Ha bisogno di assistenza? Chieda alla community oppure consulti un esperto.
Vai ad Avira Answers
Nome del virus:Adware/DomaIQ.GK
Tipo:Adware
In circolazione (ITW):No
Numero delle infezioni segnalate:Basso
Potenziale di propagazione:Basso
Potenziale di danni:Medio-Basso
File statico:Si
Versione VDF:7.11.83.96 - venerdì 7 giugno 2013
Versione IVDF:7.11.83.96 - venerdì 7 giugno 2013

 Generale Metodo di propagazione:
   • Nessuna propria procedura di propagazione


Alias:
   •  Kaspersky: not-a-virus:AdWare.Win32.DomaIQ.cb
   •  Eset: Win32/DomaIQ.I


Piattaforme / Sistemi operativi:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7


Effetti secondari:
   • Modifica del registro


Giusto dopo l'esecuzione viene visualizzata la seguente informazione:


 File  Cancella i seguenti file:
   • %Temp%\DIQM\Setup_151\bin\Webcake\info.html
   • %Temp%\DIQM\Setup_151\bin\SpeedUpMyPc\info.html
   • %Temp%\DIQM\Setup_151\bin\OptimizerPro\info.html
   • %Temp%\DIQM\Setup_151\bin\MixiDjYahoo\info.html
   • %Temp%\DIQM\Setup_151\bin\exe\close.html
   • %Temp%\DIQM\Setup_151\bin\exe\finish.html
   • %Temp%\DIQM\Setup_151\bin\exe\instalando.html
   • %Temp%\DIQM\Setup_151\bin\exe\options.html
   • %Temp%\DIQM\Setup_151\bin\exe\welcome.html
   • %Temp%\DIQM\Setup_151\bin\Driverpro\info.html
   • %Temp%\DIQM\Setup_151\bin\Dealply\info.html



Vengono creati i seguenti file:

– File ad uso temporaneo che possono essere cancellati in seguito:
   • %Temp%\DIQM\Setup_151\bin\Dealply\info.html
   • %Temp%\DIQM\Setup_151\temp\OptimizerProinfo.dfe
   • %Temp%\DIQM\Setup_151\bin\css\images\optimizerpro-img.png
   • %Temp%\DIQM\Setup_151\bin\css\images\optimizerpro-logo-big.png
   • %Temp%\DIQM\Setup_151\bin\css\images\optimizerpro-logo.png
   • %Temp%\DIQM\Setup_151\bin\css\optimizerpro.css
   • %Temp%\DIQM\Setup_151\bin\OptimizerPro\info.html
   • %Temp%\DIQM\Setup_151\temp\SpeedUpMyPcinfo.dfe
   • %Temp%\DIQM\Setup_151\bin\css\images\speedupmypc-img.png
   • %Temp%\DIQM\Setup_151\bin\css\speedupmypc.css
   • %Temp%\DIQM\Setup_151\bin\SpeedUpMyPc\info.html
   • %Temp%\DIQM\Setup_151\temp\Driverproinfo.dfe
   • %Temp%\DIQM\Setup_151\bin\css\driverpro.css
   • %Temp%\DIQM\Setup_151\bin\css\images\driverpro-img.png
   • %Temp%\DIQM\Setup_151\bin\Driverpro\info.html
   • %Temp%\DIQM\Setup_151\bin\Driverpro\info.html
   • %Temp%\DIQM\Setup_151\bin\Webcake\info.dfe
   • %Temp%\DIQM\Setup_151\bin\SpeedUpMyPc\info.dfe
   • %Temp%\DIQM\Setup_151\bin\MixiDjYahoo\info.dfe
   • %Temp%\DIQM\Setup_151\bin\exe\close.dfe
   • %Temp%\DIQM\Setup_151\bin\exe\finish.dfe
   • %Temp%\DIQM\Setup_151\bin\exe\instalando.dfe
   • %Temp%\DIQM\Setup_151\bin\exe\options.dfe
   • %Temp%\DIQM\Setup_151\bin\exe\welcome.dfe
   • %Temp%\DIQM\Setup_151\bin\Driverpro\info.dfe
   • %Temp%\DIQM\Setup_151\bin\Dealply\info.dfe
   • %Temp%\DIQM\Setup_151\bin\css\base.css
   • %Temp%\DIQM\Setup_151\Software\MixiDjYahoo
   • %Temp%\DIQM\Setup_151\Software\Webcake
   • %Temp%\DIQM\Setup_151\Software\OptimizerPro.exe
   • %Temp%\DIQM\Setup_151\Software\Setup

