Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Anleitungen, FAQs & Links (https://www.trojaner-board.de/anleitungen-faqs-links/)
-   -   Anleitung Personal Security entfernen (https://www.trojaner-board.de/64598-anleitung-personal-security-entfernen.html)

AdminBot 16.11.2008 17:36

Anleitung Personal Security entfernen
 
Liste der Anhänge anzeigen (Anzahl: 1)
Personal Security entfernen


Personal Security ist eine falsche Anti-Spyware-Anwendung.
Personal Security hat eine böse Absicht, die Computer-Benutzer zum Kauf der lizenzierten Version von Personal Security zu bewegen. Personal Security kann via Trojaner wie Zlob oder Vundo installiert werden, und durch die Sicherheitslücken auf einem System.



http://www.trojaner-board.de/attachm...1&d=1265023861


Dateien von Personal Security:
Code:

c:\Program Files\PSecurity\
c:\Program Files\PSecurity\psecurity.exe
C:\Program Files\PersonalSec\
C:\Program Files\PersonalSec\psecurity.exe
C:\program files\PersSecurity\
C:\program files\PersSecurity\psecurity.exe
C:\program files\PersSecurity\personalsecurity.exe
C:\program files\PersSecurity\system.dat
C:\Program Files\PersonSecurity\
C:\Program Files\PersonSecurity\psecurity.exe
c:\Program Files\Common Files\PSecurityUninstall\
c:\Program Files\Common Files\PSecurityUninstall\Uninstall.lnk
c:\WINDOWS\system32\win32extension.dll
c:\Documents and Settings\All Users\Start Menu\PSecurity
c:\Documents and Settings\All Users\Start Menu\PSecurity\Computer Scan.lnk
c:\Documents and Settings\All Users\Start Menu\PSecurity\Help.lnk
c:\Documents and Settings\All Users\Start Menu\PSecurity\Personal Security.lnk
c:\Documents and Settings\All Users\Start Menu\PSecurity\Registration.lnk
c:\Documents and Settings\All Users\Start Menu\PSecurity\Security Center.lnk
c:\Documents and Settings\All Users\Start Menu\PSecurity\Settings.lnk
c:\Documents and Settings\All Users\Start Menu\PSecurity\Update.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\PSecurity.lnk
%UserProfile%\Desktop\Personal Security.lnk

Personal Security Windows Registry:
Code:

HKEY_CLASSES_ROOT\CLSID\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
HKEY_LOCAL_MACHINE\SOFTWARE\5FFB10D58FFCF482208906E6A889FD56
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "PSecurity"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "PersonalSec"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "PersSecurity"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "PersonSecurity"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\post platform "WinTSI 01.12.2009"

Symptome im HijackThis Log:
Zitat:

O2 - BHO: &Security Update - {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} - C:\WINDOWS\system32\win32extension.dll
O4 - HKCU\..\Run: [PSecurity] C:\Program Files\PSecurity\psecurity.exe
O4 - HKCU\..\Run: [PersonalSec] C:\Program Files\PersonalSec\psecurity.exe
O4 - HKCU\..\Run: [PersSecurity] C:\Program Files\PersSecurity\psecurity.exe
O4 - HKCU\..\Run: [PersSecurity] C:\Program Files\PersSecurity\personalsecurity.exe
O4 - HKCU\..\Run: [PersonSecurity] C:\Program Files\PersonSecurity\psecurity.exe

AdminBot 08.12.2009 15:10

Personal Security entfernen
 
Symptome von Personal Security

Personal Security erzeugt unter anderem folgende Fake-Meldungen und Alerts:
Privacy violation alert!
Personal Security has detected numerous privacy violations. Some programs may send your private data to an untrusted internet host. Click here to permanently block this activity and remove the possible threat (Recommended)




System files modification alert!
Important system files of your computer may be modified by malicious program. It may cause system instability and data loss. Click here to block unauthorized modification and remove potential threats (Recommended).
Internal conflict alert!



Personal Security has detected internal software conflict. Some application endeavors to access system kernel (such behavior is typical for spyware/malware). Click here to prevent system crash and remove potential threats (Recommended)


Spyware activity alert!
Spyware.IEMonster is a popular spyware that attempts to steal passwords from Web browsers, e-mail clients and other programs, including login information from online banking sessions, billing pages, CC transactions, etc. It may also create special tracking files to log your activity and compromise your Internet privacy. It is strongly recommended to prevent this threat immediately. Click here to get protection against Spyware.IEMonster.


Privacy Violation alert!
Personal Security detected a Privacy Violation. A program is secretly sending your private data to an untrusted internet host. Click here to block this activity by removing the threat (Recommended).


System files modification alert!
Some critical system files of your computer were modified by malicious program. It may cause system instability and data loss. Click here to block unauthorized modification by removing threats (Recommended).


System files modification alert!
Personal Security detected internal software conflict. Some application tries to get access to system kernel (such behavior is typical to Spyware/Malware). It may cause crash of your computer. Click here to prevent system crash by removing threats (Recommended).


Spyware activity alert!
Spyware.IEMonster activity detected. It is spyware that attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs, including logins and passwords from online banking sessions, eBay, PayPal. It may also create special tracking files to log your activity and compromise your Internet privacy. It's strongly recommended to remove this threat as soon as possible. Click here to remove Spyware.IEMonster.

Da GuRu 08.12.2009 17:16

Personal Security entfernen
 
Liste der Anhänge anzeigen (Anzahl: 1)

Personal Security immer noch nicht entfernt?

OTH - OTHelper - Kill All Processes


Mit aktualisiertem (!!) Malwarebytes Anti-Malware nach Ausführen von OTH nochmal QUICKSCAN ausführen.

Bitte alle temporären Dateien löschen und Speicherplatz freigeben.


Weitergehende Prüfung

Das System könnte noch nicht vollständig sauber sein.

Daher unbedingt ein Thema erstellen: Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Nicht vergessen mit FRST-Logfiles wie in der Anleitung beschrieben.

Wie man Hilfe bekommt steht auch hier.



Alle Zeitangaben in WEZ +1. Es ist jetzt 21:30 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131