Besoin d’aide ? Fais appel à la communauté ou embauche un spécialiste.
Aller à Avira Answers
Nombre:ADWARE/InstallBrain.AF.6
Descubierto:29/04/2013
Tipo:Adware/Spyware
En circulacin (ITW):No
Nmero de infecciones comunicadas:Bajo
Potencial de propagacin:Bajo
Potencial daino:Bajo
Versin del VDF:7.11.74.206 - lunes 29 de abril de 2013
Versin del IVDF:7.11.74.206 - lunes 29 de abril de 2013

 General Mtodo de propagacin:
   • No tiene rutina propia de propagacin


Alias:
   •  Eset: Win32/InstallBrain.Y potentially unwanted


Plataformas / Sistemas operativos:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7


Efectos secundarios:
   • Modificaciones en el registro


Inmediatamente despus de su ejecucin, muestra la siguiente informacin:


 Ficheros Crea los siguientes ficheros:

– Ficheros temporales, que pueden ser eliminados despus:
   • %temp%\Video Performer63615.exe
   • %HOME%\Desktop\Continue Video Performer installation.lnk
   • %temp%\ibtmpc810551\config\ajax-loader.gif
   • %temp%\ibtmpc810551\config\ajax-loader2.gif
   • %temp%\ibtmpc810551\config\ib\arrow.gif
   • %temp%\ibtmpc810551\config\ib\b-bg.gif
   • %temp%\ibtmpc810551\config\ib\b3.gif
   • %temp%\ibtmpc810551\config\ib\b4.gif
   • %temp%\ibtmpc810551\config\ib\lbg-bottom.gif
   • %temp%\ibtmpc810551\config\ib\lbg-top.gif
   • %temp%\ibtmpc810551\config\ib\lbg.gif
   • %temp%\ibtmpc810551\config\ib\trust.gif
   • %temp%\ibtmpc810551\config\ib\center2.jpg
   • %temp%\ibtmpc810551\config\check.jpg
   • %temp%\ibtmpc810551\config\ib\mid.jpg
   • %temp%\ibtmpc810551\config\pb-bg-left.jpg
   • %temp%\ibtmpc810551\config\pb-bg-right.jpg
   • %temp%\ibtmpc810551\config\pb-bg.jpg
   • %temp%\ibtmpc810551\config\red-pb-act-left.jpg
   • %temp%\ibtmpc810551\config\red-pb-act-right.jpg
   • %temp%\ibtmpc810551\config\red-pb-act.jpg
   • %temp%\ibtmpc810551\config\ib\arrow.png
   • %temp%\ibtmpc810551\config\ib\btn.png
   • %temp%\ibtmpc810551\config\ib\btn2.png
   • %temp%\ibtmpc810551\config\ib\corn1.png
   • %temp%\ibtmpc810551\config\ib\corn2.png
   • %temp%\ibtmpc810551\config\ib\corn3.png
   • %temp%\ibtmpc810551\config\ib\corn4.png
   • %temp%\ibtmpc810551\config\page_2972_attr_3.png
   • %temp%\ibtmpc810551\config\page_2972_feature_.png
   • %temp%\ibtmpc810551\config\page_2973_attr_3.png
   • %temp%\ibtmpc810551\config\page_2974_attr_3.png
   • %temp%\ibtmpc810551\config\page_2975_attr_3.png
   • %temp%\ibtmpc810551\config\page_2976_attr_3.png
   • %temp%\ibtmpc810551\config\page_2976_feature_646.png
   • %temp%\ibtmpc810551\config\page_2977_attr_15.png
   • %temp%\ibtmpc810551\config\page_2977_attr_3.png
   • %temp%\ibtmpc810551\config\page_2978_attr_3.png
   • %temp%\ibtmpc810551\config\page_2979_attr_3.png
   • %temp%\ibtmpc810551\config\page_2998_attr_3.png
