Zurück   Trojaner-Board > Malware entfernen > Anleitungen, FAQs & Links

Anleitungen, FAQs & Links: My Security Engine entfernen

Windows 7 Hilfreiche Anleitungen um Trojaner zu entfernen. Viele FAQs & Links zum Thema Sicherheit, Malware und Viren. Die Schritt für Schritt Anleitungen zum Trojaner entfernen sind auch für nicht versierte Benutzer leicht durchführbar. Bei Problemen, einfach im Trojaner-Board nachfragen - unsere Experten helfen kostenlos. Weitere Anleitungen zu Hardware, Trojaner und Malware sind hier zu finden.

Antwort
Alt 24.04.2010, 16:18   #1
AdminBot
Administrator
 
My Security Engine entfernen - Standard

My Security Engine entfernen



My Security Engine entfernen


Was ist My Security Engine?
My Security Engine ist eine weitere Rogue-Malware in Form einer gefälschten Scan-Software, die mittels eines trojanischen Pferdes in den PC eindringt und dem Benutzer weissmacht, den PC nach Malware abzusuchen. Diese Software (My Security Engine) ist ein Fake und selbst eine Schadsoftware und sollte nicht gekauft werden.

Verbreitet wird My Security Engine nicht mehr ausschliesslich über 'dubiose Seiten' für Cracks, KeyGens und Warez, sondern auch seriöse Seiten werden zunehmend für die Verbreitung dieser mißbraucht (http://www.trojaner-board.de/90880-d...tallation.html).




Symptome von My Security Engine:
  • ständige Fake Virenmeldungen von My Security Engine
  • PC läuft langsamer als üblich



An unauthorized program has been prevented from accessing your PC remotely. #Port:433 from 92.11.127.10
An unauthorized software C:\Program Files\Internet Explorer\Iexplore.exe which is potentially malicious and able to modify system files has been prevented from being installed on your PC.

My Security Engine has detected potentially harmful software in your system. It is strongly recommended that you register My Security Engine to remove all found threats immediately.

Process Mbam.exe attempted to modify the address space.

Potentially harmful programs have been detected in your system and need to be dealt with immediately. Click here to remove them using My Security Engine.

Notepad.exe cannot be executed. The file is infected. Please activate your antivirus software.

Your PC may still be infected with dangerous viruses. My Security Engine protection is needed to prevent data loss and avoid theft of your personal data and credit card details. Click here to activate protection.

Suspicious software which may be malicious has been detected on your PC. Click here to remove this threat immediately using My Security Engine.

malicious applications, which may contain Trojans, were found on your computer and are to be removed immediately. Click here to remove these potentially harmful items using My Security Engine.


Dateien von My Security Engine:
Code:
ATTFilter
c:\Documents and Settings\All Users\Application Data\345d567
c:\Documents and Settings\All Users\Application Data\345d567\2322.mof
c:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
c:\Documents and Settings\All Users\Application Data\345d567\MS345d.exe
c:\Documents and Settings\All Users\Application Data\345d567\MSE.ico
c:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll
c:\Documents and Settings\All Users\Application Data\345d567\BackUp\
c:\Documents and Settings\All Users\Application Data\345d567\MSESys\
c:\Documents and Settings\All Users\Application Data\345d567\MSESys\vd952342.bd
c:\Documents and Settings\All Users\Application Data\345d567\Quarantine Items
c:\Documents and Settings\All Users\Application Data\MSHOLE\
c:\Documents and Settings\All Users\Application Data\MSHOLE\MSJKEJCCE.cfg
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\My Security Engine.lnk
%UserProfile%\Application Data\My Security Engine\
%UserProfile%\Application Data\My Security Engine\cookies.sqlite
%UserProfile%\Application Data\My Security Engine\Instructions.ini
%UserProfile%\Desktop\My Security Engine.lnk
%UserProfile%\Recent\ANTIGEN.dll
%UserProfile%\Recent\CLSV.dll
%UserProfile%\Recent\eb.sys
%UserProfile%\Recent\energy.dll
%UserProfile%\Recent\exec.dll
%UserProfile%\Recent\exec.drv
%UserProfile%\Recent\exec.tmp
%UserProfile%\Recent\gid.dll
%UserProfile%\Recent\kernel32.sys
%UserProfile%\Recent\kernel32.tmp
%UserProfile%\Recent\pal.dll
%UserProfile%\Recent\PE.dll
%UserProfile%\Recent\PE.exe
%UserProfile%\Recent\ppal.drv
%UserProfile%\Recent\runddlkey.drv
%UserProfile%\Recent\SICKBOY.sys
%UserProfile%\Recent\tjd.sys
%UserProfile%\Start Menu\My Security Engine.lnk
%UserProfile%\Start Menu\Programs\My Security Engine.lnk
c:\Program Files\Mozilla Firefox\searchplugins\search.xml
         

