¿Necesita ayuda? Pregunte a la comunidad o contrate a un experto.
Ir a Avira Answers
Nombre:Adware/DomaIQ.GK
Tipo:Adware
En circulacin (ITW):No
Nmero de infecciones comunicadas:Bajo
Potencial de propagacin:Bajo
Potencial daino:Medio-bajo
Fichero esttico:S
Versin del VDF:7.11.83.96 - viernes 7 de junio de 2013
Versin del IVDF:7.11.83.96 - viernes 7 de junio de 2013

 General Mtodo de propagacin:
   • No tiene rutina propia de propagacin


Alias:
   •  Kaspersky: not-a-virus:AdWare.Win32.DomaIQ.cb
   •  Eset: Win32/DomaIQ.I


Plataformas / Sistemas operativos:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7


Efectos secundarios:
   • Modificaciones en el registro


Inmediatamente despus de su ejecucin, muestra la siguiente informacin:


 Ficheros  Elimina los siguientes ficheros:
   • %Temp%\DIQM\Setup_151\bin\Webcake\info.html
   • %Temp%\DIQM\Setup_151\bin\SpeedUpMyPc\info.html
   • %Temp%\DIQM\Setup_151\bin\OptimizerPro\info.html
   • %Temp%\DIQM\Setup_151\bin\MixiDjYahoo\info.html
   • %Temp%\DIQM\Setup_151\bin\exe\close.html
   • %Temp%\DIQM\Setup_151\bin\exe\finish.html
   • %Temp%\DIQM\Setup_151\bin\exe\instalando.html
   • %Temp%\DIQM\Setup_151\bin\exe\options.html
   • %Temp%\DIQM\Setup_151\bin\exe\welcome.html
   • %Temp%\DIQM\Setup_151\bin\Driverpro\info.html
   • %Temp%\DIQM\Setup_151\bin\Dealply\info.html



Crea los siguientes ficheros:

– Ficheros temporales, que pueden ser eliminados despus:
   • %Temp%\DIQM\Setup_151\bin\Dealply\info.html
   • %Temp%\DIQM\Setup_151\temp\OptimizerProinfo.dfe
   • %Temp%\DIQM\Setup_151\bin\css\images\optimizerpro-img.png
   • %Temp%\DIQM\Setup_151\bin\css\images\optimizerpro-logo-big.png
   • %Temp%\DIQM\Setup_151\bin\css\images\optimizerpro-logo.png
   • %Temp%\DIQM\Setup_151\bin\css\optimizerpro.css
   • %Temp%\DIQM\Setup_151\bin\OptimizerPro\info.html
   • %Temp%\DIQM\Setup_151\temp\SpeedUpMyPcinfo.dfe
   • %Temp%\DIQM\Setup_151\bin\css\images\speedupmypc-img.png
   • %Temp%\DIQM\Setup_151\bin\css\speedupmypc.css
   • %Temp%\DIQM\Setup_151\bin\SpeedUpMyPc\info.html
   • %Temp%\DIQM\Setup_151\temp\Driverproinfo.dfe
   • %Temp%\DIQM\Setup_151\bin\css\driverpro.css
   • %Temp%\DIQM\Setup_151\bin\css\images\driverpro-img.png
   • %Temp%\DIQM\Setup_151\bin\Driverpro\info.html
   • %Temp%\DIQM\Setup_151\bin\Driverpro\info.html
   • %Temp%\DIQM\Setup_151\bin\Webcake\info.dfe
   • %Temp%\DIQM\Setup_151\bin\SpeedUpMyPc\info.dfe
   • %Temp%\DIQM\Setup_151\bin\MixiDjYahoo\info.dfe
   • %Temp%\DIQM\Setup_151\bin\exe\close.dfe
   • %Temp%\DIQM\Setup_151\bin\exe\finish.dfe
   • %Temp%\DIQM\Setup_151\bin\exe\instalando.dfe
   • %Temp%\DIQM\Setup_151\bin\exe\options.dfe
   • %Temp%\DIQM\Setup_151\bin\exe\welcome.dfe
   • %Temp%\DIQM\Setup_151\bin\Driverpro\info.dfe
   • %Temp%\DIQM\Setup_151\bin\Dealply\info.dfe
   • %Temp%\DIQM\Setup_151\bin\css\base.css
   • %Temp%\DIQM\Setup_151\Software\MixiDjYahoo
   • %Temp%\DIQM\Setup_151\Software\Webcake
   • %Temp%\DIQM\Setup_151\Software\OptimizerPro.exe
   • %Temp%\DIQM\Setup_151\Software\Setup

