Christian Mairoll 237 Posted August 19, 2011 Report Share Posted August 19, 2011 The Emsisoft malware research team has discovered a new outbreak of the System Repair adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.SystemRepair. System Repair is a rogue application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase. Create new files: %AllUsersProfiles%Application Data~%random%r %AllUsersProfiles%Application Data%random%.exe %AllUsersProfiles%Application Data%random% %AllUsersProfiles%Application Data~%random% %UserProfile%DesktopSystem Repair.lnk %UserProfile%Local SettingsTempsmtmp %UserProfile%Local SettingsTempsmtmp4 %UserProfile%Local SettingsTempsmtmp1 %UserProfile%Local SettingsTempsmtmp2 %UserProfile%Start MenuProgramsSystem Repair %UserProfile%Start MenuProgramsSystem RepairSystem Repair.lnk %UserProfile%Start MenuProgramsSystem RepairUninstall System Repair.lnk Create new registry entries: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystemDisableTaskMgr: 0×00000001 HKEY_CURRENT_USERSoftware75fa38b7-8b94-4995-ad32-52e938867954:BD: 43 00 3A 00 5C 00 44 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 20 00 61 00… HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMainUse FormSuggest: “Yes” HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsWarnonBadCertRecving: 0×00000000CertificateRevocation: 0×00000000 HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesActiveDesktopNoChangingWallPaper: 0×00000001 HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociationsLowRiskFileTypes: “/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:” HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAttachmentsSaveZoneInformation: 0×00000001 HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun%random%: “%AllUsersProfile%Application Data%random%.exe” HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownloadCheckExeSignatures: “no” HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvancedHidden: 0×00000000 HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvancedShowSuperHidden: 0×00000000 Screenshots: How to remove the infection of System Repair (Adware.Win32.SystemRepair)? To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine. Related Posts: Windows Repair Adware Removal Instructions Win XP Recovery Adware Removal Instructions Windows Recovery Adware Removal Instructions Windows Restore Adware Removal Instructions Windows Diagnostic Adware Removal Instructions View the full article Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.