Desktop Security 2010

Listes des différents Rogues/Scareware
Avatar de l’utilisateur
Curson
Messages : 107
Inscription : 23 déc. 2008 12:56

Desktop Security 2010

par Curson »

Desktop Security 2010 est un rogue (faux anti-spyware) qui s'installe sans permission, le malware affiche de fausses alertes vous indiquant que vous êtes infecté par un spyware et vous recommande d'acheter ce faux anti-spyware pour soit disant désinfecter votre ordinateur.

Supprime les directives de cette page pour supprmer le rogue : supprimer-les-rogues-scareware-t5472.html

Image

Le service de Mises à jour automatiques (wuauserv) est désactivé :
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
"Start"=dword:00000004
Éléments lancés au démarrage :
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Desktop Security 2010"="C:\\Program Files\\Desktop Security 2010\\Desktop Security 2010.exe"
"SecurityCenter"="C:\\Program Files\\Desktop Security 2010\\securitycenter.exe"
"caqdslvvddwm"="C:\\WINDOWS\\system32\\caqdslvvddwm.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="C:\\Program Files\\Desktop Security 2010\\Desktop Security 2010.exe"
Trojan FakeAlert :
C:\WINDOWS\system32\caqdslvvddwm.exe
C\Program Files\Desktop Security 2010\hjengine.dll
C\Program Files\Desktop Security 2010\taskmgr.dll
C\Program Files\Desktop Security 2010\securitycenter.exe
Scan du dropper :
a-squared 4.5.0.50 2010.02.20 Trojan.Win32.Mespam!IK
AhnLab-V3 5.0.0.2 2010.02.20 -
AntiVir 8.2.1.170 2010.02.19 -
Antiy-AVL 2.0.3.7 2010.02.19 -
Authentium 5.2.0.5 2010.02.20 -
Avast 4.8.1351.0 2010.02.21 -
AVG 9.0.0.730 2010.02.21 -
BitDefender 7.2 2010.02.21 -
CAT-QuickHeal 10.00 2010.02.19 -
ClamAV 0.96.0.0-git 2010.02.20 -
Comodo 4007 2010.02.21 ApplicUnsaf.Win32.FraudTool.DS.~CRSA
DrWeb 5.0.1.12222 2010.02.20 -
eSafe 7.0.17.0 2010.02.18 -
eTrust-Vet 35.2.7315 2010.02.20 -
F-Prot 4.5.1.85 2010.02.20 -
F-Secure 9.0.15370.0 2010.02.19 -
Fortinet 4.0.14.0 2010.02.20 -
GData 19 2010.02.21 -
Ikarus T3.1.1.80.0 2010.02.20 Trojan.Win32.Mespam
Jiangmin 13.0.900 2010.02.20 -
K7AntiVirus 7.10.979 2010.02.20 -
Kaspersky 7.0.0.125 2010.02.17 -
McAfee 5898 2010.02.20 -
McAfee+Artemis 5898 2010.02.20 -
McAfee-GW-Edition 6.8.5 2010.02.19 -
Microsoft 1.5406 2010.02.21 -
NOD32 4883 2010.02.20 -
Norman 6.04.08 2010.02.20 -
nProtect 2009.1.8.0 2010.02.20 -
Panda 10.0.2.2 2010.02.20 -
PCTools 7.0.3.5 2010.02.20 RogueAntiSpyware.DeskSecurity
Prevx 3.0 2010.02.21 -
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.21 -
Sunbelt 5690 2010.02.20 Win32.Malware!Drop
Symantec 20091.2.0.41 2010.02.21 Suspicious.Insight
TheHacker 6.5.1.5.202 2010.02.20 -
TrendMicro 9.120.0.1004 2010.02.20 -
VBA32 3.12.12.2 2010.02.19 -
ViRobot 2010.2.19.2194 2010.02.19 -
VirusBuster 5.0.27.0 2010.02.20 -

Information additionnelle
File size: 5341184 bytes
MD5...: 14c54dc822a59ccbd436ef226ddb648b
SHA1..: 87d620edf59390371066daebb86e0cc081b38c2d
May CastleCops live forever in our memories...
Malekal_morte
Messages : 107777
Inscription : 10 sept. 2005 13:57

Re: Desktop Security 2010

par Malekal_morte »

Se propage en autre par mail :

Sujet du mail :
malekal.com account notification
Corps du mail :
Dear Customer,

This e-mail was send by malekal.com to notify you that we have temporanly prevented access to your account.

