Besoin d’aide ? Fais appel à la communauté ou embauche un spécialiste.
Aller à Avira Answers
Virus:Adware/InstallRex.O
Date discovered:16/01/2013
Type:Adware/Spyware
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
VDF version:7.11.57.110 - Wednesday, January 16, 2013
IVDF version:7.11.57.110 - Wednesday, January 16, 2013

 General Method of propagation:
   • No own spreading routine


Alias:
   •  Eset: Win32/InstalleRex.E.Gen application


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7


Side effects:
   • Registry modification


Right after execution the following information is displayed:


 Files The following files are created:

– Non malicious files:
   • %temp%\11DC2CB9.dat
   • %temp%\{57C04963-CC76-4DDE-AF35-84548C236B95}\_Setup.dll
   • %temp%\{57C04963-CC76-4DDE-AF35-84548C236B95}\Setup.ico
   • %temp%\{57C04963-CC76-4DDE-AF35-84548C236B95}\Readme.txt
   • %temp%\{57C04963-CC76-4DDE-AF35-84548C236B95}\_Setupx.dll
   • %temp%\{57C04963-CC76-4DDE-AF35-84548C236B95}\Setup.exe

– A file that is for temporary use and it might be deleted afterwards:
   • %temp%\Tsu575CCAE6.dll

 Registry The following registry keys are added:

– [HKCR\CLSID\{6DFE9FD5-C843-3189-B774-2DE96F367673}]
   • "(Default)"="Vaudix"

– [HKCR\CLSID\{6DFE9FD5-C843-3189-B774-2DE96F367673}\InProcServer32]
   • "(Default)"="%ALLUSERSPROFILE%\Application Data\Vaudix\50f60051a72bb.dll"
   • "ThreadingModel"="Apartment"

– [HKCR\CLSID\{6DFE9FD5-C843-3189-B774-2DE96F367673}\ProgID]
   • "(Default)"="Vaudix.1"

– [HKCR\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}]
   • "(Default)"="ILocalStorage"

– [HKCR\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\
   ProxyStubClsid]
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

– [HKCR\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\
   ProxyStubClsid32]
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

– [HKCR\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib]
   • "(Default)"="{E2343056-CC08-46AC-B898-BFC7ACF4E755}"
   • "Version"="1.0"

– [HKCR\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}]
   • "(Default)"="IIEPluginMain"

– [HKCR\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\
   ProxyStubClsid]
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

– [HKCR\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\
   ProxyStubClsid32]
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

– [HKCR\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib]
   • "(Default)"="{E2343056-CC08-46AC-B898-BFC7ACF4E755}"
   • "Version"="1.0"

– [HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0]
   • "(Default)"="IEPluginLib"

– [HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32]
   • "(Default)"="%ALLUSERSPROFILE%\Application Data\Vaudix\50f60051a72bb.tlb"

– [HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS]
   • "(Default)"="0"

– [HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR]
   • "(Default)"="%ALLUSERSPROFILE%\Application Data\Vaudix"

– [HKCU\Software\AppDataLow\SProtector\_d4b953fc\0caebbe2]
   • "05502537"="H/Ah/YP/b//4/B6/UlA1/XJ/FxAg/XJ/FPAf/XV/H//j/Xq/cPAg/YP/UPAz/YZ/alA1/YV/GP/j/Xt/axAv/X6/UlAv/XD/cxAp/XV/alAj/B2/HPAs/X6////%"
   • "94362f76"="KlAu/XZ/JlAu/XD/bxAs/Xx////%"
   • "b2cc84ee"="H/Ah/YP/b//4/B6/UlA1/XJ/FxAg/XJ/FPAf/XV/H//j/Xq/cPAg/YP/UPAz/YZ/alA1/YV/GP/j/Xt/axAv/X6/Ul/9/Xl/OP/e/BF/bP/7////"
   • "d7cea243"="H/Ah/YP/b//4/B6/UlA1/XJ/FxAg/XJ/FPAf/XV/H//j/Xq/cPAg/YP/UPAz/YZ/alA1/YV/GP/j/Xt/axAv/X6/Ul////%%"
   • "fd0dde78"="KlAu/XZ/JlAu/XD/bxAs/Xx////%"

