AdminBot | 02.02.2012 05:48 | Smart Anti-Malware Protection entfernen Liste der Anhänge anzeigen (Anzahl: 4) Smart Anti-Malware Protection entfernen Was ist Smart Anti-Malware Protection?
Smart Anti-Malware Protection ist ein Teil der Malware Virus Doctor. Smart Anti-Malware Protection ist eine weitere Rogue-Malware in Form einer gefälschten Scan-Software, die mittels eines sog. Trojaners in den PC eindringt und dem Benutzer weissmacht, den PC nach Malware abzusuchen. Diese Software (Smart Anti-Malware Protection) ist ein Fake und selbst eine Schadsoftware und sollte nicht gekauft werden.
Da solche Software wie Smart Anti-Malware Protection sich gegen jede Entfernung wehren wird und Smart Anti-Malware Protection oftmals noch Rootkits mitinstalliert, sollte eine Neuinstallation des Systems in Erwägung gezogen werden.
Verbreitet wird Scareware wie Smart Anti-Malware Protection nicht mehr ausschliesslich über 'dubiose Seiten' für Cracks, KeyGens und Warez, sondern auch seriöse Seiten werden zunehmend für die Verbreitung dieser mißbraucht ( http://www.trojaner-board.de/90880-d...tallation.html).
Der wichtigste Schutz vor einer Infizierung ist ein aktuelles Windows (mit allen Updates) und aktuelle Drittanbietersoftware wie Java oder Adobe Flash! http://www.trojaner-board.de/attachm...1&d=1328503848 http://www.trojaner-board.de/attachm...1&d=1328503848 http://www.trojaner-board.de/attachm...1&d=1328503848 Symptome von Smart Anti-Malware Protection:- ständige Fake Virenmeldungen von Smart Anti-Malware Protection
- PC läuft seit Smart Anti-Malware Protection langsamer als üblich
http://www.trojaner-board.de/attachm...1&d=1328503848 Fake-Meldungen von Smart Anti-Malware Protection: %UserProfile%\Recent\ANTIGEN.exe %UserProfile%\Recent\CLSV.drv %UserProfile%\Recent\ddv.exe %UserProfile%\Recent\eb.dll %UserProfile%\Recent\kernel32.sys %UserProfile%\Recent\PE.drv %UserProfile%\Recent\PE.sys %UserProfile%\Recent\SICKBOY.tmp Warning! Access conflict detected! An unidentified program is trying to access system process address space. Process Name: AllowedForm Location: C:\Windows\...\notepad.exe Warning! Identity theft attempt detected Memory access problem WindowsErrorForm has encountered a problem at address 0x1FC408. We are sorry for the inconvenience. If you see this error again, operational information can be irrevocably lost. Warning! Virus detected Threat Detected: Trojan-PSW.VBS.Half Description: This is a VBScript-virus. It steals user's passwords. Dateien von Smart Anti-Malware Protection: Code:
%AppData%\Microsoft\Internet Explorer\Quick Launch\Smart Anti-Malware Protection.lnk
%AppData%\Smart Anti-Malware Protection\
%AppData%\Smart Anti-Malware Protection\cookies.sqlite
%AppData%\Smart Anti-Malware Protection\Instructions.ini
%CommonAppData%\79b35\
%CommonAppData%\79b35\SAa76.exe
%CommonAppData%\79b35\SAMP.ico
%CommonAppData%\79b35\367.mof
%CommonAppData%\79b35\mozcrt19.dll
%CommonAppData%\79b35\sqlite3.dll
%CommonAppData%\79b35\BackUp\
%CommonAppData%\79b35\BackUp\Adobe Reader Speed Launch.lnk
%CommonAppData%\79b35\BackUp\Adobe Reader Synchronizer.lnk
%CommonAppData%\79b35\SAMPSys\
%CommonAppData%\79b35\Quarantine Items\
%CommonAppData%\SAPPKIDMP\
%CommonAppData%\SAPPKIDMP\SAQNMP.cfg
%Desktop%\Smart Anti-Malware Protection.lnk
%StartMenu%\Smart Anti-Malware Protection.lnk
%StartMenu%\Programs\Smart Anti-Malware Protection.lnk
%UserProfile%\Recent\ANTIGEN.exe
%UserProfile%\Recent\CLSV.drv
%UserProfile%\Recent\ddv.exe
%UserProfile%\Recent\eb.dll
%UserProfile%\Recent\kernel32.sys
%UserProfile%\Recent\PE.drv
%UserProfile%\Recent\PE.sys
%UserProfile%\Recent\SICKBOY.tmp Registry-Einträge von Smart Anti-Malware Protection: Code:
HKEY_CURRENT_USER\Software\3
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\SAaa1_7.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=7&q={searchTerms}"
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=7&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "UID" = "7"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "88880584903"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "Version/12.00007"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "DisallowRun" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "0" ="msseces.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "1" = "MSASCui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "10" = "avgscanx.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "11" = "avgcfgex.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "12" = "avgemc.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "13" = "avgchsvx.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "14" = "avgcmgr.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "15" = "avgwdsvc.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "2" = "ekrn.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "3" = "egui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "4" = "avgnt.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "5" = "avcenter.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "6" = "avscan.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "7" = "avgfrw.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "8" = "avgui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "9" = "avgtray.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Smart Anti-Malware Protection"
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=7&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmavsp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\livesrv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPFSrv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netd32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onsrvr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\popscan.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WinSSUI.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpf202en.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe
... any many more Image File Execution Options entries. Smart Anti-Malware Protection im HijackThis-Log: Code:
O4 - HKCU\..\Run: [Smart Anti-Malware Protection] "%CommonAppData%\79b35\SAa76.exe" /s /d |