We have reasons to beleive that your account may have been accessed by someone else. Please run attached file and Follow instructions

(C) malekal.com
accompagné d'un fichier setup.zip

MD5 : aedcb37f95694e4c84a74f5bf0f51887
First received : 2010.04.16 16:42:45 UTC
Date : 2010.04.17 12:10:11 UTC [<1D]
Results : 20/40
Permalink : http://www.virustotal.com/analisis/318e ... 1271506211
AVG 9.0.0.787 2010.04.17 SHeur3.RTQ
GData 19 2010.04.17 Gen:Variant.Renos.1
nProtect 2010-04-17.01 2010.04.17 Gen:Variant.Renos.1
McAfee-GW-Edition 6.8.5 2010.04.17 Heuristic.LooksLike.Win32.NewMalware.H
Symantec 20091.2.0.41 2010.04.17 Downloader.MisleadApp
Sunbelt 6187 2010.04.17 Trojan.Win32.Generic!BT
F-Secure 9.0.15370.0 2010.04.16 Gen:Variant.Renos.1
BitDefender 7.2 2010.04.17 Gen:Variant.Renos.1
NOD32 5035 2010.04.16 a variant of Win32/Kryptik.DSV
a-squared 4.5.0.50 2010.04.17 Trojan.Win32.FakeAV!IK
Sophos 4.52.0 2010.04.17 Mal/FakeAV-DH
McAfee 5.400.0.1158 2010.04.17 Generic.dx!rth
Kaspersky 7.0.0.125 2010.04.17 Trojan.Win32.FakeAV.jz
Comodo 4626 2010.04.17 Heur.Suspicious
Ikarus T3.1.1.80.0 2010.04.17 Trojan.Win32.FakeAV
Avast 4.8.1351.0 2010.04.17 Win32:Renos-OF
Panda 10.0.2.7 2010.04.17 Trj/Renos.E
Avast5 5.0.332.0 2010.04.17 Win32:Renos-OF
F-Prot 4.5.1.85 2010.04.17 W32/Trojan3.BSX
Authentium 5.2.0.5 2010.04.16 W32/FakeAlert.GF2.gen!Eldorado
O4 - HKLM\..\Run: [ProcessHijackThis] C:\Documents and Settings\Mak\Bureau\setup.exe
O4 - HKLM\..\Run: [SVGCoreSVGCore] c:\program files\adobe\acrobat 7.0\reader\plug_ins\imageviewer\svgcoresvgcore.exe
O4 - HKLM\..\RunServices: [CurrPortsProcexp] C:\Documents and Settings\Mak\Bureau\setup.exe
O4 - HKLM\..\RunServices: [MicrosoftFrontPage] c:\program files\fichiers communs\microsoft shared\web server extensions\40\bin\fp4awecmicrosoft.exe
O4 - HKLM\..\RunServices: [NetMeetingnmas] c:\program files\netmeeting\dcap32nmwb.exe
O4 - HKLM\..\RunServices: [ShellControl7.0.0.0] c:\program files\adobe\acrobat 7.0\activex\moduleshell.exe
O4 - HKLM\..\RunServices: [AiodAiod7000] c:\program files\adobe\acrobat 7.0\esl\aiodadobe.exe
O4 - HKLM\..\RunServices: [PaperMetaPlugIn] c:\program files\adobe\acrobat 7.0\reader\plug_ins\acroform\pmp\pluginpdf417.exe
O4 - HKCU\..\Run: [md24mturtcs9] C:\Documents and Settings\Mak\Local Settings\Temp\m.215.tmp.exe
O4 - HKCU\..\Run: [Desktop Security 2010] "C:\Documents and Settings\Mak\Application Data\Desktop Security 2010\Desktop Security 2010.exe" /STARTUP
O4 - HKCU\..\Run: [SecurityCenter] C:\Documents and Settings\Mak\Application Data\Desktop Security 2010\securitycenter.exe
Files added: 70
---------------
