Usuwanie ExpertAntivirus v4.1
Definitywnie fałszywy program, już
podczas ściągania dostaniecie alert antywira o wykrytym "reklamiarzu",
po instalacji otrzymacie fałszywy wynik skanu i podrzucone pliki, ale
zobaczcie
wynik
TESTÓW
Tak to mniej więcej
wygląda.
W logu z hijacka możecie
zobaczyć:
C:\Program Files\ExpertAntivirus\ExpertAntivirus.exe
O4 - HKLM\..\Run:
[ExpertAntivirus] C:\Program
Files\ExpertAntivirus\ExpertAntivirus.exe /s
W logu z silenta zobaczycie:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ExpertAntivirus" = "C:\Program Files\ExpertAntivirus\ExpertAntivirus.exe /s" ["ExpertAntivirus"]
Usuwanie:
Wyłączacie Przywracanie
systemu.
W panelu sterowania >>dodaj/usuń programy : odinstalować ExpertAntivirus
Ściągnąć i zastosować tego fixa FixEA.reg Download Link
Zastosować
skanery online, możecie do usuwania użyć RogueRemover
z bazą w wersji 127.Ujęty
został w niej ExpertAntivirus
.
Usuwanie
"rączką" dla zaawansowanych "kilerów":
Kasujecie pliki i wyrejestrowujecie dll:
%UserProfile%\Application
Data\Microsoft\Internet Explorer\Quick
Launch\ExpertAntivirus v4.1.lnk
%UserProfile%\Desktop\ExpertAntivirus v4.1.lnk
%UserProfile%\Start Menu\Programs\ExpertAntivirus\ExpertAntivirus v4.1
Un-Installer.lnk
%UserProfile%\Start Menu\Programs\ExpertAntivirus\ExpertAntivirus v4.1
Website.lnk
%UserProfile%\Start Menu\Programs\ExpertAntivirus\ExpertAntivirus
v4.1.lnk
%UserProfile%\Start Menu\ExpertAntivirus v4.1.lnk
%ProgramFiles%\ExpertAntivirus\activex.db
%ProgramFiles%\ExpertAntivirus\blacklist.db
%ProgramFiles%\ExpertAntivirus\cookies.db
%ProgramFiles%\ExpertAntivirus\DbgHelp.Dll
%ProgramFiles%\ExpertAntivirus\ExpertAntivirus.EXE
%ProgramFiles%\ExpertAntivirus\ExpertAntivirus.url
%ProgramFiles%\ExpertAntivirus\extension.dll
%ProgramFiles%\ExpertAntivirus\filesNames.db
%ProgramFiles%\ExpertAntivirus\hosts.db
%ProgramFiles%\ExpertAntivirus\knownLocations.db
%ProgramFiles%\ExpertAntivirus\Languages\English.ini
%ProgramFiles%\ExpertAntivirus\Logs\shield_activity-05012007-114307.log
%ProgramFiles%\ExpertAntivirus\md5.db
%ProgramFiles%\ExpertAntivirus\msvcp71.dll
%ProgramFiles%\ExpertAntivirus\msvcr71.dll
%ProgramFiles%\ExpertAntivirus\plugin.dll
%ProgramFiles%\ExpertAntivirus\Plugins\DesktopManager\DesktopManager.dll
%ProgramFiles%\ExpertAntivirus\Plugins\DesktopManager\Languages\English.ini