   • %temp%\ibtmpc810551\config\page_3143_attr_3.png
   • %temp%\ibtmpc810551\config\page_3144_attr_15.png
   • %temp%\ibtmpc810551\config\page_3144_attr_3.png
   • %temp%\ibtmpc810551\config\page_3231_attr_3.png
   • %temp%\ibtmpc810551\config\page_3231_feature_405.png
   • %temp%\ibtmpc810551\config\page_3363_attr_3.png
   • %temp%\ibtmpc810551\config\page_3384_attr_3.png
   • %temp%\ibtmpc810551\config\template_40.png
   • %temp%\ibtmpc810551\config\page_2972_attr_46.bmp
   • %temp%\ibtmpc810551\config\page_2973_attr_46.bmp
   • %temp%\ibtmpc810551\config\page_2974_attr_46.bmp
   • %temp%\ibtmpc810551\config\page_2975_attr_46.bmp
   • %temp%\ibtmpc810551\config\page_2976_attr_46.bmp
   • %temp%\ibtmpc810551\config\page_2977_attr_46.bmp
   • %temp%\ibtmpc810551\config\page_2978_attr_46.bmp
   • %temp%\ibtmpc810551\config\page_2979_attr_46.bmp
   • %temp%\ibtmpc810551\config\page_2998_attr_46.bmp
   • %temp%\ibtmpc810551\config\page_3143_attr_46.bmp
   • %temp%\ibtmpc810551\config\page_3144_attr_46.bmp
   • %temp%\ibtmpc810551\config\page_3231_attr_46.bmp
   • %temp%\ibtmpc810551\config\page_3363_attr_46.bmp
   • %temp%\ibtmpc810551\config\page_3384_attr_46.bmp
   • %temp%\ibtmpc810551\config\speedanalysis.ico
   • %temp%\ibtmpc810551\config\2972.html
   • %temp%\ibtmpc810551\config\2973.html
   • %temp%\ibtmpc810551\config\2974.html
   • %temp%\ibtmpc810551\config\2975.html
   • %temp%\ibtmpc810551\config\2976.html
   • %temp%\ibtmpc810551\config\2977.html
   • %temp%\ibtmpc810551\config\2978.html
   • %temp%\ibtmpc810551\config\2979.html
   • %temp%\ibtmpc810551\config\2998.html
   • %temp%\ibtmpc810551\config\3143.html
   • %temp%\ibtmpc810551\config\3144.html
   • %temp%\ibtmpc810551\config\3231.html
   • %temp%\ibtmpc810551\config\3363.html
   • %temp%\ibtmpc810551\config\3384.html
   • %temp%\ibtmpc810551\config\ib\main.css
   • %temp%\ibtmpc810551\config\conditions\conditions.js
   • %temp%\ibtmpc810551\config\js\config.js
   • %temp%\ibtmpc810551\config\events\events.js
   • %temp%\ibtmpc810551\config\js\jquery-1.7.min.js
   • %temp%\ibtmpc810551\config\js\jquery.noselect.min.js
   • %temp%\ibtmpc810551\config\js\smart.js
   • %temp%\ibtmpc810551\config\js\smart_bb.js
   • %temp%\ibtmpc810551\component_600.part
   • %temp%\ibtmpc810551\component_613.part
   • %temp%\ibtmpc810551\intallLog
   • %temp%\ibtmpc810551\component_369.part
   • %temp%\ibtmpc810551\component_625.part
   • %temp%\ibtmpc810551\component_583.part
   • %temp%\A.tmp

%ALLUSERSPROFILE%\Application Data\IBUpdaterService\ibsvc.exe Adems, el fichero es ejecutado despus de haber sido creado.
%appdata%\Application Data\speedanalysis.ico
%ALLUSERSPROFILE%\Application Data\IBUpdaterService\repository.xml

 Registro Aade las siguientes claves del registro para ejecutar los servicios al iniciar el sistema:

[HKCU\Software\Microsoft\Internet Explorer\Main]
   • "ApplicationTileImmersiveActivation"="dword:0x00000000"
   • "AssociationActivationMode"="dword:0x00000002"
   • "bProtector Start Page"="http://www2.**********-search.com/?affID=119649&babsrc=HP_ss&mntrId=D88100AB2F0C4369"
   • "Start Page"="http://www2.**********-search.com/?affID=119649&babsrc=HP_ss&mntrId=D88100AB2F0C4369"
   • "Window_Placement"="hex:2c,00,00,00,00,00,00,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
   • ,ff,ff,ff,ff,ff,ff,ff,9a,00,00,00,9a,00,00,00,ba,03,00,00,f2,\
   • ,02,00,00"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
   • "LoadAppInit_DLLs"="dword:0x00000001"



Aade las siguientes claves al registro:

[HKCR\*\shell\filescout]
   • "(Default)"="Show how to open this file"

[HKCR\*\shell\filescout\command]
   • "(Default)"=""%appdata%\File Scout\filescout.exe" /sc "%1""

[HKCR\2.ScriptHostObject.1]
   • "(Default)"="Speed Analysis 2"

[HKCR\2.ScriptHostObject.1\CLSID]
   • "(Default)"="{18DBB6CE-3148-4FEC-B481-103CB3290427}"

[HKCR\2.ScriptHostObject]
   • "(Default)"="Speed Analysis 2"

[HKCR\2.ScriptHostObject\CLSID]
   • "(Default)"="{18DBB6CE-3148-4FEC-B481-103CB3290427}"

[HKCR\2.ScriptHostObject\CurVer]
   • "(Default)"="Speed Analysis 2.ScriptHostObject.1"

[HKCR\AddonsFramework.Navbar.1]
   • "(Default)"="Navbar Class"

[HKCR\AddonsFramework.Navbar.1\CLSID]
   • "(Default)"="{E65CE95B-56E9-47C9-8707-A1D1DE30760F}"

[HKCR\AddonsFramework.Navbar]
   • "(Default)"="Navbar Class"

[HKCR\AddonsFramework.Navbar\CLSID]
   • "(Default)"="{E65CE95B-56E9-47C9-8707-A1D1DE30760F}"

[HKCR\AddonsFramework.Navbar\CurVer]
   • "(Default)"="AddonsFramework.Navbar.1"

[HKCR\AddonsFramework.PropertySyncObj.1]
   • "(Default)"="PropertySyncObj Class"

[HKCR\AddonsFramework.PropertySyncObj.1\CLSID]
   • "(Default)"="{EB93AADE-9884-47F0-AA9D-0920E1D1203F}"

[HKCR\AddonsFramework.PropertySyncObj]
   • "(Default)"="PropertySyncObj Class"

[HKCR\AddonsFramework.PropertySyncObj\CLSID]
   • "(Default)"="{EB93AADE-9884-47F0-AA9D-0920E1D1203F}"

[HKCR\AddonsFramework.PropertySyncObj\CurVer]
   • "(Default)"="AddonsFramework.PropertySyncObj.1"

[HKCR\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}]
   • "(Default)"="PropertySync"

[HKCR\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}]
   • "(Default)"="AddonsFramework"

[HKCR\AppID\{562B9316-C08A-444A-9482-62080DD851AE}]
   • "(Default)"="Speed Analysis 2"

[HKCR\AppID\{562B9317-C08A-444A-9482-62080DD851AE}]
   • "(Default)"="ButtonSite"

[HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}\Instl\Data]
   • "hp_url"="http://www2.delta-search.com/?affID=119649&babsrc=HP_ss&mntrId=D88100AB2F0C4369"
   • "kw_url"="http://www2.delta-search.com/?affID=119649&babsrc=KW_ss&mntrId=D88100AB2F0C4369&q="
   • "nt_url"="http://www2.delta-search.com/?affID=119649&babsrc=NT_ss&mntrId=D88100AB2F0C4369"
   • "sp_name"="Delta Search"
   • "sp_url"="http://www2.delta-search.com/?q={searchTerms}&affID=119649&babsrc=SP_ss&mntrId=D88100AB2F0C4369"
   • "tb_url"="http://www2.delta-search.com/?q={searchTerms}&affID=119649&babsrc=TB_ss&mntrId=D88100AB2F0C4369"
   • "trace"="dword:0x00000000"

