Ghost-Antivirus.com
O Ghost-Antivirus.com é um site muito enganador, que foi criado pelos hackers para anunciar e vender um programa de segurança nocivo, chamado Antivírus Ghost. O Ghost-Antivirus.com não está associado ao legítimo programa de segurança Ghost Antivirus da Symantec. O Ghost-Antivirus.com pode ser muito confuso na forma como ele descreve o desonesto Antivírus Ghost, como um programa que pode detectar e remover vírus. Não se pode confiar no Antivírus Ghost para realizar qualquer tipo de função útil em qualquer computador. É recomendável que os usuários evitem completamente o site do Ghost-Antivirus.com.
Índice
Detalhes Sobre os Arquivos do Sistema
Ghost-Antivirus.com pode criar o(s) seguinte(s) arquivo(s):
| # | Nome do arquivo |
Detecções
Detecções: O número de casos confirmados e suspeitos de uma determinada ameaça detectada nos computadores infectados conforme relatado pelo SpyHunter.
|
|---|---|---|
| 1. | %WINDOWS%\System32\[random symbols].dll | |
| 2. | %Program Files%\Ghost Antivirus\lib\WMILib.dll | |
| 3. | %Documents and Settings%\[User Name]\Application Data\Ghost Antivirus\unins000.exe | |
| 4. | %Program Files%\Ghost Antivirus\ghostav.exe | |
| 5. | %Documents and Settings%\[User Name]\Local Settings\Application Data\Microsoft\Windows\services.exe | |
| 6. | %Program Files%\Ghost Antivirus\unins000.dat | |
| 7. | %Program Files%\Ghost Antivirus\working.log | |
| 8. | %Program Files%\Ghost Antivirus\lib\ghost.sql | |
| 9. | %Program Files%\Ghost Antivirus\lib\version.db | |
| 10. | %Documents and Settings%\All Users\Start Menu\Programs\Ghost Antivirus\Ghost Antivirus Home Page.lnk | |
| 11. | %Documents and Settings%\All Users\Application Data\Ghost Antivirus\ | |
| 12. | %Documents and Settings%\[User Name]\Local Settings\Application Data\Microsoft\Windows\pguard.ini | |
| 13. | %Documents and Settings%\[User Name]\Application Data\Ghost Antivirus\lib\ | |
| 14. | %Documents and Settings%\[User Name]\Application Data\Ghost Antivirus\lib\times.conf | |
| 15. | %Documents and Settings%\[User Name]\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png | |
| 16. | %Program Files%\Ghost Antivirus\register.ico | |
| 17. | %Program Files%\Ghost Antivirus\web.ico | |
| 18. | %Program Files%\Ghost Antivirus\lib\ | |
| 19. | %Program Files%\Ghost Antivirus\lib\listing.cfg | |
| 20. | %Documents and Settings%\All Users\Start Menu\Programs\Ghost Antivirus\ | |
| 21. | %Documents and Settings%\All Users\Start Menu\Programs\Ghost Antivirus\Purchase License.lnk | |
| 22. | %Documents and Settings%\[User Name]\Application Data\Ghost Antivirus\uill.ini | |
| 23. | %Documents and Settings%\[User Name]\Application Data\Ghost Antivirus\Uninstall Ghost Antivirus.lnk | |
| 24. | %Documents and Settings%\[User Name]\Application Data\Ghost Antivirus\lib\properties | |
| 25. | %Documents and Settings%\[User Name]\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png | |
| 26. | %Program Files%\Ghost Antivirus\ | |
| 27. | %Program Files%\Ghost Antivirus\uninst.ico | |
| 28. | %Program Files%\Ghost Antivirus\Languages\ | |
| 29. | %Program Files%\Ghost Antivirus\lib\Infected.wav | |
| 30. | %Documents and Settings%\All Users\Desktop\Ghost Antivirus.lnk | |
| 31. | %Documents and Settings%\All Users\Start Menu\Programs\Ghost Antivirus\Ghost Antivirus.lnk | |
| 32. | %Documents and Settings%\[User Name]\Application Data\Ghost Antivirus\settings.ini | |
| 33. | %Documents and Settings%\[User Name]\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png | |
| 34. | %Documents and Settings%\[User Name]\Application Data\Ghost Antivirus\lib\links.txt | |
| 35. | %Documents and Settings%\[User Name]\Application Data\Microsoft\Internet Explorer\Quick Launch\Ghost Antivirus.lnk |
Detalhes sobre o Registro
Ghost-Antivirus.com pode criar a seguinte entrada de registro ou entradas de registro:
HKEY_CURRENT_USER\Software\Microsoft\FTP "SearchDir" = "%Program Files%\Ghost Antivirus\"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "3P_UDEC"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe "Debugger" = "?"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ghost Antivirus_is1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Ghost Antivirus"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "RealLogonType" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run “onin”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent "URIAPRO[1.1.3.9]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe "RealDebugger" = "?"
URLs
Ghost-Antivirus.com pode chamar os seguintes URLs:
| 93.174.95.194 Ghost-antivirus com |
| 93.174.95.194 Ghost-pay com |
| 93.174.95.194 Ghostantivirus com |
| 93.174.95.194 Ghostpays com |
| 93.190.140.165 Softwareanti com |
| 93.190.140.165 Softwarejar com |
| 93.190.140.165 Softwarerising com |
| 93.190.140.165 Softwaresecure net |
| 93.190.140.165 Softwarespam net |
| 93.190.140.165 Softwarespyware net |
| 93.190.140.165 Softwarethe net |
| 93.190.140.165 Softwarethreats com |
| 93.190.140.165 Softwarethreats net |
| 93.190.140.165 Softwarexp net |
