Board logo

標題: [原創] 移除VirusBrusters [NOT VIRUSBUSTERS] [打印本頁]

作者: ProEdwin    時間: 2007-3-6 17:31     標題: 移除VirusBrusters [NOT VIRUSBUSTERS]


VirusBursters Program




If you are infected with this program you will receive warnings in your task bar stating that you are infected with spyware and to run its special anti-spyware tool. This tool turns out to be the VirusBursters or VirusBurster programs that were downloaded to your computer without your permission. These warnings are fake and are a goad to have you buy the commercial version of these software. The title for this fake security alert is Critical System Error! or Critical System Errors! and the text for these alerts can be either:

System detected virus activities. They may cause critical system failure. Please, use AntiSpyware software to clean and protect your system from parasite programs. Click this baloon to get all available software.

or

System detected virus activities. They may cause critical system failure. Please, use antimalware software to clean and protect your system from parasite programs. Click this baloon to get all available software.

Examples of these fake alerts are shown below:



VirusBursters Fake alert



VirusBurster Fake alert



VirusBurst or VirusBursters are a direct morph from a previous rogue anti-spyware program called VirusBurst. Though the information for this program has been changed to reflect new names, VirusBursters or VirusBurst, they have been shown to be hosted form the same locations, IP addresses, or even domains.

Tools Needed for this fix:
Symptoms in a HijackThis Log:

O4 - HKLM\..\Run: [VirusBursters] C:\Program Files\VirusBursters\virusbursters.exe /h
O4 - HKLM\..\Run: [VirusBurster] C:\Program Files\VirusBurster\virusburster.exe /h
O4 - HKLM\..\Run: [Virus-Bursters] C:\Program Files\Virus-Bursters\virus-bursters.exe /h


Add/Remove Programs control panel entry:


VirusBursters 6.2
Virus-Bursters 6.3
VirusBurster 6.3


Guide Updates:

10/29/06 - Initial guide creation.
10/29/06 - Added automated removal via SmitFraudFix

12/12/06 - Added information about VirusBurster (same program)


Choose the removal method you would like to use: Automated Removal Instructions for VirusBursters and VirusBurst: Your computer should now be free of the VirusBursters, Virus-Bursters and VirusBurster infection.

If you are still having problems with spyware after completing these instructions, then please follow the steps outlined in the topic linked below:

Preparation Guide For Use Before Posting A Hijackthis Log



Manual Removal Instructions for VirusBursters and VirusBurst:

These steps may appear to be long and daunting. They are, though, quite easy to do and consist of so many steps only because I have written them in an extremely detailed manner.

                     >>>See next post<<<

作者: ProEdwin    時間: 2007-3-6 17:31

Scroll through the list of files in this folder and look for rrtcany.dll. Right-click on rrtcany.dll and select rename. Rename the file to rrtcany.dll.bad.

Look for the file veklo.dll and rename the file to veklo.dll.bad.

Look for the file okkmtv.dll and rename the file to okkmtv.dll.bad.

Look for the file impgsje.dll and rename the file to impgsje.dll.bad.

Look for the file sacskza.dll and rename the file to sacskza.dll.bad.

Look for the file cfltygd.dll and rename the file to cfltygd.dll.bad.

Look for the file jbtazy.dll and rename the file to jbtazy.dll.bad.

Look for the file fmrmhc.dll and rename the file to fmrmhc.dll.bad.

Look for the file dcvwaah.dll and rename the file to dcvwaah.dll.bad.

Look for the file oebxpba.dll and rename the file to oebxpba.dll.bad.

Look for the file xxfgmy.dll and rename the file to xxfgmy.dll.bad.

Look for the file tpedvf.dll and rename the file to tpedvf.dll.bad.

Look for the file dbqlrij.dll and rename the file to dbqlrij.dll.bad.

Look for the file vcehaeb.dll and rename the file to vcehaeb.dll.bad.

Look for the file xqpauzx.dll and rename the file to xqpauzx.dll.bad.

Look for the file mlraakb.dll and rename the file to mlraakb.dll.bad.

Look for the file qrzsyr.dll and rename the file to qrzsyr.dll.bad.

Note: Please rename any of the above files that you may find. If you do not find any of these files, then you should post a note about it in the Am I Infected? forum.

After you rename the file, you can close the System32 folder window.






歡迎光臨 SPY NET (https://spynet.fun/) Powered by Discuz! 6.1.0