Registry-Einträge von My Security Engine:
Code:
ATTFilter
HKEY_CURRENT_USER\Software\3
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\MS345d.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" ="http://findgala.com/?&uid=195&q={searchTerms}"
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "My Security Engine"
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
         

My Security Engine im HijackThis-Log:
Code:
ATTFilter
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 67.212.177.251 www.google.com
O1 - Hosts: 67.212.177.251 www.google-analytics.com
O1 - Hosts: 67.212.177.251 www.bing.com
O1 - Hosts: 67.212.177.251 search.yahoo.com
O1 - Hosts: 67.212.177.251 www.search.yahoo.com
O4 - HKCU\..\Run: [My Security Engine] "C:\Documents and Settings\All Users\Application Data\345d567\MS345d.exe" /s /d
         
Angehängte Grafiken
Dateityp: png 1.png (71,8 KB, 5485x aufgerufen)
Dateityp: png 2.png (35,7 KB, 5306x aufgerufen)
Dateityp: png 3.png (35,4 KB, 5192x aufgerufen)
Dateityp: png 4.png (59,5 KB, 5589x aufgerufen)
Dateityp: png 6.png (71,7 KB, 5322x aufgerufen)
Dateityp: png 7.png (16,3 KB, 5225x aufgerufen)

Alt 24.04.2010, 16:20   #2
Da GuRu
Administrator
/// technical service
 

My Security Engine entfernen - Standard

My Security Engine entfernen



My Security Engine entfernen

  • Tool: rkill.com Download Link (umbenannt: iExplore.exe) von Grinler herunterladen und mit doppelklick ausführen.

    Sollte rkill.com nicht starten, versuche es mit der umbenannten Version iExplore.exe






    Das Tool stoppt alle Prozesse von My Security Engine.

    Bei Bedarf mehrmals ausführen, bis alle ungewünschten Prozesse beendet wurden.
  • Starte einen vollständigen Scan mit Malwarebytes Anti-Malware
Achtung: Diese Fake Software wird versuchen, den Einsatz von Malwarebytes zu verhindern. Benenne das Setup vor dem speichern in etwas anderes um (z.B. Herbert.exe).

Falls es vorher nicht funktioniert hat, sollte das Setup jetzt starten.

Wenn das Programm nach der Installation nicht starten sollte, dann benenne die "mbam.exe" in "herbert.exe" um und versuche es erneut.

Sollte MBAM trotzdem nicht starten: Malwarebytes Anti-Malware startet nicht





Code:
ATTFilter
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 760
Registry Values Infected: 16
Registry Data Items Infected: 8
Folders Infected: 1
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupdate.exe (Rogue.MySecurityEngine) -> Quarantined and deleted successfully.
<snipped long list of Image File Execution Options hijacks>
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrt.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\my security engine (Rogue.MySecurityEngine) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Arrakis3.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdreinit.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdsubwiz.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdtkexec.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdwizreg.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\livesrv.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uiscan.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upgrepl.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\seccenter.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=294&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=294&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-19\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=294&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=294&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-20\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=294&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=294&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=294&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=294&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\{username}\Application Data\My Security Engine (Rogue.MySecurityEngine) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\{username}\Application Data\My Security Engine\Instructions.ini (Rogue.MySecurityEngine) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Application Data\My Security Engine\winupdate.exe (Rogue.MySecurityEngine) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Desktop\My Security Engine.lnk (Rogue.MySecurityEngine) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Application Data\Microsoft\Internet Explorer\Quick Launch\My Security Engine.lnk (Rogue.MySecurityEngine) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Start Menu\My Security Engine.lnk (Rogue.MySecurityEngine) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Start Menu\Programs\My Security Engine.lnk (Rogue.MySecurityEngine) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\c07b4bc\MSc07b.exe (Rogue.MySecurityEngine) -> Delete on reboot.
         
