Kick BlockWatcher out the house!
Version: 11.1
Revision: 32 Build: 12
Updates: this post was revised to meet the safety – standards for all users.
Kick BlockWatcher out the house!
Introduction: last-night, I was analyzing a Rouge Anti-Virus. The name of the anti-virus is “BlockWatcher”.
According to my research, the fake anti-virus looks exactly identical to “BlockScanner”.
But, for now, here is some background information, about this infection.
BlockWatcher is a poorly designed security tool, but its real purpose is forcing the user into purchasing fake program. The only way “Block Scanner” differs from its ancestors is the name on the logo. If you take a look at SoftBarrier, ShieldSafeness and BlockScanner you will see that they are all identical.
1.] Download these application and put them on your desktop.
a.] Right click on these links and Save it As: “Combo-Fix.exe”
————-
Link#1: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Link#2: http://www.forospyware.com/sUBs/ComboFix.exe
b.] Download this Ant-virus and Install it to your computer with the latest updates.
————-
Link#1: http://www.softpedia.com/progDownload/Malwarebytes-Anti-Malware-Download-81598.html
Link#2: http://www.malwarebytes.org/mbam-download.php
2.] Copy this script and Save it As: “CFScript.txt”, then drop the file into the application.
However, you must install “Windows Recovery Consol” for the application to work.
This can be downloaded with Combofix or installing it with your Windows Disk.
Warning: Before you begin, you must disable all Anti-Virus / Anti-Spyware application.
This is for safety, if you’re running Combofix.
File:: c:\Documents and Settings\All Users\Desktop\BlockWatcher.lnk c:\Program Files\BlockWatcher Software\BlockWatcher\BlockWatcher.exe c:\WINDOWS\10068tro9zd85.exe c:\WINDOWS\10258z9amb5t73a.bin c:\WINDOWS\10518virzs5f9.ocx c:\WINDOWS\temp\yxh5.tmp.exe c:\WINDOWS\system32\yxh5.tmp.exe c:\WINDOWS\system32\19z89s5y663.dll c:\WINDOWS\system32\1a605tzal32359.dll c:\WINDOWS\system32\1aa8tzi952064.cpl Folder:: c:\Program Files\BlockWatcher Software c:\Program Files\BlockWatcher Software\BlockWatcher c:\Documents and Settings\All Users\Start Menu\Programs\BlockWatcher Registry:: [HKEY_CURRENT_USER\Software\BlockWatcher] [HKEY_LOCAL_MACHINE\SOFTWARE\BlockWatcher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BlockWatcher"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "BlockWatcher"=- "yxh5.tmp.exe"=-
3.] Let the application repair / disinfect your computer. Also, when it’s running, please avoid touching your keyboard or the switch button.
4.] At this stage, you’ll need to use MalwareBytes and perform a full system scan.
After that, you’ll need to download CCleaner and remove all of the junk files.
Link: http://ccleaner.com
5.] You’re Done!
Copyrighted By Lair360
?>/images/ads_logo.jpg){kind=logo}
