This article is for informational and educational purposes only. It is not intended as a Virus removal guide.
Ever find your computer Running Slow and you are not sure WHY?
For starters, here are a few programs to
AVOID.
-
Recently Added: XP Smart Antivirus 2010 (files to look for: ave.exe)
-
Recently Added: Security Essentials 2010 (files to look for: SE2010.exe, fibumazi.dll, net.net, etc.)
-
Recently Added: Internet Security 2010 (files to look for: winupdate86.exe , winhelper86.dll, winlogon86.exe, is2010.exe, etc.)
-
Recently Added: Control Center (files to look for: ccagent.exe , ccmain.exe, settings.ini, uninstall.exe, etc.)
-
Recently Added: Cyber Protection System (files to look for: cs.exe, etc.)
-
Recently Added: Safety Center (files to look for: start.exe , main.ico, tst.exe, protector.exe.)
-
Recently Added: Security Tool (files to look for: randomly generated .exe file, see link for details etc.)
-
Recently Added: GreenAV (files to look for: GreenAV_Install[?].exe, exdll.dll, nsis.hdr, etc.)
-
Recently Added: Protection System (files to look for: psystem.exe, coreext.dll, firewall.dll, etc.)
-
Recently Added: Windows Security Suite (files to look for: wi904c.exe, ANTIGEN.exe, SICKBOY.exe, etc.)
-
Recently Added: MS AntiSpyware 2009 (files to look for: msas2009.exe, etc.)
-
Recently Added: WinPC Defender (files to look for: pcdefender.exe, etc.)
-
Recently Added: Personal Antivirus (files to look for: pav.exe, etc.)
-
Recently Added: Internet Antivirus Pro (files to look for: IAPro.exe, etc.)
-
Recently Added: AntiSpyware Pro (files to look for: AntiSpyware Pro.exe, ASProSB.dll, etc.)
- Recently Added: DriveCleaner Free (files to look for:
C:\Documents and Settings\Owner\Local Settings\Temp\UDC6_4444_D21M0303\installer.exe
C:\Program Files\Common Files\DriveCleaner Free\dchlp.dll
C:\Program Files\Common Files\DriveCleaner Free\UDCPAS.EXE
C:\Program Files\Common Files\DriveCleaner Free\UDCSDR.EXE
C:\Program Files\DriveCleaner Free\pv.exe
C:\Program Files\DriveCleaner Free\UDC6CW.EXE
C:\Program Files\DriveCleaner Free\UDCPChk.dll
C:\Program Files\DriveCleaner Free\InstHelp.exe
C:\Program Files\DriveCleaner Free\UDC.exe
, etc.)
- AntiVirus360 Read more Below. (files to look for: av360.exe, winconfig.dll, etc.)
- NewDotNet (files to look for: nnrun.exe, nncore.dll, etc.)
- Antivirus 2009 Read more Below. (files to look for: av2009.exe, etc.)
- webHancer Agent (files to look for: whagent.exe, almightyads.com, etc.)
- VirusRemover2008 (files to look for: VirusRemover2008_Setup_Free_en.exe, etc.)
- VirusTrigger 2.1 (files to look for: VirusTriggerBin.exe,
VirusTriggerBinWarning.dll, etc.)
- Network Monitor (files to look for: netmon.exe, etc.)
- Other Files to look for: (svchstb.dll, freescan.htm)
- Win32.Netsky.Q (files to look for: fhexj*.exe, etc.)
Today we are going to give you some information to help you keep your PC
free of Malware, Viruses and Spyware. Here are a few names to kick around FOR
NOW.
The new face of AntiVirus 2009 (Read more about AntiVirus 2009 below) is AntiVirus 360 (av360.exe)
It has all the goodies of the old version with some new names. I guess these
people are getting paid? Be very cautious about installing
. If installed you may see
. Below are a
Few ScreenShots.
- winconfig.dll 299,088 bytes CLSID:
D263FA6D-84CC-48A8-9AF6-C664362B7A5B
Find
more information on Av360 here
AntiVirus 2009 (FAKE SCANNER)
IF YOU SEE A LINK LIKE THIS
DON'T CLICK
ON IT.
