PUA.Win32.PCFixer.B
Trojan:Win32/Speesipro.A (Microsoft); Hoax.Win32.PCFixer.gen (Kaspersky)
Windows
Malware-Typ:
Potentially Unwanted Application
Zerstrerisch?:
Nein
Verschlsselt?:
Nein
In the wild::
Ja
Überblick
It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Verbindet sich mit einer bestimmten Website, um Daten zu versenden und zu empfangen. Leitet Browser zu bestimmten Websites um.
Technische Details
Übertragungsdetails
It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Installation
Fügt die folgenden Ordner hinzu:
- %Application Data%\efo
- %Application Data%\efo\langs
- %Program Files%\Advanced-PC-Care
- %Program Files%\Advanced-PC-Care\langs
- %ProgramData%\{BLOCKED}edpccare.net
- %ProgramData%\{BLOCKED}edpccare.net\Advanced-PC-Care
- %Program Files%\Advanced-PC-Care
- %Program Files%\Advanced-PC-Care\x64
Schleust die folgenden Dateien ein:
- %Program Files%\Advanced-PC-Care\unins000.dat
- %Program Files%\Advanced-PC-Care\unins000.exe
- %Program Files%\Advanced-PC-Care\apc.exe
- %Program Files%\Advanced-PC-Care\apc.exe.config
- %Program Files%\Advanced-PC-Care\AppRes.dll
- %Program Files%\Advanced-PC-Care\Microsoft.Win32.TaskScheduler.dll
- %Program Files%\Advanced-PC-Care\ApcEng.dll
- %Program Files%\Advanced-PC-Care\TaskScheduler.dll
- %Program Files%\Advanced-PC-Care\NAudio.dll
- %Program Files%\Advanced-PC-Care\TAFactory.IconPack.dll
- %Program Files%\Advanced-PC-Care\Interop.IWshRuntimeLibrary.dll
- %Program Files%\Advanced-PC-Care\x64\SQLite.Interop.dll
- %Program Files%\Advanced-PC-Care\x86\SQLite.Interop.dll
- %Program Files%\Advanced-PC-Care\System.Data.SQLite.DLL
- %Program Files%\Advanced-PC-Care\HtmlRenderer.dll
- %Program Files%\Advanced-PC-Care\HtmlRenderer.WinForms.dll
- %ProgramData%\{BLOCKED}edpccare.net\Advanced-PC-Care\apc.db
- %ProgramData%\{BLOCKED}edpccare.net\Advanced-PC-Care\apcstartrepair_en.mp3
- %Program Files%\Advanced-PC-Care\langs\english_apc_en.ini
- %Program Files%\Advanced-PC-Care\langs\danish_apc_da.ini
- %Program Files%\Advanced-PC-Care\langs\Dutch_apc_nl.ini
- %Program Files%\Advanced-PC-Care\langs\finish_apc_fi.ini
- %Program Files%\Advanced-PC-Care\langs\French_apc_fr.ini
- %Program Files%\Advanced-PC-Care\langs\german_apc_de.ini
- %Program Files%\Advanced-PC-Care\langs\italian_apc_it.ini
- %Program Files%\Advanced-PC-Care\langs\japanese_apc_ja.ini
- %Program Files%\Advanced-PC-Care\langs\norwegian_apc_no.ini
- %Program Files%\Advanced-PC-Care\langs\portuguese_apc_ptbr.ini
- %Program Files%\Advanced-PC-Care\langs\russian_apc_ru.ini
- %Program Files%\Advanced-PC-Care\langs\spanish_apc_es.ini
- %Program Files%\Advanced-PC-Care\langs\swedish_apc_sv.ini
- %Application Data%\efo\langs\english_efo_en.ini
- %Application Data%\efo\langs\danish_efo_da.ini
- %Application Data%\efo\langs\Dutch_efo_nl.ini
- %Application Data%\efo\langs\finish_efo_fi.ini
- %Application Data%\efo\langs\French_efo_fr.ini
