Litter Korean rogue lurking III
PCScan is another rogue Koreans that have appeared in recent days, in addition to the two previously showed.
pcscan.kr - 114.108.129.233 - DACOM-NET LG DACOM
eroza.net
master.to84.net
to84.net
www.tvbaro.net
Setup.exe (a85900759318ea66dc94ba789aae2cfe)
PCScan.exe (665b846b82d959843744d9d3a7b39bdc)
PCScanMon.exe (01cdb8f8955a4df6eebb1aca04d6a43c)
Uninstall.exe (76cd1340bded9d96050df30999f6274d)
Unistaller.exe file simulates the uninstaller antivirus program assumes, however, no effect arises because it’s false.
Check the following pages:
pcscan.kr/request/module_setup.php?p=PCScan&a=type1
pcscan.kr/request/License.txt
pcscan.kr/down/install.exe
down.elineguide.com/down/install.exe
pcscan.kr/down/files.php?strMode=setup&strID=PCScan&arg=type1&strSite=&strPC=000c29ca888c
pcscan.kr/down/PCScan.exe
pcscan.kr/down/PCScanMon.exe
pcscan.kr/down/Uninstall.exe
pcscan.kr/down/PCScanControl.dll
pcscan.kr/value.php?strMode=setup&strID=PCScan&arg=type1&strSite=&strPC=000c29ca888c&url=
pcscan.kr/settle.php?strID=PCScan&arg=type1&strPC=000c29ca888c&strSite=pcscan.kr
pcscan.kr/bill_danal/bill_home/with_bill.php?strID=PCScan&arg=type1&strPC=000c29ca888c&strSite=pcscan.kr
pcscan.kr/consultation.php
Countermeasure
Terminate the processes called PCScan.exe. You can use the ProcessExplorer to view and terminate processes.
Remove PCScan folder (which houses six files) located in C:\Program Files\pcscan\
Delete the system registry pcscan key from HKLM\SOFTWARE\Microsoft\Windows\ CurrentVersion\Run, which refers to "C:\Program Files\pcscan\pcscan.exe". You can use the Autoruns to view and delete the key.
Delete the desktop shortcut.
Running updated antivirus
Related information
Litter Korean rogue lurking I
PC Defender Antivirus rogue update system registry
Phoenix Exploit's Kit and Pay-per-Install via PC Defender Antivirus
Dangerous trojans, keyloggers and Spyware detected in you computer!!!
Desktop Hijack by Internet Security 2010. Your System Is Infected!
0 comentarios:
Post a Comment