- "http://protectedinternet.cn/firstrun.php ?product= %product%& aff=%aff%&update=%update%& crypt=g"
- http://microsoft.securityinfohelp. com/2009/presale.php ?aid=&u=2
- ***************THIS IS WHERE THE PROBLEM WAS THAT MADE THE TABLE WIDEN AND DISTORT THE PAGE************
This one is Great. It LOOKS like a legitimate program to download and install and a lot of our clients have. Unfortunately, this is another malicious program that notifies you that you have been infected with so many threats that you feel like you have to install this program and get rid of the threats.
Oh, from what we have been told they provide a way for you to pay them. Wow!
Well, what you soon learn is that your PC is behaving strangely. Over time, you will not be able to get to certain sites and you are not allowed to install certain programs that might detect the malware. Your
PC will begin to perform poorly (i.e. running slow and crashing).
This thing has soooooo many faces to it that, while virus scanners get most OR some of it, you are left with pieces of it on your computer that ensures the process will start again. Thus creating a never ending cycle!
Computer Tip: Some files hide themselves in the System Restore files and
folders.
Be sure to visit StL MobileTech's
Free Download Center to get Free Programs that can help you protect your computer!
Below are some screenshots. If you need assistance with
removal of this or any malware/ spyware of Virus, contact us at 314-496-5193!
Delete this folder: C:\Program Files\Antivirus 2009 it contains the file:
av2009.exe Here are a couple of registry entries to look for, however, if you are not familiar with the registry...DON'T TOUCH IT!
- Name: 4c23ed73
Type: REG_SZ Data: rundll32.exe "C:\WINDOWS\system32\djcrocjg.dll",b Name: BM4f10deef Type: REG_SZ Data: Rundll32.exe "C:\WINDOWS\system32\gkovpwci.dll",s
Name: pPath
Type: REG_SZ Data: "C:\Program Files\Antivirus 2009\av2009.exe"
Lastly, you may want to look for the following files and verify that they are
legit. They are usually in the C:\WINNT\System32\ OR C:\Windows\System32\
folder. - mmeluy.dll 129,024 bytes CLSID:
e7fccdac-0d16-ed2b-e1f4-6fff9b54ace9 AND
9eca45b9-fff6-4f1e-b2de-61d0cadccf7e
- winsystems.dll
297,472 bytes CLSID: 0B014B81-4E12-46F9-806F-55867AF8FD3C
These
are Browser Helper Objects (BHO).
Next, we'll discuss things associated with Win32_Netsky_q ( High Risk Worm)
This is a nasty one (Risk Level:HIGH); usually passed through email attachments
or maybe codecs. Once your PC is
infected, the worm can scan your address book and send itself to all of your friends and
colleagues. I guess you will know if they are really you friends when they get
the email? This Email Worm is malicious and spreads without any help from the
user. In addition to Email, Worms can use vulnerabilities of networks to
self-perpetuate across any given network. Some worms can consume substantial
amounts of your PC' s available assets making it agonizing to work with. Misery loves company. Don't forget, Worms, have friends and they are getting invited too. You may OR may not notice it. However, you may have programs with malicious intent installed on your computer that you did not install. Those are the
friends!
If you have uninvited guests, StL MobileTech can help clean up the party!
Below are some file names that you can look for on your PC that are associated with this virus. We have
also attached some screenshots.
FHEXJ*.EXE
- C:\Documents and Settings\<USER NAME>\Application Data\Google\fhexj<NUMBERS>.exe
- JBGDILHG.EXE
- UPD.EXE
- WJQS.EXE
- helper.dll
- C:\WINDOWS\system32\mst122.dll
(You may find it under C:\WINNT\system32\mst122.dll as well)
- affected file SHUTDOWN.EXE
Of course, Google is not associated with this, even though it installs to a folder called Google.
If you see these addresses in your browser, you may have malware/
spyware on your PC!
»» http://77.91.228.48/click.php ?c=8473ec75d8382f3b5df6d9993b00
»» missngpage.com
Remeber you can go to StL MobileTech's Free Download Center to get Free Programs to help you protect your computer by taking pre-emptive actions.
These programs ONLY help protect your PC! Nothing more. You
must ensure that your protection is updated regularly and that scans are
performed regularly.
|