%ProgramFiles%\ExpertAntivirus\Plugins\DesktopManager\Languages\Spanish.ini
%ProgramFiles%\ExpertAntivirus\Plugins\StartupEditor\Languages\English.ini
%ProgramFiles%\ExpertAntivirus\Plugins\StartupEditor\Languages\Spanish.ini
%ProgramFiles%\ExpertAntivirus\Plugins\StartupEditor\StartupEditor.dll
%ProgramFiles%\ExpertAntivirus\registry.db
%ProgramFiles%\ExpertAntivirus\regsvr32.exe
%ProgramFiles%\ExpertAntivirus\sdebug.log
%ProgramFiles%\ExpertAntivirus\settings.ini
%ProgramFiles%\ExpertAntivirus\SpamBlocker.dll
%ProgramFiles%\ExpertAntivirus\spywareinfo.db
%ProgramFiles%\ExpertAntivirus\tips.txt
%ProgramFiles%\ExpertAntivirus\uninst.exe
%Windir%\system\ext32inc.dll
%Windir%\wincom137.dll
Wpadacie do rejestru i kasujecie podklucze:
HKEY_ALL_USERS\Software\Microsoft\Office\Outlook\Addins\ExpertAntivirus.Addin.1
HKEY_ALL_USERS\Software\Microsoft\Windows\CurrentVersion\Shell
Extensions\AdLoader
HKEY_ALL_USERS\Software\Microsoft\Windows\CurrentVersion\Shell
Extensions\Trace7
HKEY_ALL_USERS\Software\Microsoft\Windows\CurrentVersion\Shell
HKEY_ALL_USERS\Software\Microsoft\Windows\CurrentVersion\Shell\1das
HKEY_ALL_USERS\Software\Microsoft\Windows\CurrentVersion\Shell\1das\AdLoader
HKEY_ALL_USERS\Software\Microsoft\Windows\CurrentVersion\Shell\dnl7
HKEY_ALL_USERS\Software\Microsoft\Windows\CurrentVersion\Shell\dnl7\tracer
HKEY_CLASSES_ROOT\Ad-Protect.Server
HKEY_CLASSES_ROOT\Ad-Protect.Server.1
HKEY_CLASSES_ROOT\Ad-Protect.Server.1\CLSID
HKEY_CLASSES_ROOT\Ad-Protect.Server\CLSID
HKEY_CLASSES_ROOT\Ad-Protect.Server\CurVer
HKEY_CLASSES_ROOT\AppID\ad-protect.EXE
HKEY_CLASSES_ROOT\AppID\spamdet.DLL
HKEY_CLASSES_ROOT\AppID\{9DA1990B-9BCA-4c80-AEFB-11A40FA849F9}
HKEY_CLASSES_ROOT\AppID\{C628512D-A058-4BD4-B47B-B036F45FA02B}
HKEY_CLASSES_ROOT\CLSID\{16DD131D-C09F-4F83-A1E7-A2CF506EA27C}
HKEY_CLASSES_ROOT\CLSID\{16DD131D-C09F-4F83-A1E7-A2CF506EA27C}\InprocServer32
HKEY_CLASSES_ROOT\CLSID\{16DD131D-C09F-4F83-A1E7-A2CF506EA27C}\ProgID
HKEY_CLASSES_ROOT\CLSID\{16DD131D-C09F-4F83-A1E7-A2CF506EA27C}\Programmable
HKEY_CLASSES_ROOT\CLSID\{16DD131D-C09F-4F83-A1E7-A2CF506EA27C}\TypeLib
HKEY_CLASSES_ROOT\CLSID\{16DD131D-C09F-4F83-A1E7-A2CF506EA27C}\VersionIndependentProgID
HKEY_CLASSES_ROOT\CLSID\{69EBF0DB-F6B5-4479-8352-AA632F522D34}
