XP Home Security, Vista Home Security 2011, Win 7 Internet Security are new version of multi -named Rogue Anti-spyware from Braviax family is noticed in the wild. The rogues are named randomly, depending on Operating System, and have always OS version in the name.
This distinguishes them from majority of legitimate software and other rogues.
The names of parasites are as follows:
| Win 7 names | Vista names | XP names |
|---|---|---|
| Win 7 Anti-virus (2011) | Vista Anti-virus (2011) | XP Anti-virus (2011) |
| Win 7 Anti-Spyware (2011) | Vista Anti-Spyware (2011) | XP Anti-Spyware (2011) |
| Win 7 Home Security (2011) | Vista Home Security (2011) | XP Home Security (2011) |
| Win 7 Total Security (2011) | Vista Total Security (2011) | XP Total Security (2011) |
| Win 7 Security (2011) | Vista Security (2011) | XP Security (2011) |
| Win 7 Internet Security (2011) | Vista Internet Security (2011) | XP Internet Security (2011) |
First you might notice alerts when you try launching legitimate programs. These alerts look like this:
Win 7 Home security 2011 Firewall Alert
Win 7 Home security 2011 has blocked a program from accessing the internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.
Win 7 Home security 2011 has blocked a program from accessing the internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.
Although it looks legitimate, most of antiviruses would just disable the keylogger addon from infected IE if this was the case. Thus it is obvious, that this message is false.
Then it starts showing message alerts, claiming that your PC is under attack or heavily infected.
System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working the background right now. Perform an in-depth scan and removal now, click here.
System Hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.
Privacy threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.
Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.
If you press on any of the alers, a scan window will appear that will detect various threats in harmless files. These threats are fake, and should be ignored. Deletion of the listed files by Win 7 Antivirus 2011 might lead to system failure or would require repair install. This parasite will refuse to repair the detected infections without payment, which is a ruse to get your credit card details.
These rogues will block legitimate webpages as well. This is done by adding a proxy server to your browser so you can visit only their webpages or get warning that the site is infected.
It is obvious, that you should remove this Win 7/Vista/XP Security, as it is fake and rogue nuisance.
Removal guide bellow.
Guide to Delete in Windows XP:
(The guide is made to the IT / computer technician, because berisko program / system is damaged if done by a user who does not know, if you are a user who tries to this, then I am not responsible for any errors which you do. thanks)
1. If you can restart and log in safe mode. Then enter msconfig: start menu - Run (windows key + R) - type msconfig - check the program files which name is weird, you can know it because most of the file using random characters eg (uirwifohfiohioehwiof.exe)
Remove current value entry on registry:
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'
HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1' = '"%UserProfile%\Local Settings\Application Data\[random 3 letters].exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'
HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random 3 letters].exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" - '"%1" %*'
HKEY_CLASSES_ROOT\.exe\DefaultIcon "(Default)" = '%1'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random 3 letters].exe" /START "%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile "Content Type" = 'application/x-msdownload'
HKEY_CLASSES_ROOT\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random 3 letters].exe" /START "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random 3 letters].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random 3 letters].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random 3 letters].exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"'
Remove these file :
%AllUsersProfile%\t3e0ilfioi3684m2nt3ps2b6lru
%AppData%\Local\[random].exe (look for 3-letter names)
%AppData%\Local\t3e0ilfioi3684m2nt3ps2b6lru
%AppData%\Roaming\Microsoft\Windows\Templates\t3e0ilfioi3684m2nt3ps2b6lru
%Temp%\t3e0ilfioi3684m2nt3ps2b6lru
It is impossible to list all file names and locations of modern parasites. You can identify remaining parasites, other Win 7/Vista/XP Anti-Virus/AntiSpyware/Total Security/Internet Security/Home Security/ Security (2011) infected files and get help in Win 7/Vista/XP Anti-Virus/AntiSpyware/Total Security/Internet Security/Home Security/ Security (2011) removal by using free Spyware Doctor scanner. It comes with free real-time protection module that helps preventing Win 7/Vista/XP Anti-Virus/AntiSpyware/Total Security/Internet Security/Home Security/ Security (2011) and similar threats.
Sorry if my post is replies, i'm just share what happening is on my situation. if you have another condition with this same problem, commnet here maybe i can help you solve. or another people will help you on this blog. thanks
0 comments:
Post a Comment