış zararlıları ve silinme yöntemini bulabilirsiniz. Antivirus 360 - Norton 360'ın , SmitFrauFix Tool ve Vundo Fix Tool - dünyaca ünlü SmitFraudfix ve VundoFix yazılımlarının isimlerini taklit ederek oluşturulmuş sahte yazılımlar.Kullanıcıları kandırmaya yönelik bir aldatmaca tabiki...

1smitfraudfixtoolcom

antivirus360remover.com

av360removaltool.com

malwarebot.org

vundofixtool.com

remove-av360.com

Zararlı İsmi : AntiVirus 360 Remover,MalwareRemovalBot vs

Hijackthis raporunda görünen girdileri :
O4 - HKCU\..\Run: [AntiVirus360Remover] C:\Program Files\AntiVirus360Remover\AntiVirus360Remover.exe -boot
O4 - HKCU\..\Run: [MalwareRemovalBot] C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe -boot

Etiketler :
setupxv.exe

Bu zararlıların bulunduğu Sahte Siteler ( Girmeyin )
74.132.250.19:

antivirus360remover. com av360removaltool. com malwarebot. org malwaree. com remove-a360. com remove-antivirus-360. com remove-av360. com remove-ie-security. com remove-malware-defender. com remove-ms-antispyware. com remove-personal-defender. com remove-spyware-guard. com remove-spyware-protect. com remove-spyware-protect-2009. com remove-system-guard. com remove-total-security. com remove-ultra-antivir-2009. com remove-ultra-antivirus-2009. com remove-virus-alarm. com remove-virus-melt. com remove-winpc-defender. com smitfraudfixtool. com vundofixtool. com www.antivirus360remover. com www.av360removaltool. com www.malwarebot. org www.malwaree. com www.remove-a360. com www.remove-antivirus-360. com www.remove-av360. com www.remove-ie-security. com www.remove-malware-defender. com www.remove-ms-antispyware. com www.remove-personal-defender. com www.remove-spyware-guard. com www.remove-spyware-protect. com www.remove-spyware-protect-2009. com www.remove-system-guard. com www.remove-total-security. com www.remove-ultra-antivir-2009. com www.remove-ultra-antivirus-2009. com www.remove-virus-alarm. com www.remove-virus-melt. com www.remove-winpc-defender. com www.vundofixtool. com antivirus360remover. com av360removaltool. com malwarebot. org malwaree. com remove-a360. com remove-antivirus-360. com remove-av360. com remove-ie-security. com remove-malware-defender. com remove-ms-antispyware. com remove-personal-defender. com remove-spyware-guard. com remove-spyware-protect. com remove-spyware-protect-2009. com remove-system-guard. com remove-total-security. com remove-ultra-antivir-2009. com remove-ultra-antivirus-2009. com remove-virus-alarm. com remove-virus-melt. com remove-winpc-defender. com vundofixtool. com www.antivirus360remover. com www.av360removaltool. com www.malwarebot. org www.malwaree. com www.remove-a360. com www.remove-antivirus-360. com www.remove-av360. com www.remove-ie-security. com www.remove-malware-defender. com www.remove-ms-antispyware. com www.remove-personal-defender. com www.remove-spyware-guard. com www.remove-spyware-protect. com www.remove-spyware-protect-2009. com www.remove-system-guard. com www.remove-total-security. com www.remove-ultra-antivir-2009. com www.remove-ultra-antivirus-2009. com www.remove-virus-alarm. com www.remove-virus-melt . com www.remove-winpc-defender. com www.vundofixtool. com

Ek Bilgiler : Rogue Security Program(Sahte Güvenlik Programı)
http://www.virustemizligi.com/2008/07/nedir-rogue-sahte-yazlm.html

Update bölümünden güncelleyin.

Perform full scan diyip bütün sürücüleri işaretleyip ; taramanın bitmesini bekliyorsunuz.

Tarama bittiğinde show results diyince bulduğu zararlıları görebilirsiniz.

