Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Anleitungen, FAQs & Links (https://www.trojaner-board.de/anleitungen-faqs-links/)
-   -   Digital Protection entfernen (https://www.trojaner-board.de/84797-digital-protection-entfernen.html)

AdminBot 12.04.2010 09:26

Digital Protection entfernen
 
Liste der Anhänge anzeigen (Anzahl: 9)
Digital Protection entfernen


Was ist Digital Protection?
Digital Protection gehört zur selben Malware-Familie wie Your Protection. Digital Protection ist eine weitere Rogue-Malware in Form einer gefälschten Scan-Software, die mittels eines trojanischen Pferdes in den PC eindringt und dem Benutzer weissmacht, den PC nach Malware abzusuchen. Diese Software (Digital Protection) ist ein Fake und selbst eine Schadsoftware und sollte nicht gekauft werden.

Verbreitet wird Digital Protection nicht mehr ausschliesslich über 'dubiose Seiten' für Cracks, KeyGens und Warez, sondern auch seriöse Seiten werden zunehmend für die Verbreitung dieser mißbraucht (http://www.trojaner-board.de/90880-d...tallation.html).


http://www.trojaner-board.de/attachm...1&d=1271552538 http://www.trojaner-board.de/attachm...1&d=1271552538

Symptome von Digital Protection:
  • ständige Fake Virenmeldungen von Digital Protection
  • PC läuft langsamer als üblich
  • Stoppt / Verhindert folgene Software:
• F-Secure
• NOD32
• Malwarebytes' Anti-Malware
• Norton Internet Security
• Avira AntiVir
• AVG8
• AntiVir
• Agnitum Outpost Security Suite
• avast!
http://www.trojaner-board.de/attachm...1&d=1271552538 http://www.trojaner-board.de/attachm...1&d=1271552538
http://www.trojaner-board.de/attachm...1&d=1271552538 http://www.trojaner-board.de/attachm...1&d=1271552538 http://www.trojaner-board.de/attachm...1&d=1271552538
http://www.trojaner-board.de/attachm...1&d=1271552538 http://www.trojaner-board.de/attachm...1&d=1271552538
DANGEROUS! ANTIVIRUS DETECTED SOME HARMFUL PROGRAMS ON YOUR PC! THEY MAY CORRUPT YOUR INFORMATION OR SEND IT TO HACKERS.

A security threat detected on your computer! This malicious program may steal your private data. Click on the message to ensure the protection of your computer.

Harmful viruses detected on your computer. This malicious software may harm your computer. Click on the message to ensure the protection of your computer.

A security threat detected on your computer. TrojanASPX.JS.Win32. It strongly recommended to remove this threat right now. Click on the message to remove it.

Unauthorized person tries to steal your passwords and private information. Click on the message to prevent identity theft.

System files of your computer are damaged. Please, restart your system ASAP.


Warning! Virus threat detected!
Virus activity detected!
Trojan-Clicker.Win32 adware has been detected. This adware module advertises websites with explicit content. Be advised of such content being possibly illegal. Please click the button below to locate and remove this threat now.
Dateien von Digital Protection:
Code:

c:\Documents and Settings\All Users\Application Data\fiosejgfse.dll
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Digital Protection.lnk
%UserProfile%\Desktop\Digital Protection Support.lnk
%UserProfile%\Desktop\Digital Protection.lnk
%UserProfile%\Start Menu\Programs\Digital Protection
%UserProfile%\Start Menu\Programs\Digital Protection\About.lnk
%UserProfile%\Start Menu\Programs\Digital Protection\Activate.lnk
%UserProfile%\Start Menu\Programs\Digital Protection\Buy.lnk
%UserProfile%\Start Menu\Programs\Digital Protection\Digital Protection Support.lnk
%UserProfile%\Start Menu\Programs\Digital Protection\Digital Protection.lnk
%UserProfile%\Start Menu\Programs\Digital Protection\Scan.lnk
%UserProfile%\Start Menu\Programs\Digital Protection\Settings.lnk
%UserProfile%\Start Menu\Programs\Digital Protection\Update.lnk
c:\Program Files\Digital Protection
c:\Program Files\Digital Protection\about.ico
c:\Program Files\Digital Protection\activate.ico
c:\Program Files\Digital Protection\buy.ico
c:\Program Files\Digital Protection\dig.db
c:\Program Files\Digital Protection\digext.dll
c:\Program Files\Digital Protection\dighook.dll
c:\Program Files\Digital Protection\digprot.exe
c:\Program Files\Digital Protection\help.ico
c:\Program Files\Digital Protection\scan.ico
c:\Program Files\Digital Protection\settings.ico
c:\Program Files\Digital Protection\splash.mp3
c:\Program Files\Digital Protection\Uninstall.exe
c:\Program Files\Digital Protection\update.ico
c:\Program Files\Digital Protection\virus.mp3
%Temp%\4otjesjty.mof
%Temp%\asd1.tmp
%Temp%\c865.tmp
%Temp%\davclnt.exe
%Temp%\dhdhtrdhdrtr5y
%Temp%\dig.dat
%Temp%\digr.dat


