fake antispyware
Nowadays, more and more fake antispywares software that circulates and infected thousands to millions computers in the world. Besides coming from removable storage media such as pen drive, the spyware can spread through e-mail to send fake messages containing attachments.
Spywares act by providing a fake message that resembles the Windows program, which seems to tell that in your computer, there are spyware / spyware, and then install the fake antispyware program ‘XP AntiSpyware 2009’.
To clean it up, there are several steps that need to be done. And this is how :
1. Disconnect the computer from the network.
2. Scan your computer using a removal tool. You can use the removal tool to clean up from Norman (you can download it here; http://download.norman.no/public/Norman_Malware_Cleaner.exe )
3. Remove the registry string, which was created by the spyware. You can use the script below;
[Version]
Signature=”$Chicago$”
Provider=Vaksincom Oyee
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM,Software\CLASSES\batfile\shell\open\command,,,”"”%1″” %*”
HKLM,Software\CLASSES\comfile\shell\open\command,,,”"”%1″” %*”
HKLM,Software\CLASSES\exefile\shell\open\command,,,”"”%1″” %*”
HKLM,Software\CLASSES\piffile\shell\open\command,,,”"”%1″” %*”
HKLM,Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “”%1″”"
HKLM,Software\CLASSES\scrfile\shell\open\command,,,”"”%1″” %*”
HKCU,Software\Microsoft\Internet Explorer\Main, Search Bar, 0
HKCU,Software\Microsoft\Internet Explorer\Main, Search Page, 0
HKCU,Software\Microsoft\Internet Explorer\Main, Start Page, 0
HKLM,SOFTWARE\Microsoft\Internet Explorer\Main, Default_Search_URL, 0
HKLM,SOFTWARE\Microsoft\Internet Explorer\Main, Search Page, 0
HKLM,SOFTWARE\Microsoft\Internet Explorer\Main, Start Page, 0
HKLM,SOFTWARE\Microsoft\Internet Explorer\Search, SearchAssistant, 0
HKLM,SOFTWARE\Microsoft\Security Center, AntispywareDisableNotify, 0
HKLM,SOFTWARE\Microsoft\Security Center, FirewallDisableNotify, 0
HKLM,SOFTWARE\Microsoft\Security Center, UpdateDisableNotify, 0
HKLM,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs, 0
HKLM,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”
[del]
HKCU,Software\Microsoft\Windows\CurrentVersion\Run, braviax
HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Run, braviax
HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Run, brastk
HKCU,Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2, {706ab86c-937e-11dd-a04c-000c290bc510}
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Executions Options, Explorer.exe
Use a notepad, and then save with the name “Repair.inf” (use the Save As Type option to become All Files to avoid the mistakes). Run repair.inf with right-click and select install. Repair.inf should create a file on the computer clean, so that the spywares won’t reactivate themselves.
4. For optimal cleaning and prevent re-infection, you should use the updated antispyware and identify all the installation files of this spyware. And never misses updating regularly
If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!
