Zurück   Trojaner-Board > Malware entfernen > Anleitungen, FAQs & Links

Anleitungen, FAQs & Links: CleanUp Antivirus entfernen

Windows 7 Hilfreiche Anleitungen um Trojaner zu entfernen. Viele FAQs & Links zum Thema Sicherheit, Malware und Viren. Die Schritt für Schritt Anleitungen zum Trojaner entfernen sind auch für nicht versierte Benutzer leicht durchführbar. Bei Problemen, einfach im Trojaner-Board nachfragen - unsere Experten helfen kostenlos. Weitere Anleitungen zu Hardware, Trojaner und Malware sind hier zu finden.

Antwort
Alt 10.03.2010, 12:10   #1
AdminBot
Administrator
 
CleanUp Antivirus entfernen - Ausrufezeichen

CleanUp Antivirus entfernen



CleanUp Antivirus entfernen


Was ist CleanUp Antivirus?
CleanUp Antivirus ist eine weitere Rogue-Malware in Form einer gefälschten Scan-Software, die mittels eines trojanischen Pferdes in den PC eindringt und dem Benutzer weissmacht, den PC nach Malware abzusuchen. Diese Software (CleanUp Antivirus) ist ein Fake und selbst eine Schadsoftware und sollte nicht gekauft werden.

Verbreitet wird CleanUp Antivirus nicht mehr ausschliesslich über 'dubiose Seiten' für Cracks, KeyGens und Warez, sondern auch seriöse Seiten werden zunehmend für die Verbreitung dieser mißbraucht (http://www.trojaner-board.de/90880-d...tallation.html).




Symptome von CleanUp Antivirus:
  • ständige Fake Virenmeldungen von CleanUp Antivirus
  • PC läuft langsamer als üblich


An unauthorized program has been prevented from accessing your PC remotely. #Port:433 from 75.32.121.16
An unauthorized software C:\Program Files\Internet Explorer\Iexplore.exe which is potentially malicious and able to modify system files has been prevented from being installed on your PC.



Cleanup Antivirus has detected potentially harmful software in your system. It is strongly recommended that you register Cleanup Antivirus to remove all found threats immediately.


Potentially harmful programs have been detected in your system and need to be dealt with immediately. Click here to remove them using Cleanup Antivirus.

Your PC may still be infected with dangerous viruses. Cleanup Antivirus protection is needed to prevent data loss and avoid theft of your personal data and credit card details. Click here to activate protection.


Suspicious software which may be malicious has been detected on your PC. Click here to remove this threat immediately using Cleanup Antivirus.

Click here to remove all potentially harmful programs found immediately using Cleanup Antivirus.

Malicious applications, which may contain Trojans, were found on your computer and are to be removed immediately. Click here to remove these potentially harmful items using Cleanup Antivirus.
No real-time malware, spyware and virus protection was found. Click here to activate.

Dateien von CleanUp Antivirus:
Code:
ATTFilter
c:\Documents and Settings\All Users\Application Data\345d567\
c:\Documents and Settings\All Users\Application Data\345d567\46.mof
c:\Documents and Settings\All Users\Application Data\345d567\CU345d.exe
c:\Documents and Settings\All Users\Application Data\345d567\CUA.ico
c:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
c:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll
c:\Documents and Settings\All Users\Application Data\345d567\BackUp\
c:\Documents and Settings\All Users\Application Data\345d567\CUASys\
c:\Documents and Settings\All Users\Application Data\345d567\CUASys\vd952342.bd
c:\Documents and Settings\All Users\Application Data\345d567\Quarantine Items
c:\Documents and Settings\All Users\Application Data\CUCAISTUA\
c:\Documents and Settings\All Users\Application Data\CUCAISTUA\CUEWA.cfg
c:\Program Files\Mozilla Firefox\searchplugins\search.xml
%UserProfile%\Application Data\CleanUp Antivirus
%UserProfile%\Application Data\CleanUp Antivirus\cookies.sqlite
%UserProfile%\Application Data\CleanUp Antivirus\Instructions.ini
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\CleanUp Antivirus.lnk
%UserProfile%\Desktop\CleanUp Antivirus.lnk
%UserProfile%\Recent\cb.tmp
%UserProfile%\Recent\CLSV.tmp
%UserProfile%\Recent\DBOLE.dll
%UserProfile%\Recent\DBOLE.sys
%UserProfile%\Recent\eb.tmp
%UserProfile%\Recent\exec.tmp
%UserProfile%\Recent\FS.dll
%UserProfile%\Recent\grid.exe
%UserProfile%\Recent\pal.drv
%UserProfile%\Recent\pal.tmp
%UserProfile%\Recent\PE.exe
%UserProfile%\Recent\tempdoc.drv
%UserProfile%\Recent\tempdoc.tmp
%UserProfile%\Recent\tjd.sys
%UserProfile%\Recent\tjd.tmp
%UserProfile%\Start Menu\CleanUp Antivirus.lnk
%UserProfile%\Start Menu\Programs\CleanUp Antivirus.lnk
         

