Jump to content

Malwarebytes

temizsurucu.com - hataduzelticisi.com

Started by Burak, Mar 18 2008 12:55 AM

4 replies to this topic

#1
Burak
Posted 18 March 2008 - 12:55 AM

    New Member

  • Members
  • Pip
  • 31 posts
  • Gender:Male
Posted Image

Posted Image



Registry

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Güvenli Silme\Command]
@="\"C:\\Program Files\\TemizSurucu\\GDC.exe\" /recycle"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TemizSurucu"="C:\\Program Files\\TemizSurucu\\GDC.exe"
"gdcw"="C:\\Program Files\\TemizSurucu\\data\\GDCW.exe"
"Salestart"="\"C:\\Program Files\\Common Files\\TemizSurucu\\stm.exe\" dm=http://temizsurucu.com ad=http://temizsurucu.com sd=http://sepad.temizsurucu.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GDCTR_is1]
"Inno Setup: App Path"="C:\\Program Files\\TemizSurucu"
"InstallLocation"="C:\\Program Files\\TemizSurucu\\"
"Inno Setup: Icon Group"="TemizSurucu"
"DisplayName"="TemizSurucu 1.1.48.0"
"UninstallString"="\"C:\\Program Files\\TemizSurucu\\unins000.exe\""
"QuietUninstallString"="\"C:\\Program Files\\TemizSurucu\\unins000.exe\" /SILENT"
"URLInfoAbout"="http://temizsurucu.com"
"HelpLink"="http://temizsurucu.com"
"URLUpdateInfo"="http://temizsurucu.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\TemizSurucu]

[HKEY_LOCAL_MACHINE\SOFTWARE\TemizSurucu]
"InstallPath"="C:\\Program Files\\TemizSurucu\\"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Program Files\\TemizSurucu\\data\\GDCW.exe"="GDCW"

[HKEY_CURRENT_USER\Software\TemizSurucu]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GDCTR_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GESF_is1


[HKEY_LOCAL_MACHINE\SOFTWARE\HataDuzelticisi]

[HKEY_LOCAL_MACHINE\SOFTWARE\HataDuzelticisi]
"InstallPath"="C:\\Program Files\\HataDuzelticisi\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HataDuzelticisi"="C:\\Program Files\\HataDuzelticisi\\SysRep.exe"
"Salestart(1)"="\"C:\\Program Files\\Common Files\\HataDuzelticisi\\strpmon.exe\" dm=http://hataduzelticisi.com ad=http://hataduzelticisi.com sd=http://paid.hataduzelticisi.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GESF_is1]
"Inno Setup: App Path"="C:\\Program Files\\HataDuzelticisi"
"InstallLocation"="C:\\Program Files\\HataDuzelticisi\\"
"Inno Setup: Icon Group"="HataDuzelticisi"
"DisplayName"="HataDuzelticisi 1.4.9.0"
"DisplayIcon"="C:\\Program Files\\HataDuzelticisi\\Res\\Main.ico"
"UninstallString"="\"C:\\Program Files\\HataDuzelticisi\\unins000.exe\""
"QuietUninstallString"="\"C:\\Program Files\\HataDuzelticisi\\unins000.exe\" /SILENT"
"URLInfoAbout"="http://www.hataduzelticisi.com"
"HelpLink"="http://www.hataduzelticisi.com"
"URLUpdateInfo"="http://www.hataduzelticisi.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\System Error Repair]
"domain"="hataduzelticisi.com"
"pname"="HataDuzelticisi"

[HKEY_LOCAL_MACHINE\SOFTWARE\ucookw]
"Domain"="http://hataduzelticisi.com"

[HKEY_CURRENT_USER\Software\HataDuzelticisi]

