While BitDefender 2011 is running, it displays fake security alerts in attempt to scare you into thinking that your computer is fried. For those of you who have already been hit by rogue anti-spyware software these fake alerts shouldn't be a surprise. Bit Defender 2011 displays some pretty basic stuff. The fake alert will state that your computer is infected with spyware, keyloggers and other badware. You may also see a fake security warning saying that you are using unlicensed software or that your sensitive information is being transferred to a remote server which belongs to cyber-criminals. Such offending warnings should be ignored as they do not make any sense. Here are some of the fake security alerts:
Another rather annoying thing about this infection is that BitDefender 2011 blocks legitimate malware removal tools. However, BitDefender 2011 Resident Shield blocks other legitimate programs too, i.e., Microsoft calculator or registry editor. It states that the program is infected and was terminated due to security reasons. Surprisingly, it doesn't block Task Manager, but there is a good reason for that. BitDefender 2011 created a new column in the Windows Task Manager that displays word "Infected" next to various active processes.
And probably last, but not least, BitDefender 2011 hijacks web browsers via the Image File Execution Options and displays fake security warnings Internet Explorer Emergency Mode (Internet Explorer) and Attention! Your web page requested has been canceled (Mozilla Firefox).
These fake alerts do not show up in safe mode and safe mode with networking though. So, you should restart your computer is safe mode with networking and download anti-malware application to remove the rogue AV if it blocks security-related websites in normal mode. Also, you can use the registration codes listed below to activate the fake BitDefender 2011 if you really can't do anything on your computer. Thanks to Steven K. from http://xylibox.blogspot.com for sharing these codes. Just click "License" from the left side menu and enter one of these codes:
DLE01-JGN91-KAH52-DPH063-XYL52
IGE19-CJA07-FDK41-CMI651-XYL62
HML20-HCF21-ABP27-KBG564-XYL12
PFI91-ENK07-KLC65-MCJ224-XYL81
JGA43-KGJ19-DHG29-MOM599-XYL52
DAO35-KGB74-CHC40-FLI616-XYL14
ENK13-PFD81-OFH29-HMF191-XYL63
Please note that even if these codes will do the trick, you still need to run a full system scan with anti-malware software. Do not purchase BitDefender 2011. There is no guarantee that your credit card details aren't going to be sold to other third parties. Clarifications and comments are welcome as usual. If you have questions, please leave a comment below. Good luck and be safe online!
BitDefender 2011 removal instructions (in Safe Mode with Networking):
1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Login as the same user you were previously logged in with in the normal Windows mode. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm
2. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
Alternate BitDefender 2011 removal instructions (Manual):
1. Go into C:\WINDOWS\system32 folder. Locate msiexecs.exe and delete it. Important! Do not delete msiexec.exe. See the image below.
2. Open the Windows Registry Editor. At the taskbar, click Start → Run. Type regedit and click OK or press Enter. (In Windows Vista/7 click the Start button in the lower-left corner of your screen. Type regedit into Start search box and press Enter).
3. Locate the HKEY_LOCAL_MACHINE entry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe
In the righthand pane select Debugger = msiexecs.exe -sb and delete it if it exists.
Close the registry editor.
4. Open Internet Explorer and download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
4. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
Associated BitDefender 2011 files and registry values:
Files:
- C:\Program Files\BitDefender 2011\
- C:\Program Files\BitDefender 2011\bitdefender.exe
- C:\Documents and Settings\All Users\Start Menu\BitDefender 2011\
- C:\Documents and Settings\All Users\Start Menu\BitDefender 2011\BitDefender 2011.lnk
- %AllUsersProfile%\Start Menu\BitDefender 2011\Uninstall.lnk
- %UserProfile%\Desktop\BitDefender 2011.lnk
- C:\WINDOWS\system32\msiexecs.exe
- HKEY_CURRENT_USER\Software\[SET OF RANDOM CHARACTERS]
- HKEY_CURRENT_USER\Software\[SET OF RANDOM CHARACTERS]
- HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = '0'
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "BitDefender 2011" = 'C:\Program Files\BitDefender 2011\bitdefender.exe'
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe "Debugger" = 'msiexecs.exe -sb'
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe "Debugger" = 'msiexecs.exe -sb'
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe "Debugger" = 'msiexecs.exe -sb'
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe "Debugger" = 'msiexecs.exe -sb'
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe "Debugger" = 'msiexecs.exe -sb'
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "WinNT-EVI 21.04.2011"
Thanks to rogueamp for making this video.
Share the knowledge:
0 comments:
Post a Comment