Trojaner-Board - Win Antispyware Center entfernen

Trojaner-Board (https://www.trojaner-board.de/)

- Anleitungen, FAQs & Links (https://www.trojaner-board.de/anleitungen-faqs-links/)

- - Win Antispyware Center entfernen (https://www.trojaner-board.de/86404-win-antispyware-center-entfernen.html)

Win Antispyware Center entfernen

Win Antispyware Center entfernen

Was ist Win Antispyware Center?
Win Antispyware Center ist eine weitere Rogue-Malware in Form einer gefälschten Scan-Software, die mittels eines Trojaners in den PC eindringt und dem Benutzer weissmacht, den PC nach Malware abzusuchen. Diese Software (Win Antispyware Center) ist ein Fake und selbst eine Schadsoftware und sollte auf gar keinen Fall gekauft werden.

Verbreitet wird Win Antispyware Center nicht mehr ausschliesslich über 'dubiose Seiten' für Cracks, KeyGens und Warez, sondern auch seriöse Seiten werden zunehmend für die Verbreitung dieser mißbraucht (http://www.trojaner-board.de/90880-d...tallation.html).

http://www.trojaner-board.de/attachm...1&d=1275569962 http://www.trojaner-board.de/attachm...1&d=1275569962

Symptome von Win Antispyware Center:

ständige Fake Virenmeldungen von Win Antispyware Center
PC läuft langsamer als üblich

http://www.trojaner-board.de/attachm...1&d=1275569962 http://www.trojaner-board.de/attachm...1&d=1275569962 http://www.trojaner-board.de/attachm...1&d=1275569962
http://www.trojaner-board.de/attachm...1&d=1275569962 http://www.trojaner-board.de/attachm...1&d=1275569962 http://www.trojaner-board.de/attachm...1&d=1275569962 http://www.trojaner-board.de/attachm...1&d=1275569962

Fake-Meldungen von Win Antispyware Center

Critical System Alert!
Unknown software is try to take control over your system!

Malware intrusion!
Sensitive areas of your system ware found to be under attack. Spy software attack or virus infection possible. Prevent further damage or your private data will get stolen. Run an anti-spyware scan now. Click here to start.

Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.

System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working in the background right now. Perform an in-depth scan and removal now, click here.

System hacked!
Unknown program is scanning your system registry right now! Identity theft detected!

Threat detected!
Security alert! Your computer was found to be infected with privacy-threatening software. Private data may get stolen and systemmay be severe. Recover your PC from the infection right now, perform a security scan.

Severe system damage!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working in the background right now. Perform an in-depth scan and removal now, click here.

Security Breach!
Beware! Spyware infection was found. Your system security is at risk. Private information may get stolen, and your PC activity may get monitored. Click for and anti-spyware scan.

System hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.

Privacy alert!
Rogue malware detected in your system. Data leaks and system damage are possible. Click here for a free security scan and spyware deletion.

Privacy threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.

Virus infection!
System security was found to be compromised. Your computer is now infected. Attention, irreversible system changes may occur. Private data may get stolen. Click here now for an instant anti-virus scan.

Dateien von Win Antispyware Center:

Code:

c:\Program Files\WinAntispywareCenter\

c:\Program Files\WinAntispywareCenter\av.exe

Registry-Einträge von Win Antispyware Center:

Code:

HKEY_CURRENT_USER\Software\Classes\secfile

HKEY_CURRENT_USER\Software\Win Antispyware Center

HKEY_CLASSES_ROOT\secfile

HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "C:\Program Files\WinAntispywareCenter\av.exe" /START "%1" %*

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Win Antispyware Center"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Win Antispyware Center"

Win Antispyware Center im HijackThis-Log:

Code:

O4 - HKLM\..\Run: [Win Antispyware Center] C:\Program Files\WinAntispywareCenter\av.exe

O4 - HKCU\..\Run: [Win Antispyware Center] C:\Program Files\WinAntispywareCenter\av.exe

Win Antispyware Center entfernen

Win Antispyware Center entfernen

Stoppe alle Prozesse mit OTH

Anleitung: http://www.trojaner-board.de/83878-o...processes.html

Starte einen vollständigen Scan mit Malwarebytes Anti-Malware

Achtung: Diese Fake Software wird versuchen, den Einsatz von Malwarebytes zu verhindern. Benenne das Setup vor dem speichern in etwas anderes um (z.B. Herbert.exe).

Falls es vorher nicht funktioniert hat, sollte das Setup jetzt starten.

Wenn das Programm nach der Installation nicht starten sollte, dann benenne die "mbam.exe" in "herbert.exe" um und versuche es erneut.

Sollte MBAM trotzdem nicht starten: Malwarebytes Anti-Malware startet nicht

http://www.trojaner-board.de/attachm...ntfernen-2.png

http://www.trojaner-board.de/attachm...1&d=1275570831

Code:

Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 4 Registry Data Items Infected: 4 Folders Infected: 1 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\Software\Win Antispyware Center (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\win antispyware center (Rogue.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\win antispyware center (Rogue.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Program Files\WinAntispywareCenter\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\WinAntispywareCenter (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\WinAntispywareCenter\av.exe (Rogue.Agent) -> Quarantined and deleted successfully.

Win Antispyware Center entfernen

Win Antispyware Center immer noch nicht entfernt?

OTH - OTHelper - Kill All Processes

Mit aktualisiertem (!!) Malwarebytes Anti-Malware nach Ausführen von OTH nochmal QUICKSCAN ausführen.

Bitte alle temporären Dateien löschen und Speicherplatz freigeben.

Weitergehende Prüfung

Das System könnte noch nicht vollständig sauber sein.

Daher unbedingt ein Thema erstellen: Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Nicht vergessen mit FRST-Logfiles wie in der Anleitung beschrieben.

Wie man Hilfe bekommt steht auch hier.