Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Anleitungen, FAQs & Links (https://www.trojaner-board.de/anleitungen-faqs-links/)
-   -   Desktop Security 2010 entfernen (https://www.trojaner-board.de/84255-desktop-security-2010-entfernen.html)

AdminBot 29.03.2010 22:31
Desktop Security 2010 entfernen
 
Liste der Anhänge anzeigen (Anzahl: 10)
Desktop Security 2010 entfernen


Was ist Desktop Security 2010?
Desktop Security 2010 gehört zur selben Malware-Familie wie Total PC Defender. Desktop Security 2010 ist eine weitere Rogue-Malware in Form einer gefälschten Scan-Software, die mittels eines trojanischen Pferdes in den PC eindringt und dem Benutzer weissmacht, den PC nach Malware abzusuchen. Diese Software (Desktop Security 2010) ist ein Fake und selbst eine Schadsoftware und sollte nicht gekauft werden.

Verbreitet wird Desktop Security 2010 nicht mehr ausschliesslich über 'dubiose Seiten' für Cracks, KeyGens und Warez, sondern auch seriöse Seiten werden zunehmend für die Verbreitung dieser mißbraucht (http://www.trojaner-board.de/90880-d...tallation.html).


http://www.trojaner-board.de/attachm...1&d=1271553476 http://www.trojaner-board.de/attachm...1&d=1271553476

Symptome von Desktop Security 2010:
  • ständige Fake Virenmeldungen von Desktop Security 2010
  • PC läuft langsamer als üblich
http://www.trojaner-board.de/attachm...1&d=1271553476 http://www.trojaner-board.de/attachm...1&d=1271553476 http://www.trojaner-board.de/attachm...1&d=1271553476
http://www.trojaner-board.de/attachm...1&d=1271553476 http://www.trojaner-board.de/attachm...1&d=1271553476
http://www.trojaner-board.de/attachm...1&d=1271553476 http://www.trojaner-board.de/attachm...1&d=1271553476 http://www.trojaner-board.de/attachm...1&d=1271553476
Warning! Running trial version!
Your computer has been compromised! Now running trial version of the software! Click here to purchase the full version of the software and get full protection for your PC!

Security Center Alert
To help protect your computer, Desktop Security 2010 has blocked some features of this program.
Name Sft.dez.Wien
Risk High
Description Sft.dez.Wien is a virus attempts to spread itself by attaching to a host program, and can damage hardware, software or data in the process. This worm can be blocked from firewall and antivirus software.

Spyware Warning
Your online guard helps to stop unauthorized changes to your computer
Details: Spyware detected on your computer

Your computer might be at risk
Antivirus detects viruses, worms, and Trojan horses. They can (and do) destroy data, format your hard disk or can destroy the BIOS. By destroying the BIOS many times you end up buying a new motherboard or if the bios chip is removable then that chip would need replacing.
Click this balloon to fix this problem.

No firewall is turned on
Automatic Updates is turned off
Antivirus software might not be activated
Click this balloon to fix this problem.


Dateien von Desktop Security 2010:
Code:
c:\Documents and Settings\All Users\Start Menu\Programs\Desktop Security 2010
c:\Documents and Settings\All Users\Start Menu\Programs\Desktop Security 2010.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Desktop Security 2010\Activate Desktop Security 2010.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Desktop Security 2010\Desktop Security 2010.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Desktop Security 2010\Help Desktop Security 2010.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Desktop Security 2010\How to Activate Desktop Security 2010.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop Security 2010.lnk
%UserProfile%\Local Settings\Temp\gedx_ae09.exe
%UserProfile%\Local Settings\Temp\jkfuckjs.exe
%UserProfile%\Local Settings\Temp\kgn.exe
%UserProfile%\Local Settings\Temp\kilslmd.exex
%UserProfile%\Local Settings\Temp\kn.a.exe
c:\Program Files\Desktop Security 2010
c:\Program Files\Desktop Security 2010\daily.cvd
c:\Program Files\Desktop Security 2010\Desktop Security 2010.exe
c:\Program Files\Desktop Security 2010\guide.chm
c:\Program Files\Desktop Security 2010\hjengine.dll
c:\Program Files\Desktop Security 2010\mfc71.dll
c:\Program Files\Desktop Security 2010\MFC71ENU.DLL
c:\Program Files\Desktop Security 2010\msvcp71.dll
c:\Program Files\Desktop Security 2010\msvcr71.dll
c:\Program Files\Desktop Security 2010\pthreadVC2.dll
c:\Program Files\Desktop Security 2010\securitycenter.exe
c:\Program Files\Desktop Security 2010\taskmgr.dll
c:\Program Files\Desktop Security 2010\uninstall.exe
c:\WINDOWS\system32\<zufällig>.exe

Registry-Einträge von Desktop Security 2010:
Code:
HKEY_LOCAL_MACHINE\SOFTWARE\Desktop Security 2010
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Desktop Security 2010
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "C:\Program Files\Desktop Security 2010\Desktop Security 2010.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform "Desktop Security 2010"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "<zufällig>"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Desktop Security 2010"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "SecurityCenter"

