Pro Antispyware 2009 악성코드 제거

정보(情報) 2008. 12. 11. 14:01

컴퓨터와 관련해서 질문을 받는 경우가 많이 있다.
잘 모르는 내용이라도 질문을 받게 되면 찾아서라도 해결해줘야 마음이 놓이고 보람도 있다.
장인어른께서 컴퓨터를 열심히 하시는데, 가끔씩 문제가 생기면 믿음직한(?) 사위에게 도움을 청하신다.

오늘도 아침에 출근하는데 장인어른께 전화가 와서 무슨일인가 싶었는데, 컴퓨터에 이상하게 자꾸 뜬다고 해결을 해달라고 말씀하셨다.

컴퓨터 화면을 직접보면 해결해드리기가 쉬울텐데 말로만 설명을 들으려니 답답했다.
화면에 보이는 내용 그대로 읽어 달라고 말씀드리고, 받아적은다음에 인터넷에서 키워드로 검색을 해보았다.

"Pro Antispyware 2009"

여러가지 검색결과가 나왔는데, 역시 예상했던대로 안티스파이웨어프로그램을 가장한 악성코드였다.
잘정리된 사이트가 있어서 내용을 정리해서 스파이웨어제거프로그램과 함께 이메일로 보내드렸는데, 악성코드 때문에 웹브라우저 사용이 어렵다고 하셔서 설치되어있는 알약으로 바이러스 검사를 해보시라고 설명해드렸다.

감사하게도 알약으로 검사해보니 빨간색으로 위험한 악성코드가 4개가 발견되어서 치료 하고 재부팅하고 나니까 제거 된것 같다고 하셨다.
주말에 가서 컴퓨터를 다시 한번 봐드리기로 했다.

요즘은 인터넷하다가 버튼 하나만 잘못누르면 이상한 프로그램들이 너무나 많이 설치되고, 마치 좋은 백신프로그램인것처럼 그럴싸하게 꾸며놓고 사용자를 낚시질하는 못된 프로그램, 못된 사람들이 많은것 같다.
특별히 검사를 하지 않아도 안좋은 프로그램이다 싶으면 자동으로 알아서 치료해주는 백신프로그램들이 좀 많이 나왔으면 좋겠다.

참고로 Malwarebytes' Anti-Malware 라는 프로그램으로 치료하면 된다고 하는데, 이것도 낚시인거 아니야? 순간 의심해보고 인터넷으로 검색해본결과 요즘 뜨는 괜찮은 프로그램이라고 한다.

Malwarebytes' Anti-Malware 다운받기 클릭 (설치실행방법은 아래 스크랩내용에 있음)

"Pro Antispyware 2009" 외에도 "Antivirus XP 2008" 등 왠지 겉모습만보면 그럴싸한 백신프로그램으로 보이는 악성프로그램들이 참 많이 있다고 한다. 밑에 목록을 참고 해보길... 이름이 왠지 다 그럴싸하지 않은가? ^^

Spyware.ISpynow
ExtraAntivir
AntiSpywareGuard
Winweb Security 2008
SpywareRemover 2009
Antivirus Trigger
XP Protection Center
VirusTrigger
SecureFile Shredder
Ultra Antivirus
trojan TDSServ
Antivirus Pro 2009
Trojan-Keylogger.WIN32.Fung
Personal Defender 2009
WinDefender 2009
XP Antispyware 2009

인터넷을 이용하는 많은 분들에게 꼭 당부하고 싶은 얘기는 "~를 설치 할까요?" 물어보면 정말 확실하다 싶은것이 아닌 이상에는 "아니오" 또는 "NO"를 선택하라는 것이다. 인터넷 사용할 때는 YES맨이 되지 말고 부정적인 사람이 되자... 그게 정신 건강에 좋을것이다. ^^

자신의 컴퓨터에 백신프로그램이 없다면 밑에 있는 알약이나 V3 Lite 중에 하나를 설치하도록하자!
개인사용자에 한해서 무료 프로그램이니 집에 있는 컴퓨터라면 꼭 설치하도록 하자!

알약 : http://alyac.altools.co.kr V3 Lite : http://v3lite.com/

관련 사이트 내용을 스크랩해서 넣어보았다. 밑에 화면에 있는 "Pro Antispyware 2009" 라고 되어있는 프로그램이다. 그럴싸하지 않은가? 왠만큼 컴퓨터에 지식이 없는 사람이면 다들 낚시질 당할듯...