– [HKCU\Software\AppDataLow\SProtector\_d4b953fc\2038a74d]
   • "05502537"="H/Ah/YP/b//4/B6/UlA1/XJ/FxAg/XJ/FPAf/XV/H//j/Xq/cPAg/YP/UPAz/YZ/alA1/YV/GP/j/Xt/axAv/X6/UlAv/XD/cxAp/XV/alAj/B2/HPAs/X6////%"
   • "51652492"="///%"
   • "64fc053d"="M/////%%"
   • "81339df5"="H/Ah/YP/b//4/B6/UlA1/XJ/FxAg/XJ/FPAf/XV/H//j/Xq/cPAg/YP/UPAz/YZ/alA1/YV/GP/j/Xt/axAv/X6/Ul/9/Xl/OP/e/BF/bP/7/Ym/blAu/XD/bxAs/Xx/K/Au/YZ/aPAg/Yh////%"
   • "94362f76"="KlAu/XZ/JlAu/XD/bxAs/Xx////%"
   • "b2cc84ee"="H/Ah/YP/b//4/B6/UlA1/XJ/FxAg/XJ/FPAf/XV/H//j/Xq/cPAg/YP/UPAz/YZ/alA1/YV/GP/j/Xt/axAv/X6/Ul/9/Xl/OP/e/BF/bP/7/Ym/blAu/XD/bxAs/Xx/K/Au/YZ/aPAg/Yh////%"
   • "d7cea243"="H/Ah/YP/b//4/B6/UlA1/XJ/FxAg/XJ/FPAf/XV/H//j/Xq/cPAg/YP/UPAz/YZ/alA1/YV/GP/j/Xt/axAv/X6/Ul////%%"
   • "ef34a9f6"="H/Ah/YP/b//4/B6/UlA1/XJ/FxAg/XJ/FPAf/XV/H//j/Xq/cPAg/YP/UPAz/YZ/alA1/YV/GP/j/Xt/axAv/X6/Ul////%%"
   • "f176879d"="GxAy/Xl/blAu////"
   • "fd0dde78"="KlAu/XZ/JlAu/XD/bxAs/Xx////%"

– [HKCU\Software\AppDataLow\SProtector\_d4b953fc\7fe0f877]
   • "05502537"="H/Ah/YP/b//4/B6/UlA1/XJ/FxAg/XJ/FPAf/XV/H//j/Xq/cPAg/YP/UPAz/YZ/alA1/YV/GP/j/Xt/axAv/X6/UlAv/XD/cxAp/XV/alAj/B2/HPAs/X6////%"
   • "94362f76"="KlAu/XZ/JlAu/XD/bxAs/Xx////%"
   • "b2cc84ee"="H/Ah/YP/b//4/B6/UlA1/XJ/FxAg/XJ/FPAf/XV/H//j/Xq/cPAg/YP/UPAz/YZ/alA1/YV/GP/j/Xt/axAv/X6/Ul/9/Xl/OP/e/BF/bP/7/Ym/blAu/XD/bxAs/Xx/K/Au/YZ/aPAg/Yh////%"
   • "d7cea243"="H/Ah/YP/b//4/B6/UlA1/XJ/FxAg/XJ/FPAf/XV/H//j/Xq/cPAg/YP/UPAz/YZ/alA1/YV/GP/j/Xt/axAv/X6/Ul////%%"
   • "fd0dde78"="dlAB/DZ/Ml/h/DP/QP/+/Ct/UPAB/DV/M/AC/Bh/M//e/Cb/Vx/i/Ct/PPAC/CP/UP/1/CV/Vl/e/CJ/Qx/1/CD/PlAX/DF/QPA7////"

– [HKCU\Software\AppDataLow\SProtector\_d4b953fc]
   • "date"="1358361536"

– [HKCU\Software\AppDataLow\SProtector\_d4b953fc\eae10f9d]
   • "0c230bcb"="/P////%%"
   • "340d3099"="/P////%%"
   • "37b7a6d8"="UlAr/XJ/c//k////"
   • "414bc593"="///%"
   • "51d2f2ea"="JlAu/XD/bxAs/Xx/Z/AA/YV/blAp/YV/c/Ay/X2/c//x/Dq/cPAg/YP/PxAf/X6/clAg/XJ/Z//e/B2/Mx/0////"
   • "65114b36"="Vl/l////"
   • "72758a5d"="/P////%%"
   • "7f69fa1f"="///%"
   • "a1dcff5b"="V/////%%"
   • "a5b6d472"="M//3/CJ/Vx/1////"
   • "b10ed930"="///%"
   • "c99a5f5c"="///%"
   • "d94388d2"="FxAu/YV/c//i/Xt/axAg/YP/FPAm/Xl/GPAf/B2/HPAj/XF/al////%%"
   • "e46c271e"="/P////%%"
   • "f0bf0bde"="///%"