[HKCR\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}]
   • "(Default)"="YontooIEClient"

[HKCR\AppID\AddonsFramework.DLL]
   • "AppID"="{19975B78-1907-4DD6-A437-4C48120F46A4}"

[HKCR\AppID\ButtonSite.DLL]
   • "AppID"="{562B9317-C08A-444A-9482-62080DD851AE}"

[HKCR\AppID\PropertySync.EXE]
   • "AppID"="{18B9B16E-716F-43DF-A6AD-512C7D2EB983}"

[HKCR\AppID\ScriptHost.DLL]
   • "AppID"="{562B9316-C08A-444A-9482-62080DD851AE}"

[HKCR\AppID\YontooIEClient.DLL]
   • "AppID"="{CFDAFE39-20CE-451D-BD45-A37452F39CF0}"

[HKCR\ScriptHost.Tool.1]
   • "(Default)"="Tool Class"

[HKCR\ScriptHost.Tool.1\CLSID]
   • "(Default)"="{4B48FBF2-BA2B-44C5-A20F-8E25D17FEF29}"

[HKCR\ScriptHost.Tool]
   • "(Default)"="Tool Class"

[HKCR\ScriptHost.Tool\CLSID]
   • "(Default)"="{4B48FBF2-BA2B-44C5-A20F-8E25D17FEF29}"

[HKCR\ScriptHost.Tool\CurVer]
   • "(Default)"="ScriptHost.Tool.1"

[HKCR\Unknown\shell\openas\command]
   • "(Default)"=""%appdata%\File Scout\filescout.exe" /open "%1""
   • "fs_backup"="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1"

[HKCR\YontooIEClient.Api.1]
   • "(Default)"="Yontoo Api"

[HKCR\YontooIEClient.Api.1\CLSID]
   • "(Default)"="{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}"

[HKCR\YontooIEClient.Api]
   • "(Default)"="Yontoo Api"

[HKCR\YontooIEClient.Api\CLSID]
   • "(Default)"="{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}"

[HKCR\YontooIEClient.Api\CurVer]
   • "(Default)"="YontooIEClient.Api.1"

[HKCR\YontooIEClient.Layers.1]
   • "(Default)"="Yontoo"

[HKCR\YontooIEClient.Layers.1\CLSID]
   • "(Default)"="{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"

[HKCR\YontooIEClient.Layers]
   • "(Default)"="Yontoo"

[HKCR\YontooIEClient.Layers\CLSID]
   • "(Default)"="{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"

[HKCR\YontooIEClient.Layers\CurVer]
   • "(Default)"="YontooIEClient.Layers.1"

[HKCU\SessionInformation]
   • "ProgramCount"="dword:0x0000000d"

[HKCU\Software\BabylonToolbar\BabyBrUtil]
   • "cr_ver"="dword:0x00000000"

[HKCU\Software\BabylonToolbar\BabyBrUtil\Instances\
   Delta Chrome Toolbar]
   • "CrxId"="eooncjejnppfjjklapaamhcdmjbilmde"
   • "Report"="crtdelta"
   • "UninstKey"="Delta Chrome Toolbar"

[HKCU\Software\Classes\CLSID\
   {80922ee0-8a76-46ae-95d5-bd3c3fe0708d}]
   • "(Default)"="13d0e57d-8616-4457-9c08-14bb719c03b5"

[HKCU\Software\DataMngr\Files\ChromeHomepage]
   • "Flag"="dword:0x00000000"

[HKCU\Software\DataMngr\Files\Homepage]
   • "Flag"="dword:0x00000000"

[HKCU\Software\DataMngr\Files\SelectedSearch]
   • "Flag"="dword:0x00000000"

[HKCU\Software\DataMngr\Files\UrlbarSearch]
   • "Flag"="dword:0x00000000"

[HKCU\Software\DataMngr\List\Item1]
   • "Flag"="dword:0x00000000"

[HKCU\Software\DataMngr\List\Item2]
   • "Flag"="dword:0x00000000"

