| AdminBot | 02.01.2010 14:41 |
Malware Defense entfernen
Liste der Anhänge anzeigen (Anzahl: 3) MalwareDefense entfernen - Klicke im Start-Menü unter "Einstellungen" auf "Systemsteuerung" -> "Internetoptionen".
- Wähle die Karteikarte "Verbindungen->Lan-Einstellungen“ und überprüfe ob bei Proxyserver ein Häkchen steht,
wenn ja -> Entfernen, dann -> OK (sofern nicht richtige Eintragung)
http://www.trojaner-board.de/attachm...1&d=1264843395http://www.trojaner-board.de/attachm...1&d=1264843395 - Starte einen vollständigen Scan mit Malwarebytes Anti-Malware
Achtung: Diese Fake Software wird versuchen, den Einsatz von MalwareBytes zu verhindern. Benenne das Setup vor dem speichern in etwas anderes um (z.B. Herbert.exe).
Falls es vorher nicht funktioniert hat, sollte das Setup jetzt starten.
Wenn das Programm nach der Installation nicht starten sollte, dann benenne die "mbam.exe" in "herbert.exe" um und versuche es erneut.
http://www.trojaner-board.de/attachm...1&d=1264843395
So könnte ein Logfile eines infozierten Systems aussehen: Code:
Memory Processes Infected:
C:\Program Files\Malware Defense\mdefense.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\malware defense (Rogue.Malware Defense) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.Malware Defense) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\malware defense (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\malware Defense (Rogue.Malware Defense) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Start Menu\Programs\malware Defense (Rogue.Malware Defense) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\Malware Defense\mdefense.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\malware Defense\md.db (Rogue.Malware Defense) -> Quarantined and deleted successfully.
C:\Program Files\malware Defense\mdext.dll (Rogue.Malware Defense) -> Quarantined and deleted successfully.
C:\Program Files\malware Defense\uninstall.exe (Rogue.Malware Defense) -> Quarantined and deleted successfully.
C:\Program Files\malware Defense\help.ico (Rogue.Malware Defense) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Start Menu\Programs\malware Defense\Malware Defense.lnk (Rogue.Malware Defense) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Start Menu\Programs\malware Defense\Uninstall Malware Defense.lnk (Rogue.Malware Defense) -> Quarantined and deleted
successfully.
C:\Documents and Settings\{username}\Start Menu\Programs\malware Defense\Malware Defense Support.lnk (Rogue.Malware Defense) -> Quarantined and deleted
successfully.
C:\Documents and Settings\{username}\Desktop\Malware Defense.lnk (Rogue.Malware Defense) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Desktop\Malware Defense Support.lnk (Rogue.Malware Defense) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Desktop\Malware Defense ReadMe.txt (Rogue.Malware Defense) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Defense.lnk (Rogue.Malware Defense) -> Quarantined
and deleted successfully.
Falls Hinweise auf Rootkit.TDSS vorhanden sind: Code:
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\h8srtd.sys
C:\WINDOWS\system32\H8SRTmrnarccsvu.dat
C:\WINDOWS\system32\drivers\H8SRTkvbdlltreg.sys
C:\WINDOWS\Temp\H8SRTe440.tmp
...dann die Rootkit.TDSS entfernen Anleitung: http://www.trojaner-board.de/82358-t...entfernen.html | 