  • Lade Dir *HostsXpert*
    auf dem Desktop speichern und entpacken

    * Ordner HostsXpert öffnen
    * HostsXpert.exe doppelklicken
    * klicke auf Restore Microsoft's Hosts File, dann OK
Angehängte Grafiken
Dateityp: png 8.png (19,2 KB, 5286x aufgerufen)
__________________


Alt 24.04.2010, 20:54   #3
AdminBot
Administrator
 
My Security Engine entfernen - Standard

My Security Engine entfernen




My Security Engine immer noch nicht entfernt?

OTH - OTHelper - Kill All Processes


Mit aktualisiertem (!!) Malwarebytes Anti-Malware nach Ausführen von OTH nochmal QUICKSCAN ausführen.

Bitte alle temporären Dateien löschen und Speicherplatz freigeben.


Weitergehende Prüfung

Das System könnte noch nicht vollständig sauber sein.

Daher unbedingt ein Thema erstellen: Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Nicht vergessen mit FRST-Logfiles wie in der Anleitung beschrieben.

Wie man Hilfe bekommt steht auch hier.

__________________

Antwort

Themen zu My Security Engine entfernen
antigen.dll, credit, hijack.searchpage, launch, my security engine, my security engine entfernen, mysecurityengine, mysecurityengine entfernen, notepad.exe, notepad.exe cannot be executed., pc läuft, please activate your antivirus software., rogue.mysecurityengine, scan-software, searchplugins, searchscopes, security.hijack, start menu




Ähnliche Themen: My Security Engine entfernen


  1. Mysearch-engine.net redirect entfernen
    Anleitungen, FAQs & Links - 01.11.2015 (2)
  2. Yahoo Community Smartbar Engine" lässt sich nicht entfernen
    Log-Analyse und Auswertung - 26.10.2014 (4)
  3. "Yahoo Community Smartbar Engine" lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 04.10.2014 (28)
  4. W 8.1,Trojaner kann von mir nicht entfernt werden.Virus: Trojan.GenericKD.1673711 (Engine A),Virus: Win32.Trojan.Pirpi.A (Engine B)
    Plagegeister aller Art und deren Bekämpfung - 21.08.2014 (3)
  5. Snap.do Engine vollständig entfernen
    Plagegeister aller Art und deren Bekämpfung - 05.06.2014 (6)
  6. Snap.do und Sanp.do engine lassen sich nicht aus Systemsteuerung entfernen
    Plagegeister aller Art und deren Bekämpfung - 21.04.2014 (7)
  7. Entfernen von DuckDuckGo Search Engine unter Firefox (OS:Windows 7 (32-Bit))
    Log-Analyse und Auswertung - 05.01.2014 (9)
  8. Win32:Malware-gen [Engine B] und Trojan.GenericKDZ.18343 [Engine A] u.a.
    Log-Analyse und Auswertung - 02.11.2013 (24)
  9. Windows 8 u. IE: snap.do engine lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 27.10.2013 (13)
  10. snap.do engine lässt sich nicht aus der Programmliste entfernen
    Log-Analyse und Auswertung - 20.10.2013 (19)
  11. Win32:Sirefef-AO [Rtk] (Engine B) und Win32:Malware-Gen (Engine B) gefunden!
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (3)
  12. Infizierte Webseite: Trojan.JS.Agent.EUZ (Engine A), HTML:ImgHack-A [Trj] (Engine B)
    Log-Analyse und Auswertung - 31.01.2012 (1)
  13. XP Anti-Spyware 2011, Vista Security 2011, Win 7 Internet Security 2011 entfernen
    Anleitungen, FAQs & Links - 18.02.2011 (2)
  14. Smart Engine entfernen
    Anleitungen, FAQs & Links - 11.10.2010 (2)
  15. Weitergehende Prüfung nach Entfernung von MY Security Engine
    Plagegeister aller Art und deren Bekämpfung - 27.05.2010 (7)
  16. My Security Engine etc
    Plagegeister aller Art und deren Bekämpfung - 04.05.2010 (1)
  17. Win Security 360 entfernen
    Anleitungen, FAQs & Links - 22.02.2010 (2)

Zum Thema My Security Engine entfernen - My Security Engine entfernen Was ist My Security Engine? My Security Engine ist eine weitere Rogue-Malware in Form einer gefälschten Scan-Software, die mittels eines trojanischen Pferdes in den PC eindringt - My Security Engine entfernen...
Archiv
Du betrachtest: My Security Engine entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.