[HKCU\Software\DataMngr\List\Item3]
   • "Flag"="dword:0x00000000"

[HKCU\Software\DataMngr\Toolbar]
   • "Flag"="dword:0x00000000"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\
   {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
   • "DisplayName"="Delta Search"
   • "FaviconURL"="search.baby**********.com/favicon.ico"
   • "Key"=""
   • "SuggestionsURL"=""
   • "URL"="http://www2.**********-search.com/?q={searchTerms}&affID=119649&babsrc=SP_ss&mntrId=D88100AB2F0C4369"

[HKLM\SOFTWARE\Classes\ScriptHost.Tool.1]
   • "(Default)"="Tool Class"

[HKLM\SOFTWARE\Classes\ScriptHost.Tool.1\CLSID]
   • "(Default)"="{4B48FBF2-BA2B-44C5-A20F-8E25D17FEF29}"

[HKLM\SOFTWARE\Classes\ScriptHost.Tool]
   • "(Default)"="Tool Class"

[HKLM\SOFTWARE\Classes\ScriptHost.Tool\CLSID]
   • "(Default)"="{4B48FBF2-BA2B-44C5-A20F-8E25D17FEF29}"

[HKLM\SOFTWARE\Classes\ScriptHost.Tool\CurVer]
   • "(Default)"="ScriptHost.Tool.1"

[HKLM\SOFTWARE\Classes\Unknown\shell\openas\command]
   • "(Default)"=""C:\Documents and Settings\vanciefancie\Application Data\File Scout\filescout.exe" /open "%1""
   • "fs_backup"="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1"

[HKLM\SOFTWARE\Classes\YontooIEClient.Api.1]
   • "(Default)"="Yontoo Api"

[HKLM\SOFTWARE\Classes\YontooIEClient.Api.1\CLSID]
   • "(Default)"="{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}"

[HKLM\SOFTWARE\Classes\YontooIEClient.Api]
   • "(Default)"="Yontoo Api"

[HKLM\SOFTWARE\Classes\YontooIEClient.Api\CLSID]
   • "(Default)"="{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}"

[HKLM\SOFTWARE\Classes\YontooIEClient.Api\CurVer]
   • "(Default)"="YontooIEClient.Api.1"

[HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1]
   • "(Default)"="Yontoo"

[HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1\CLSID]
   • "(Default)"="{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"

[HKLM\SOFTWARE\Classes\YontooIEClient.Layers]
   • "(Default)"="Yontoo"

[HKLM\SOFTWARE\Classes\YontooIEClient.Layers\CLSID]
   • "(Default)"="{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"

[HKLM\SOFTWARE\Classes\YontooIEClient.Layers\CurVer]
   • "(Default)"="YontooIEClient.Layers.1"

[HKLM\SOFTWARE\Google\Chrome\Extensions\
   dgjkhjdcljddbedokogakmmdjgnbeanf]
   • "path"="%appdata%\SpeedAnalysis2\speedanalysis.crx"
   • "version"="1.0.0.0"

[HKLM\SOFTWARE\Google\Chrome\Extensions\
   eooncjejnppfjjklapaamhcdmjbilmde]
   • "path"="%appdata%\SpeedAnalysis2\speedanalysis.crx"
   • "version"="1.0.0.0"



Modifica la siguiente clave del registro:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
   Valor anterior:
   • "AppInit_DLLs"=""
   Nuevo valor:
   • "AppInit_DLLs"="c:\docume~1\alluse~1\applic~1\browse~1\261249~1.132\{c16c1~1\browse~1.dll "

 Informaciones diversas Conexin a Internet:
Para verificar la conexin a Internet, se conecta a los siguientes servidores DNS:
   • www.**********ologic.com
   • track.myback**********.com
   • cdn.myback**********.com
   • service.yon**********.com
   • dl.**********lon.com

Description insérée par Wensin Lee le jeudi 2 mai 2013
Description mise à jour par Wensin Lee le jeudi 2 mai 2013

Retour . . . .
https:// Cet écran est crypté pour votre sécurité.