- %Application Data%\efo\langs\german_efo_de.ini
- %Application Data%\efo\langs\italian_efo_it.ini
- %Application Data%\efo\langs\japanese_efo_ja.ini
- %Application Data%\efo\langs\norwegian_efo_no.ini
- %Application Data%\efo\langs\portuguese_efo_ptbr.ini
- %Application Data%\efo\langs\russian_efo_ru.ini
- %Application Data%\efo\langs\spanish_efo_es.ini
- %Application Data%\efo\langs\swedish_efo_sv.ini
- %Public%\Desktop\Advanced-PC-Care.lnk
- %Application Data%\{BLOCKED}edpccare.net\Advanced-PC-Care\Errorlog.txt
- %Program Files%\Advanced-PC-Care\unins000.msg
- %Application Data%\{BLOCKED}edpccare.net \Advanced-PC-Care\exlist.bin
- %Common Programs%\Advanced-PC-Care\Advanced-PC-Care.lnk
- %Common Programs%\Advanced-PC-Care\Buy Advanced-PC-Care.lnk
- %Common Programs%\Advanced-PC-Care\Uninstall Advanced-PC-Care.lnk
Fügt die folgenden Prozesse hinzu:
- "%System%\taskkill.exe" /f /im "apc.exe"
- "%System%\taskkill.exe" /f /im "AppVerifier.exe"
- "%Program Files%\Advanced-PC-Care\apc.exe" getwebparam
- "%Program Files%\Advanced-PC-Care\apc.exe" firstlaunch
(Hinweis: %System% ist der Windows Systemordner. Er lautet in der Regel C:\Windows\System unter Windows 98 und ME, C:\WINNT\System32 unter Windows NT und 2000 sowie C:\Windows\System32 unter Windows 2000(32-bit), XP, Server 2003(32-bit), Vista, 7, 8, 8.1, 2008(64-bit), 2012(64bit) and 10(64-bit).. %Program Files%ist der Standardordner 'Programme', normalerweise C:\Programme.)
Andere Systemänderungen
Fügt die folgenden Registrierungseinträge hinzu:
HKEY_CURRENT_USER\Software\{BLOCKED}edpccare.net\
Advanced-PC-Care
utm_source = wpropjfg
HKEY_CURRENT_USER\Software\{BLOCKED}edpccare.net\
Advanced-PC-Care
utm_campaign = wpropjfg
HKEY_LOCAL_MACHINE\SOFTWARE\{BLOCKED}edpccare.net\
Advanced-PC-Care
Phone_us = (877)-{BLOCKED}-7061
HKEY_LOCAL_MACHINE\SOFTWARE\{BLOCKED}edpccare.net\
Advanced-PC-Care
Phone_uk = (800)-{BLOCKED}-8430
HKEY_LOCAL_MACHINE\SOFTWARE\{BLOCKED}edpccare.net\
Advanced-PC-Care
Phone_gb = (800)-{BLOCKED}-8430
HKEY_LOCAL_MACHINE\SOFTWARE\{BLOCKED}edpccare.net\
Advanced-PC-Care
Phone_au = {BLOCKED}-{BLOCKED}-389
HKEY_LOCAL_MACHINE\SOFTWARE\{BLOCKED}edpccare.net\
Advanced-PC-Care
Phone_fr = (334)-{BLOCKED}7945
HKEY_LOCAL_MACHINE\SOFTWARE\{BLOCKED}edpccare.net\
Advanced-PC-Care
Phone_de = (800)-{BLOCKED}-0926
HKEY_LOCAL_MACHINE\SOFTWARE\{BLOCKED}edpccare.net\
Advanced-PC-Care
Phone_at = (800)-{BLOCKED}-0926
HKEY_LOCAL_MACHINE\SOFTWARE\{BLOCKED}edpccare.net\
Advanced-PC-Care
Phone_ch = (800)-{BLOCKED}-0926
HKEY_LOCAL_MACHINE\SOFTWARE\{BLOCKED}edpccare.net\
Advanced-PC-Care
Phone_lu = (800)-{BLOCKED}-0926
HKEY_LOCAL_MACHINE\SOFTWARE\{BLOCKED}edpccare.net\
Advanced-PC-Care
Phone_jp = {BLOCKED}-{BLOCKED}2-7
HKEY_LOCAL_MACHINE\SOFTWARE\{BLOCKED}edpccare.net\
Advanced-PC-Care
Phone_ja = {BLOCKED}-{BLOCKED}2-7
HKEY_LOCAL_MACHINE\SOFTWARE\{BLOCKED}edpccare.net\
Advanced-PC-Care
PurchaseURL = http://www.{BLOCKED}edpccare.net/apc/price.asp?