 Registro Aade las siguientes claves del registro para ejecutar el servicio al iniciar el sistema:

[HKCU\Software\Microsoft\Internet Explorer\Main]
   • "ApplicationTileImmersiveActivation"="dword:0x00000000"
   • "AssociationActivationMode"="dword:0x00000002"
   • "bProtector Start Page"="http://mixidj.d**********.com/?affID=121139&babsrc=HP_ss&mntrId=D88100AB2F0C4369"
   • "Start Page"="http://mixidj.**********search.com/?affID=121139&babsrc=HP_ss&mntrId=D88100AB2F0C4369"



Aade las siguientes claves al registro:

[HKCR\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}]
   • "(Default)"="WebCakeIEClient"

[HKCR\AppID\{A2773ED4-83BD-488A-A186-73590706C916}\Instl\Data]
   • "hp_url"="http://mixidj.**********search.com/?affID=121139&babsrc=HP_ss&mntrId=D88100AB2F0C4369"
   • "kw_url"="http://mixidj.**********search.com/?affID=121139&babsrc=KW_ss&mntrId=D88100AB2F0C4369&q="
   • "nt_url"="http://mixidj.**********search.com/?affID=121139&babsrc=NT_ss&mntrId=D88100AB2F0C4369"
   • "sp_name"="Mixi.DJ Search"
   • "sp_url"="http://mixidj.**********search.com/?q={searchTerms}&affID=121139&babsrc=SP_ss&mntrId=D88100AB2F0C4369"
   • "tb_url"="http://mixidj.**********search.com/?q={searchTerms}&affID=121139&babsrc=TB_ss&mntrId=D88100AB2F0C4369"
   • "trace"="dword:0x00000000"

[HKCR\AppID\WebCakeIEClient.DLL]
   • "AppID"="{7169BBB3-3289-4696-B35D-4A88BCF6FB12}"

[HKCR\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}]
   • "(Default)"="WebCake"

[HKCR\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}\InprocServer32]
   • "(Default)"="%PROGRAM FILES%\WebCake\WebCakeIEClient.dll"
   • "ThreadingModel"="Apartment"

[HKCR\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}\ProgID]
   • "(Default)"="WebCakeIEClient.Layers.1"

[HKCR\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}\TypeLib]
   • "(Default)"="{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}"

[HKCR\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}\
   VersionIndependentProgID]
   • "(Default)"="WebCakeIEClient.Layers"

[HKCR\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}]
   • "(Default)"="WebCake Api"

[HKCR\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}\InprocServer32]
   • "(Default)"="%PROGRAM FILES%\WebCake\WebCakeIEClient.dll"
   • "ThreadingModel"="Apartment"

[HKCR\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}\ProgID]
   • "(Default)"="WebCakeIEClient.Api.1"

[HKCR\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}\TypeLib]
   • "(Default)"="{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}"

[HKCR\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}\
   VersionIndependentProgID]
   • "(Default)"="WebCakeIEClient.Api"

[HKCR\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}]
   • "(Default)"="1fcaa1f5-3b6e-422a-8670-48faa1b6f168"

[HKCR\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}\
   defaultEnableAppsList]
   • "(Default)"="layers,brain/features,newOffers/wc"

[HKCR\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}\InprocServer32]
   • "(Default)"="%SYSDIR%\catsrvut.dll"
   • "ThreadingModel"="Both"

[HKCR\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}]
   • "(Default)"="PSFactoryBuffer"

[HKCR\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}\InProcServer32]
   • "(Default)"="%PROGRAM FILES%\WebCake\WebCakeIEClient.dll"
   • "ThreadingModel"="Both"

[HKCR\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}]
   • "(Default)"="c566ff0c-d67f-4a22-9898-6422e366dd92"

[HKCR\Interface\{000C1025-0000-0000-C000-000000000046}\NumMethods]
   • "(Default)"="33"

[HKCR\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}]
   • "(Default)"="ILayers"

[HKCR\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}\NumMethods]
   • "(Default)"="7"

[HKCR\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}\
   ProxyStubClsid]
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}\
   ProxyStubClsid32]
   • "(Default)"="{DF84E609-C3A4-49CB-A160-61767DAF8899}"

[HKCR\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}\TypeLib]
   • "(Default)"="{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}"
   • "Version"="1.0"

[HKCR\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}]
   • "(Default)"="IApi"

[HKCR\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}\NumMethods]
   • "(Default)"="17"