----------------------------------------------------------------------------------

How to remove Pro Antispyware 2009 (Uninstall Instructions)

Posted by Grinler on October 20, 2008 @ 11:10 AM · Views: 19,935

Add to Favorites!

Print Guide!

What this programs does:

Pro Antispyware 2009 is a rogue anti-spyware from the same family as Antispyware Pro XP and AntiSpyware 2008 XP. Pro Antispyware 2009 is advertised through the use of misleading advertisements found on web sites that pretend to be online anti-malware scanners. During the course of the advertisement, it will pretend to scan your computer and then display a warning box stating that your computer is infected with a variety of malware. It will then proceed to tell you to download and install ProAntispyware 2009 in order to clean your computer.

When Pro Antispyware 2009 is installed it will be configured to automatically start when you logon to Windows. When the program starts, it will scan your computer and list a large amount of fake infections that cannot be removed unless you first purchase the software. While running, the programs will also display fake pop-up and Windows taskbar security alerts stating your computer is infected or being attacked and that you should purchase the program to protect yourself. These messages, and fake infections, are just a way that the developers try to scare you into purchasing their software. Last, but not least, Pro Antispyware 2009 will also install an adware Trojan as a browser helper object in Internet Explorer. This adware will then display pop-ups on your computer from mxlivemedia.com when using Internet Explorer.

Pro Antispyware 2009 screen shot
For more screen shots of this infection click on the image above.
There are a total of 5 images you can view.

This guide will walk you through removing Pro Antispyware 2009 and any associated malware that may have been installed with it.

Threat Classification:

Information on Rogue Programs

Advanced information:

View Pro Antispyware 2009 files.
View Pro Antispyware 2009 Registry Information.

Tools Needed for this fix:

Malwarebytes' Anti-Malware

Symptoms that may be in a HijackThis Log:

O2 - BHO: mxlivemedia browser enhancer - {FDA08241-09F3-2DBE-22B1-5B44B581231C} - C:\WINDOWS\system32\gisyflngpshcvuakv.dll
O4 - HKLM\..\Run: [mfhsornwnduy] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\gisyflngpshcvuakv.dll"
O4 - HKCU\..\Run: [Pro Antispyware 2009] "C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\proas2009.exe" /autorun

Guide Updates:

10/21/08 - Initial guide creation.

Automated Removal Instructions for Pro Antispyware 2009 using Malwarebytes' Anti-Malware:

Print out these instructions as we will need to close every window that is open later in the fix.
Download Malwarebytes' Anti-Malware, or MBAM, from the following location and save it to your desktop:

Malwarebytes' Anti-Malware Download Link
Once downloaded, close all programs and Windows on your computer, including this one.
Double-click on the icon on your desktop named Download_mbam-setup.exe. This will start the installation of MBAM onto your computer.
When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button.
MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.
On the Scanner tab, make sure the the Perform quick scan option is selected and then click on the Scan button to start scanning your computer for Pro Antispyware 2009 related files.
MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.
When the scan is finished a message box will appear as shown in the image below.

You should click on the OK button to close the message box and continue with the Pro Antispyware 2009 removal process.
You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so. Once your computer has rebooted, and you are logged in, please continue with the rest of the steps.
When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window.
You can now exit the MBAM program.

Your computer should now be free of the Pro Antispyware 2009 program. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes' Anti-Malware to protect against these types of threats in the future.

If you are still having problems with your computer after completing these instructions, then please follow the steps outlined in the topic linked below:

Preparation Guide For Use Before Posting A Hijackthis Log

Associated Pro Antispyware 2009 Files:

O2 - BHO: mxlivemedia browser enhancer - {FDA08241-09F3-2DBE-22B1-5B44B581231C} - C:\WINDOWS\system32\gisyflngpshcvuakv.dll
O4 - HKLM\..\Run: [mfhsornwnduy] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\gisyflngpshcvuakv.dll"
O4 - HKCU\..\Run: [Pro Antispyware 2009] "C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\proas2009.exe" /autorun

Associated Pro Antispyware 2009 Windows Registry Information:

HKEY_CURRENT_USER\Software\{EBFF3366-F653-ACA1-0798-E062A58FA824}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDA08241-09F3-2DBE-22B1-5B44B581231C}
HKEY_CURRENT_USER\Software\Solt Lake Software
HKEY_CLASSES_ROOT\CLSID\{FDA08241-09F3-2DBE-22B1-5B44B581231C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDA08241-09F3-2DBE-22B1-5B44B581231C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uzymaulreqvtfzbe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "mfhsornwnduy"

출처 : http://www.bleepingcomputer.com/malware-removal/remove-pro-antispyware-2009