Need help? Ask the community or hire an expert.
Go to Avira Answers
病毒:Adware/InstallBai.A
发现日期:13/12/2012
类型:广告软件/间谍软件
广泛传播:
病毒传播个案呈报:低程度
感染/传播能力:低程度
破坏 / 损害程度:低程度
VDF 版本:7.11.53.216 - 2012년 12월 13일 목요일
IVDF 版本:7.11.53.216 - 2012년 12월 13일 목요일

 况概描述 传播方法:
   • 无内置传播例程


别名:
   •  Eset: a variant of Win32/InstallCore.AW application


平台/操作系统:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7


副作用:
   • 注册表修改


执行完毕之后会显示以下信息:


 文件 创建以下文件:

– 之后可删除的临时文件:
   • %temp%\000AFD89.log
   • %temp%\ish720281\css\ie6_main.css
   • %temp%\ish720281\css\main.css
   • %temp%\ish720281\css\sdk-ui\browse.css
   • %temp%\ish720281\css\sdk-ui\button.css
   • %temp%\ish720281\css\sdk-ui\checkbox.css
   • %temp%\ish720281\css\sdk-ui\images\button-bg.png
   • %temp%\ish720281\css\sdk-ui\images\progress-bg-corner.png
   • %temp%\ish720281\css\sdk-ui\images\progress-bg.png
   • %temp%\ish720281\css\sdk-ui\images\progress-bg2.png
   • %temp%\ish720281\css\sdk-ui\progress-bar.css
   • %temp%\ish720281\csshover3.htc
   • %temp%\ish720281\defaultOffer\images\toolbar.png
   • %temp%\ish720281\form.bmp.Mask
   • %temp%\ish720281\images\bg.png
   • %temp%\ish720281\images\bg_new.png
   • %temp%\ish720281\images\close.png
   • %temp%\ish720281\images\close_hover.png
   • %temp%\ish720281\images\color_btn.png
   • %temp%\ish720281\images\color_btn_hover.png
   • %temp%\ish720281\images\grey_btn.png
   • %temp%\ish720281\images\grey_btn_hover.png
   • %temp%\ish720281\images\icon_generic.png
   • %temp%\ish720281\images\loader.gif
   • %temp%\ish720281\images\pause_btn.png
   • %temp%\ish720281\images\progress.png
   • %temp%\ish720281\images\progress_bar.png
   • %temp%\ish720281\images\resume_btn.png
   • %temp%\ish720281\images\sheild.jpg
   • %temp%\ish720281\images\sheild.png
   • %temp%\ish720281\images\welcome_prod_box.png
   • %temp%\ish720281\bootstrap_42113.html
   • %temp%\000B0653.log
   • %temp%\000B071E.log
   • %temp%\000B19BC.log
   • %temp%\000B1A0A.log
   • %temp%\IS7011~1\2043151743.cfg
   • %temp%\IS7011~1\1022637949.cfg
   • %temp%\000B2499.log
   • %temp%\000B24B8.log
   • %temp%\000B2E2E.log
   • %temp%\isf_722823.flat
   • %HOME%\Desktop\Continue Bluetooth Driver Installer Installation.lnk
   • %temp%\000B409D.log

 注册表 会添加以下注册表项目注册值:

– [HKCR\CLSID\{616F0423-230C-C3C4-C28A-87497B0FAE22}]
   • "Author"="Microsoft"
   • "FriendlyName"="Interop Writer"
   • "MetadataFormat"="{ED686F8E-681F-4C8B-BD41-A8ADDBF6B3FC}"
   • "RequiresFullStream"="dword:0x00000001"
   • "SpecVersion"="1.0.0.0"
   • "SupportsPadding"="dword:0x00000001"
   • "Vendor"="{F0E749CA-EDEF-4589-A73A-EE0E626A2A2B}"
   • "Version"="1.0.0.0"

– [HKCR\CLSID\{616F0423-230C-C3C4-C28A-87497B0FAE22}\Containers\
   {1C3C4F9D-B84A-467D-9493-36CFBD59EA57}]
   • "WriteHeader"="hex:05,a0,04,00,01,00,00,00"
   • "WritePosition"="dword:0x00000000"

– [HKCR\CLSID\{616F0423-230C-C3C4-C28A-87497B0FAE22}\InProcServer32]
   • "(Default)"="windowscodecs.dll"

– [HKCU\Software\Baixaki]
   • "BluetoothDriverInstallerx86.exe"="1352139761921,http://dl.baixaki.com.br/programas/63731/BluetoothDriverInstallerx86.exe"

– [HKLM\SOFTWARE\Classes\CLSID\
   {616F0423-230C-C3C4-C28A-87497B0FAE22}]
   • "Author"="Microsoft"
   • "FriendlyName"="Interop Writer"
   • "MetadataFormat"="{ED686F8E-681F-4C8B-BD41-A8ADDBF6B3FC}"
   • "RequiresFullStream"="dword:0x00000001"
   • "SpecVersion"="1.0.0.0"
   • "SupportsPadding"="dword:0x00000001"
   • "Vendor"="{F0E749CA-EDEF-4589-A73A-EE0E626A2A2B}"
   • "Version"="1.0.0.0"

– [HKLM\SOFTWARE\Classes\CLSID\{616F0423-230C-C3C4-C28A-87497B0FAE22}\
   InProcServer32]
   • "(Default)"="windowscodecs.dll"

 其他 互联网连接:
为了检查互联网连接,会访问以下 DNS 服务器:
   • os.bai**********ki.com.br
   • d.a**********pd.com
   • dl.bai**********ki.com.br

설명 삽입자 Wensin Lee   2012년 11월 8일 목요일
설명 업데이트 Wensin Lee   2012년 11월 8일 목요일

뒤로 . . . .
https:// 이 창은 보안을 위해 암호화되었습니다.