 Registro Le seguenti chiavi di registro vengono aggiunte per caricare il servizio dopo il riavvio:

[HKCU\Software\Microsoft\Internet Explorer\Main]
   • "ApplicationTileImmersiveActivation"="dword:0x00000000"
   • "AssociationActivationMode"="dword:0x00000002"
   • "bProtector Start Page"="http://mixidj.d**********.com/?affID=121139&babsrc=HP_ss&mntrId=D88100AB2F0C4369"
   • "Start Page"="http://mixidj.**********search.com/?affID=121139&babsrc=HP_ss&mntrId=D88100AB2F0C4369"



Vengono aggiunte le seguenti chiavi di registro:

[HKCR\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}]
   • "(Default)"="WebCakeIEClient"

[HKCR\AppID\{A2773ED4-83BD-488A-A186-73590706C916}\Instl\Data]
   • "hp_url"="http://mixidj.**********search.com/?affID=121139&babsrc=HP_ss&mntrId=D88100AB2F0C4369"
   • "kw_url"="http://mixidj.**********search.com/?affID=121139&babsrc=KW_ss&mntrId=D88100AB2F0C4369&q="
   • "nt_url"="http://mixidj.**********search.com/?affID=121139&babsrc=NT_ss&mntrId=D88100AB2F0C4369"
   • "sp_name"="Mixi.DJ Search"
   • "sp_url"="http://mixidj.**********search.com/?q={searchTerms}&affID=121139&babsrc=SP_ss&mntrId=D88100AB2F0C4369"
   • "tb_url"="http://mixidj.**********search.com/?q={searchTerms}&affID=121139&babsrc=TB_ss&mntrId=D88100AB2F0C4369"
   • "trace"="dword:0x00000000"

[HKCR\AppID\WebCakeIEClient.DLL]
   • "AppID"="{7169BBB3-3289-4696-B35D-4A88BCF6FB12}"

[HKCR\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}]
   • "(Default)"="WebCake"

[HKCR\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}\InprocServer32]
   • "(Default)"="%PROGRAM FILES%\WebCake\WebCakeIEClient.dll"
   • "ThreadingModel"="Apartment"

[HKCR\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}\ProgID]
   • "(Default)"="WebCakeIEClient.Layers.1"

[HKCR\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}\TypeLib]
   • "(Default)"="{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}"

[HKCR\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}\
   VersionIndependentProgID]
   • "(Default)"="WebCakeIEClient.Layers"

[HKCR\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}]
   • "(Default)"="WebCake Api"

[HKCR\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}\InprocServer32]
   • "(Default)"="%PROGRAM FILES%\WebCake\WebCakeIEClient.dll"
   • "ThreadingModel"="Apartment"

[HKCR\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}\ProgID]
   • "(Default)"="WebCakeIEClient.Api.1"

[HKCR\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}\TypeLib]
   • "(Default)"="{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}"

[HKCR\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}\
   VersionIndependentProgID]
   • "(Default)"="WebCakeIEClient.Api"

[HKCR\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}]
   • "(Default)"="1fcaa1f5-3b6e-422a-8670-48faa1b6f168"

[HKCR\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}\
   defaultEnableAppsList]
   • "(Default)"="layers,brain/features,newOffers/wc"

[HKCR\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}\InprocServer32]
   • "(Default)"="%SYSDIR%\catsrvut.dll"
   • "ThreadingModel"="Both"

[HKCR\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}]
   • "(Default)"="PSFactoryBuffer"

[HKCR\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}\InProcServer32]
   • "(Default)"="%PROGRAM FILES%\WebCake\WebCakeIEClient.dll"
   • "ThreadingModel"="Both"

[HKCR\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}]
   • "(Default)"="c566ff0c-d67f-4a22-9898-6422e366dd92"

[HKCR\Interface\{000C1025-0000-0000-C000-000000000046}\NumMethods]
   • "(Default)"="33"

[HKCR\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}]
   • "(Default)"="ILayers"

[HKCR\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}\NumMethods]
   • "(Default)"="7"

[HKCR\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}\
   ProxyStubClsid]
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}\
   ProxyStubClsid32]
   • "(Default)"="{DF84E609-C3A4-49CB-A160-61767DAF8899}"

[HKCR\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}\TypeLib]
   • "(Default)"="{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}"
   • "Version"="1.0"

[HKCR\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}]
   • "(Default)"="IApi"

[HKCR\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}\NumMethods]
   • "(Default)"="17"