HKEY_LOCAL_MACHINE\SOFTWARE\{BLOCKED}edpccare.net\
Advanced-PC-Care
RenewURL = http://www.{BLOCKED}edpccare.net/apc/renewal.asp?
HKEY_LOCAL_MACHINE\SOFTWARE\{BLOCKED}edpccare.net\
Advanced-PC-Care
WebURL = http://www.{BLOCKED}edpccare.net/
HKEY_LOCAL_MACHINE\SOFTWARE\{BLOCKED}edpccare.net\
Advanced-PC-Care
EmailURL = {BLOCKED}cedpccare@support-geeks.com
HKEY_LOCAL_MACHINE\SOFTWARE\{BLOCKED}edpccare.net\
Advanced-PC-Care
supporturl = http://www.{BLOCKED}edpccare.net/help/
HKEY_CURRENT_USER\Software\{BLOCKED}edpccare.net\
Advanced-PC-Care
Installstring = %Program Files%\Advanced-PC-Care
HKEY_LOCAL_MACHINE\SOFTWARE\{BLOCKED}edpccare.net\
Advanced-PC-Care
Installstring = %Program Files%\Advanced-PC-Care
HKEY_LOCAL_MACHINE\SOFTWARE\{base-64 encoded "{BLOCKED}edpccare.net"}\
{base-64 encoded "Advanced-PC-Care"}\ACT
data = {Hex values}
HKEY_LOCAL_MACHINE\SOFTWARE\{BLOCKED}edpccare.net\
Advanced-PC-Care
reg = 0
HKEY_LOCAL_MACHINE\SOFTWARE\{BLOCKED}edpccare.net\
Advanced-PC-Care
expired = 0
HKEY_LOCAL_MACHINE\SOFTWARE\{BLOCKED}edpccare.net\
Advanced-PC-Care
phone = (877)-883-7061
HKEY_LOCAL_MACHINE\SOFTWARE\{BLOCKED}edpccare.net\
Advanced-PC-Care
isphone = 1
HKEY_LOCAL_MACHINE\SOFTWARE\{BLOCKED}edpccare.net\
Advanced-PC-Care
issilent = 0
HKEY_LOCAL_MACHINE\SOFTWARE\{BLOCKED}edpccare.net\
Advanced-PC-Care
showefo = 1
HKEY_LOCAL_MACHINE\SOFTWARE\{BLOCKED}edpccare.net\
Advanced-PC-Care
efosetting = 1
HKEY_LOCAL_MACHINE\SOFTWARE\{BLOCKED}edpccare.net\
Advanced-PC-Care
country =
HKEY_LOCAL_MACHINE\SOFTWARE\{BLOCKED}edpccare.net\
Advanced-PC-Care
msl = 1
HKEY_LOCAL_MACHINE\SOFTWARE\{BLOCKED}edpccare.net\
Advanced-PC-Care
pxl = WPR970_WPR952_RUNT
HKEY_LOCAL_MACHINE\SOFTWARE\{BLOCKED}edpccare.net\
Advanced-PC-Care
ipaddrurl = http://www.{BLOCKED}edpccare.com/getIpAddress.asp
HKEY_LOCAL_MACHINE\SOFTWARE\{BLOCKED}edpccare.net\
Advanced-PC-Care
paramurl = http://trkr.advancedpccare.com/ipfiles/
HKEY_LOCAL_MACHINE\SOFTWARE\{BLOCKED}edpccare.net\
Advanced-PC-Care
prereg = 0
HKEY_LOCAL_MACHINE\SOFTWARE\{BLOCKED}edpccare.net\
Advanced-PC-Care
showtn = 0
HKEY_LOCAL_MACHINE\SOFTWARE\{BLOCKED}edpccare.net\
Advanced-PC-Care
ovoffdis = 0
HKEY_LOCAL_MACHINE\SOFTWARE\{BLOCKED}edpccare.net\
Advanced-PC-Care
cta = 0
HKEY_LOCAL_MACHINE\SOFTWARE\{BLOCKED}edpccare.net\
Advanced-PC-Care
delay = 0
HKEY_LOCAL_MACHINE\SOFTWARE\{BLOCKED}edpccare.net\
Advanced-PC-Care
cbkpoff = 1
HKEY_LOCAL_MACHINE\SOFTWARE\{BLOCKED}edpccare.net\
Advanced-PC-Care
showudurec = 1
HKEY_LOCAL_MACHINE\SOFTWARE\{BLOCKED}edpccare.net\
Advanced-PC-Care
playsound = 1
HKEY_LOCAL_MACHINE\SOFTWARE\{BLOCKED}edpccare.net\
Advanced-PC-Care
utm_source = wpropjfg