HKEY_CLASSES_ROOT\CLSID\{69EBF0DB-F6B5-4479-8352-AA632F522D34}\InprocServer32
HKEY_CLASSES_ROOT\CLSID\{69EBF0DB-F6B5-4479-8352-AA632F522D34}\ProgID
HKEY_CLASSES_ROOT\CLSID\{69EBF0DB-F6B5-4479-8352-AA632F522D34}\TypeLib
HKEY_CLASSES_ROOT\CLSID\{69EBF0DB-F6B5-4479-8352-AA632F522D34}\VersionIndependentProgID
HKEY_CLASSES_ROOT\CLSID\{7C1530BD-16B0-41A9-B428-17EE8CBD3E06}
HKEY_CLASSES_ROOT\CLSID\{7C1530BD-16B0-41A9-B428-17EE8CBD3E06}\InProcServer32
HKEY_CLASSES_ROOT\CLSID\{9EC61371-C3B9-FCC1-EE6F-2E4E8D12DFFC}
HKEY_CLASSES_ROOT\CLSID\{9EC61371-C3B9-FCC1-EE6F-2E4E8D12DFFC}\InprocServer32
HKEY_CLASSES_ROOT\CLSID\{9EC61371-C3B9-FCC1-EE6F-2E4E8D12DFFC}\dnFbNoduRd
HKEY_CLASSES_ROOT\CLSID\{9EC61371-C3B9-FCC1-EE6F-2E4E8D12DFFC}\egfzaihulvy
HKEY_CLASSES_ROOT\CLSID\{9EC61371-C3B9-FCC1-EE6F-2E4E8D12DFFC}\ivlpksrbpHL
HKEY_CLASSES_ROOT\CLSID\{9EC61371-C3B9-FCC1-EE6F-2E4E8D12DFFC}\kdtpziAXhqfxR
HKEY_CLASSES_ROOT\CLSID\{9EC61371-C3B9-FCC1-EE6F-2E4E8D12DFFC}\lQjnfgzF
HKEY_CLASSES_ROOT\CLSID\{9EC61371-C3B9-FCC1-EE6F-2E4E8D12DFFC}\nxqqbovfiy
HKEY_CLASSES_ROOT\CLSID\{9EC61371-C3B9-FCC1-EE6F-2E4E8D12DFFC}\okDhFuoCc
HKEY_CLASSES_ROOT\CLSID\{9EC61371-C3B9-FCC1-EE6F-2E4E8D12DFFC}\tBdzrcaryk
HKEY_CLASSES_ROOT\CLSID\{D7ABE914-B8CF-4602-9145-6BDAAEDA21AA}
HKEY_CLASSES_ROOT\CLSID\{D7ABE914-B8CF-4602-9145-6BDAAEDA21AA}\LocalServer32
HKEY_CLASSES_ROOT\CLSID\{D7ABE914-B8CF-4602-9145-6BDAAEDA21AA}\ProgID
HKEY_CLASSES_ROOT\CLSID\{D7ABE914-B8CF-4602-9145-6BDAAEDA21AA}\Programmable
HKEY_CLASSES_ROOT\CLSID\{D7ABE914-B8CF-4602-9145-6BDAAEDA21AA}\TypeLib
HKEY_CLASSES_ROOT\CLSID\{D7ABE914-B8CF-4602-9145-6BDAAEDA21AA}\VersionIndependentProgID
HKEY_CLASSES_ROOT\ExpertAntivirus.Addin
HKEY_CLASSES_ROOT\ExpertAntivirus.Addin.1
HKEY_CLASSES_ROOT\ExpertAntivirus.Addin.1\CLSID
HKEY_CLASSES_ROOT\ExpertAntivirus.Addin\CLSID
HKEY_CLASSES_ROOT\ExpertAntivirus.Addin\CurVer
HKEY_CLASSES_ROOT\Interface\{214345B8-BB69-498D-A168-29F58F15D806}
HKEY_CLASSES_ROOT\Interface\{214345B8-BB69-498D-A168-29F58F15D806}\ProxyStubClsid
HKEY_CLASSES_ROOT\Interface\{214345B8-BB69-498D-A168-29F58F15D806}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{214345B8-BB69-498D-A168-29F58F15D806}\TypeLib
HKEY_CLASSES_ROOT\Interface\{3E67E9DC-7294-44C3-BC99-EA6E29E74076}
HKEY_CLASSES_ROOT\Interface\{3E67E9DC-7294-44C3-BC99-EA6E29E74076}\NumMethods
