July 19, 2008

How to remove MalwareProtector2008 ?

MalwareProtector2008 is a suspicious/useless application similar to AntiVirusXP2008, and WinIFixer. This software always warns about false or un- existing threats on computer. And also asks user to purchase a particular software to remove those threats. This software may not be installed without human interference.

This malware displays warning messages similar to these shown below :

--------- Message 1 -------------

Warning!
Spyware detected on your computer!
Install an antivirus or spyware remover to clean your computer

Then it displays a Malware Alert!

--------- Message 2 -------------

Warning !
Adware.Win32.MalwareAlarm attack! Adware.Win32.MalwareAlarm gathers your private data, such as BANKING INFORMATION, passwords and sent it to attacker. Also this frauware can upload malicious software to your PC without your notice and make a SPAM. Very high security risk! This process should be removed from your system immediately!

Type: Trojan Horse
System Affected: Windows 98, 2000,NT4, ME, XP, Vista
Security Risk (0-5): 4
Reccomandations: Click 'Yes' to get all available antispyware software.

Yes NO
-----------------------------------------------------------------------------------------
How to remove MalwareProtector2008 ?

1. Perform Standard procedure for Virus removal.

2. Edit Windows registry and remove these registry entries and subkeys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"SM[RANDOM]" = "C:\Program Files\[RANDOM]\[RANDOM].exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\[RANDOM]\"DisplayName" = "MProtector"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\[RANDOM]\"UninstallString" = "C:\Program Files\[RANDOM]\uninstall.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\[RANDOM]\"RegistrationUrl" = "http://www.malwareprotector2008.com/buy/"

HKEY_LOCAL_MACHINE\SOFTWARE\[RANDOM]\"RegistrationDiscUrl" = "http://www.malwareprotector2008.com/purchase/"

HKEY_LOCAL_MACHINE\SOFTWARE\[RANDOM]\"ADVid" = ""

HKEY_LOCAL_MACHINE\SOFTWARE\[RANDOM]\"" = "C:\Program Files\[RANDOM]"

HKEY_LOCAL_MACHINE\SOFTWARE\[RANDOM]\"InstallDir" = "C:\Program Files\[RANDOM]"

HKEY_LOCAL_MACHINE\SOFTWARE\[RANDOM]\"domain" = "malwareprotector2008.com"

HKEY_LOCAL_MACHINE\SOFTWARE\[RANDOM]\"SoftID" = "MProtector"

HKEY_LOCAL_MACHINE\SOFTWARE\[RANDOM]\"DatabaseVersion" = "2.1"

HKEY_LOCAL_MACHINE\SOFTWARE\[RANDOM]\"ProgramVersion" = "2.1"

HKEY_LOCAL_MACHINE\SOFTWARE\[RANDOM]\"EngineVersion" = "2.1"

HKEY_LOCAL_MACHINE\SOFTWARE\[RANDOM]\"GuiVersion" = "2.1"

HKEY_LOCAL_MACHINE\SOFTWARE\[RANDOM]\"ProxyName" = ""

HKEY_LOCAL_MACHINE\SOFTWARE\[RANDOM]\"ProxyPort" = "0"

HKEY_LOCAL_MACHINE\SOFTWARE\[RANDOM]\"ScanPriority" = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\[RANDOM]\"DaysInterval" = "7"

HKEY_LOCAL_MACHINE\SOFTWARE\[RANDOM]\"ScanDepth" = "2"

HKEY_LOCAL_MACHINE\SOFTWARE\[RANDOM]\"ScanSystemOnStartup" = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\[RANDOM]\"AutomaticallyUpdates" = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\[RANDOM]\"MinimizeOnStart" = "0"

HKEY_LOCAL_MACHINE\SOFTWARE\[RANDOM]\"BackgroundScan" = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\[RANDOM]\"BackgroundScanTimeout" = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\[RANDOM]\"MGuid" = "[RANDOM]"

HKEY_LOCAL_MACHINE\SOFTWARE\[RANDOM]\"InstallationID" = "[RANDOM]"

HKEY_LOCAL_MACHINE\SOFTWARE\[RANDOM]\"LastTimeStamp" = "[RANDOM]"

HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\"C:\Program Files\[RANDOM]\[RANDOM].exe" = "[RANDOM]"
Posted by Vidhu at 10:11 AM
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)