Ha bisogno di assistenza? Chieda alla community oppure consulti un esperto.
Vai ad Avira Answers
Nome del virus:Adware/Yontoo.E.1
Scoperto:19/07/2012
Tipo:Adware/Spyware
In circolazione (ITW):No
Numero delle infezioni segnalate:Medio
Potenziale di propagazione:Basso
Potenziale di danni:Basso
Dimensione del file:814224 Byte
Somma di controllo MD5:f478d6ce6bfe173158217a59a5588f79
Versione VDF:7.11.36.228 - giovedì 19 luglio 2012
Versione IVDF:7.11.36.228 - giovedì 19 luglio 2012

 Generale Metodo di propagazione:
   • Nessuna propria procedura di propagazione


Piattaforme / Sistemi operativi:
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7


Effetti secondari:
   • Modifica del registro

 File  Crea la seguente directory:
   • %HOME%\Anwendungsdaten\Mozilla\Firefox\Profiles\default\extensions\plugin@yontoo.com



Vengono creati i seguenti file:

– %temp%\YontooSetup-Silent.exe Viene eseguito ulteriormente dopo che è stato completamente creato.
– %temp%\YontooSetup-Silent-0744.exe Viene eseguito ulteriormente dopo che è stato completamente creato.
– %HOME%\User\Anwendungsdaten\Mozilla\Firefox\Profiles\default\extensions\plugin@yontoo.com\build.sh
– %HOME%\User\Anwendungsdaten\Mozilla\Firefox\Profiles\default\extensions\plugin@yontoo.com\chrome.manifest
– %HOME%\User\Anwendungsdaten\Mozilla\Firefox\Profiles\default\extensions\plugin@yontoo.com\config_build.sh
– %HOME%\User\Anwendungsdaten\Mozilla\Firefox\Profiles\default\extensions\plugin@yontoo.com\content\about.xul
– %HOME%\User\Anwendungsdaten\Mozilla\Firefox\Profiles\default\extensions\plugin@yontoo.com\content\firefoxOverlay.xul
– %HOME%\User\Anwendungsdaten\Mozilla\Firefox\Profiles\default\extensions\plugin@yontoo.com\content\options.xul
– %HOME%\User\Anwendungsdaten\Mozilla\Firefox\Profiles\default\extensions\plugin@yontoo.com\content\overlay.js
– %HOME%\User\Anwendungsdaten\Mozilla\Firefox\Profiles\default\extensions\plugin@yontoo.com\content\y2layers.jpg
– %HOME%\User\Anwendungsdaten\Mozilla\Firefox\Profiles\default\extensions\plugin@yontoo.com\defaults\preferences\y2layers.js
– %HOME%\User\Anwendungsdaten\Mozilla\Firefox\Profiles\default\extensions\plugin@yontoo.com\install.rdf
– %HOME%\User\Anwendungsdaten\Mozilla\Firefox\Profiles\default\extensions\plugin@yontoo.com\locale\en-US\about.dtd
– %HOME%\User\Anwendungsdaten\Mozilla\Firefox\Profiles\8msjo1o7.default\extensions\plugin@yontoo.com\locale\en-US\prefwindow.dtd
– %HOME%\User\Anwendungsdaten\Mozilla\Firefox\Profiles\default\extensions\plugin@yontoo.com\locale\en-US\y2layers.dtd
– %HOME%\User\Anwendungsdaten\Mozilla\Firefox\Profiles\default\extensions\plugin@yontoo.com\plugin@yontoo.com\readme.txt
– %HOME%\User\Anwendungsdaten\Mozilla\Firefox\Profiles\default\extensions\plugin@yontoo.com\plugin@yontoo.com\skin\overlay.css
– %HOME%\User\Anwendungsdaten\Mozilla\Firefox\Profiles\default\extensions\plugin@yontoo.com\plugin@yontoo.com\skin\toolbar-button.png
– %HOME%\User\Anwendungsdaten\Mozilla\Firefox\Profiles\default\user.js

 Registro Registra un “browser helper object” (BHO) aggiungendo le seguenti chiavi:

– HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
   Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\
   • (Default)="Yontoo Layers"

– HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
   Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\
   • NoExplorer=1

– HKCR\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}\
   • (Default)="YontooIEClient"

– HKCR\AppID\YontooIEClient.DLL\
   • AppID="{CFDAFE39-20CE-451D-BD45-A37452F39CF0}"

– HKCR\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}\(Default)
   • YontooIEClient

– HKCR\YontooIEClient.Api.1\
   • (Default)="Yontoo API"

– HKCR\YontooIEClient.Api.1\CLSID\
   • (Default)="{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}"

