infection redirigeant vers http://pcsecuritylab.com

Listes des différents Rogues/Scareware
Malekal_morte
Messages : 112083
Inscription : 10 sept. 2005 13:57

infection redirigeant vers http://pcsecuritylab.com

par Malekal_morte »

Source : http://vil.nai.com/vil/content/v_143406.htm#tab3

L'infection ajoute les fichiers :
* %WINDIR%\system32\nusrmgr.exe (134,663 bytes)

The following files are also downloaded.

* %WINDIR%\system32\din.ip (non-malicious) (15 bytes)
* %WINDIR%\system32\navwanvd.ini (non-malicious) (4 bytes)
* %WINDIR%\system32\drivers\detect.htm (hijacked start page of IE) (12,478 bytes)
* %WINDIR%\system32\drivers\s_detect.htm (part of hijacked start page of IE) (5,418 bytes)
* %WINDIR%\system32\drivers\pt.htm (part of hijacked start page of IE) (49,014 bytes)
L'infection ajoute les fichiers :
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666}
"StubPath" = "%WINDIR\system32\nusrmgr.exe"
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999}
"StubPath" = "%WINDIR\system32\nusrmgr.exe"
Provoquant les messages d'alertes suivants :
* Your computer is infected.
Windows has detected spyware infection! It is recommended to use special antispyware tools to prevent data loss. Windows will now download and install the most up-to-date antispyware for you. Click here to protect your computer from spyware!
* Warning:
Your computer is infected with spyware! How to help protect your computer and remove spyware...Click here for more information.&
Your Security and Privacy are at risk.
* Spyware has been detected on your computer.Click here to run a FULL SYSTEM SCAN to protect your data...
* Your computer is working slowly!
Slow operation speed might have been caused by malicious spyware. Download antispyware software and run full system scan to remove all viruses and spyware from your computer. Click here to start downloading...!
* Internet attack attempt detected.
Somebody's trying to infect your PC with spyware or harmful viruses. Run full system scan now to protect your computer from Internet attacks, hijacking attempts and spyware. Click here for the list of available security updates...
* Your computer is not protected against spyware!
Spyware able to steal your data including passwords, credit card numbers, etc. Scan your computer for spyware immediately! System scan is highly recommended!-
* Alert: A minimum of 12 spyware entries found.
To remove all spyware and viruses click here to visit Security Center web site and download spyware remover.!
* Possible spyware infection has been detected on your computer by Windows Security Center.
Windows Security Center system warning
Click here to visit Windows Security Center web site...
To remove detected threat you need to update Windows antispyware protection.
En cliquant sur ces alertes l'utilisateur est redirigé vers le site http://pcsecuritylab.com où il est lui est proposé de télécharger les rogues suivant : AntiSpyStorm, DioCleaner, Perfect Cleaner
Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas !
Comment protéger son PC des virus
Windows 11 : Compatibilité, Configuration minimale requise, télécharger ISO et installer Windows 11

Comment demander de l'aide sur le forum
Partagez malekal.com : n'hésitez pas à partager les articles qui vous plaisent sur la page Facebook du site.
  • Sujets similaires
    Réponses
    Vues
    Dernier message

Revenir à « Rogues/Scareware & Programmes douteux »