The Emsisoft malware research team has discoverd a new outbreak of the Malware Destructor 2011 adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.MalwareDestructor2011.

Malware Destructor 2011 is a rogue security program. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

• %UserProfile%\Application Data\6983533E412C69351CEA9FFACDD9B48C\KB8472063.exe
• %UserProfile%\Application Data\6983533E412C69351CEA9FFACDD9B48C\local.ini
• %UserProfile%\Application Data\6983533E412C69351CEA9FFACDD9B48C\enemies-names.txt
• %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Destructor.lnk
• %UserProfile%\Desktop\Malware Destructor.lnk
• %UserProfile%\Start Menu\Malware Destructor.lnk
• %UserProfile%\Start Menu\Programs\Malware Destructor\Malware Destructor.lnk
• %UserProfile%\Start Menu\Programs\Malware Destructor\Uninstall.lnk
• %UserProfile%\Start Menu\Programs\Startup\Malware Destructor.lnk

Create registry entries:

• HKEY_CURRENT_USER\software\Malware Destructor Inc\Malware Destructor
  (SZ) datarl1 = KRoAGVdOQx8EChElF00dAQ==
  (SZ) datarl2 = KRoAGVdOQwQOABEnBwYXBFwiLw==
  (SZ) datarlA = KRoAGVdOQx8EChElF00dAQ==
  (SZ) install_time = 9/9/2010 2:28:17 AM
  (SZ) database_version = 243
  (SZ) virus_signatures = 63616
  (SZ) affid = 7080010100
  (SZ) coid = 6983533E412C69351CEA9FFACDD9B48C
  (SZ) nsaftscann = 1
  (SZ) nsa = 1
  (SZ) nsaftscanunp = 1

• HKEY_CURRENT_USER\software\Malware Destructor Inc\Malware Destructor 2011
  (SZ) coid = 6983533E412C69351CEA9FFACDD9B48C

• HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run
  (SZ) KB8472063.exe = %UserProfile%\Application Data\6983533E412C69351CEA9FFACDD9B48C\KB8472063.exe

• HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Uninstall\Malware Destructor
  (SZ) DisplayIcon = %UserProfile%\Application Data\6983533E412C69351CEA9FFACDD9B48C\KB8472063.exe,0
  (SZ) DisplayName = Malware Destructor
  (SZ) UninstallString = %UserProfile%\Application Data\6983533E412C69351CEA9FFACDD9B48C\KB8472063.exe /uninstall
  (SZ) InstallLocation = %UserProfile%\Application Data\6983533E412C69351CEA9FFACDD9B48C\
  (DWORD) NoModify = 0×00000001 (1)
  (DWORD) NoRepair = 0×00000001 (1)

Screenshots:

How to remove the infection of Malware Destructor 2011 (Adware.Win32.MalwareDestructor2011)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Tags: MalwareDestructor2011, Rogue

This entry was posted on Thursday, September 9th, 2010 at 21:36 and is filed under Malware Alerts, Removal Help. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.