Sicurezza & Privacy
Il forum é stato trasferito su un nuovo dominio. Novitą e tanto altro vi aspettano al nuovo indirizzo del forum, www.sicurezzaeprivacy.net/forum.

Grazie , Lo staff.



PCPrivacy Defender - Guida alla rimozione

Vedere l'argomento precedente Vedere l'argomento seguente Andare in basso

PCPrivacy Defender - Guida alla rimozione

Messaggio  Steve75 il Sab Mag 02, 2009 12:24 pm

PCPrivacy Defender é un rogue software che si installa senza il permesso dell'utente. Il malware visualizza falsi avvisi facendovi credere di essere infetti da uno spyware e vi raccomanda di comprare la versione integrale del falso programma per ripulire il vostro computer.

PCPrivacy Defender é della stessa famiglia di SysAntivirus 2009 , gią referenziato nella nostra lista di rogue.

I sintomi che presenta un pc rimasto vittima di PCPrivacy Defender possono essere:

- Accesso negato a file e documenti
- Aumento di Email Spam
- Sistema rallentato
- Settaggi del browser modoficati
- Popup continui
etc..etc..

Ecco qualche screen per riconoscerlo qualora lo incontraste:





File e cartelle create dal rogue:

Codice:
C:\Program Files\PCPrivacyDefender Freeware
C:\Program Files\PCPrivacyDefender Freeware\Appbase
C:\Documents and Settings\All Users\Application Data\PCPrivacyDefender Freeware
C:\Documents and Settings\All Users\Application Data\PCPrivacyDefender Freeware\Data
C:\Documents and Settings\All Users\Start Menu\Programs\PCPrivacyDefender Freeware
C:\Program Files\PCPrivacyDefender Freeware\UPSPDAP.exe
C:\Program Files\PCPrivacyDefender Freeware\activate.dat
C:\Program Files\PCPrivacyDefender Freeware\ATL80.dll
C:\Program Files\PCPrivacyDefender Freeware\AV.dat
C:\Program Files\PCPrivacyDefender Freeware\bnlink.dat
C:\Program Files\PCPrivacyDefender Freeware\lapv.dat
C:\Program Files\PCPrivacyDefender Freeware\license.rtf
C:\Program Files\PCPrivacyDefender Freeware\mfc80.dll
C:\Program Files\PCPrivacyDefender Freeware\Microsoft.VC80.ATL.manifest
C:\Program Files\PCPrivacyDefender Freeware\Microsoft.VC80.CRT.manifest
C:\Program Files\PCPrivacyDefender Freeware\Microsoft.VC80.MFC.manifest
C:\Program Files\PCPrivacyDefender Freeware\msvcp80.dll
C:\Program Files\PCPrivacyDefender Freeware\msvcr80.dll
C:\Program Files\PCPrivacyDefender Freeware\PP.exe
C:\Program Files\PCPrivacyDefender Freeware\pv.dat
C:\Program Files\PCPrivacyDefender Freeware\readme.rtf
C:\Program Files\PCPrivacyDefender Freeware\remnag.dat
C:\Program Files\PCPrivacyDefender Freeware\ScanReport.dat
C:\Program Files\PCPrivacyDefender Freeware\Schedule.dat
C:\Program Files\PCPrivacyDefender Freeware\softwaredetect.dat
C:\Program Files\PCPrivacyDefender Freeware\unins000.dat
C:\Program Files\PCPrivacyDefender Freeware\unins000.exe
C:\Program Files\PCPrivacyDefender Freeware\uninstall.ico
C:\Program Files\PCPrivacyDefender Freeware\up.dat
C:\Program Files\PCPrivacyDefender Freeware\updater.dat
C:\Program Files\PCPrivacyDefender Freeware\UPSPDAP.url
C:\Program Files\PCPrivacyDefender Freeware\UPSPDAP.xml
C:\Program Files\PCPrivacyDefender Freeware\UserAgent.dll
C:\Program Files\PCPrivacyDefender Freeware\vbpv.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\AE_CD_Cr.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\AReadr4.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\AReadr5.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\ASDSEEpv.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\ASPack.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\Babylon.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\BDelphi5.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\CatchUp.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\CBuildr5.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\CCGA.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\CManager.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\CuteFTP4.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\CuteHTML.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\DAcceler.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\DiscJug.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\ECDCreat4.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\Far.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\FFTsks.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\FlashFXP.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\FrntPage.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\FrontPEx.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\FtpEXP.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\FtpVoya.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\GetRight.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\GoZilla.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\GravMRU.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\HomeSite.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\HotDogPr.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\H_TxtPad.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\IconExtr.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\iMesh.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\ImgReady3.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\InsShExp.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\JASC_P_P.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\KaZaA.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\LView.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\MacDir.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\MacDrWea.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\MicAng.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\MicDes.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\MMUnDisk.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\MM_CON.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\Morpheus.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\MPaint.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\MPicPub.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\MPImaGal.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\MSExplorer.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\MSoffice.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\MSRegEdit.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\MSWMP.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\MSWordPad.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\Nero.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\NetShow.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\NTBackup.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\pfilelst.xda
C:\Program Files\PCPrivacyDefender Freeware\Appbase\PhotShel.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\PHPCoder.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\PowerZIP.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\RapidBr.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\RealAuPl.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\RealDown.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\SecurCRT.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\SL_BlWin.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\SmartClr.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\Sonique.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\StuffIt.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\TelepPro.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\UGifAnim.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\UltraEd.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\UMedStud.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\UPhImpV.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\UPhotoEx.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\UVidStud.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\VNC.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\WebFeret.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\WebReap.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\WinACE.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\WinGate.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\WinRAR.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\WinZIP.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\WiseInst.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\wordslst.xda
C:\Program Files\PCPrivacyDefender Freeware\Appbase\YahooPl.dat
C:\Program Files\PCPrivacyDefender Freeware\Appbase\ZipMagic.dat
C:\Documents and Settings\All Users\Application Data\PCPrivacyDefender Freeware\Data\ActivationCode
C:\Documents and Settings\All Users\Start Menu\Programs\PCPrivacyDefender Freeware\PCPrivacyDefender Freeware.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\PCPrivacyDefender Freeware\PCPrivacyDefender HomePage.url
C:\Documents and Settings\All Users\Start Menu\Programs\PCPrivacyDefender Freeware\Uninstall PCPrivacyDefender.lnk