HKEY_LOCAL_MACHINE\SOFTWARE\{BLOCKED}edpccare.net\
Advanced-PC-Care
Phone = (877)-883-7061
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{UID}
Inno Setup: App Path = %Program Files%\Advanced-PC-Care
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{UID}
InstallLocation = %Program Files%\Advanced-PC-Care\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{UID}
Inno Setup: Icon Group = Advanced-PC-Care
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{UID}
Inno Setup: User = {User name}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{UID}
Inno Setup: Language = {System language}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{UID}
DisplayName = Advanced-PC-Care
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{UID}
DisplayIcon = %Program Files%\Advanced-PC-Care\apc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{UID}
UninstallString = "%Program Files%\Advanced-PC-Care\unins000.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{UID}
QuietUninstallString = "%Program Files%\Advanced-PC-Care\unins000.exe" /SILENT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{UID}
DisplayVersion = 1.0.0.11232
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{UID}
Publisher = advancedpccare.net
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{UID}
NoModify = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{UID}
NoRepair = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{UID}
InstallDate = {Installed software date}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{UID}
MajorVersion = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{UID}
MinorVersion = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{UID}
EstimatedSize = 9047
Download-Routine
Öffnet die folgenden Websites, um Dateien herunterzuladen:
- http://{BLOCKED}gcrew.net/assets/scripts/js3.js
Andere Details
Fügt die folgenden Registrierungsschlüssel hinzu:
HKEY_LOCAL_MACHINE\SOFTWARE\{BLOCKED}edpccare.net
HKEY_CURRENT_USER\Software\{BLOCKED}edpccare.net
HKEY_LOCAL_MACHINE\SOFTWARE\{base-64 encoded "{BLOCKED}edpccare.net"}
HKEY_LOCAL_MACHINE\SOFTWARE\{base-64 encoded "{BLOCKED}edpccare.net"}\
{base-64 encoded "Advanced-PC-Care"}
HKEY_LOCAL_MACHINE\SOFTWARE\{base-64 encoded "{BLOCKED}edpccare.net"}\
{base-64 encoded "Advanced-PC-Care"}\ACT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{UID}
HKEY_CURRENT_USER\Software\{BLOCKED}edpccare.net\
Advanced-PC-Care\1.0.0.11232
Verbindet sich mit der folgenden Website, um Daten zu versenden und zu empfangen:
- http://cc.{BLOCKED}cedpccare.net/wcfCountryPricing/countrypricing.svc/GetCountryCode
- http://www.{BLOCKED}edpccare.com/getIpAddress.asp
