The simple analysis and elimination method of rogue software Errorsafe and other _ virus killing
Source: Internet
Author: User
Here is a simple description of errorsafe analysis and response, at present, I can only find two versions, one is 1.0.22.4, the other is 1.2.120.1, the latter should be the latest version of the upgrade, upside down, first give the conclusion, and enumerate the precautionary measures, and finally is a simple analysis
Conclusion and Promotion method
1, from the version point of view, the old version of the Errorsafe also added services, and the latest version is very simple to add only from the Startup items, the new version is more easily cleared
2, from the procedural point of view, the software is known as the international malware, mainly refers to its rogue promotion methods and its bad, guilty of the outrage, before being enemies
Because the program itself has no rogue characteristics, its rogue is mainly reflected in its promotional methods, I do not know the successful bidder is in that situation in the recruit, only the common means of promotion simply enumerated
1, the website Alliance promotion, causes to use IE to visit all hangs has the advertisement code the website, will pop up Errorsafe advertisement
2, viral promotion, I got a newer version of Errorsafe is through a similar download horse get, today's Trojan all will download
3, well-known website advertising, such as Microsoft's MSN for its promotion
Personal advice:
1, understand and implement some personal computer security protection Things
2, (individuals extremely extreme) can not use IE, as far as possible without IE, although its patch may be the latest.
Simple analysis of the ErrorSafe1.0.22.4 version
Releasing files and folders
Code:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Errorsafe point to%program Files%\errorsafe\ers.exe
[Hkey_local_machine\system\controlset003\control\safeboot\network\erssdd.sys]
[Hkey_local_machine\system\controlset003\control\safeboot\minimal\erssdd.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\ERSSDD]
Point to%system%\drivers\erssdd.sys
[HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\ENUM\ROOT\LEGACY_ERSSDD]
Point to%system%\drivers\erssdd.sys
ErrorSafe1.2.120.1 version
To release a file file:
%program Files%\errorsafe Add Registry information
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Error safe points to%program Files%\error safe free\ers.exe
UERSCW points to%program files%\error Safe Free\uerscw.exe
Description: The registry information record is very long, the article only lists the key parts I can find, other meaningless
Solution:
1, the above two versions, can be normal unloading, after unloading, some residual registry information and residue files, you can use the ice blade IceSword to remove
2. If you do not use its own uninstall program, you can use the ice blade IceSword or unlocker pure hand clean
3, the article involves the tool in the anti-virus commonly used tool to have the downloading
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.