Registry-Einträge von CleanUp Antivirus:
Code:
ATTFilter
HKEY_CURRENT_USER\Software\3
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\CU345d.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "Library1.00195"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "CleanUp Antivirus"
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List "C:\Documents and Settings\All Users\Application Data\345d567\CU345d.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List "C:\Documents and Settings\All Users\Application Data\345d567\CU345d.exe"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
         

CleanUp Antivirus im HijackThis-Log:
Code:
ATTFilter
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 217.23.15.126 www.google.com
O4 - HKCU\..\Run: [CleanUp Antivirus] "C:\Documents and Settings\All Users\Application Data\345d567\CU345d.exe" /s /d
         
Miniaturansicht angehängter Grafiken
CleanUp Antivirus entfernen-1.jpg   CleanUp Antivirus entfernen-2.jpg   CleanUp Antivirus entfernen-3.jpg   CleanUp Antivirus entfernen-4.jpg   CleanUp Antivirus entfernen-5.jpg  

Alt 10.03.2010, 16:10   #2
AdminBot
Administrator
 
CleanUp Antivirus entfernen - Ausrufezeichen

CleanUp Antivirus entfernen



CleanUp Antivirus entfernen

  • Tool: rkill.com Download Link (umbenannt: iExplore.exe) von Grinler herunterladen und mit doppelklick ausführen.
  • Sollte rkill.com nicht starten, versuche es mit der umbenannten Version iExplore.exe





    Das Tool stoppt alle Prozesse von CleanUp Antivirus.

    Bei Bedarf mehrmals ausführen, bis alle ungewünschten Prozesse beendet wurden.
  • Starte einen vollständigen Scan mit Malwarebytes Anti-Malware
Achtung: Diese Fake Software wird versuchen, den Einsatz von Malwarebytes zu verhindern. Benenne das Setup vor dem speichern in etwas anderes um (z.B. Herbert.exe).

Falls es vorher nicht funktioniert hat, sollte das Setup jetzt starten.

Wenn das Programm nach der Installation nicht starten sollte, dann benenne die "mbam.exe" in "herbert.exe" um und versuche es erneut.

Sollte MBAM trotzdem nicht starten: Malwarebytes Anti-Malware startet nicht






Code:
ATTFilter
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 760
Registry Values Infected: 15
Registry Data Items Infected: 8
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
C:\Documents and Settings\{username}\Desktop\CleanUP Antivirus\xp_e13b7[1].exe (Rogue.CleanUpAntivirus) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe (Security.Hijack) -> Quarantined and deleted successfully.
<snipped long list of IFEO hijacks>
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msfwsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\cleanup antivirus (Rogue.CleanUpAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy
\StandardProfile\AuthorizedApplications\List\c:\documents and settings\metallica\desktop\cleanup antivirus\xp_e13b7[1].exe (Rogue.CleanUpAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Arrakis3.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdreinit.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdsubwiz.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdtkexec.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdwizreg.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\livesrv.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uiscan.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upgrepl.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\seccenter.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=7&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=7&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-19\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=7&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=7&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-20\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=7&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=7&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=7&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=7&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\{username}\Application Data\CleanUp Antivirus (Rogue.CleanUpAntivirus) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\{username}\Desktop\CleanUP Antivirus\xp_e13b7[1].exe (Rogue.CleanUpAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Application Data\CleanUp Antivirus\Instructions.ini (Rogue.CleanUpAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Desktop\CleanUp Antivirus.LNK (Rogue.CleanUpAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Start Menu\CleanUp Antivirus.LNK (Rogue.CleanUpAntivirus) -> Quarantined and deleted successfully.
         
