AdminBot | 20.02.2012 04:47 | Home Malware Cleaner entfernen Liste der Anhänge anzeigen (Anzahl: 4) Home Malware Cleaner entfernen Was ist Home Malware Cleaner?
Home Malware Cleaner ist ein Teil der Malware Rogue.VirusDoctor. Home Malware Cleaner ist eine weitere Rogue-Malware in Form einer gefälschten Scan-Software, die mittels eines sog. Trojaners in den PC eindringt und dem Benutzer weissmacht, den PC nach Malware abzusuchen. Diese Software (Home Malware Cleaner) ist ein Fake und selbst eine Schadsoftware und sollte nicht gekauft werden.
Da solche Software wie Home Malware Cleaner sich gegen jede Entfernung wehren wird und Home Malware Cleaner oftmals noch Rootkits mitinstalliert, sollte eine Neuinstallation des Systems in Erwägung gezogen werden.
Verbreitet wird Scareware wie Home Malware Cleaner nicht mehr ausschliesslich über 'dubiose Seiten' für Cracks, KeyGens und Warez, sondern auch seriöse Seiten werden zunehmend für die Verbreitung dieser mißbraucht ( http://www.trojaner-board.de/90880-d...tallation.html).
Der wichtigste Schutz vor einer Infizierung ist ein aktuelles Windows (mit allen Updates) und aktuelle Drittanbietersoftware wie Java oder Adobe Flash! http://www.trojaner-board.de/attachm...1&d=1330051813 http://www.trojaner-board.de/attachm...1&d=1330051813 Symptome von Home Malware Cleaner:- ständige Fake Virenmeldungen von Home Malware Cleaner
- PC läuft seit Home Malware Cleaner langsamer als üblich
http://www.trojaner-board.de/attachm...1&d=1330051813 http://www.trojaner-board.de/attachm...1&d=1330051813 Fake-Meldungen von Home Malware Cleaner:%UserProfile%\Recent\ANTIGEN.drv %UserProfile%\Recent\CLSV.exe %UserProfile%\Recent\DBOLE.tmp %UserProfile%\Recent\eb.tmp %UserProfile%\Recent\energy.tmp %UserProfile%\Recent\exec.drv %UserProfile%\Recent\fix.drv %UserProfile%\Recent\grid.exe %UserProfile%\Recent\PE.drv %UserProfile%\Recent\PE.exe %UserProfile%\Recent\PE.tmp %UserProfile%\Recent\SICKBOY.tmp %UserProfile%\Recent\tempdoc.drv %UserProfile%\Recent\tempdoc.sys %UserProfile%\Recent\tjd.drv System Alert malicious applications, which may contain Trojans, were found on your computer and are able to be removed immediately. Click here to remove these potentially harmful items using Home Malware Cleaner. Warning! Access conflict detected! An unidentified program is trying to access system process address space. Process Name: AllowedForm Location: C:\Windows\...\taskmgr.exe Warning! Identity theft attempt detected Warning! Virus detected Threat Detected: Trojan-PSW.VBS.Half Description: This is a VBScript-virus. It steals user's passwords. Dateien von Home Malware Cleaner: Code:
%AppData%\Home Malware Cleaner\
%AppData%\Home Malware Cleaner\cookies.sqlite
%AppData%\Home Malware Cleaner\Instructions.ini
%AppData%\Home Malware Cleaner\ScanDisk_.exe
%AppData%\Microsoft\Internet Explorer\Quick Launch\Home Malware Cleaner.lnk
%CommonAppData%\79b35\
%CommonAppData%\79b35\HMa76.exe
%CommonAppData%\79b35\HMC.ico
%CommonAppData%\79b35\6543.mof
%CommonAppData%\79b35\mozcrt19.dll
%CommonAppData%\79b35\sqlite3.dll
%CommonAppData%\79b35\BackUp\
%CommonAppData%\79b35\HMCSys\
%CommonAppData%\79b35\Quarantine Items\
%CommonAppData%\HMJFZWC\
%CommonAppData%\HMJFZWC\HMXBXWJCMC.cfg
%StartMenu%\Home Malware Cleaner.lnk
%StartMenu%\Programs\Home Malware Cleaner.lnk
%UserProfile%\Desktop\Home Malware Cleaner.lnk
%UserProfile%\Recent\ANTIGEN.drv
%UserProfile%\Recent\CLSV.exe
%UserProfile%\Recent\DBOLE.tmp
%UserProfile%\Recent\eb.tmp
%UserProfile%\Recent\energy.tmp
%UserProfile%\Recent\exec.drv
%UserProfile%\Recent\fix.drv
%UserProfile%\Recent\grid.exe
%UserProfile%\Recent\PE.drv
%UserProfile%\Recent\PE.exe
%UserProfile%\Recent\PE.tmp
%UserProfile%\Recent\SICKBOY.tmp
%UserProfile%\Recent\tempdoc.drv
%UserProfile%\Recent\tempdoc.sys
%UserProfile%\Recent\tjd.drv Registry-Einträge von Home Malware Cleaner: Code:
HKEY_CURRENT_USER\Software\3
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\dumped_patched.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=8010&q={searchTerms}"
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=8010&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "IIL" = 0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "ltHI" = 0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "ltTST"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "UID" = 8010
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "runtime 13.08010"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "DisallowRun" = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "0" = "msseces.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "1" = "MSASCui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "2" = "ekrn.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "3" = "egui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "4" = "avgnt.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "5" = "avcenter.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "6" = "avscan.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "7" = "avgfrw.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "8" = "avgui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "9" = "avgtray.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "10" = "avgscanx.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "11" = "avgcfgex.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "12" = "avgemc.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "13" = "avgchsvx.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "14" = "avgcmgr.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "15" = "avgwdsvc.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Home Malware Cleaner"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashCnsnt.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfd.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpromenu.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndd32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pgmonitr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\signcheck.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthLic.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutor.exe
... and many more Image File Execution Options entries. Home Malware Cleaner im HijackThis-Log: Code:
O4 - HKCU\..\Run: [Home Malware Cleaner] "%CommonAppData%\79b35\HMa76.exe" /s /d |