Adware.PCDefence.R
種類
Adware
危険度/拡散度
/
発見日
[korea] 2010-07-24 [Foreign] 0000-00-00
Virobot対応
2010-07-24 [Able to detect & repair]

[Symptom of Infection]

Adware.PCDefence.R is installed automatically and induces to purchase for fake repair.

- It adds itself to registry for automatic execution on system boot.

<Related URL>
hxxp://pcdefence.co.kr/etc/(...)_app.htm
hxxp://(...).com/P/(...).exe
hxxp://(...).pcdefence.co.kr/bin/(...).exe
hxxp://(...).pcdefence.co.kr/bin/(...).exe
hxxp://(...).pcdefence.co.kr/bin/(...).exe
hxxp://(...).pcdefence.co.kr/bin/(...).exe
hxxp://(...).pcdefence.co.kr/bin/(...).exe
hxxp://(...).pcdefence.co.kr/bin/(...)

hxxp://(...).pcdefence.co.kr/bin/(...)

hxxp://(...).pcdefence.co.kr/bin/(...).dat
 

<Registry>
 
[Adware.PCDefence.R] creates registries like below. 
 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\smartconnect
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Defense
HKLM\SOFTWARE\PC Defense
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Name : pcdefenceS
Value : "(Programs Folder)\PC Defense\pcdefenceU.exe"
HKCU\Software\Microsoft\Internet Explorer
Name : pcdefence_sun
Value : "1"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Name : smartconnect
Value : "(System Folder)\smartconnect.exe sgi"

<Folder>
 
[Adware.PCDefence.R] creates folders like below.
 

(All User Account Folder)\Start\Program\PC Defense
(Programs Folder)\PC Defense

 

<File>
 
[Adware.PCDefence.R] creates files like below.
 

(All User Account Folder)\Start\Program\PC Defense\pcdefence Delete.lnk
(All User Account Folder)\Start\Program\PC Defense\pcdefence.lnk
(All User Account Folder)\Start\Program\PC Defense\License.url
(All User Account Folder)\Start\Program\PC Defense\Webpage.url
(Programs Folder)\PC Defense\mdata.dat
(Programs Folder)\PC Defense\pcdefence.exe
(Programs Folder)\PC Defense\pcdefenceBK.exe
(Programs Folder)\PC Defense\pcdefencedm.exe
(Programs Folder)\PC Defense\pcdefenceU.exe
(Programs Folder)\PC Defense\trackingsitedata
(Programs Folder)\PC Defense\ubdata
(System Folder)\smartconnect.dat
(System Folder)\smartconnect.exe
(System Folder)\uninst_pcdefence.exe
 

<Notation>
 

- "(Programs Folder)" could be different by OS and generally this is "C:\Program Files\"
- "(All User Account Folder)" could be different by OS and generally this is "C:\Documents and Settings\(All User Account)\"
- "(Windows Folder)" could be different by OS and generally this is "C:\Windows\"
- "(System Folder)" could be different by OS and generally this is "C:\Windows\System32\".

[How to repair]

 

1. If you are WinXP/ME users, please be inactivate System Recovery Function.
The reason why being inactivate of the system recovery is to clean the virus completely.
You can refer to MS technical documents(Q263455) for more details.


2. Update the engine module for the latest one.
To repair this virus, you need to update the engine for the latest one.


a. ViRobot products users
-Download the latest engine files via our website (www.hauri.net)


b. Non-ViRobot products users
- Use the LiveCall (Free Scan) via the website (http://www.livecall.co.kr)
- Use the trial version of ViRobot products (30days only)


3. How to scan the virus.


a. Run your ViRobot, and choose all files in scan option.
- ViRobot Desktop 5.x : [Tools] -> [Configuration] -> [Spyware/Adware Scan] : Check all files
- LiveCall (Free Scan) : [Advanced Scan] : Check


b. Repair all viruses detected.