- https://www.{BLOCKED}mains.com/domain_profile.cfm?d=advancedpccare&e=com
- http://trkr.{BLOCKED}edpccare.com/ipfiles/%3C!DOCTYPE%20html%3E%0A%3Chtml%20lang=%22en%22%3E%0A%3Chead%3E%0A%3Cmeta%20http-equiv=%22Content-Type%22%20content=%22text/html%20charset=UTF-8%22%3E%0A%0A%3Cmeta%20name=%22viewport%22%20content=%22width=device-width,%20initial-scale=1,%20shrink-to-fit=no%22%3E%0A%3Clink%20rel=%22stylesheet%22%20href=%22https://cdn_jsdelivr_net/gh/fancyapps/fancybox@3_5_7/dist/jquery_fancybox_min_css%22%20/%3E%0A%3Clink%20rel=%22stylesheet%22%20href=%22https://static_HugeDomains_com/css/hdv3-css/reboot_min_css%22%3E%0A%3Clink%20rel=%22stylesheet%22%20href=%22https://static_HugeDomains_com/css/hdv3-css/style_css?aa=2020-10-10%22%3E%0A%3Clink%20rel=%22stylesheet%22%20href=%22https://static_HugeDomains_com/css/hdv3-css/responsive_css?aa=2020-10-10%22%3E%0A%3Cmeta%20property=%22og:site_name%22%20content=%22HugeDomains%22%3E%0A%3Cmeta%20property=%22og:type%22%20content=%22website%22%3E%0A%3Cmeta%20property=%22og:image%22%20content=%22https://static_HugeDomains_com/images/hdv3-img/og_hugedomains_png%22%20/%3E%0A%3Ctitle%3EAdvancedPcCare_com%20is%20for%20sale%20%7C%20HugeDomains%3C/title%3E%0A%3Cmeta%20property=%22og:title%22%20content=%22AdvancedPcCare_com%20is%20for%20sale%20%7C%20HugeDomains%22%20/%3E%0A%3Cmeta%20property=%22og:url%22%20content=%22https://www_HugeDomains_com/domain_profile_cfm?d=AdvancedPcCare_com%22%20/%3E%0A%3Clink%20rel=%22canonical%22%20href=%22https://www_HugeDomains_com/domain_profile_cfm?d=AdvancedPcCare_com%22%20/%3E%0A%3Cmeta%20property=%22og:description%22%20content=%22Friendly%20and%20helpful%20customer%20support%20that%20goes%20above%20and%20beyond_%20We%20help%20you%20get%20the%20perfect%20domain%20name_%22%20/%3E%0A%3Cmeta%20name=%22description%22%20content=%22Friendly%20and%20helpful%20customer%20support%20that%20goes%20above%20and%20beyond_%20We%20help%20you%20get%20the%20perfect%20domain%20name_%22%20/%3E%0A%3Clink%20rel=%22stylesheet%22%20href=%22https://fonts_googleapis_com/css?family=Noto+Sans:400,700&display=swap%22%3E%0A%3Clink%20rel=%22stylesheet%22%20href=%22https://use_typekit_net/zyw6mds_css%22%3E%0A%0A%3Cscript%20async%20src=%22https://www_googletagmanager_com/gtag/js?id=UA-7117339-4%22%3E%3C/script%3E%0A%3Cscript%3E%0D%0Awindow_dataLayer%20=%20window_dataLayer%20%7C%7C%20%5B%5D%0D%0Afunction%20gtag()%7BdataLayer_push(arguments)%7D%0D%0Agtag('js',%20new%20Date())%0D%0A/*%20gtag('config',%20'UA-7117339-4')%20*/%0D%0Agtag('config',%20'UA-7117339-4',%20%7B%0D%0A'custom_map':%20%7B%0D%0A'dimension3':%20'siteversion'%0D%0A%7D%0D%0A%7D)%0D%0Agtag('event',%20'pageLoad',%20%7B%