Noul virus transmis pe Yahoo! Messenger - Dezinfectie

 Pentru ca foarte multi dintre voi s-au infectat cu acest virus transmis prin Yahoo! Messenger, vin in ajutorul vostru cu acest topic care sper sa va fie de folos.
Virusul se foloseste de naivitatea celor ce dau click pe toate link-urile primite, de la persoanele care deja s-au infectat. Asadar chiar daca cunoasteti persoana care a trimis link-ul evitati sa dati click pana nu va asigurati ca adresa primita este curata.

Versiuni ale virusului gasite pana acum:
  • MD5: 679916cf4648cb59a2c2a57a6f58910c
  • MD5: 4a8059a95f6147967cb9ebb294a8bcda
  • MD5: 38dcbf09ac7c3ab86d764d43d4e3c7c3
  • MD5: d346f41a399553e4d0d5d168f1b81d5b
  • MD5: 978e62ffbf8d66eb9f739b4e0c9858ca
  • MD5: 528d863897729669b4e62bdd7e38f52c
  • MD5: 2477f583f04a109485f7728da367a635
  • MD5: 3e5f638a208f74fa24ac2b566c9af88f
  • MD5: f03570f79337b9820d86b131eb1c8b86
  • MD5: b45cd530f1bf4d9bb389514f756bca76
  • MD5: f4ec8c9d9a2adc83a260989a160a4291
  • MD5: 946b5ac58f0583f6a48b23da877ff830
  • MD5: 91009117404865ea9e05d309155b704c
  • MD5: cc6f5c421686fc1f992ca7fad9812c37
  • MD5: 136b29e988545584c42f505ec0114e88
  • MD5: 82aaf880b39bcc169193b79f4d7ee571
  • MD5: 58a3bb46f38478217177400189031e7b
  • MD5: e9e9f65e1b0364907a4195de87d743ba

Daca primiti link-uri asemanatoare cu cele de mai jos, NU dati click!

  • foto : hxxp://urlmages.com/image.php
  • foto : hxxp://photos4vpspace.com/image.php
  • foto : hxxp://ficasebokse.com/image.php
  • foto : hxxp://walletimages.com/image.php
  • foto : hxxp://discophotos.net/image.php
  • foto : hxxp://viplmages.com/image.php
  • foto : hxxp://phlmages.com/image.php
  • foto : hxxp://imsn-lmages.com/image.php
  • foto : hxxp://space4l.com/image.php
  • foto : hxxp://dlmages.com/image.php
  • foto : hxxp://bflmages.com/image.php
  • foto : hxxp://photo4urspace.com/image.php
  • foto : hxxp://joblin.co.nz/image.php
  • foto : hxxp://memorylmages.com/image.php
  • foto : hxxp://wallerimages.com/image.php
  • foto : hxxp://mbi-photos.com/image.php
  • foto : hxxp://keralawebhosting.biz/image.php
  • foto : hxxp:///lmagesspot.com/image.php
  • foto : hxxp://foto-spaces.com/image.php
  • foto : hxxp://photos-fb.com/image.php
  • foto : hxxp://lmages-space.com/image.php
  • foto : hxxp://myspace-lmg.com/image.php
  • foto : hxxp://enfinito.net/image.php
  • foto : hxxp://lmagesbucket.com/image.php
  • foto : hxxp://margaretiamges.com/image.php
  • foto : hxxp://facebook-lmg.com/image.php
  • foto : hxxp://beautyphotoson.com/image.php
  • foto : hxxp://myspace-lmages.com/image.php
  • foto : hxxp://lmages.net/image.php
  • foto : hxxp://myspace-imb.biz/image.php
  • foto : hxxp://lmb-space.com/image.php
  • foto : hxxp://facebook-lmages.com/image.php
  • foto : hxxp://facebook-imb.com/image.php
  • foto : hxxp://yungimages.net/image.php
  • foto : hxxp://mimapic.com/image.php
  • foto : hxxp://domimages.net/image.php
  • foto : hxxp://post-photos.com/image.php
  • foto : hxxp://kompnk.com/image.php
  • foto : hxxp://domeimg.com/image.php
  • foto : hxxp://vertiphotos.com/image.php
  • foto : hxxp://myphotoarchives.net/image.php
  • foto : hxxp://tvicephotos.com/image.php
  • foto : hxxp://mycomimg.com/image.php
  • foto : hxxp://smallimg4u.com/image.php
  • foto : hxxp://miggiphotos.com/image.php
  • foto : hxxp://funwiththisguy.com/image.php
  • foto : hxxp://zhelefun.com/image.php
  • foto : hxxp://tviceimg.com/image.php
  • foto : hxxp://ariafotos.com/image.php
  • foto : hxxp://tusfbfotos.com/image.php
  • foto : hxxp://twittersphoto.com/image.php
  • foto : hxxp://tuesimages.com/image.php
  • foto : hxxp://red-myspace.com/image.php
  • foto : hxxp://yunphotos.net/image.php
  • foto : hxxp://limpskr.com/image.php
  • foto : hxxp://mycomimg.com/image.php
  • foto : hxxp://ceceliaimg.com/image.php


          DEZINFECTIE AUTOMATA (recomandata):

Descarcati si rulati Palevo Removal.

http://download.bitdefender.com/resources/...levo.Gen-EN.zip 

Daca problema nu se rezolva, urmati pasii de mai jos.
  1. Descarcati Malwarebytes' Anti-Malware si instalati-l.
  2. Asigurati-va ca este actualizat (Update -> Check for Updates), scoateti cablul de Internet si opriti protectia real-time (scutul) a antivirus-ului instalat pe PC.


  3. Scanati full (Perform full scan -> Scan).


  4. La terminarea scanarii apasati OK, apoi Show Results.


  5. Asigurati-va ca totul este bifat si apasati Remove Selected.


  6. Vă va cere restart. Apasati Yes!










      


    DEZINFECTIE MANUALA:

    Stergeti fisierele:
    • C:\\infocard.exe
    • C:\\mds.sys
    • C:\\mdt.sys
    • C:\\winbrd.jpg
    • C:\\\secupdat.dat
    • C:\Documents and Settings SAU Users\\jjf.exe (random)


    Rulati cleaner.reg dupa dezarhivare:


    Stergeti urmatoarele intrari in registru:
    • [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
      "<>"="C:\\WINDOWS\\infocard.exe:*:Enabled:Firewall Administrating"
    • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
      "<>"="C:\\WINDOWS\\infocard.exe:*:Enabled:Firewall Administrating"
    • [HKEY_USERS\<>\Software\Microsoft\Windows\CurrentVersion\Run]
      "Firewall Administrating"="C:\\WINDOWS\\infocard.exe"


    NOTA: <> reprezinta adresa la care a fost rulat fisierul (virusul), iar <> este cod generat de fiecare sistem. Folositi functia Find (Edit -> Find...) din Registry Editor pentru a viza toate intrarile.

     Sursa: Softpedia





Niciun comentariu:

Trimiteți un comentariu