  • Lade Dir *HostsXpert*
    auf dem Desktop speichern und entpacken

    * Ordner HostsXpert öffnen
    * HostsXpert.exe doppelklicken
    * klicke auf Restore Microsoft's Hosts File, dann OK
Miniaturansicht angehängter Grafiken
CleanUp Antivirus entfernen-6.jpg  
__________________


Alt 13.03.2010, 05:58   #3
Da GuRu
Administrator
/// technical service
 

CleanUp Antivirus entfernen - Standard

CleanUp Antivirus entfernen




CleanUp Antivirus immer noch nicht entfernt?

OTH - OTHelper - Kill All Processes


Mit aktualisiertem (!!) Malwarebytes Anti-Malware nach Ausführen von OTH nochmal QUICKSCAN ausführen.

Bitte alle temporären Dateien löschen und Speicherplatz freigeben.


Weitergehende Prüfung

Das System könnte noch nicht vollständig sauber sein.

Daher unbedingt ein Thema erstellen: Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Nicht vergessen mit FRST-Logfiles wie in der Anleitung beschrieben.

Wie man Hilfe bekommt steht auch hier.

__________________

Antwort

Themen zu CleanUp Antivirus entfernen
antivirus, antivirus entfernen, antivirus protection, cleanup, cleanup antivirus, cleanup antivirus entfernen, credit, entfernen, hijack.searchpage, launch, pc läuft, rogue-malware, rogue.cleanupantivirus, scan-software, searchplugins, searchscopes, start menu, user agent



Ähnliche Themen: CleanUp Antivirus entfernen


  1. XP Antivirus Pro 2013 entfernen
    Anleitungen, FAQs & Links - 05.11.2012 (2)
  2. Wolfram Antivirus entfernen
    Anleitungen, FAQs & Links - 15.08.2011 (2)
  3. AVG Antivirus 2011 entfernen
    Anleitungen, FAQs & Links - 28.01.2011 (2)
  4. Antivirus .NET entfernen
    Anleitungen, FAQs & Links - 28.01.2011 (2)
  5. Antivirus Action entfernen
    Anleitungen, FAQs & Links - 11.10.2010 (2)
  6. Antivirus IS entfernen
    Anleitungen, FAQs & Links - 04.10.2010 (2)
  7. Antivirus 8 entfernen
    Anleitungen, FAQs & Links - 25.09.2010 (2)
  8. AWM Antivirus entfernen
    Anleitungen, FAQs & Links - 01.09.2010 (2)
  9. XJR Antivirus entfernen
    Anleitungen, FAQs & Links - 24.05.2010 (2)
  10. Wie kann ich CleanUp Antivirus deinstallieren oder entfernen?
    Plagegeister aller Art und deren Bekämpfung - 15.04.2010 (1)
  11. Antivirus Suite entfernen
    Anleitungen, FAQs & Links - 02.04.2010 (2)
  12. AntiVirus entfernen
    Anleitungen, FAQs & Links - 28.03.2010 (2)
  13. Paladin Antivirus entfernen!?
    Plagegeister aller Art und deren Bekämpfung - 01.03.2010 (5)
  14. Paladin Antivirus entfernen
    Anleitungen, FAQs & Links - 13.02.2010 (2)
  15. Conficker/ cleanup tool oder removal tool ?
    Plagegeister aller Art und deren Bekämpfung - 23.04.2009 (0)
  16. Antivirus 360 eingefangen, wie entfernen.
    Plagegeister aller Art und deren Bekämpfung - 04.02.2009 (0)
  17. wo finde ich CleanUp?
    Antiviren-, Firewall- und andere Schutzprogramme - 25.06.2005 (3)

Zum Thema CleanUp Antivirus entfernen - CleanUp Antivirus entfernen Was ist CleanUp Antivirus? CleanUp Antivirus ist eine weitere Rogue-Malware in Form einer gefälschten Scan-Software, die mittels eines trojanischen Pferdes in den PC eindringt und dem Benutzer - CleanUp Antivirus entfernen...
Archiv
Du betrachtest: CleanUp Antivirus entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.