c:\Documents and Settings\Mak\Application Data\Desktop Security 2010\Desktop Security 2010.exe
Date: 4/16/2010 9:46 AM
Size: 1 414 144 bytes
c:\Documents and Settings\Mak\Application Data\Desktop Security 2010\mfc71.dll
Date: 1/21/2010 8:29 PM
Size: 1 060 864 bytes
c:\Documents and Settings\Mak\Application Data\Desktop Security 2010\MFC71ENU.DLL
Date: 1/21/2010 8:29 PM
Size: 57 344 bytes
c:\Documents and Settings\Mak\Application Data\Desktop Security 2010\msvcp71.dll
Date: 1/21/2010 8:29 PM
Size: 499 712 bytes
c:\Documents and Settings\Mak\Application Data\Desktop Security 2010\msvcr71.dll
Date: 1/21/2010 8:29 PM
Size: 348 160 bytes
c:\Documents and Settings\Mak\Application Data\Desktop Security 2010\securitycenter.exe
Date: 4/16/2010 9:46 AM
Size: 148 992 bytes
c:\Documents and Settings\Mak\Application Data\Desktop Security 2010\securityhelper.exe
Date: 4/17/2010 4:01 PM
Size: 2 928 128 bytes
c:\Documents and Settings\Mak\Application Data\Desktop Security 2010\taskmgr.dll
Date: 4/16/2010 9:46 AM
Size: 79 360 bytes
c:\Documents and Settings\Mak\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop Security 2010.lnk
Date: 4/17/2010 4:02 PM
Size: 1 906 bytes
c:\Documents and Settings\Mak\Local Settings\Temp\_17.tmp
Date: 4/17/2010 4:02 PM
Size: 0 bytes
c:\Documents and Settings\Mak\Local Settings\Temp\17dkf.exe
Date: 4/17/2010 4:03 PM
Size: 102 400 bytes
c:\Documents and Settings\Mak\Local Settings\Temp\472a10e2ebxd9.exe
Date: 4/17/2010 4:03 PM
Size: 47 104 bytes
c:\Documents and Settings\Mak\Local Settings\Temp\alerfa.exe
Date: 4/17/2010 4:03 PM
Size: 23 552 bytes
c:\Documents and Settings\Mak\Local Settings\Temp\backd-efq.exe
Date: 4/17/2010 4:03 PM
Size: 7 168 bytes
c:\Documents and Settings\Mak\Local Settings\Temp\dc_3.exe
Date: 4/17/2010 4:03 PM
Size: 65 536 bytes
c:\Documents and Settings\Mak\Local Settings\Temp\dd10x10.exe
Date: 4/17/2010 4:03 PM
Size: 35 840 bytes
c:\Documents and Settings\Mak\Local Settings\Temp\ds7hw.exe
Date: 4/17/2010 4:03 PM
Size: 28 672 bytes
c:\Documents and Settings\Mak\Local Settings\Temp\eelnvd13.exe
Date: 4/17/2010 4:03 PM
Size: 52 224 bytes
c:\Documents and Settings\Mak\Local Settings\Temp\eephilpe.exe
Date: 4/17/2010 4:03 PM
Size: 19 456 bytes
c:\Documents and Settings\Mak\Local Settings\Temp\gedx_ae09.exe
Date: 4/17/2010 4:03 PM
Size: 12 288 bytes
c:\Documents and Settings\Mak\Local Settings\Temp\hodeme.exe
Date: 4/17/2010 4:03 PM
Size: 94 208 bytes
c:\Documents and Settings\Mak\Local Settings\Temp\jdhellwo3.exe
Date: 4/17/2010 4:03 PM
Size: 53 248 bytes
c:\Documents and Settings\Mak\Local Settings\Temp\kjdh_gf_jjdhgd.exe
Date: 4/17/2010 4:03 PM
Size: 50 176 bytes
c:\Documents and Settings\Mak\Local Settings\Temp\lols.exe
