Usuwanie wirusów

Usuwanie VirusBurst / VirusBurster

 Kolejny BEZUŻYTECZNY !!! program następca znanych nam już takich programów jak SpywareQuake, SpyFalcon, SpyAxe, SpywareStrike itd...zobaczcie że tak naprawdę to twórcy zmieniają tylko kolorki.Program tak jak i w przypadku pozostałych jest aplikowany podczas ściągania i instalowania kodeków audio lub video. Oczywiście dostaniecie "fake alerta" ale odpowiada za niego  Grupa Codecowa   nie program



W logu z hijacka możecie zobaczyć takie wpisy:

C:\Program Files\iMediaCodec\isamonitor.exe
C:\Program Files\iMediaCodec\pmsngr.exe
C:\Program Files\iMediaCodec\pmmon.exe
C:\Program Files\iMediaCodec\isamini.exe

O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\iMediaCodec\isaddon.dll

O3 - Toolbar: Protection Bar - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - C:\Program Files\iMediaCodec\iesplugin.dll
O3 - Toolbar: Protection Bar - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - C:\Program Files\MPVIDEOCODEC\iesplugin.dll

O4 - HKLM\..\Run: [VirusBurst] C:\Program Files\VirusBurst\VirusBurst.exe /h
O4 - HKLM\..\Run: [Virus-Burst] C:\Programme\Virus-Burst\Virus-Burst.exe /h

O21 - SSODL: equestre - {70305bc2-b289-4209-a344-be21f22bc930} - C:\WINDOWS\system32\zphnok.dll
O21 - SSODL: hydrodictyon - {b166be07-30a4-4d38-b781-44528a630706} - C:\WINDOWS\system32\gqagksr.dll
O21 - SSODL: gorgonian - {e944d14a-03aa-43e3-9d0e-4f50c4d1b005} - C:\WINDOWS\system32\eowygj.dll
O21 - SSODL: grindelwald - {168cf174-6dab-461c-a761-a7adfa5a5719} - C:\WINDOWS\system32\xtgwjrm.dll
O21 - SSODL: died - {7fa55359-7223-410f-bc82-efb3e3ded07f} - C:\WINDOWS\system32\gtpbx.dll
O21 - SSODL: campy - {168cf174-6dab-461c-a761-a7adfa5a5719} - C:\WINDOWS\system32\wuwbxp.dll
O21 - SSODL: considerateness - {4d993022-0899-4599-b4b6-0f887d0802e6} - C:\WINDOWS\system32\oqabf.dll
O21 - SSODL: imputable - {6570b782-1a41-4053-b2c9-12c7fcf0d84d} - C:\WINDOWS\system32\duxzj.dll
O21 - SSODL: astrogeology - {2be26361-58a2-4836-be57-b838f02fec3f} - C:\WINDOWS\system32\qxfgcg.dll
O21 - SSODL: hemadynamometer - {6076d2b1-634c-4685-843b-f826045ea5dc} - C:\WINDOWS\system32\syycum.dll
O21 - SSODL: eeler - {1559e6c1-7e5e-4461-9457-6a2dea85eb9f} - C:\WINDOWS\system32\titiau.dll
O21 - SSODL: gaonic - {f31aee4a-1530-4fef-8537-79c6973bff9a} - C:\WINDOWS\system32\tazth.dll
O21 - SSODL: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - C:\WINDOWS\system32\dpfwu.dll
O21 - SSODL: heteropodous - {18c3fa26-192e-4c17-9c0f-76dc9b56c0c2} - C:\WINDOWS\system32\ficqv.dll
O21 - SSODL: breakneck - {06fe8138-6c67-484f-ab1f-42abddd2cbb6} - C:\WINDOWS\system32\qnusjji.dll
O21 - SSODL: horologium - {7be183d2-a42d-4915-bf60-ec86fbf002cf} - C:\WINDOWS\system32\httge.dll

W logu z SmitfraudFix wygląda to tak:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{70305bc2-b289-4209-a344-be21f22bc930}"="equestre"