20'siteversion':%20'HDv3'%20%7D)%0D%0A%3C/script%3E%0A%3Cscript%20async%20src='/cdn-cgi/bm/cv/669835187/api_js'%3E%3C/script%3E%3C/head%3E%0A%3Cbody%3E%0A%3Cheader%20id=%22header%22%3E%0A%3Cdiv%20class=%22js-overlay-modal%20overlay-modal%22%3E%3C/div%3E%0A%3Cdiv%20class=%22container%22%3E%0A%3Cdiv%20class=%22header-top%20d-flex%20ai-center%22%3E%0A%3Cdiv%20class=%22navBurger%22%20role=%22navigation%22%20id=%22navToggle%22%3E%3C/div%3E%0A%3Ca%20class=%22logo%22%20href=%22https://www_HugeDomains_com/index_cfm%22%3E%3Cimg%20src=%22https://static_HugeDomains_com/images/hdv3-img/hugedomains_logo_svg%22%20alt=%22logo%22%20class=%22img-fluid%22%3E%3C/a%3E%0A%3Cdiv%20class=%22d-flex%20ai-center%20jc-end%22%3E%0A%3Cdiv%20class=%22search-trigger%20%22%3E%3Cscript%20type=%22text/javascript%22%20style=%22display:none%22%3E%0A//%3C!%5BCDATA%5B%0Awindow___mirage2%20=%20%7Bpetok:%22dc910f8f0f06bb7b988e52cd1901ac53b32aa025-1624269408-1800%22%7D%0A//%5D%5D%3E%0A%3C/script%3E%0A%3Cscript%20type=%22text/javascript%22%20src=%22https://ajax_cloudflare_com/cdn-cgi/scripts/04b3eb47/cloudflare-static/mirage2_min_js%22%3E%3C/script%3E%0A%3Cimg%20data-cfsrc=%22https://static_HugeDomains_com/images/hdv3-img/search-icon_png%22%20alt=%22%22%20style=%22display:nonevisibility:hidden%22%3E%3Cnoscript%3E%3Cimg%20src=%22https://static_HugeDomains_com/images/hdv3-img/search-icon_png%22%20alt=%22%22%3E%3C/noscript%3E%3C/div%3E%0A%3Cdiv%20class=%22search-box%20%22%3E%0A%0A%3Cform%20action=%22https://www_HugeDomains_com/domain_search_cfm%22%20method=%22get%22%20class=%22search-form%22%20id=%22siteHeaderFormSearchID%22%3E%0A%3Cinput%20type=%22text%22%20name=%22domain_name%22%20value=%22%22%20class=%22search-input%22%3E%0A%3Cbutton%20type=%22submit%22%20value=%22%22%20class=%22search-btn%22%20onClick=%22hdv3HeaderSearchSubmitFunc()%20return%20false%20%22%20style=%22min-width:90px%20height:35px%22%20id=%22hdv3HeaderSearchButtonID%22%3ESearch%3C/button%3E%0A%3Cbutton%20type=%22button%22%20value=%22%22%20id=%22hdv3HeaderSearchProcessingID%22%20class=%22search-btn%20btn%20hiddenAtLoad%20width50%22%20onclick=%22return%20false%22%20style=%22%20height:35px%20min-width:90px%20width:90px%20padding-left:0px%20padding-right:0px%20padding-bottom:0px%20padding-top:0px%20margin-bottom:0px%20overflow:hidden%22%3E%0A%3Cdiv%20id=%22circularG%22%20style=%22margin-left:0px%20margin-right:0px%20margin-top:2px%22%3E%0A%3Cdiv%20id=%22circularG_1%22%20class=%22circularG%22%3E%3C/div%3E%0A%3Cdiv%20id=%22circularG_2%22%20class=%22circularG%22%3E%3C/div%3E%0A%3Cdiv%20id=%22circularG_3%22%20class=%22circularG%22%3E%3C/div%3E%0A%3Cdiv%20id=%22circularG_4%22%20class