– HKCR\YontooIEClient.Api\CLSID\
   • (Default)="Yontoo API"

– HKCR\YontooIEClient.Api\CurVer\
   • (Default)="{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}"

– HKCR\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\
   • (Default)="Yontoo API"

– HKCR\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ProgID\
   • (Default)="YontooIEClient.Api.1"

– HKCR\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\
   VersionIndependentProgID\
   • (Default)="YontooIEClient.Api"

– HKCR\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\InprocServer32\
   • Default="%PROGRAM FILES%
   • \Yontoo\YontooIEClient.dll"

– HKCR\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\InprocServer32\
   • ThreadingModel="Apartment"

– HKCR\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\TypeLib\
   • (Default)="{D372567D-67C1-4B29-B3F0-159B52B3E967}"

– HKCR\YontooIEClient.Layers.1\
   • (Default)="Yontoo"

– HKCR\YontooIEClient.Layers.1\CLSID\
   • (Default)="{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"

– HKCR\YontooIEClient.Layers\
   • (Default)="Yontoo"

– HKCR\YontooIEClient.Layers\CLSID\
   • (Default)="{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"

– HKCR\YontooIEClient.Layers\CurVer\
   • (Default)="YontooIEClient.Layers.1"

– HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\
   • (Default)="Yontoo"

– HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ProgID\
   • (Default)="YontooIEClient.Layers.1"

– HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\
   VersionIndependentProgID\
   • (Default)="YontooIEClient.Layers"

– HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\InprocServer32\
   • (Default)="%PROGRAM FILES%
   • \Yontoo\YontooIEClient.dll"

– HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\InprocServer32\
   • ThreadingModel="Apartment"

– HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\TypeLib\
   • (Default)="{D372567D-67C1-4B29-B3F0-159B52B3E967}"

– HKCR\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\
   • (Default)="YontooIEClient 1.0 Type Library"

– HKCR\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\FLAGS\
   • (Default)=0

– HKCR\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\0\win32\
   • (Default)="%PROGRAM FILES%
   • \Yontoo\YontooIEClient.dll"

– HKCR\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\HELPDIR\
   • (Default)="%PROGRAM FILES%
   • \Yontoo"

– HKCR\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\
   • (Default)="ILayers"

– HKCR\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\
   ProxyStubClsid\
   • (Default)="{00020424-0000-0000-C000-000000000046}"
   •

– HKCR\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\
   ProxyStubClsid32\
   • (Default)="{00020424-0000-0000-C000-000000000046}"
   •

– HKCR\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\TypeLib\
   • (Default)="{D372567D-67C1-4B29-B3F0-159B52B3E967}"

– HKCR\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\TypeLib\
   • Version="1.0"

– HKCR\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\
   • (Default)="IApi"

– HKCR\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\
   ProxyStubClsid\
   • (Default)="{00020424-0000-0000-C000-000000000046}"

– HKCR\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\
   ProxyStubClsid32\
   • (Default)="{00020424-0000-0000-C000-000000000046}"
   •

– HKCR\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\TypeLib\
   • (Default)="{D372567D-67C1-4B29-B3F0-159B52B3E967}"

– HKCR\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\TypeLib\
   • Version=1.0

– HKCR\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\InProcServer32\
   • (Default)="%PROGRAM FILES%
   • \Yontoo\YontooIEClient.dll"

– HKCR\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\InProcServer32\
   • ThreadingModel="Both"

– HKCR\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\
   • (Default)="PSFactoryBuffer"

– HKCR\CLSID\{FE9271F2-6EFD-44b0-A826-84C829536E93}\
   • (Default)="d6aee4df-aa53-4647-8da3-9b385ee18e3d"

– HKCR\CLSID\{FE9271F2-6EFD-44b0-A826-84C829536E93}\
   defaultEnableAppsList\
   • (Default)=""

 Varie  Verifica la presenza di una connessione ad internet contattando il seguente sito web:
   • http://**********.yontoo.com/InstallHandler.aspx?alpha=Jw0NaW96RxRaKEgGCkctaHhUZnduV052MBQhXH5+SF5MHHwBCHkSUyZIFWg2LxgVOBImLn5vfjsMQT0oK1FsbxhNC0knPXNWGTprTXkuURIlVQZGTU8eO0AzLiNLJg1fIkcGHwU0VEsMcUlAOmt/T14hQnZ+YHYpPQ9bKHF2CXJ0E

Descrizione inserita da Jan-Eric Herting su sabato 21 luglio 2012
Descrizione aggiornata da Carlos Valero Llabata su sabato 21 luglio 2012

Indietro . . . .
https:// Questa finestra è criptata per tua sicurezza.