HKEY_CLASSES_ROOT\Interface\{3E67E9DC-7294-44C3-BC99-EA6E29E74076}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{7C1530BD-16B0-41A9-B428-17EE8CBD3E06}
HKEY_CLASSES_ROOT\Interface\{7C1530BD-16B0-41A9-B428-17EE8CBD3E06}\NumMethods
HKEY_CLASSES_ROOT\Interface\{7C1530BD-16B0-41A9-B428-17EE8CBD3E06}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{D59B2DD5-0609-4BDC-AB47-A9A28ABC482A}
HKEY_CLASSES_ROOT\Interface\{D59B2DD5-0609-4BDC-AB47-A9A28ABC482A}\NumMethods
HKEY_CLASSES_ROOT\Interface\{D59B2DD5-0609-4BDC-AB47-A9A28ABC482A}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{F82FD7D4-2EC8-40B3-A141-DE051C98DCE9}
HKEY_CLASSES_ROOT\Interface\{F82FD7D4-2EC8-40B3-A141-DE051C98DCE9}\ProxyStubClsid
HKEY_CLASSES_ROOT\Interface\{F82FD7D4-2EC8-40B3-A141-DE051C98DCE9}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{F82FD7D4-2EC8-40B3-A141-DE051C98DCE9}\TypeLib
HKEY_CLASSES_ROOT\TypeLib\{B60F5AFA-EDD2-417D-A438-57F3EBD9E639}
HKEY_CLASSES_ROOT\TypeLib\{B60F5AFA-EDD2-417D-A438-57F3EBD9E639}\1.0
HKEY_CLASSES_ROOT\TypeLib\{B60F5AFA-EDD2-417D-A438-57F3EBD9E639}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{B60F5AFA-EDD2-417D-A438-57F3EBD9E639}\1.0\0\win32
HKEY_CLASSES_ROOT\TypeLib\{B60F5AFA-EDD2-417D-A438-57F3EBD9E639}\1.0\FLAGS
HKEY_CLASSES_ROOT\TypeLib\{B60F5AFA-EDD2-417D-A438-57F3EBD9E639}\1.0\HELPDIR
HKEY_CLASSES_ROOT\TypeLib\{DFCDA823-80C5-4F55-B328-7EFD4AFBD9A0}
HKEY_CLASSES_ROOT\TypeLib\{DFCDA823-80C5-4F55-B328-7EFD4AFBD9A0}\1.0
HKEY_CLASSES_ROOT\TypeLib\{DFCDA823-80C5-4F55-B328-7EFD4AFBD9A0}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{DFCDA823-80C5-4F55-B328-7EFD4AFBD9A0}\1.0\0\win32
HKEY_CLASSES_ROOT\TypeLib\{DFCDA823-80C5-4F55-B328-7EFD4AFBD9A0}\1.0\FLAGS
HKEY_CLASSES_ROOT\TypeLib\{DFCDA823-80C5-4F55-B328-7EFD4AFBD9A0}\1.0\HELPDIR
HKEY_CLASSES_ROOT\spamdet.SpamDetector
HKEY_CLASSES_ROOT\spamdet.SpamDetector.1
HKEY_CLASSES_ROOT\spamdet.SpamDetector.1\CLSID
HKEY_CLASSES_ROOT\spamdet.SpamDetector\CLSID
HKEY_CLASSES_ROOT\spamdet.SpamDetector\CurVer
%HKEY_LOCAL_MACHINE%\SOFTWARE\ExpertAntivirus
%HKEY_LOCAL_MACHINE%\SOFTWARE\Microsoft\Windows\CurrentVersion\App
Paths\ExpertAntivirus.exe
%HKEY_LOCAL_MACHINE%\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ExpertAntivirus
%HKEY_LOCAL_MACHINE%\SOFTWARE\Microsoft\Windows\CurrentVersion\run\ExpertAntivirus
