PCの修理が必要ですか?
専門家に頼む
????ADWARE/Privitize.A
????02/01/2013
????????
????????
?????
???????
????????????
????????~809288 ???
VDF???????7.11.55.84 - 2013年1月2日水曜日
IVDF???????7.11.55.84 - 2013年1月2日水曜日

 ???? ADWARE/ malware class description (jp)
????
   • ????????????


??
   •  TrendMicro: TROJ_SPNR.08LS12
   •  Sophos: PrivitizeVPN
     Avast: NSIS:Adware-HT [PUP]
     AVG: Skodna.Generic_c.DA
   •  Eset Win32/TopMedia.B
     Fortinet: Adware/TopMedia


????????/OS?
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7


???
   • ????????????????????????????????????????????
   • ???????????????
   • ???????????

 ????  ????????????????
   • %HOME%\Local Settings\Temp\nsj1.tmp
   • %HOME%\Local Settings\Temp\nsj2.tmp



???????????????

??????????
   • %HOME%\Local Settings\Temp\nsj2.tmp\System.dll; %HOME%\Local
      Settings\Temp\nsj2.tmp\Math.dll; %HOME%\Local
      Settings\Temp\PromoEngineInstaller\InstallerService.dll; %HOME%\Local
      Settings\Temp\PromoEngineInstaller\NETWrapper.dll; %HOME%\Local
      Settings\Temp\nsj2.tmp\lzma.exe; %HOME%\Local
      Settings\Temp\nsj2.tmp\NSISList.dll; %HOME%\Local
      Settings\Temp\nsj2.tmp\NSISdl.dll; %HOME%\Local Settings\Temp\gui.xml;
      %HOME%\Local Settings\Temp\nsj2.tmp\xml.dll; %HOME%\Local
      Settings\Temporary Internet Files\Content.IE5\index.dat;
      %HOME%\Cookies\index.dat; %HOME%\Local
      Settings\History\History.IE5\index.dat;
      %HOME%\Cookies\biluta@privitize[1].txt; %HOME%\Local
      Settings\Temp\nsj2.tmp\ioSpecial.ini; %HOME%\Local
      Settings\Temp\nsj2.tmp\modern-wizard.bmp; %HOME%\Local
      Settings\Temp\nsj2.tmp\nsDialogs.dll; %HOME%\Local
      Settings\Temp\nsj2.tmp\ButtonEvent.dll; %HOME%\Local
      Settings\Temp\nsj2.tmp\ThreadTimer.dll




???????????????????

???????????
   • http://c1.zoomex.net/addons/prvtzd_dub.exe
????????????????????

 ????? ???????????????????

[HKCU\Software\StartSearch\plug-in]
   • "uudata"="d568313c-570f-11e2-978a-000c291a3bc6"

[HKCU\SOFTWARE\StartSe]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
   • "MigrateProxy"=dword:00000001
   • "ProxyEnable"=dword:00000000
   • "ProxyServer"=-
   • "ProxyOverride"=-
   • "AutoConfigURL"=-

説明の挿入者 Elias Lan の 2013年1月5日土曜日
説明の更新者 Elias Lan の 2013年1月5日土曜日

戻る . . . .
https:// このウィンドウは暗号化されています。