SystemBooster2009 – Guida alla rimozione!

di | 11/12/2008

SystemBooster2009 è un falso software di sicurezza della stessa famiglia di SpyProtector e PC Defender 2008.
.


.

Il falso antivirus una volta infettato il pc, avvia false scansione facendo credere all’utente di avere il sistema infettato, invitandolo ad acquistare la licenza del falso antivirus per disinfettarsi.

Ovviamente non acquistate nulla!

I sintomi che presenta un pc rimasto vittima di SystemBooster2009 sono:

sistema rallentato, settaggi del browser modoficati, apertura continua di finestre pop-up durante la navigazione ed infine l’impossibilità in alcuni casi di collegarsi ad internet.

Questi sono i files creati dal falso antivirus:

c:\My Downloads
c:\Program Files\SystemBooster2009 (Free Edition)
c:\Program Files\SystemBooster2009 (Free Edition)\install_stat2.tmp
c:\Program Files\SystemBooster2009 (Free Edition)\License Aggr.rtf
c:\Program Files\SystemBooster2009 (Free Edition)\Read Me.rtf
c:\Program Files\SystemBooster2009 (Free Edition)\sbr_cfg.ini
c:\Program Files\SystemBooster2009 (Free Edition)\sbr_inst.imd
c:\Program Files\SystemBooster2009 (Free Edition)\sbr_pcid.exe
c:\Program Files\SystemBooster2009 (Free Edition)\sbr_updater.exe
c:\Program Files\SystemBooster2009 (Free Edition)\sbrckrdr.exe
c:\Program Files\SystemBooster2009 (Free Edition)\startup_db.db
c:\Program Files\SystemBooster2009 (Free Edition)\SystemBooster2009 Home Page.url
c:\Program Files\SystemBooster2009 (Free Edition)\SystemBooster2009.chm
c:\Program Files\SystemBooster2009 (Free Edition)\SystemBooster2009.config
c:\Program Files\SystemBooster2009 (Free Edition)\SystemBooster2009.exe
c:\Program Files\SystemBooster2009 (Free Edition)\SystemBooster2009_Chk.exe
c:\Program Files\SystemBooster2009 (Free Edition)\Uninstall SystemBooster2009.exe
c:\Program Files\SystemBooster2009 (Free Edition)\comstart
c:\Program Files\SystemBooster2009 (Free Edition)\EdTweaks
c:\Program Files\SystemBooster2009 (Free Edition)\EdTweaks\001_eddat.reg
c:\Program Files\SystemBooster2009 (Free Edition)\EdTweaks\003_eddat.reg
c:\Program Files\SystemBooster2009 (Free Edition)\EdTweaks\006_eddat.reg
c:\Program Files\SystemBooster2009 (Free Edition)\EdTweaks\007_eddat.reg
c:\Program Files\SystemBooster2009 (Free Edition)\EdTweaks\009_eddat.reg
c:\Program Files\SystemBooster2009 (Free Edition)\EdTweaks\011_eddat.reg
c:\Program Files\SystemBooster2009 (Free Edition)\EdTweaks\013_eddat.reg
c:\Program Files\SystemBooster2009 (Free Edition)\EdTweaks\016_eddat.reg
c:\Program Files\SystemBooster2009 (Free Edition)\EdTweaks\017_eddat.reg
c:\Program Files\SystemBooster2009 (Free Edition)\EdTweaks\020_eddat.reg
c:\Program Files\SystemBooster2009 (Free Edition)\EdTweaks\023_eddat.reg
c:\Program Files\SystemBooster2009 (Free Edition)\EdTweaks\027_eddat.reg
c:\Program Files\SystemBooster2009 (Free Edition)\EdTweaks\030_eddat.reg
c:\Program Files\SystemBooster2009 (Free Edition)\EdTweaks\031_eddat.reg
c:\Program Files\SystemBooster2009 (Free Edition)\EdTweaks\033_eddat.reg
c:\Program Files\SystemBooster2009 (Free Edition)\EdTweaks\040_eddat.reg
c:\Program Files\SystemBooster2009 (Free Edition)\EdTweaks\042_eddat.reg
c:\Program Files\SystemBooster2009 (Free Edition)\genstart
c:\Program Files\SystemBooster2009 (Free Edition)\Undo_Data
%UserProfile%\Desktop\QuickInstallPack.lnk
%UserProfile%\Local Settings\Application Data\qip
%UserProfile%\Local Settings\Application Data\qip\data.ini
%UserProfile%\Local Settings\Application Data\qip\iercpt.dll
%UserProfile%\Local Settings\Application Data\qip\QuickInstallPack.exe
%UserProfile%\Local Settings\Application Data\qip\systembooster2009_Setup_free_en.exe.ini
%UserProfile%\Local Settings\Application Data\USBR_QIP
%UserProfile%\Local Settings\Application Data\USBR_QIP\data.ini
%UserProfile%\Start Menu\Programs\QuickInstallPack
%UserProfile%\Start Menu\Programs\QuickInstallPack\QuickInstallPack on the Web.url
%UserProfile%\Start Menu\Programs\QuickInstallPack\QuickInstallPack.lnk
%UserProfile%\Start Menu\Programs\QuickInstallPack\Uninstall QuickInstallPack.lnk
c:\Documents and Settings\All Users\Desktop\SystemBooster2009 (Free Edition).lnk
c:\Documents and Settings\All Users\Start Menu\Programs\SystemBooster2009 (Free Edition)
c:\Documents and Settings\All Users\Start Menu\Programs\SystemBooster2009 (Free Edition)\SystemBooster2009 Home Page.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\SystemBooster2009 (Free Edition)\SystemBooster2009.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\SystemBooster2009 (Free Edition)\Uninstall SystemBooster2009.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\SystemBooster2009 (Free Edition)\Documentation
c:\Documents and Settings\All Users\Start Menu\Programs\SystemBooster2009 (Free Edition)\Documentation\Documentation.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\SystemBooster2009 (Free Edition)\Documentation\License Aggr.rtf.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\SystemBooster2009 (Free Edition)\Documentation\Read Me.rtf.lnk

