¿Necesita ayuda? Pregunte a la comunidad o contrate a un experto.
Ir a Avira Answers
VrusAdware/InstallBrain.CX
Data em que surgiu:23/01/2013
Tipo:Adware/Spyware
Includo na lista "In The Wild"No
Nvel de danos:Baixo
Nvel de distribuio:Baixo
Nvel de risco:Baixo
Verso VDF:7.11.58.92 - quarta-feira, 23 de janeiro de 2013
Verso IVDF:7.11.58.92 - quarta-feira, 23 de janeiro de 2013

 Vulgarmente Meio de transmisso:
   • No tem rotinas de propagao


Alias:
   •  Eset: Win32/InstallBrain.S potentially unwanted


Sistemas Operativos:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7


Efeitos secundrios:
   • Altera o registo do Windows


Depois de executado visualizada a seguinte informao:


 Ficheiros Autocopia-se para as seguintes localizaes
   • %temp%\PC Performer513405.exe
   • %appdata%\IBUpdaterService\ibsvc.exe



Elimina os seguintes ficheiros:
   • %temp%\ibtmpc2f8301\component_140
   • %temp%\ibtmpc2f8301\component_600
   • %temp%\ibtmpc2f8301\config\js
   • %temp%\ibtmpc2f8301\config\ib
   • %temp%\ibtmpc2f8301\config\conditions
   • %temp%\ibtmpc2f8301\config
   • %temp%\ibtmpc2f8301



So criados os seguintes ficheiros:

– Ficheiros temporrios que poderam ser apagados mais tarde:
   • %temp%\1.tmp
   • %temp%\2.tmp
   • %temp%\ibtmpc2f8301\config\ajax-loader.gif
   • %temp%\ibtmpc2f8301\config\ajax-loader2.gif
   • %temp%\ibtmpc2f8301\config\ib\arrow.gif
   • %temp%\ibtmpc2f8301\config\ib\b-bg.gif
   • %temp%\ibtmpc2f8301\config\ib\b3.gif
   • %temp%\ibtmpc2f8301\config\ib\b4.gif
   • %temp%\ibtmpc2f8301\config\ib\lbg-bottom.gif
   • %temp%\ibtmpc2f8301\config\ib\lbg-top.gif
   • %temp%\ibtmpc2f8301\config\ib\lbg.gif
   • %temp%\ibtmpc2f8301\config\ib\trust.gif
   • %temp%\ibtmpc2f8301\config\ib\center2.jpg
   • %temp%\ibtmpc2f8301\config\check.jpg
   • %temp%\ibtmpc2f8301\config\ib\mid.jpg
   • %temp%\ibtmpc2f8301\config\pb-bg-left.jpg
   • %temp%\ibtmpc2f8301\config\pb-bg-right.jpg
   • %temp%\ibtmpc2f8301\config\pb-bg.jpg
   • %temp%\ibtmpc2f8301\config\red-pb-act-left.jpg
   • %temp%\ibtmpc2f8301\config\red-pb-act-right.jpg
   • %temp%\ibtmpc2f8301\config\red-pb-act.jpg
   • %temp%\ibtmpc2f8301\config\ib\arrow.png
   • %temp%\ibtmpc2f8301\config\ib\btn.png
   • %temp%\ibtmpc2f8301\config\ib\btn2.png
   • %temp%\ibtmpc2f8301\config\ib\corn1.png
   • %temp%\ibtmpc2f8301\config\ib\corn2.png
   • %temp%\ibtmpc2f8301\config\ib\corn3.png
   • %temp%\ibtmpc2f8301\config\ib\corn4.png
   • %temp%\ibtmpc2f8301\config\page_1235_attr_3.png
   • %temp%\ibtmpc2f8301\config\page_1236_attr_3.png
   • %temp%\ibtmpc2f8301\config\page_1237_attr_3.png
   • %temp%\ibtmpc2f8301\config\template_40.png
   • %temp%\ibtmpc2f8301\config\page_1235_attr_46.bmp
   • %temp%\ibtmpc2f8301\config\page_1236_attr_46.bmp
   • %temp%\ibtmpc2f8301\config\page_1237_attr_46.bmp
   • %temp%\ibtmpc2f8301\config\1235.html
   • %temp%\ibtmpc2f8301\config\1236.html
   • %temp%\ibtmpc2f8301\config\1237.html
   • %temp%\ibtmpc2f8301\config\start.html
   • %temp%\ibtmpc2f8301\config\ib\main.css
   • %temp%\ibtmpc2f8301\config\conditions\conditions.js
   • %temp%\ibtmpc2f8301\config\js\config.js
   • %temp%\ibtmpc2f8301\config\js\jquery-1.7.min.js
   • %temp%\ibtmpc2f8301\config\js\jquery.noselect.min.js
   • %temp%\ibtmpc2f8301\config\js\smart.js
   • %temp%\ibtmpc2f8301\config\ib\Thumbs.db
   • %temp%\ibtmpc2f8301\intallLog
   • %HOME%\Desktop\Continue PC Performer installation.lnk

 Registry (Registo do Windows) So adicionadas as seguintes chaves ao registo:

[HKLM\SYSTEM\ControlSet001\Services\IBUpdaterService]
   • "Type"=dword:00000020
   • "Start"=dword:00000002
   • "ErrorControl"=dword:00000001
   • "ImagePath"="\"%appdata%\\IBUpdaterService\\ibsvc.exe\" /SERVICE"
   • "DisplayName"="Updater Service"
   • "ObjectName"="LocalSystem"
   • "FailureActions"=hex:ff,ff,ff,ff,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\00,01,00,00,00,30,75,00,00
   • "Description"="Updater Service"

[HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Epoch]
   • "Epoch"=dword:00000036

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
   Updater Service]
   • "NoModify"=dword:00000001
   • "NoRepair"=dword:00000001
   • "DisplayName"="Updater Service"
   • "UninstallString"="\"%appdata%\\IBUpdaterService\\ibsvc.exe\" /UNINSTALL"
   • "DisplayVersion"="14,12,8,9"
   • "VersionMajor"=dword:0000000e
   • "VersionMinor"=dword:0000000c
   • "InstallLocation"="%appdata%\\IBUpdaterService"

[HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_IBUPDATERSERVICE\0000]
   • "Service"="IBUpdaterService"
   • "Legacy"=dword:00000001
   • "ConfigFlags"=dword:00000000
   • "Class"="LegacyDriver"
   • "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
   • "DeviceDesc"="Updater Service"

[HKLM\SYSTEM\ControlSet001\Services\IBUpdaterService\Enum]
   • "0"="Root\\LEGACY_IBUPDATERSERVICE\\0000"
   • "Count"=dword:00000001
   • "NextInstance"=dword:00000001

 Informaes diversas Para conferir a sua ligao internet so contatados os seguintes servidores de DNS :
   • s3.**********zonaws.com
   • www.ib**********o.com


Procura uma ligao de internet contactando o seguinte web site:
   • s3.**********zonaws.com/www.bit89.com/download/pcperformer/pcperformersetup03012012.exe

Descripción insertada por Wensin Lee el viernes 25 de enero de 2013
Descripción actualizada por Wensin Lee el viernes 25 de enero de 2013

Volver . . . .
https:// Esta ventana está cifrada para su seguridad.