Remove selected deyip ; biraz bekliyorsunuz.

Bilgisayarınızı yeniden başlatın.
Restart sonunda Bulduğu nesneler karantinaya geldi..
Buradakileri de delete all diyerek silebilirsiniz..
Eğer varsa Başlat menüsü > Programlar menüsünde kalan artıkları ( tıklanınca hatalı kısayol uyarısı veren kısayol ve klasörü el ile silin)

Malwarebytes' Anti-Malware ile temizleyebileceğiniz AntiVirus 360 Remover,MalwareRemovalBot vs hakkında girdiler

Kayıt Defteri Girdileri:
HKEY_CLASSES_ROOT\CLSID\{9d3cf193-58e5-40d5-ba60-233f4c216e37}
HKEY_CLASSES_ROOT\Installer\Features\
f284dd28157ebc94aae3eff9100a1adc
HKEY_CLASSES_ROOT\Installer\Products\
7f366b8b210207449ba43b6c2aa62267
HKEY_CLASSES_ROOT\Installer\Products\
f284dd28157ebc94aae3eff9100a1adc
HKEY_CLASSES_ROOT\Installer\UpgradeCodes\
e30ef325a397947459a1389deec03118
HKEY_CLASSES_ROOT\Installer\UpgradeCodes\
50e90ec4ec063d44bb935a0d02415732
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Installer\UpgradeCodes\e30ef325a397947459a1389deec03118
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Installer\UpgradeCodes\50e90ec4ec063d44bb935a0d02415732
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Explorer\ControlPanel\NameSpace\{999fd5ca-1031-4a9d-affa-a883a680b9b5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Explorer\ControlPanel\NameSpace\{9d3cf193-58e5-40d5-ba60-233f4c216e37}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{b8b663f7-2012-4470-b94a-b3c6a26a2276} (Rogue.AntiVirus360Remover) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\
7f366b8b210207449ba43b6c2aa62267
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\f284dd28157ebc94aae3eff9100a1adc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\f898caf690f3cf5429d6372bfb4ef661
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\f15e8893c87fb5a4282bae00788645e9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6a38f305b3784444abb16213c075514e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\477c1b608c0f73c4e9e5177e35cd3ada
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1f6841d7fd364e34191360085d1453b1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1f26a7a704abd8f4f8801f37167d691f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\93de74a43267cfb4ca586db6f1f79964
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\aa02c0f5889834c42886c1a98ea53266
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\b575e3c1288dd9e4a83e9e064562cdc1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\d37f1f5d110c2ea4c85ec64e702394b9
HKEY_CURRENT_USER\SOFTWARE\AntiVirus360Remover
HKEY_CURRENT_USER\SOFTWARE\MalwareRemovalBot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\malwareremovalbot\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\documents and settings\all users\start menu\
programlar\malwareremovalbot\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\windows\installer\{82dd482f-e751-49cb-aa3e-fe9f01a0a1cd}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiVirus360Remover
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\antivirus360remover\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\documents and settings\all users\start menu\programlar\antivirus360remover
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\windows\installer\{b8b663f7-2012-4470-b94a-b3c6a26a2276}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MalwareRemovalBot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0)

Klasörler:
C:\Program Files\MalwareRemovalBot
C:\Documents and Settings\Administrator\Application Data\
MalwareRemovalBot
C:\Documents and Settings\Administrator\Application Data\
MalwareRemovalBot\Log
C:\Documents and Settings\Administrator\Application Data\MalwareRemovalBot\Settings
C:\Program Files\\AntiVirus360Remover
C:\Documents and Settings\Administrator\Application Data\\AntiVirus360Remover
C:\Documents and Settings\Administrator\Application Data\\AntiVirus360Remover\Log
C:\Documents and Settings\Administrator\Application Data\\AntiVirus360Remover\Settings
C:\WINDOWS\Installer\{B8B663F7-2012-4470-B94A-B3C6A26A2276}