[HKCR\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}\
   ProxyStubClsid]
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}\
   ProxyStubClsid32]
   • "(Default)"="{DF84E609-C3A4-49CB-A160-61767DAF8899}"

[HKCR\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}\TypeLib]
   • "(Default)"="{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}"
   • "Version"="1.0"

[HKCR\Msi.Package\DefaultIcon]
   • "(Default)"="%SYSDIR%\msiexec.exe,0"

[HKCR\Msi.Patch\DefaultIcon]
   • "(Default)"="%SYSDIR%\msiexec.exe,0"

[HKCR\TypeLib\{000C1092-0000-0000-C000-000000000046}\1.0\409\win32]
   • "(Default)"="%SYSDIR%\msi.dll"

[HKCR\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}\1.0]
   • "(Default)"="WebCakeIEClient 1.0 Type Library"

[HKCR\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}\1.0\0\win32]
   • "(Default)"="%PROGRAM FILES%\WebCake\WebCakeIEClient.dll"

[HKCR\WebCakeIEClient.Api.1]
   • "(Default)"="WebCake Api"

[HKCR\WebCakeIEClient.Api.1\CLSID]
   • "(Default)"="{AF6B0594-6008-4327-93E5-608AD710A6FA}"

[HKCR\WebCakeIEClient.Api]
   • "(Default)"="WebCake Api"

[HKCR\WebCakeIEClient.Api\CLSID]
   • "(Default)"="{AF6B0594-6008-4327-93E5-608AD710A6FA}"

[HKCR\WebCakeIEClient.Api\CurVer]
   • "(Default)"="WebCakeIEClient.Api.1"

[HKCR\WebCakeIEClient.Layers.1]
   • "(Default)"="WebCake"

[HKCR\WebCakeIEClient.Layers.1\CLSID]
   • "(Default)"="{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}"

[HKCR\WebCakeIEClient.Layers]
   • "(Default)"="WebCake"

[HKCR\WebCakeIEClient.Layers\CLSID]
   • "(Default)"="{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}"

[HKCR\WebCakeIEClient.Layers\CurVer]
   • "(Default)"="WebCakeIEClient.Layers.1"

[HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\
   REGISTRY\USER\S-1-5-21-602162358-2077806209-839522115-1003\Software\
   SweetIM\Toolbars\Internet Explorer\Data]
   • "UserRejectedGuard_DS"="dword:0x00000001"
   • "UserRejectedGuard_HP"="dword:0x00000001"
   • "UserSelectedDS"="0"
   • "UserSelectedHP"="0"

[HKLM\SOFTWARE\Babylon\Babylon Client\DefaultSettings]
   • "SetSearch"="dword:0x07777004"

[HKLM\SOFTWARE\Classes\AppID\
   {A2773ED4-83BD-488A-A186-73590706C916}\Instl\Data]
   • "hp_url"="http://mixidj.**********search.com/?affID=121139&babsrc=HP_ss&mntrId=D88100AB2F0C4369"
   • "kw_url"="http://mixidj.**********search.com/?affID=121139&babsrc=KW_ss&mntrId=D88100AB2F0C4369&q="
   • "nt_url"="http://mixidj.**********search.com/?affID=121139&babsrc=NT_ss&mntrId=D88100AB2F0C4369"
   • "sp_name"="Mixi.DJ Search"
   • "sp_url"="http://mixidj.**********search.com/?q={searchTerms}&affID=121139&babsrc=SP_ss&mntrId=D88100AB2F0C4369"
   • "tb_url"="http://mixidj.**********search.com/?q={searchTerms}&affID=121139&babsrc=TB_ss&mntrId=D88100AB2F0C4369"
   • "trace"="dword:0x00000000"

[HKLM\SOFTWARE\Classes\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}\
   defaultEnableAppsList]
   • "(Default)"="layers,brain/features,newOffers/wc"

[HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}\
   InprocServer32]
   • "(Default)"="%SYSDIR%\catsrvut.dll"
   • "ThreadingModel"="Both"

 Informaciones diversas Conexin a Internet:
Para verificar la conexin a Internet, se conecta a los siguientes servidores DNS:
   • bi.soft**********.net
   • dl.cdn-serv**********.com
   • track.idea**********.com
   • reports.mont**********.com

Descripción insertada por Wensin Lee el viernes 7 de junio de 2013
Descripción actualizada por Wensin Lee el viernes 7 de junio de 2013

Volver . . . .
https:// Esta ventana está cifrada para su seguridad.