Date: 4/17/2010 4:03 PM
Size: 95 232 bytes
c:\Documents and Settings\Mak\Local Settings\Temp\lorsk.exe
Date: 4/17/2010 4:03 PM
Size: 76 800 bytes
c:\Documents and Settings\Mak\Local Settings\Temp\m.215.tmp
Date: 4/17/2010 4:01 PM
Size: 0 bytes
c:\Documents and Settings\Mak\Local Settings\Temp\m.215.tmp.exe
Date: 4/17/2010 4:01 PM
Size: 2 928 128 bytes
c:\Documents and Settings\Mak\Local Settings\Temp\ppddfcfux.exxe
Date: 4/17/2010 4:03 PM
Size: 44 032 bytes
c:\Documents and Settings\Mak\Local Settings\Temp\qwedvor.exe
Date: 4/17/2010 4:03 PM
Size: 101 376 bytes
c:\Documents and Settings\Mak\Local Settings\Temp\sycre.exe
Date: 4/17/2010 4:03 PM
Size: 67 584 bytes
c:\Documents and Settings\Mak\Local Settings\Temp\winlogoff.exe
Date: 4/17/2010 4:03 PM
Size: 100 352 bytes
c:\Documents and Settings\Mak\Local Settings\Temp\wrcud12.exe
Date: 4/17/2010 4:03 PM
Size: 11 264 bytes
c:\Documents and Settings\Mak\Local Settings\Temp\wrfwe_di.exe
Date: 4/17/2010 4:03 PM
Size: 60 416 bytes
c:\Documents and Settings\Mak\Menu Démarrer\Programmes\Desktop Security 2010.lnk
Date: 4/17/2010 4:02 PM
Size: 1 934 bytes
c:\Documents and Settings\Mak\Menu Démarrer\Programmes\Desktop Security 2010\Activate Desktop Security 2010.lnk
Date: 4/17/2010 4:02 PM
Size: 1 960 bytes
c:\Documents and Settings\Mak\Menu Démarrer\Programmes\Desktop Security 2010\Desktop Security 2010.lnk
Date: 4/17/2010 4:02 PM
Size: 1 940 bytes
c:\Documents and Settings\Mak\Menu Démarrer\Programmes\Desktop Security 2010\Help Desktop Security 2010.lnk
Date: 4/17/2010 4:02 PM
Size: 1 170 bytes
c:\Documents and Settings\Mak\Menu Démarrer\Programmes\Desktop Security 2010\How to Activate Desktop Security 2010.lnk
Date: 4/17/2010 4:02 PM
Size: 1 196 bytes
c:\Program Files\Adobe\Acrobat 7.0\ActiveX\ModuleShell.exe
Date: 4/17/2010 12:22 AM
Size: 145 920 bytes
c:\Program Files\Adobe\Acrobat 7.0\Esl\AiodAdobe.exe
Date: 4/17/2010 12:22 AM
Size: 145 920 bytes
c:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\AcroForm\PMP\PlugInPDF417.exe
Date: 4/17/2010 12:22 AM
Size: 145 920 bytes
c:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\ImageViewer\SVGCoreSVGCore.exe
Date: 4/17/2010 12:22 AM
Size: 145 920 bytes
c:\Program Files\Fichiers communs\Microsoft Shared\web server extensions\40\bin\fp4AwecMicrosoft.exe
Date: 4/17/2010 12:22 AM
Size: 145 920 bytes
c:\Program Files\NetMeeting\DCAP32nmwb.exe
Date: 4/17/2010 12:22 AM
Size: 145 920 bytes
Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas !
Comment protéger son PC des virus
Windows 11 : Compatibilité, Configuration minimale requise, télécharger ISO et installer Windows 11