[HKCR\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}\
   ProxyStubClsid]
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}\
   ProxyStubClsid32]
   • "(Default)"="{DF84E609-C3A4-49CB-A160-61767DAF8899}"

[HKCR\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}\TypeLib]
   • "(Default)"="{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}"
   • "Version"="1.0"

[HKCR\Msi.Package\DefaultIcon]
   • "(Default)"="%SYSDIR%\msiexec.exe,0"

[HKCR\Msi.Patch\DefaultIcon]
   • "(Default)"="%SYSDIR%\msiexec.exe,0"

[HKCR\TypeLib\{000C1092-0000-0000-C000-000000000046}\1.0\409\win32]
   • "(Default)"="%SYSDIR%\msi.dll"

[HKCR\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}\1.0]
   • "(Default)"="WebCakeIEClient 1.0 Type Library"

[HKCR\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}\1.0\0\win32]
   • "(Default)"="%PROGRAM FILES%\WebCake\WebCakeIEClient.dll"

[HKCR\WebCakeIEClient.Api.1]
   • "(Default)"="WebCake Api"

[HKCR\WebCakeIEClient.Api.1\CLSID]
   • "(Default)"="{AF6B0594-6008-4327-93E5-608AD710A6FA}"

[HKCR\WebCakeIEClient.Api]
   • "(Default)"="WebCake Api"

[HKCR\WebCakeIEClient.Api\CLSID]
   • "(Default)"="{AF6B0594-6008-4327-93E5-608AD710A6FA}"

[HKCR\WebCakeIEClient.Api\CurVer]
   • "(Default)"="WebCakeIEClient.Api.1"

[HKCR\WebCakeIEClient.Layers.1]
   • "(Default)"="WebCake"

[HKCR\WebCakeIEClient.Layers.1\CLSID]
   • "(Default)"="{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}"

[HKCR\WebCakeIEClient.Layers]
   • "(Default)"="WebCake"

[HKCR\WebCakeIEClient.Layers\CLSID]
   • "(Default)"="{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}"

[HKCR\WebCakeIEClient.Layers\CurVer]
   • "(Default)"="WebCakeIEClient.Layers.1"

[HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\
   REGISTRY\USER\S-1-5-21-602162358-2077806209-839522115-1003\Software\
   SweetIM\Toolbars\Internet Explorer\Data]
   • "UserRejectedGuard_DS"="dword:0x00000001"
   • "UserRejectedGuard_HP"="dword:0x00000001"
   • "UserSelectedDS"="0"
   • "UserSelectedHP"="0"

[HKLM\SOFTWARE\Babylon\Babylon Client\DefaultSettings]
   • "SetSearch"="dword:0x07777004"

[HKLM\SOFTWARE\Classes\AppID\
   {A2773ED4-83BD-488A-A186-73590706C916}\Instl\Data]
   • "hp_url"="http://mixidj.**********search.com/?affID=121139&babsrc=HP_ss&mntrId=D88100AB2F0C4369"
   • "kw_url"="http://mixidj.**********search.com/?affID=121139&babsrc=KW_ss&mntrId=D88100AB2F0C4369&q="
   • "nt_url"="http://mixidj.**********search.com/?affID=121139&babsrc=NT_ss&mntrId=D88100AB2F0C4369"
   • "sp_name"="Mixi.DJ Search"
   • "sp_url"="http://mixidj.**********search.com/?q={searchTerms}&affID=121139&babsrc=SP_ss&mntrId=D88100AB2F0C4369"
   • "tb_url"="http://mixidj.**********search.com/?q={searchTerms}&affID=121139&babsrc=TB_ss&mntrId=D88100AB2F0C4369"
   • "trace"="dword:0x00000000"

[HKLM\SOFTWARE\Classes\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}\
   defaultEnableAppsList]
   • "(Default)"="layers,brain/features,newOffers/wc"

[HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}\
   InprocServer32]
   • "(Default)"="%SYSDIR%\catsrvut.dll"
   • "ThreadingModel"="Both"

 Varie Collegamento a internet:
Per verificare la propria connessione internet, vengono contattati i seguenti server DNS:
   • bi.soft**********.net
   • dl.cdn-serv**********.com
   • track.idea**********.com
   • reports.mont**********.com

Descrizione inserita da Wensin Lee su venerdì 7 giugno 2013
Descrizione aggiornata da Wensin Lee su venerdì 7 giugno 2013

Indietro . . . .
https:// Questa finestra è criptata per tua sicurezza.