Chiavi di registro aggiunte dal rogue

Codice:
HKEY_LOCAL_MACHINE\SOFTWARE\cleaner2009 freeware
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UPSPDAP_install_is1
HKEY_CURRENT_USER\SOFTWARE\PCPrivacyDefender Freeware
HKEY_LOCAL_MACHINE\SOFTWARE\PCPrivacyDefender Freeware
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pcprivacydefender freeware
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\PCPrivacyDefender Freeware\ATL80.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\PCPrivacyDefender Freeware\mfc80.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\PCPrivacyDefender Freeware\msvcp80.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\PCPrivacyDefender Freeware\msvcr80.dll


Eliminazione manuale (per i piu esperti)

1. Da task manager (CTRL + ALT + DEL) Killare i processi:
UPSPDAP.exe

2. Disinstallare se presente (Pannello di controllo - Aggiungi/rimuovi programmi)
PCPrivacyDefender Freeware 1.0.18.0

3. Dal registro (Start - esegui - regedit - ok) eliminare:
HKEY_CURRENT_USER\Software\PCPrivacyDefender Freeware
HKEY_LOCAL_MACHINE\SOFTWARE\Cleaner2009 Freeware
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UPSPDAP_install_is1
HKEY_LOCAL_MACHINE\SOFTWARE\PCPrivacyDefender Freeware
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "UPSPDAP 1.0.18.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "PCPrivacyDefender Freeware"


4. Assicuratevi di avere accesso a file e cartelle nascosti
(Pannello di controllo-> Opzioni Cartella-> Visualizzazione)
1) metti la spunta su: Visualizza file e cartelle nascoste
2) Disattiva: nascondi file protetti di sistema

5. Rimuovere file e cartelle aggiunti dal rogue:
# Cartelle:
C:\Program Files\PCPrivacyDefender Freeware
C:\Documents and Settings\All Users\Application Data\PCPrivacyDefender Freeware
C:\Documents and Settings\All Users\Start Menu\Programs\PCPrivacyDefender Freeware

# File:
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\PCPrivacyDefender Freeware.lnk
%UserProfile%\Desktop\PCPrivacyDefender Freeware.lnk



Rimozione automatica

1. Installazione e scan con Mawarebyte's Antimalware
2. Fix con il tool SmitfraudFix

Steve75
Admin
Admin

Numero di messaggi : 614
Data d'iscrizione : 11.05.08

Vedere il profilo dell'utente http://pc-security.forumattivo.com

Tornare in alto Andare in basso

Vedere l'argomento precedente Vedere l'argomento seguente Tornare in alto

- Argomenti simili

 
Permesso di questo forum:
Non puoi rispondere agli argomenti in questo forum