Queste invece le chiavi di registro:

HKEY_CURRENT_USER\Software\SystemBooster2009
HKEY_LOCAL_MACHINE\SOFTWARE\SystemBooster2009
HKEY_LOCAL_MACHINE\SOFTWARE\SystemBooster2009 (Free Edition)
HKEY_CLASSES_ROOT\AppID\{3A9377A6-BE7F-485D-908C-D44114691389}
HKEY_CLASSES_ROOT\AppID\iercpt.DLL
HKEY_CLASSES_ROOT\CLSID\{D4CDC21D-43BE-4101-A1EF-E379F134771E}
HKEY_CLASSES_ROOT\iercpt.iercptbho
HKEY_CLASSES_ROOT\iercpt.iercptbho.1
HKEY_CLASSES_ROOT\Interface\{59C345BA-3D5E-44E3-9D10-D3848AF15D73}
HKEY_CLASSES_ROOT\TypeLib\{A6FBD2E4-1C7E-4EAB-80DD-01DE2645566A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4CDC21D-43BE-4101-A1EF-E379F134771E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickInstallPack
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemBooster2009 (Free Edition)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “QuickInstallPack”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “SBR2009F”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “SystemBooster2009”

Come disinfettarsi.

Il tool che si è dimostrato efficace nel rimuovere SystemBooster2009 è:

Malwarebytes Anti-Malware – Download

Disinfettarsi con Malwarebytes Anti-Malware

Scaricate Malwarebytes’ Anti-Malware sul desktop e procedete con l’installazione.

Avviate il software, procedete prima con l’update e successivamente effettuate una scansione in modalità “rapida” del sistema.

Selezionate tutti i malware scovati dal tool e cliccate su “Rimuovi selezionati”.

Ottenuto conferma che tutti i malware sono stati eliminati, potete chiudere il programma e riavviare il sistema.

In alternativa, risulta altrettanto efficace una scansione in modalità provvisoria con A-Square 4 scaricabile quì.