Dosyalar:
C:\Program Files\AntiVirus360Remover\SpyCleaner.dll
C:\Program Files\MalwareRemovalBot\SpyCleaner.dll
C:\Program Files\MalwareRemovalBot\DataBase.ref
C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe
C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.url
C:\Program Files\MalwareRemovalBot\TCL.dll
C:\Program Files\MalwareRemovalBot\vistaCPtasks.xml
C:\Program Files\MalwareRemovalBot\zlib.dll
C:\Program Files\\AntiVirus360Remover\AntiVirus360Remover.exe
C:\Program Files\\AntiVirus360Remover\AntiVirus360Remover.url
C:\Program Files\\AntiVirus360Remover\DataBase.ref
C:\Program Files\\AntiVirus360Remover\SpyCleaner.dll
C:\Program Files\\AntiVirus360Remover\TCL.dll
C:\Program Files\\AntiVirus360Remover\vistaCPtasks.xml
C:\Program Files\\AntiVirus360Remover\zlib.dll
C:\Documents and Settings\Administrator\Application Data\\AntiVirus360Remover\Log\2009 Apr 27 - 03_53_12 PM_624.log
C:\WINDOWS\Installer\{B8B663F7-2012-4470-B94A-B3C6A26A2276}\Icon.exe
C:\WINDOWS\Tasks\AntiVirus360Remover Scheduled Scan.job
C:\Documents and Settings\All Users\Desktop\AntiVirus360Remover.lnk
C:\Documents and Settings\All Users\Desktop\MalwareRemovalBot.lnk
C:\WINDOWS\Tasks\MalwareRemovalBot Scheduled Scan.job

ErrorEasy

Gönderen admin zaman: 14:14

Zararlı İsmi : ErrorEasy

Hijackthis raporunda görünen girdileri :
O4 - HKCU\..\Run: [ErrorEasy] C:\Program Files\ErrorEasy\ErrorEasy.exe -boot

Etiketler :

Ek Bilgiler : Rogue Security Program(Sahte Güvenlik Programı)
http://www.virustemizligi.com/2008/07/nedir-rogue-sahte-yazlm.html

Update bölümünden güncelleyin.

Perform full scan diyip bütün sürücüleri işaretleyip ; taramanın bitmesini bekliyorsunuz.

Tarama bittiğinde show results diyince bulduğu zararlıları görebilirsiniz.

26 Nisan 2009

Badware Protector

Gönderen admin zaman: 02:58

Zararlı İsmi : Badware Protector

Hijackthis raporunda görünen girdileri :
O4 - HKCU\..\Run: [0113DE8367022C285A1AF91E4E1C285C] C:\Documents and Settings\
Bleeping\Desktop\badware-protector.exe

Etiketler :

Ek Bilgiler : Rogue Security Program(Sahte Güvenlik Programı)
http://www.virustemizligi.com/2008/07/nedir-rogue-sahte-yazlm.html

Update bölümünden güncelleyin.

Perform full scan diyip bütün sürücüleri işaretleyip ; taramanın bitmesini bekliyorsunuz.

Tarama bittiğinde show results diyince bulduğu zararlıları görebilirsiniz.

Yeni bir Msn Virüsü (u'r foto on facebook??)

Gönderen admin zaman: 01:19

Zararlinin sistemde bıraktığı etkiler açıklamalar ve resimler ile belirtilmiş temizlik bölümüne de bu konuda yer verilmiştir.

Zararlı İsimleri : (BackDoor.IRC.Sdbot.3654,Backdoor.Win32.IRCBot.irp)

Zararlı msn üzerinden yayılıyor.Msn adresine gelen linke tıklanıldığında açılan siteden aşağıdaki dosya indiriliyor.

The president OBAMA was the 1st milioner from FACEBOOK... look it there h t t p://face-books.org/gallery.php?=msnadresi@hotmail.com
u'r foto on facebook?? h t t p ://face-books.org/gallery.php?=msnadresi@hotmail.com

IMG00069321769532125-GIF.EXE adındaki dosya çalıştırılırsa zararlı sisteme bulaşmış oluyor.

