Precisa de ajuda? Peça à comunidade ou contrate um perito.
Acesse a Avira Answers
VírusAdware/GoonSquad.A
Data em que surgiu:17/09/2012
Tipo:Adware/Spyware
Incluído na lista "In The Wild"Não
Nível de danos:Médio
Nível de distribuição:Baixo
Nível de risco:Baixo
Versão VDF:7.11.43.68 - segunda-feira, 17 de setembro de 2012
Versão IVDF:7.11.43.68 - segunda-feira, 17 de setembro de 2012

 Vulgarmente Meio de transmissão:
   • Não tem rotinas de propagação


Sistemas Operativos:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7


Efeitos secundários:
   • Altera o registo do Windows

 Ficheiros São criados os seguintes ficheiros:

– Ficheiros não maliciosos:
   • %ALLUSERSPROFILE%\Application
      Data\bProtectorForWindows\2.1.419.7\traking_settings\00;
      %ALLUSERSPROFILE%\Application
      Data\bProtectorForWindows\2.1.419.7\traking_settings\01;
      %ALLUSERSPROFILE%\Application
      Data\bProtectorForWindows\2.1.419.7\traking_settings\10;
      %ALLUSERSPROFILE%\Application
      Data\bProtectorForWindows\2.1.419.7\traking_settings\11;
      %ALLUSERSPROFILE%\Application
      Data\bProtectorForWindows\2.1.419.7\traking_settings\20;
      %ALLUSERSPROFILE%\Application
      Data\bProtectorForWindows\2.1.419.7\traking_settings\21;
      %ALLUSERSPROFILE%\bProtectorForWindows\2.1.419.7\bProtect.settings;
      %ALLUSERSPROFILE%\bProtectorForWindows\2.1.419.7\protector.dll;
      %ALLUSERSPROFILE%\bProtectorForWindows\2.1.419.7\FirefoxExtension\chrome.manifest;
      %ALLUSERSPROFILE%\Application
      Data\bProtectorForWindows\2.1.419.7\FirefoxExtension\components\bprotector-10.0.2.dll;
      %ALLUSERSPROFILE%\Application
      Data\bProtectorForWindows\2.1.419.7\FirefoxExtension\components\bprotector-11.0.dll;
      %ALLUSERSPROFILE%\bProtectorForWindows\2.1.419.7\FirefoxExtension\components\bprotector-3.6.dll;
      %ALLUSERSPROFILE%\Application
      Data\bProtectorForWindows\2.1.419.7\FirefoxExtension\components\bprotector-3.6.xpt;
      %ALLUSERSPROFILE%\Application
      Data\bProtectorForWindows\2.1.419.7\FirefoxExtension\components\bprotector-5.0.dll;
      %ALLUSERSPROFILE%\Application
      Data\bProtectorForWindows\2.1.419.7\FirefoxExtension\components\bprotector-6.0.2.dll;
      %ALLUSERSPROFILE%\Application
      Data\bProtectorForWindows\2.1.419.7\FirefoxExtension\components\bprotector-7.0.1.dll;
      %ALLUSERSPROFILE%\Application
      Data\bProtectorForWindows\2.1.419.7\FirefoxExtension\components\bprotector-8.0.1.dll;
      %ALLUSERSPROFILE%\Application
      Data\bProtectorForWindows\2.1.419.7\FirefoxExtension\components\bprotector-9.0.1.dll;
      %ALLUSERSPROFILE%\Application
      Data\bProtectorForWindows\2.1.419.7\FirefoxExtension\content\bprotector.js;
      %ALLUSERSPROFILE%\Application
      Data\bProtectorForWindows\2.1.419.7\FirefoxExtension\content\overlay.xul;
      %ALLUSERSPROFILE%\Application
      Data\bProtectorForWindows\2.1.419.7\FirefoxExtension\install.rdf

– Ficheiros temporários que poderam ser apagados mais tarde:
   • %temp%\protector.dll
   • %temp%\bProtect.exe

 Registry (Registo do Windows) Adiciona a seguinte chave ao registo do Windows para executar o serviço ao iniciar o sistema:

– [HKLM\SYSTEM\ControlSet001\Control\ServiceCurrent]
   • @=dword:00000009



São adicionadas as seguintes chaves ao registo:

– [HKCU\Software\bProtector]
   • "version"="2.1.419.7"