[HKEY_CURRENT_USER\Software\HataDuzelticisi]
"UpdateURL"="http://tri.up.hataduzelticisi.com/?fai=ippugdcf_mrt_0_tr_tr&fli=gdcf_10&faf=&cnt=tr&lng=&tid=0001&nud=[nud]"
"PurchaseURL"="http://hataduzelticisi.com/duzelticisi/prase.php?fai=ippugdcf_mrt_0_tr_tr&fli=gdcf_10&faf=&cnt=tr&lng=&tid=0001&nid=ugesf_2205800915_[nw]_[nuh]&p=[ppid]&ne=[ne]&lp=&issued20203=5126676&addt=005b03091a120f01584359116b580d5e09140a470a015d0a15560155536b546b5054010
3575b000355506b5001065a675700000302115e4d"
"CookieURL"="http://hataduzelticisi.com"
"PaidURL"="http://hataduzelticisi.com"
"SupportURL"="http://hataduzelticisi.com/duzelticisi/svese/"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Program Files\\Common Files\\HataDuzelticisi\\strpmon.exe"="



Folders:

C:\Program Files\HataDuzelticisi
C:\Program Files\TemizSurucu
C:\Program Files\Common Files\TemizSurucu
C:\Program Files\Common Files\HataDuzelticisi


Posted Image

[HKEY_LOCAL_MACHINE\SOFTWARE\ucookw]
"Domain"="http://hataduzelticisi.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\System Error Repair]
"domain"="hataduzelticisi.com"
"pname"="HataDuzelticisi"

These are ErrClean Clean clone . Rogue Remover now not fully removed.

www.temizsurucu.com
www.hataduzelticisi.com

We wants (Turkish people) , these programs added your database in future.
Thanks.

#2
MysteryFCM
Posted 19 March 2008 - 02:53 AM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 4,231 posts
  • Gender:Male
  • Location:Tyneside, UK
Some nice friends they got there .....

http://hosts-file.ne...p?show=67.55.81.
Steven Burn
Research Engineer

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3
SwampDiner
Posted 19 March 2008 - 03:50 AM

    True Member

  • Experts
  • PipPipPipPip
  • 419 posts
  • Location:The Internets
Although we're starting to limit the number of registry cleaners we add into the database, we'll release this one for the Turkish people if you can get me a direct link to an installer. Right now I can only find the purchase page. (My Turkish is rusty or inexistent. One of the two.)

#4
Burak
Posted 19 March 2008 - 12:29 PM

    New Member

  • Members
  • Pip
  • 31 posts
  • Gender:Male
Thanks SwampDiner

TemizSurucu
http://sec.storageguardsoft.com/temizsuruc...nstaller_tr.exe

or
http://www.speedysha.../701482238.html


HataDuzelticisi
http://rapidshare.co...49/setup_tr.exe

Quote

We find manuel cleaning mode.


These entries removed By the avenger Swandog46
http://trguvenlik.blogspot.com/2008/03/tem...rarllar_18.html


Folders to delete:
C:\Program Files\HataDuzelticisi
C:\Program Files\TemizSurucu
C:\Program Files\Common Files\TemizSurucu
C:\Program Files\Common Files\HataDuzelticisi

Registry keys to delete:
HKLM\SOFTWARE\TemizSurucu
HKLM\SOFTWARE\HataDuzelticisi
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GDCTR_is1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GESF_is1
HKLM\SOFTWARE\Purchased Products
HKLM\SOFTWARE\ucookw
HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Güvenli Silme


Registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | HataDuzelticisi
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Salestart(1)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | TemizSurucu
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | gdcw
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Salestart
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | ucookw


and

İf these entries removing by hands.

HKEY_CURRENT_USER\Software\HataDuzelticisi
HKEY_CURRENT_USER\Software\TemizSurucu


Temiz Surucu and HataDuzelticisi succesfully removed(nearly) on system

#5
SwampDiner
Posted 22 March 2008 - 07:21 PM

    True Member

  • Experts
  • PipPipPipPip
  • 419 posts
  • Location:The Internets
Added 170
Back to Newest Rogue Threats · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Research Center
  3. Newest Rogue Threats

Products

About

Partners

Follow Us