Besoin d’aide ? Fais appel à la communauté ou embauche un spécialiste.
Aller à Avira Answers
Nom:Adware/Downsave.nli
La date de la dcouverte:18/07/2012
Type:Logiciel publicitaire/Logiciel espion
En circulation:Non
Infections signales Moyen
Potentiel de distribution:Faible
Potentiel de destruction:Faible
Taille du fichier:140.800 Octets
Somme de contrle MD5:ac13c733379328f86568f6e514c2f7f8
Version VDF:7.11.36.190 - mercredi 18 juillet 2012
Version IVDF:7.11.36.190 - mercredi 18 juillet 2012

 Gnral Mthode de propagation:
   • Il ne possde pas de propre routine de propagation


Les alias:
   •  Bitdefender: Adware.Agent.NLI
   •  Eset: Win32/Adware.MultiPlug.A application
     GData: Adware.Agent.NLI
     Norman: Aggressive commersial W32/Multplug.BW


Plateformes / Systmes d'exploitation:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7


Effets secondaires:
   • Il modifie des registres

 Registre Il enregistre un objet d'aide du navigateur en ajoutant les cls suivantes:

[HKCR\CLSID\{8CB77D97-966B-4364-9B95-93B3DC148113}]
   • "(Default)"="InjectorBHO Class"

[HKCR\CLSID\{8CB77D97-966B-4364-9B95-93B3DC148113}\InprocServer32]
   • "(Default)"="c:\sample.dll"
   • "ThreadingModel"="Apartment"

[HKCR\CLSID\{8CB77D97-966B-4364-9B95-93B3DC148113}\ProgID]
   • "(Default)"="Injector.BHO.1"

[HKCR\CLSID\{8CB77D97-966B-4364-9B95-93B3DC148113}\
   VersionIndependentProgID]
   • "(Default)"="Injector.BHO"

[HKCR\Injector.BHO.Injector.BHO.1]
   • "(Default)"="InjectorBHO"

[HKCR\Injector.BHO.Injector.BHO.1\CLSID]
   • "(Default)"="{8CB77D97-966B-4364-9B95-93B3DC148113}"

[HKCR\Injector.BHO.Injector.BHO]
   • "(Default)"="InjectorBHO"

[HKCR\Injector.BHO.Injector.BHO\CLSID]
   • "(Default)"="{8CB77D97-966B-4364-9B95-93B3DC148113}"

[HKCR\Injector.BHO.Injector.BHO\CurVer]
   • "(Default)"="Injector.BHO.1"

[HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}]
   • "(Default)"="IInjectorBHO"

[HKCR\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}]
   • "(Default)"="ILocalStorage"

[HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32]
   • "(Default)"="c:\sample.dll"

[HKLM\SOFTWARE\Classes\CLSID\
   {8CB77D97-966B-4364-9B95-93B3DC148113}]
   • "(Default)"="InjectorBHO Class"

[HKLM\SOFTWARE\Classes\CLSID\{8CB77D97-966B-4364-9B95-93B3DC148113}\
   InprocServer32]
   • "(Default)"="c:\sample.dll"
   • "ThreadingModel"="Apartment"

[HKLM\SOFTWARE\Classes\CLSID\{8CB77D97-966B-4364-9B95-93B3DC148113}\
   ProgID]
   • "(Default)"="Injector.BHO.1"

[HKLM\SOFTWARE\Classes\CLSID\{8CB77D97-966B-4364-9B95-93B3DC148113}\
   VersionIndependentProgID]
   • "(Default)"="Injector.BHO"

[HKLM\SOFTWARE\Classes\Injector.BHO.Injector.BHO.1]
   • "(Default)"="InjectorBHO"

[HKLM\SOFTWARE\Classes\Injector.BHO.Injector.BHO.1\CLSID]
   • "(Default)"="{8CB77D97-966B-4364-9B95-93B3DC148113}"

[HKLM\SOFTWARE\Classes\Injector.BHO.Injector.BHO]
   • "(Default)"="InjectorBHO"

[HKLM\SOFTWARE\Classes\Injector.BHO.Injector.BHO\CLSID]
   • "(Default)"="{8CB77D97-966B-4364-9B95-93B3DC148113}"

[HKLM\SOFTWARE\Classes\Injector.BHO.Injector.BHO\CurVer]
   • "(Default)"="Injector.BHO.1"

[HKLM\SOFTWARE\Classes\Interface\
   {BBA74401-6D6F-4BBD-9F65-E8623814F3BB}]
   • "(Default)"="IInjectorBHO"

[HKLM\SOFTWARE\Classes\Interface\
   {D2F39980-399F-492E-8D88-5FF7CCB3B47F}]
   • "(Default)"="ILocalStorage"

[HKLM\SOFTWARE\Classes\TypeLib\
   {C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0]
   • "(Default)"="Injector 1.0 Type Library"

[HKLM\SOFTWARE\Classes\TypeLib\
   {C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32]
   • "(Default)"="c:\sample.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
   Browser Helper Objects\{8CB77D97-966B-4364-9B95-93B3DC148113}]
   • "(Default)"="InjectorBHO"
   • "NoExplorer"="dword:0x00000001"

Description insérée par Wensin Lee le vendredi 20 juillet 2012
Description mise à jour par Wensin Lee le vendredi 20 juillet 2012

Retour . . . .
https:// Cet écran est crypté pour votre sécurité.