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\
   bProtectSettings\{754FF233-5D4E-11D2-875B-00A0C93C09B3}]
   • "Flags"=dword:00000001
   • "Version"="*"

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\
   bProtectSettings\{B1549E58-3894-11D2-BB7F-00A0C999C4C1}]
   • "Flags"=dword:00000001
   • "Version"="*"

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\
   bProtectSettings\{BDD307C3-7BC0-4542-9F8F-A9611FE6C1BF}]
   • "Flags"=dword:00000001
   • "Version"="*"

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\
   bProtectSettings\{C533ADF1-0C80-11D1-8C54-00A02468F316}]
   • "Flags"=dword:00000001
   • "Version"="*"

– [HKCU\Software\bProtector\2.1.419.7]
   • "cmpid"=""
   • "subid"=""
   • "iexplore homepages"="about:blank;"
   • "instance"="f90d803d7bb246b8a890d6d8b6800dd5"

– [HKCU\Software\DataMngr\List\Item1]
   • "Flag"=dword:00000000

– [HKCU\Software\DataMngr\List\Item2]
   • "Flag"=dword:00000000

– [HKCU\Software\DataMngr\List\Item3]
   • "Flag"=dword:00000000

– [HKLM\SOFTWARE\DataMngr\List\Item1]
   • "Flag"=dword:00000000

– [HKLM\SOFTWARE\DataMngr\List\Item2]
   • "Flag"=dword:00000000

– [HKLM\SOFTWARE\DataMngr\List\Item3]
   • "Flag"=dword:00000000

– [HKCU\Software\DataMngr\Toolbar]
   • "Flag"=dword:00000000

– [HKCU\Software\DataMngr\Files\ChromeHomepage]
   • "Flag"=dword:00000000

– [HKCU\Software\DataMngr\Files\Homepage]
   • "Flag"=dword:00000000

– [HKCU\Software\DataMngr\Files\SelectedSearch]
   • "Flag"=dword:00000000

– [HKCU\Software\DataMngr\Files\UrlbarSearch]
   • "Flag"=dword:00000000

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\
   bProtectSettings\{98889811-442D-49dd-99D7-DC866BE87DBC}]
   • "Flags"=dword:00000000
   • "Version"="*"

– [HKCU\Software\mozilla\Firefox\Extensions]
   • "{b64982b1-d112-42b5-b1e4-d3867c4533f8}"="C:\Documents and Settings\\All Users\\Application Data\\bProtectorForWindows\\2.1.419.7\\FirefoxExtension"

– [HKLM\SYSTEM\ControlSet001\Services\bProtector]
   • "Type"=dword:00000020
   • "Start"=dword:00000002
   • "ErrorControl"=dword:00000001
   • "ImagePath"="C:\Documents and Settings\\All Users\\Application Data\\bProtectorForWindows\\2.1.419.7\\bProtect.exe"
   • "DisplayName"="bProtector"
   • "ObjectName"="LocalSystem"
   • "Description"="Your browser protector service"
   • "FailureActions"=hex:ff,ff,ff,ff,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\00,01,00,00,00,30,75,00,00

– [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTOR]
   • "NextInstance"=dword:00000001

– [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTOR\0000]
   • "Service"="bProtector"
   • "Legacy"=dword:00000001
   • "ConfigFlags"=dword:00000000
   • "Class"="LegacyDriver"
   • "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
   • "DeviceDesc"="bProtector"

– [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTOR\0000\
   Control]
   • "*NewlyCreated*"=dword:00000000
   • "ActiveService"="bProtector"

– [HKLM\SYSTEM\ControlSet001\Services\bProtector\Enum]
   • "0"="Root\\LEGACY_BPROTECTOR\\0000"
   • "Count"=dword:00000001
   • "NextInstance"=dword:00000001



O seguinte valor do registo é alterado:

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
   Valor anterior:
   • "AppInit_DLLs"=""
   Valor recente:
   • "AppInit_DLLs"="C:\docume~1\\alluse~1\\applic~1\\bprote~1\\21419~1.7\\protec~1.dll "
   • "LoadAppInit_DLLs"=dword:00000001

 Informações diversas Para conferir a sua ligação à internet é contactado o seguinte servidor de DNS:
   • guardstats.**********engine.com

Descrição enviada por Wensin Lee em quarta-feira, 19 de setembro de 2012
Descrição atualizada por Wensin Lee em quarta-feira, 19 de setembro de 2012

Voltar . . . .
https:// Esta janela é criptografada para sua segurança.