Ve bu uyarılıyla karşılaşılıyor.

Windows Microsoft Viewer- Picture can not be displayed.

Zararlı hijackthis raporunda aşağıdaki gibi görünmekte

O4 - HKCU\..\Run: [svchost] "C:\Windows\services.exe"
O4 - HKLM\..\Run: [Windows UDP Control Center] msnmsgrs.exe

----- TEMİZLİK ----

1- Messenger açıksa tamamen kapatın.Masaüstünden Bilgisayarım'a sağ tıklayıp, Özellikler bölümünden resimdeki gibi yapıp Tamam diyerek Sistem Geri Yükleme'yi Kapatın (Böylece Eski geri yükleme noktalarınız silinecektir zaten şu an oraya da virus bulaşmış durumda ve burayı böyle yaparak temizlemeliyiz.)

Aşağıdaki tüm işlemlerin yaptıktan sonra yine yukardaki bölümden yukardaki kutucuğu bu sefer boş bırakıp tamam deyince sistem geri yüklemeyi tekrar açmış olacaksınız.

2- Aşağıdan ATF Cleaner'ı indirin. (49 kb)
http://www.atribune.org/public-beta/ATF-Cleaner.exe

Resimdeki gibi tüm seçenekleri işaretleyin. Ardından Empty Selected deyip biraz bekleyin.
Gelen uyarıya evet Tamam deyin.Ve programı kapatın.

3- aşağıdan Dr.Web Cure It! adlı temizlikte kullanacağımız programı indirin.
Zararlı .exe dosyası indirilirken bilgisayarı kapattığı için aşağıdan sizin için .zip olarak upload ettiğimiz dosyayı indirin. (16 mb)

http://rapidshare.com/files/274478957/cureiteylul.zip

Dr.Web Cure It! Kurulum gerektirmez.Ücretsizdir.

Dosyayı .zip'ten masaüstüne çıkarıp çalıştırın.(cureit.exe)

Sol üst taraftan Tam Tarama seçeneği seçip sağ taraftan başlat simgesine ( play tuşu ) basıp taramayı başlatın.
Tarama disklerinizin büyüklüğüne göre 1-2 saat sürebilir iptal etmeyin.

Gelen ilk zararlı uyarısında Tümüne Hayır diyin.Böylece tarama bitene kadar bulduğu her zararlıda program soru sormayacak.Tarama tamamlandığında tüm zararlı topluca sileceğiz.

Tarama tamamlandığında Tümünü seç deyip ardından sil deyip biraz bekleyin.Programı kapatın.
Hemen bir uyarı gelecek.

Hepsine Evet diyerek zararlıları silin.

Evet diyerek bilgisayarınızı yeniden başlatın.

Dr.Web Cure It! ile aşağıdaki dosyalar silinmiş olacak.

Dosyalar:
C:\Windows\services.exe
C:\Windows\msnmsgrs.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\IXP000.TMP\
IMG00069321769532125-GIF.EXE
C:\Documents and Settings\Administrator\Local Settings\Temp\IXP000.TMP\
IMG00069321769532125-GIF.EXE\rphx.exe

Kayıt Defteri Girdileri:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Windows UDP Control Center"msnmsgrs.exe''
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\svchost

Kapattığınız Sistem Geri Yükleme'yi tekrar açın.

Virustemizligi

30 Nisan 2009

CoreGuard Antivirus 2009

29 Nisan 2009

PCPrivacy Defender

28 Nisan 2009

PCAntiMalware

27 Nisan 2009

AntiVirus 360 Remover,MalwareRemovalBot vs

ErrorEasy

26 Nisan 2009

Badware Protector

Yeni bir Msn Virüsü (u'r foto on facebook??)

Arama

Son Konular

Son Yorumlar

Abonelik