Registry-Einträge von Digital Protection:
Code:

HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\SimpleShlExt
HKEY_LOCAL_MACHINE\SOFTWARE\Digital Protection
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Digital Protection
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Digital Protection"


Digital Protection im HijackThis-Log:
Code:

O4 - HKCU\..\Run: [Digital Protection] "C:\Program Files\Digital Protection\digprot.exe" -noscan

AdminBot 14.04.2010 11:10

Digital Protection entfernen
 
Liste der Anhänge anzeigen (Anzahl: 1)
Digital Protection entfernen
Abgesicherter Modus zur Bereinigung
  • Starte einen vollständigen Scan mit Malwarebytes Anti-Malware
Achtung: Diese Fake Software wird versuchen, den Einsatz von Malwarebytes zu verhindern. Benenne das Setup vor dem speichern in etwas anderes um (z.B. Herbert.exe).

Falls es vorher nicht funktioniert hat, sollte das Setup jetzt starten.

Wenn das Programm nach der Installation nicht starten sollte, dann benenne die "mbam.exe" in "herbert.exe" um und versuche es erneut.

Sollte MBAM trotzdem nicht starten: Malwarebytes Anti-Malware startet nicht

http://www.trojaner-board.de/attachm...ntfernen-2.png

http://www.trojaner-board.de/attachm...1&d=1271552789


Code:

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 22

Memory Processes Infected:
C:\Users\{username}\AppData\Local\Temp\Digital Protection\digprot.exe (Malware.Packer.Gen) -> Unloaded process successfully.

Memory Modules Infected:
C:\Users\{username}\AppData\Local\Temp\Digital Protection\dighook.dll (Malware.Packer.Gen) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\digital protection (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\davclnt.exe (Rogue.DigitalProtection) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection (Rogue.DigitalProtection) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\{username}\AppData\Local\Temp\Digital Protection\dighook.dll (Malware.Packer.Gen) -> Delete on reboot.
C:\Users\{username}\AppData\Local\Temp\Digital Protection\digprot.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\{username}\AppData\Local\Temp\E4CF.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\{username}\AppData\Local\Temp\asd58DB.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\{username}\AppData\Local\Temp\dhdhtrdhdrtr5y (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\{username}\AppData\Local\Temp\PRAGMAaa9.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\{username}\AppData\Local\Temp\TMPE38E.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\{username}\AppData\Local\Temp\Digital Protection\digext.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\{username}\AppData\Local\Temp\Digital Protection\Uninstall.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\About.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Activate.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Buy.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Digital Protection Support.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Digital Protection.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Scan.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Settings.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Update.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Digital Protection.LNK (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\{username}\Desktop\Digital Protection.LNK (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\{username}\AppData\Local\Temp\davclnt.exe (Rogue.DigitalProtection) -> Delete on reboot.
C:\Users\{username}\Favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\ProgramData\fiosejgfse.dll (Rogue.Trace) -> Quarantined and deleted successfully.


Da GuRu 14.04.2010 13:05

Digital Protection entfernen
 

Digital Protection immer noch nicht entfernt?

OTH - OTHelper - Kill All Processes


Mit aktualisiertem (!!) Malwarebytes Anti-Malware nach Ausführen von OTH nochmal QUICKSCAN ausführen.

Bitte alle temporären Dateien löschen und Speicherplatz freigeben.


Weitergehende Prüfung

Das System könnte noch nicht vollständig sauber sein.

Daher unbedingt ein Thema erstellen: Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Nicht vergessen mit FRST-Logfiles wie in der Anleitung beschrieben.

Wie man Hilfe bekommt steht auch hier.



Alle Zeitangaben in WEZ +1. Es ist jetzt 19:26 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131