=%22circularG%22%3E%3C/div%3E%0A%3Cdiv%20id=%22circularG_5%22%20class=%22circularG%22%3E%3C/div%3E%0A%3Cdiv%20id=%22circularG_6%22%20class=%22circularG%22%3E%3C/div%3E%0A%3Cdiv%20id=%22circularG_7%22%20class=%22circularG%22%3E%3C/div%3E%0A%3Cdiv%20id=%22circularG_8%22%20class=%22circularG%22%3E%3C/div%3E%0A%3C/div%3E%0A%3C/button%3E%0A%3C/form%3E%0A%3C/div%3E%0A%3Cspan%20class=%22questions%22%3EQuestions?%3C/span%3E%3Ca%20href=%22tel:1-303-893-0552%22%20class=%22header-tel%22%3E%3Cimg%20data-cfsrc=%22https://static_HugeDomains_com/images/hdv3-img/phone-icon_png%22%20alt=%22%22%20style=%22display:nonevisibility:hidden%22%3E%3Cnoscript%3E%3Cimg%20src=%22https://static_HugeDomains_com/images/hdv3-img/phone-icon_png%22%20alt=%22%22%3E%3C/noscript%3E%3Cspan%20class=%22tell-text%22%3E+1-303-893-0552%3C/span%3E%3C/a%3E%0A%3C/div%3E%0A%3C/div%3E%0A%3C/div%3E%0A%3Cnav%20class=%22navbar%22%3E%0A%3Cdiv%20class=%22overlay%22%3E%0A%3Cdiv%20class=%22overlayMenu%20d-flex%20ai-center%20jc-between%22%3E%0A%3Cul%20class=%22navbar-nav%22%3E%0A%3Cli%20class=%22nav-item%22%3E%0A%3Ca%20class=%22nav-link%22%20href=%22https://www_HugeDomains_com/index_cfm%22%3EHome%3C/a%3E%0A%3C/li%3E%0A%3Cli%20class=%22nav-item%22%3E%0A%3Ca%20class=%22nav-link%22%20href=%22https://www_HugeDomains_com/faq_cfm%22%3EFAQs%3C/a%3E%0A%3C/li%3E%0A%3Cli%20class=%22nav-item%22%3E%0A%3Ca%20class=%22nav-link%22%20href=%22https://www_HugeDomains_com/about_cfm%22%3EAbout%20us%3C/a%3E%0A%3C/li%3E%0A%3Cli%20class=%22nav-item%22%3E%0A%3Ca%20class=%22nav-link%22%20href=%22https://www_HugeDomains_com/contact_cfm%22%3EContact%20us%3C/a%3E%0A%3C/li%3E%0A%3Cli%20class=%22nav-item%22%3E%0A%3Ca%20href=%22https://www_HugeDomains_com/payment-plan-login_cfm%22%20class=%22nav-link%22%3EMy%20account%3C/a%3E%0A%3C/li%3E%0A%3C/ul%3E%0A%3Cdiv%20class=%22shop-links%22%3E%0A%3Ca%20href=%22https://www_HugeDomains_com/shopping_cart_cfm%22%20class=%22cart-link%22%3EShopping%20cart%3C/a%3E%0A%3Cdiv%20class=%22cart-icon%20empty-cart%20%22%20id=%22hdv3HeaderCartIconDivID%22%3E%3Cimg%20data-cfsrc=%22https://static_HugeDomains_com/images/hdv3-img/cart_png%22%20alt=%22%22%20onclick=%22document_location%20=%20'https://www_HugeDomains_com/shopping_cart_cfm'%22%20data-cfstyle=%22cursor:%20pointer%22%20style=%22display:nonevisibility:hidden%22%3E%3Cnoscript%3E%3Cimg%20src=%22https://static_HugeDomains_com/images/hdv3-img/cart_png%22%20alt=%22%22%20onclick=%22document_location%20=%20'https://www_HugeDomains_com/shopping_cart_cfm'%22%20style=%22cursor:%20pointer%22%3E%3C/noscript%3E%3Cspan%20class=%22cart-number%20hiddenAtLoad%22%20id=%22hdv3CartNumberSpanID%22%20onclick=%22document