[HKEY_CLASSES_ROOT\CLSID\{70305bc2-b289-4209-a344-be21f22bc930}\InProcServer32]
@="C:\WINDOWS\system32\zphnok.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{70305bc2-b289-4209-a344-be21f22bc930}\InProcServer32]
@="C:\WINDOWS\system32\zphnok.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b166be07-30a4-4d38-b781-44528a630706}"="hydrodictyon"

[HKEY_CLASSES_ROOT\CLSID\{b166be07-30a4-4d38-b781-44528a630706}\InProcServer32]
@="C:\WINDOWS\system32gqagksr.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b166be07-30a4-4d38-b781-44528a630706}\InProcServer32]
@="C:\WINDOWS\system32\gqagksr.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e944d14a-03aa-43e3-9d0e-4f50c4d1b005}"="gorgonian"

[HKEY_CLASSES_ROOT\CLSID\{e944d14a-03aa-43e3-9d0e-4f50c4d1b005}\InProcServer32]
@="C:\WINDOWS\system32\eowygj.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{e944d14a-03aa-43e3-9d0e-4f50c4d1b005}\InProcServer32]
@="C:\WINDOWS\system32\eowygj.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{4eb548e5-1fb1-4f83-b49f-a3101fe5fc97}"="grindelwald"

[HKEY_CLASSES_ROOT\CLSID\{4eb548e5-1fb1-4f83-b49f-a3101fe5fc97}\InProcServer32]
@="C:\WINDOWS\system32\xtgwjrm.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4eb548e5-1fb1-4f83-b49f-a3101fe5fc97}\InProcServer32]
@="C:\WINDOWS\system32\xtgwjrm.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{7fa55359-7223-410f-bc82-efb3e3ded07f}"="died"

[HKEY_CLASSES_ROOT\CLSID\{7fa55359-7223-410f-bc82-efb3e3ded07f}\InProcServer32]
@="C:\WINDOWS\system32\gtpbx.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7fa55359-7223-410f-bc82-efb3e3ded07f}\InProcServer32]
@="C:\WINDOWS\system32\gtpbx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{168cf174-6dab-461c-a761-a7adfa5a5719}"="campy"

[HKEY_CLASSES_ROOT\CLSID\{168cf174-6dab-461c-a761-a7adfa5a5719}\InProcServer32]
@="C:\WINDOWS\system32\wuwbxp.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{168cf174-6dab-461c-a761-a7adfa5a5719}\InProcServer32]
@="C:\WINDOWS\system32\wuwbxp.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{4d993022-0899-4599-b4b6-0f887d0802e6}"="considerateness"

[HKEY_CLASSES_ROOT\CLSID\{4d993022-0899-4599-b4b6-0f887d0802e6}\InProcServer32]
@="C:\WINDOWS\system32\oqabf.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4d993022-0899-4599-b4b6-0f887d0802e6}\InProcServer32]
@="C:\WINDOWS\system32\oqabf.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{6570b782-1a41-4053-b2c9-12c7fcf0d84d}"="imputable"

[HKEY_CLASSES_ROOT\CLSID\{6570b782-1a41-4053-b2c9-12c7fcf0d84d}\InProcServer32]
@="C:\WINDOWS\system32\duxzj.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6570b782-1a41-4053-b2c9-12c7fcf0d84d}\InProcServer32]
@="C:\WINDOWS\system32\duxzj.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2be26361-58a2-4836-be57-b838f02fec3f}"="astrogeology"

[HKEY_CLASSES_ROOT\CLSID\{2be26361-58a2-4836-be57-b838f02fec3f}\InProcServer32]
@="C:\WINDOWS\system32\qxfgcg.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2be26361-58a2-4836-be57-b838f02fec3f}\InProcServer32]
@="C:\WINDOWS\system32\qxfgcg.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{6076d2b1-634c-4685-843b-f826045ea5dc}"="hemadynamometer"

[HKEY_CLASSES_ROOT\CLSID\{6076d2b1-634c-4685-843b-f826045ea5dc}\InProcServer32]
@="C:\WINDOWS\system32\syycum.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6076d2b1-634c-4685-843b-f826045ea5dc}\InProcServer32]
@="C:\WINDOWS\system32\syycum.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{1559e6c1-7e5e-4461-9457-6a2dea85eb9f}"="eeler"