Desktop Security 2010 im HijackThis-Log:
Code:
O4 - HKLM\..\Run: [Desktop Security 2010] C:\Program Files\Desktop Security 2010\Desktop Security 2010.exe
O4 - HKLM\..\Run: [SecurityCenter] C:\Program Files\Desktop Security 2010\securitycenter.exe
O4 - HKLM\..\Run: [<zufällig>] C:\WINDOWS\system32\<zufällig>.exe

AdminBot 29.03.2010 22:33
Desktop Security 2010 entfernen
 
Liste der Anhänge anzeigen (Anzahl: 1)
Desktop Security 2010 entfernen

  • Starte einen vollständigen Scan mit Malwarebytes Anti-Malware
Achtung: Diese Fake Software wird versuchen, den Einsatz von Malwarebytes zu verhindern. Benenne das Setup vor dem speichern in etwas anderes um (z.B. Herbert.exe).

Falls es vorher nicht funktioniert hat, sollte das Setup jetzt starten.

Wenn das Programm nach der Installation nicht starten sollte, dann benenne die "mbam.exe" in "herbert.exe" um und versuche es erneut.

Sollte MBAM trotzdem nicht starten: Malwarebytes Anti-Malware startet nicht

http://www.trojaner-board.de/attachm...ntfernen-2.png


http://www.trojaner-board.de/attachm...1&d=1271553698

Code:
Memory Processes Infected: 3
Memory Modules Infected: 5
Registry Keys Infected: 2
Registry Values Infected: 4
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 18

Memory Processes Infected:
C:\Documents and Settings\{username}\Desktop\DesktopSecurity\SecurityInstall.exe (Rogue.DesktopSecurity2010) -> Unloaded process successfully.
C:\Documents and Settings\{username}\Application Data\Desktop Security 2010\Desktop Security 2010.exe (Rogue.DesktopSecurity2010) -> Unloaded process successfully.
C:\Documents and Settings\{username}\Application Data\Desktop Security 2010\securitycenter.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
C:\Documents and Settings\{username}\Application Data\Desktop Security 2010\mfc71.dll (Rogue.DesktopSecurity2010) -> Delete on reboot.
C:\Documents and Settings\{username}\Application Data\Desktop Security 2010\MFC71ENU.DLL (Rogue.DesktopSecurity2010) -> Delete on reboot.
C:\Documents and Settings\{username}\Application Data\Desktop Security 2010\msvcp71.dll (Rogue.DesktopSecurity2010) -> Delete on reboot.
C:\Documents and Settings\{username}\Application Data\Desktop Security 2010\msvcr71.dll (Rogue.DesktopSecurity2010) -> Delete on reboot.
C:\Documents and Settings\{username}\Application Data\Desktop Security 2010\pthreadVC2.dll (Rogue.DesktopSecurity2010) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Desktop Security 2010 (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Desktop Security 2010 (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\45cwseuwf8sk (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\desktop security 2010 (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\securitycenter (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Rogue.DesktopSecurity2010) -> Delete on reboot.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\Documents and Settings\{username}\Application Data\Desktop Security 2010\Desktop Security 2010.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\{username}\Start Menu\Programs\Desktop Security 2010 (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Application Data\Desktop Security 2010 (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\{username}\Desktop\DesktopSecurity\SecurityInstall.exe (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Application Data\Desktop Security 2010\Desktop Security 2010.exe (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Application Data\Desktop Security 2010\securitycenter.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Start Menu\Programs\Desktop Security 2010\Activate Desktop Security 2010.lnk (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Start Menu\Programs\Desktop Security 2010\Desktop Security 2010.lnk (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Start Menu\Programs\Desktop Security 2010\Help Desktop Security 2010.lnk (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Start Menu\Programs\Desktop Security 2010\How to Activate Desktop Security 2010.lnk (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Application Data\Desktop Security 2010\daily.cvd (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Application Data\Desktop Security 2010\mfc71.dll (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Application Data\Desktop Security 2010\MFC71ENU.DLL (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Application Data\Desktop Security 2010\msvcp71.dll (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Application Data\Desktop Security 2010\msvcr71.dll (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Application Data\Desktop Security 2010\pthreadVC2.dll (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Application Data\Desktop Security 2010\securityhelper.exe (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Application Data\Desktop Security 2010\taskmgr.dll (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Start Menu\Programs\Desktop Security 2010.LNK (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop Security 2010.LNK (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Local Settings\Temp\test.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Da GuRu 29.03.2010 23:17
Desktop Security 2010 entfernen
 

Desktop Security 2010 immer noch nicht entfernt?

OTH - OTHelper - Kill All Processes


Mit aktualisiertem (!!) Malwarebytes Anti-Malware nach Ausführen von OTH nochmal QUICKSCAN ausführen.

Bitte alle temporären Dateien löschen und Speicherplatz freigeben.


Weitergehende Prüfung

Das System könnte noch nicht vollständig sauber sein.

Daher unbedingt ein Thema erstellen: Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Nicht vergessen mit FRST-Logfiles wie in der Anleitung beschrieben.

Wie man Hilfe bekommt steht auch hier.


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:58 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131