– [HKCU\Software\AppDataLow\SProtector\_d4b953fc]
   • "prid"="Search Assistant JustBrowse"
   • "uiid"="2814282789"
   • "upid"="320"
   • "usid"="2174292622"
   • "uuid"="b6826bde-d3eeb2c0-d8812eb1"

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
   {681002C6-5019-81A2-7871-A43754F71E56}]
   • "CategoryName"="VaudiX"
   • "DisplayIcon"="%ALLUSERSPROFILE%\Application Data\Vaudix\uninstall.exe"
   • "DisplayName"="Vaudix"
   • "DisplayVersion"=""
   • "InstallDate"="20120116"
   • "NoModify"="dword:0x00000001"
   • "NoRepair"="dword:0x00000001"
   • "Publisher"="Vaudix"
   • "UninstallString"=""%ALLUSERSPROFILE%\Application Data\Vaudix\uninstall.exe" /path=%ALLUSERSPROFILE%\Application Data\Vaudix"
   • "URLInfoAbout"="http://vaudix.com/"

– [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\
   {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}]
   • "DisplayName"="WebSearch"
   • "FaviconURL"="http://websearch.just-browse.info/favicon.ico"
   • "FaviconURLFallback"="http://websearch.just-browse.info/favicon.ico"
   • "URL"="http://websearch.just-browse.info/?l=1&q={searchTerms}"

– [HKCU\Software\Microsoft\Internet Explorer\SearchScopes]
   • "DefaultScope"="{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}"

– [HKLM\SOFTWARE\Classes\CLSID\
   {6DFE9FD5-C843-3189-B774-2DE96F367673}]
   • "(Default)"="Vaudix"

– [HKLM\SOFTWARE\Classes\CLSID\{6DFE9FD5-C843-3189-B774-2DE96F367673}\
   InProcServer32]
   • "(Default)"="%ALLUSERSPROFILE%\Application Data\Vaudix\50f60051a72bb.dll"
   • "ThreadingModel"="Apartment"

– [HKLM\SOFTWARE\Classes\CLSID\{6DFE9FD5-C843-3189-B774-2DE96F367673}\
   ProgID]
   • "(Default)"="Vaudix.1"

– [HKLM\SOFTWARE\Classes\Interface\
   {31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}]
   • "(Default)"="ILocalStorage"

– [HKLM\SOFTWARE\Classes\Interface\
   {31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid]
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32]
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib]
   • "(Default)"="{E2343056-CC08-46AC-B898-BFC7ACF4E755}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}]
   • "(Default)"="IIEPluginMain"

– [HKLM\SOFTWARE\Classes\Interface\
   {C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid]
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32]
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib]
   • "(Default)"="{E2343056-CC08-46AC-B898-BFC7ACF4E755}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\TypeLib\
   {E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0]
   • "(Default)"="IEPluginLib"

– [HKLM\SOFTWARE\Classes\TypeLib\
   {E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32]
   • "(Default)"="%ALLUSERSPROFILE%\Application Data\Vaudix\50f60051a72bb.tlb"

– [HKLM\SOFTWARE\Classes\TypeLib\
   {E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS]
   • "(Default)"="0"

– [HKLM\SOFTWARE\Classes\TypeLib\
   {E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR]
   • "(Default)"="%ALLUSERSPROFILE%\Application Data\Vaudix"

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
   Browser Helper Objects\{6DFE9FD5-C843-3189-B774-2DE96F367673}]
   • "(Default)"="Vaudix"
   • "NoExplorer"="dword:0x00000001"

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID]
   • "{6DFE9FD5-C843-3189-B774-2DE96F367673}"="1"



The following registry key is changed:

Internet Explorer's start page:

– [HKCU\Software\Microsoft\Internet Explorer\Main]
   Old value:
   • "Start Page"="about:blank"
   New value:
   • "Start Page"="http://websearch.just-browse.info/"

 Miscellaneous In order to check for its internet connection the following DNS servers are contacted:
   • i1.**********box1.info
   • r1.**********box1.info
   • **********nrex.info

Description insérée par Wensin Lee le mercredi 16 janvier 2013
Description mise à jour par Wensin Lee le mercredi 16 janvier 2013

Retour . . . .
https:// Cet écran est crypté pour votre sécurité.