_location%20=%20'https://www_HugeDomains_com/shopping_cart_cfm'%22%20style=%22cursor:%20pointer%22%3E%3C/span%3E%3C/div%3E%0A%3C/div%3E%0A%3C/div%3E%0A%3C/div%3E%0A%3C/nav%3E%0A%3C/header%3E%0A%3Cmain%20class=%22site-main%20%22%3E%0A%0A%0A%3Cdiv%20class=%22slide-sidebar-block%20save-100%20sumary-pp%20two-btn-block%20dn%22%3E%0A%3Cdiv%20class=%22ss-block-inner%22%3E%0A%3Cspan%20class=%22ss-block-title%20green%22%3EAdvancedPcCare_com%3C/span%3E%0A%3Cspan%20class=%22row-save%20save-footer-row%22%3E%0A%3Cspan%3EBuy%20now%20%3Cspan%20class=%22green%22%3E%3Cb%3E$4,795%3C/b%3E%3C/span%3E%3C/span%3E%0A%3C/span%3E%0A%3Ca%20href=%22https://www_HugeDomains_com/shopping_cart_cfm?d=AdvancedPcCare&e=com%22%20class=%22btn%20m-b-0%22%3E&
- http://ww12.{BLOCKED}edpccare.net/
- http://ww12.{BLOCKED}edpccare.net/track.php?domain=advancedpccare.net&toggle=browserjs&uid={UID}
- http://ww12.{BLOCKED}edpccare.net/ls.php
Leitet Browser zu folgenden Websites um:
- http://dp.g.{BLOCK}click.net/apps/domainpark/domainpark.cgi?client=ca-dp-teaminternet09_3ph&channel=000002,bucket052&domain_name=advancedpccare.net&output=html&drid={uid}
Es macht Folgendes:
- Uses the following user-interface:
Lösungen
Step 1
Für Windows ME und XP Benutzer: Stellen Sie vor einer Suche sicher, dass die Systemwiederherstellung deaktiviert ist, damit der gesamte Computer durchsucht werden kann.
Step 2
<p> Beachten Sie, dass nicht alle Dateien, Ordner, Registrierungsschlüssel und Einträge auf Ihrem Computer installiert sind, während diese Malware / Spyware / Grayware ausgeführt wird. Dies kann auf eine unvollständige Installation oder andere Betriebssystembedingungen zurückzuführen sein. Fahren Sie mit dem nächsten Schritt fort. </ p><p> Beachten Sie, dass nicht alle Dateien, Ordner, Registrierungsschlüssel und Einträge auf Ihrem Computer installiert sind, während diese Malware / Spyware / Grayware ausgeführt wird. Dies kann auf eine unvollständige Installation oder andere Betriebssystembedingungen zurückzuführen sein. Fahren Sie mit dem nächsten Schritt fort. </ p>
Step 3
Schließen Sie alle geöffneten Browser-Fenster
Step 4
PUA.Win32.PCFixer.B über die eigene Option zum Deinstallieren entfernen
Step 5
Durchsuchen Sie Ihren Computer mit Ihrem Trend Micro Produkt, und löschen Sie Dateien, die als PUA.Win32.PCFixer.B entdeckt werden. Falls die entdeckten Dateien bereits von Ihrem Trend Micro Produkt gesäubert, gelöscht oder in Quarantäne verschoben wurden, sind keine weiteren Schritte erforderlich. Dateien in Quarantäne können einfach gelöscht werden. Auf dieser Knowledge-Base-Seite finden Sie weitere Informationen.
Nehmen Sie an unserer Umfrage teil