1. Opis programu CleanUP Antivirus - Rogue Security Software - jest typem aplikacji udającej pełnoprawne oprogramowanie bezpieczeństwa, która w rzeczywistości zapewnia prawie zerowy poziom ochrony. 2. Działania Podczas instalacji aplikacja CleanUP Antivirus sama zapisuje się w folderze startowym systemu operacyjnego. W wyniku tego interfejs programu jest uruchamiany za każdym razem, gdy uruchamiany jest komputer. Oprócz zapisywania się w folderze startowym systemu operacyjnego CleanUP Antivirus kopiuje do różnych folderów komputera “nieprzydatne’ pliki. Po uruchomieniu skanowania komputera program CleanUP Antivirus wykrywa w skopiowanych wcześniej “nieprzydatnych” plikach wirusy, trojany i robaki. Program oferuje usunięcie/wyleczenie zainfekowanych obiektów dopiero po zakupieniu licencji na ten program.
3. Pliki Podczas instalacji program CleanUP Antivirus kopiuje na dysk twardy następujące pliki: %AllUsersProfile%\Dane aplikacji\58969\CUf4c.exe
%AllUsersProfile%\Dane aplikacji\58969\CUA.ico
%AllUsersProfile%\Dane aplikacji\CUQKWA\CUZNJUENEA.cfg
%UserProfile%\Dane aplikacji\CleanUp Antivirus\Instructions.ini
%UserProfile%\Dane aplikacji\CleanUp Antivirus\cookies.sqlite
%UserProfile%\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\CleanUp Antivirus.lnk
%UserProfile%\Pulpit\CleanUp Antivirus.lnk
%UserProfile%\Menu Start\CleanUp Antivirus.lnk
%UserProfile%\Menu Start\Programy\CleanUp Antivirus.lnk
4. Zmiany w pliku systemowym Hosts Podczas instalacji aplikacja CleanUP Antivirus dodaje do pliku systemowego HOSTS: 74.125.45.100 4-open-davinci.com
74.125.45.100 securitysoftwarepayments.com
74.125.45.100 privatesecuredpayments.com
74.125.45.100 secure.privatesecuredpayments.com
74.125.45.100 getantivirusplusnow.com
74.125.45.100 secure-plus-payments.com
74.125.45.100 www.getantivirusplusnow.com
74.125.45.100 www.secure-plus-payments.com
74.125.45.100 www.getavplusnow.com
74.125.45.100 safebrowsing-cache.google.com
74.125.45.100 urs.microsoft.com
74.125.45.100 www.securesoftwarebill.com
74.125.45.100 secure.paysecuresystem.com
74.125.45.100 paysoftbillsolution.com
74.125.45.100 protected.maxisoftwaremart.com
5. Rejestr systemowy W celu normalnego funkcjonowania aplikacja CleanUP Antivirus tworzy w rejestrze systemowym następujące gałęzie: HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AdwarePrj.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\agent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AlphaAV
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AlphaAV.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Anti-Virus Professional.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntispywarXP2009.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPlus
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPlus.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPro_2010.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusXP
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusXP.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\antivirusxppro2009.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntiVirus_Pro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\av360.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AVCare.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\brastk.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Cl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\csc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dop.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\frmwrk32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gbn976rl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\homeav2010.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\init32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\MalwareRemoval.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ozn695m5.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsAuxs.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsGui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsSvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsTray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PC_Antispyware2010.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pdfndr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PerAvir.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\personalguard
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\personalguard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\protector.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\qh.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Quick Heal.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\QuickHealCleaner.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rwg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rwg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SafetyKeeper.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Save.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SaveArmor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SaveDefense.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SaveKeep.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Secure Veteran.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\secureveteran.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Security Center.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SecurityFighter.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\securitysoldier.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smart.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smartprotector.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smrtdefp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SoftSafeness.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spywarexpguard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\TrustWarrior.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tsc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\W3asbas.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\windll32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\windows Police Pro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\xpdeluxe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\xp_antispyware.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\~1.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\~2.exe
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “CleanUp Antivirus
6. Zrzut ekranu programu: 
| 
4 
20.09.2010 12:01