[HKEY_CLASSES_ROOT\CLSID\{1559e6c1-7e5e-4461-9457-6a2dea85eb9f}\InProcServer32]
@="C:\WINDOWS\system32\titiau.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1559e6c1-7e5e-4461-9457-6a2dea85eb9f}\InProcServer32]
@="C:\WINDOWS\system32\titiau.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{f31aee4a-1530-4fef-8537-79c6973bff9a}"="gaonic"

[HKEY_CLASSES_ROOT\CLSID\{f31aee4a-1530-4fef-8537-79c6973bff9a}\InProcServer32]
@="C:\WINDOWS\system32\tazth.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{f31aee4a-1530-4fef-8537-79c6973bff9a}\InProcServer32]
@="C:\WINDOWS\system32\tazth.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{dfa61db1-388e-4c87-8d56-540fa229bcb4}"="contrabandists"

[HKEY_CLASSES_ROOT\CLSID\{dfa61db1-388e-4c87-8d56-540fa229bcb4}\InProcServer32]
@="C:\WINDOWS\system32\dpfwu.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{dfa61db1-388e-4c87-8d56-540fa229bcb4}\InProcServer32]
@="C:\WINDOWS\system32\dpfwu.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{18c3fa26-192e-4c17-9c0f-76dc9b56c0c2}"="heteropodous"

[HKEY_CLASSES_ROOT\CLSID\{18c3fa26-192e-4c17-9c0f-76dc9b56c0c2}\InProcServer32]
@="C:\WINDOWS\system32\ficqv.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{18c3fa26-192e-4c17-9c0f-76dc9b56c0c2}\InProcServer32]
@="C:\WINDOWS\system32\ficqv.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{06fe8138-6c67-484f-ab1f-42abddd2cbb6}"="breakneck"

[HKEY_CLASSES_ROOT\CLSID\{06fe8138-6c67-484f-ab1f-42abddd2cbb6}\InProcServer32]
@="C:\WINDOWS\system32\qnusjji.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{06fe8138-6c67-484f-ab1f-42abddd2cbb6}\InProcServer32]
@="C:\WINDOWS\system32\qnusjji.dll"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Share dTaskScheduler]
"{7be183d2-a42d-4915-bf60-ec86fbf002cf}"="horologium"

[HKEY_CLASSES_ROOT\CLSID\{7be183d2-a42d-4915-bf60-ec86fbf002cf}\InProcServer32]
@="C:\WINDOWS\system32\httge.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7be183d2-a42d-4915-bf60-ec86fbf002cf}\InProcServer32]
@="C:\WINDOWS\system32\httge.dll"

Plikami odpowiedzialnymi za "fake alert"  są :

C:\WINDOWS\System32\eowygj.dll
C:\WINDOWS\System32\xtgwjrm.dll
C:\WINDOWS\System32\gtpbx.dll
C:\WINDOWS\System32\wuwbxp.dll
C:\WINDOWS\System32\oqabf.dll
C:\WINDOWS\System32\duxzj.dll
C:\WINDOWS\System32\qxfgcg.dll
C:\WINDOWS\System32\syycum.dll
C:\WINDOWS\System32\titiau.dll
C:\WINDOWS\System32\zphnok.dll
C:\WINDOWS\System32\gqagksr.dll
C:\WINDOWS\System32\tazth.dll
C:\WINDOWS\system32\dpfwu.dll
C:\WINDOWS\System32\ficqv.dll
C:\WINDOWS\System32\qnusjji.dll
 C:\WINDOWS\System32\httge.dll
Usuwanie:

W panelu sterowania >>dodaj/usuń programy : odinstalować VirusBurst 6.1.

Zastosować narzędzie ,a macie do wyboru  Roguescanfix ,  Smitfraudfix , RogueRemover

Macie tu linka do filmiku pokazującego jak dochodzi do zarażenia  VirusBurst

Proszę zwrócić uwagę ,że tak naprawdę to sami sobie go instalujemy.