病毒:Adware/EasyDownlo.A
发现日期:13/12/2012
类型:广告软件/间谍软件
广泛传播:
病毒传播个案呈报:低程度至中程度
感染/传播能力:低程度
破坏 / 损害程度:低程度
VDF 版本:7.11.53.216 - 2012년 12월 13일 목요일
IVDF 版本:7.11.53.216 - 2012년 12월 13일 목요일

 况概描述 传播方法:
   • 无内置传播例程


别名:
   •  Eset: NSIS/TrojanDownloader.Agent.NLH trojan
   •  Norman: Virus W32/Obfuscated_VPE.BVE.dropper


平台/操作系统:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7


副作用:
   • 注册表修改


执行完毕之后会显示以下信息:


 文件 创建以下文件:

– 之后可删除的临时文件:
   • %temp%\nsd3.tmp
   • %temp%\nst4.tmp\nsExec.dll
   • %temp%\nst4.tmp\ns5.tmp

 注册表 会添加以下注册表项目注册值:

– [HKCR\AppID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE}]
   • "(Default)"="bho_project"

– [HKCR\AppID\bho_project.DLL]
   • "AppID"="{186E19A3-B909-4F48-B687-BB81EB8BC7CE}"

– [HKCR\CLSID\{BA0454C5-FD30-428E-8DB9-3FF87A612F64}]
   • "(Default)"="VideoFileDownload"

– [HKCR\CLSID\{BA0454C5-FD30-428E-8DB9-3FF87A612F64}\InprocServer32]
   • "(Default)"="%PROGRAM FILES%\OpenApp\bho_project.dll"

– [HKCR\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96}\1.0\0\win32]
   • "(Default)"="%PROGRAM FILES%\OpenApp\bho_project.dll"

– [HKCR\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96}\1.0\FLAGS]
   • "(Default)"="0"

– [HKCR\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96}\1.0\HELPDIR]
   • "(Default)"="%PROGRAM FILES%\OpenApp"

– [HKLM\SOFTWARE\Classes\AppID\
   {186E19A3-B909-4F48-B687-BB81EB8BC7CE}]
   • "(Default)"="bho_project"

– [HKLM\SOFTWARE\Classes\AppID\bho_project.DLL]
   • "AppID"="{186E19A3-B909-4F48-B687-BB81EB8BC7CE}"

– [HKLM\SOFTWARE\Classes\CLSID\
   {BA0454C5-FD30-428E-8DB9-3FF87A612F64}]
   • "(Default)"="VideoFileDownload"

– [HKLM\SOFTWARE\Classes\CLSID\{BA0454C5-FD30-428E-8DB9-3FF87A612F64}\
   InprocServer32]
   • "(Default)"="%PROGRAM FILES%\OpenApp\bho_project.dll"

– [HKLM\SOFTWARE\Classes\Interface\
   {3AE26843-9171-4F23-A8E5-5421701276A4}]
   • "(Default)"="Ibho_object"

– [HKLM\SOFTWARE\Classes\TypeLib\
   {B00FE392-639D-4688-976E-A1BFF368CB96}\1.0]
   • "(Default)"="bho_project 1.0 Type Library"

– [HKLM\SOFTWARE\Classes\TypeLib\
   {B00FE392-639D-4688-976E-A1BFF368CB96}\1.0\0\win32]
   • "(Default)"="%PROGRAM FILES%\OpenApp\bho_project.dll"

– [HKLM\SOFTWARE\Classes\TypeLib\
   {B00FE392-639D-4688-976E-A1BFF368CB96}\1.0\FLAGS]
   • "(Default)"="0"

– [HKLM\SOFTWARE\Classes\TypeLib\
   {B00FE392-639D-4688-976E-A1BFF368CB96}\1.0\HELPDIR]
   • "(Default)"="%PROGRAM FILES%\OpenApp"

– [HKLM\SOFTWARE\Google\Chrome\Extensions\
   kincjchfokkeneeofpeefomkikfkiedl]
   • "path"="%PROGRAM FILES%\OpenApp\chromeaddon.crx"

– [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\
   ElevationPolicy\{BA0454C5-FD30-428E-8DB9-3FF87A612F64}]
   • "AppName"="VFDInstall.exe"
   • "AppPath"="%PROGRAM FILES%\OpenApp"

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
   Browser Helper Objects\{BA0454C5-FD30-428E-8DB9-3FF87A612F64}]
   • "(Default)"="BHO_PROJECT"
   • "NoExplorer"="dword:0x00000001"

 其他 互联网连接:
为了检查互联网连接,会访问以下 DNS 服务器:
   • cdn.secure**********.info
   • **********opy.eu
   • track.trk**********.info
   • track2.trk**********.info

Description inserted by Wensin Lee on dinsdag 9 oktober 2012
Description updated by Wensin Lee on dinsdag 9 oktober 2012

Terug . . . .

© 2013 Avira Operations GmbH & Co. KG. Alle rechten voorbehouden.

Mijn Account

https:// Dit venster is voor uw veiligheid gecodeerd.