Comment demander de l'aide sur le forum
Partagez malekal.com : n'hésitez pas à partager les articles qui vous plaisent sur la page Facebook du site.
Malekal_morte
Messages : 107777
Inscription : 10 sept. 2005 13:57

Re: Desktop Security 2010

par Malekal_morte »

Campagne par mail depuis quelques jours avec un lien Google proposant un fichier setup.zip

Exemple de mail :
SMTP and POP3 servers for [email protected] mailbox are changed. Please carefully read the attached instructions before updating settings.

hxtp://groups.google.com/group/smtpop/web/setup.zip
La détection :
File setup.zip received on 2010.05.05 14:04:20 (UTC)
Current status: finished
Result: 12/41 (29.27%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.05.05 -
AhnLab-V3 2010.05.05.00 2010.05.05 -
AntiVir 8.2.1.236 2010.05.05 -
Antiy-AVL 2.0.3.7 2010.05.05 -
Authentium 5.2.0.5 2010.05.05 -
Avast 4.8.1351.0 2010.05.05 -
Avast5 5.0.332.0 2010.05.05 -
AVG 9.0.0.787 2010.05.05 Cryptic.LC
BitDefender 7.2 2010.05.05 Gen:Variant.Renos.26
CAT-QuickHeal 10.00 2010.05.04 -
ClamAV 0.96.0.3-git 2010.05.05 -
Comodo 4771 2010.05.05 Heur.Packed.Unknown
DrWeb 5.0.2.03300 2010.05.05 Trojan.DownLoad1.54042
eSafe 7.0.17.0 2010.05.05 -
eTrust-Vet 35.2.7469 2010.05.05 -
F-Prot 4.5.1.85 2010.05.05 -
F-Secure 9.0.15370.0 2010.05.05 Gen:Variant.Renos.26
Fortinet 4.0.14.0 2010.05.05 -
GData 21 2010.05.05 Gen:Variant.Renos.26
Ikarus T3.1.1.84.0 2010.05.05 Gen.Variant
Jiangmin 13.0.900 2010.05.05 -
Kaspersky 7.0.0.125 2010.05.05 -
McAfee 5.400.0.1158 2010.05.05 -
McAfee-GW-Edition 2010.1 2010.05.05 Artemis!B93360EC3798
Microsoft 1.5703 2010.05.04 -
NOD32 5088 2010.05.05 -
Norman 6.04.12 2010.05.05 -
nProtect 2010-05-05.01 2010.05.05 Gen:Variant.Renos.26
Panda 10.0.2.7 2010.05.04 Suspicious file
PCTools 7.0.3.5 2010.05.05 -
Prevx 3.0 2010.05.05 -
Rising 22.46.02.03 2010.05.05 -
Sophos 4.53.0 2010.05.05 Mal/FakeAV-DH
Sunbelt 6263 2010.05.05 Virtool.Win32.Obfuscator.ha!a (v)
Symantec 20091.2.0.41 2010.05.05 -
TheHacker 6.5.2.0.275 2010.05.03 -
TrendMicro 9.120.0.1004 2010.05.05 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.05 -
VBA32 3.12.12.4 2010.05.05 -
ViRobot 2010.5.4.2303 2010.05.05 -
VirusBuster 5.0.27.0 2010.05.04 -
Additional information
File size: 136966 bytes
MD5 : f5dd55f1889a864e71315c69e7cdfcb4
SHA1 : 7d8238e6bfa69d109c8030b24c7b4cb6bf813062
Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas !
Comment protéger son PC des virus
Windows 11 : Compatibilité, Configuration minimale requise, télécharger ISO et installer Windows 11

Comment demander de l'aide sur le forum
Partagez malekal.com : n'hésitez pas à partager les articles qui vous plaisent sur la page Facebook du site.
  • Sujets similaires
    Réponses
    Vues
    Dernier message

Revenir à « Rogues/Scareware & Programmes douteux »