Precisa de ajuda? Peça à comunidade ou contrate um perito.
Acesse a Avira Answers
Virus:Adware/DomaIQ.GK
Type:Adware
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low to medium
Static file:Yes
VDF version:7.11.83.96 - Friday, June 7, 2013
IVDF version:7.11.83.96 - Friday, June 7, 2013

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Kaspersky: not-a-virus:AdWare.Win32.DomaIQ.cb
   •  Eset: Win32/DomaIQ.I


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7


Side effects:
   • Registry modification


Right after execution the following information is displayed:


 Files  It deletes the following files:
   • %Temp%\DIQM\Setup_151\bin\Webcake\info.html
   • %Temp%\DIQM\Setup_151\bin\SpeedUpMyPc\info.html
   • %Temp%\DIQM\Setup_151\bin\OptimizerPro\info.html
   • %Temp%\DIQM\Setup_151\bin\MixiDjYahoo\info.html
   • %Temp%\DIQM\Setup_151\bin\exe\close.html
   • %Temp%\DIQM\Setup_151\bin\exe\finish.html
   • %Temp%\DIQM\Setup_151\bin\exe\instalando.html
   • %Temp%\DIQM\Setup_151\bin\exe\options.html
   • %Temp%\DIQM\Setup_151\bin\exe\welcome.html
   • %Temp%\DIQM\Setup_151\bin\Driverpro\info.html
   • %Temp%\DIQM\Setup_151\bin\Dealply\info.html



The following files are created:

– Temporary files that might be deleted afterwards:
   • %Temp%\DIQM\Setup_151\bin\Dealply\info.html
   • %Temp%\DIQM\Setup_151\temp\OptimizerProinfo.dfe
   • %Temp%\DIQM\Setup_151\bin\css\images\optimizerpro-img.png
   • %Temp%\DIQM\Setup_151\bin\css\images\optimizerpro-logo-big.png
   • %Temp%\DIQM\Setup_151\bin\css\images\optimizerpro-logo.png
   • %Temp%\DIQM\Setup_151\bin\css\optimizerpro.css
   • %Temp%\DIQM\Setup_151\bin\OptimizerPro\info.html
   • %Temp%\DIQM\Setup_151\temp\SpeedUpMyPcinfo.dfe
   • %Temp%\DIQM\Setup_151\bin\css\images\speedupmypc-img.png
   • %Temp%\DIQM\Setup_151\bin\css\speedupmypc.css
   • %Temp%\DIQM\Setup_151\bin\SpeedUpMyPc\info.html
   • %Temp%\DIQM\Setup_151\temp\Driverproinfo.dfe
   • %Temp%\DIQM\Setup_151\bin\css\driverpro.css
   • %Temp%\DIQM\Setup_151\bin\css\images\driverpro-img.png
   • %Temp%\DIQM\Setup_151\bin\Driverpro\info.html
   • %Temp%\DIQM\Setup_151\bin\Driverpro\info.html
   • %Temp%\DIQM\Setup_151\bin\Webcake\info.dfe
   • %Temp%\DIQM\Setup_151\bin\SpeedUpMyPc\info.dfe
   • %Temp%\DIQM\Setup_151\bin\MixiDjYahoo\info.dfe
   • %Temp%\DIQM\Setup_151\bin\exe\close.dfe
   • %Temp%\DIQM\Setup_151\bin\exe\finish.dfe
   • %Temp%\DIQM\Setup_151\bin\exe\instalando.dfe
   • %Temp%\DIQM\Setup_151\bin\exe\options.dfe
   • %Temp%\DIQM\Setup_151\bin\exe\welcome.dfe
   • %Temp%\DIQM\Setup_151\bin\Driverpro\info.dfe
   • %Temp%\DIQM\Setup_151\bin\Dealply\info.dfe
   • %Temp%\DIQM\Setup_151\bin\css\base.css
   • %Temp%\DIQM\Setup_151\Software\MixiDjYahoo
   • %Temp%\DIQM\Setup_151\Software\Webcake
   • %Temp%\DIQM\Setup_151\Software\OptimizerPro.exe
   • %Temp%\DIQM\Setup_151\Software\Setup

 Registry The following registry keys are added in order to load the service after reboot:

[HKCU\Software\Microsoft\Internet Explorer\Main]
   • "ApplicationTileImmersiveActivation"="dword:0x00000000"
   • "AssociationActivationMode"="dword:0x00000002"
   • "bProtector Start Page"="http://mixidj.d**********.com/?affID=121139&babsrc=HP_ss&mntrId=D88100AB2F0C4369"
   • "Start Page"="http://mixidj.**********search.com/?affID=121139&babsrc=HP_ss&mntrId=D88100AB2F0C4369"



The following registry keys are added:

[HKCR\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}]
   • "(Default)"="WebCakeIEClient"

[HKCR\AppID\{A2773ED4-83BD-488A-A186-73590706C916}\Instl\Data]
   • "hp_url"="http://mixidj.**********search.com/?affID=121139&babsrc=HP_ss&mntrId=D88100AB2F0C4369"
   • "kw_url"="http://mixidj.**********search.com/?affID=121139&babsrc=KW_ss&mntrId=D88100AB2F0C4369&q="
   • "nt_url"="http://mixidj.**********search.com/?affID=121139&babsrc=NT_ss&mntrId=D88100AB2F0C4369"
   • "sp_name"="Mixi.DJ Search"
   • "sp_url"="http://mixidj.**********search.com/?q={searchTerms}&affID=121139&babsrc=SP_ss&mntrId=D88100AB2F0C4369"
   • "tb_url"="http://mixidj.**********search.com/?q={searchTerms}&affID=121139&babsrc=TB_ss&mntrId=D88100AB2F0C4369"
   • "trace"="dword:0x00000000"

[HKCR\AppID\WebCakeIEClient.DLL]
   • "AppID"="{7169BBB3-3289-4696-B35D-4A88BCF6FB12}"

[HKCR\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}]
   • "(Default)"="WebCake"

[HKCR\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}\InprocServer32]
   • "(Default)"="%PROGRAM FILES%\WebCake\WebCakeIEClient.dll"
   • "ThreadingModel"="Apartment"

[HKCR\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}\ProgID]
   • "(Default)"="WebCakeIEClient.Layers.1"

[HKCR\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}\TypeLib]
   • "(Default)"="{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}"

[HKCR\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}\
   VersionIndependentProgID]
   • "(Default)"="WebCakeIEClient.Layers"

[HKCR\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}]
   • "(Default)"="WebCake Api"

[HKCR\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}\InprocServer32]
   • "(Default)"="%PROGRAM FILES%\WebCake\WebCakeIEClient.dll"
   • "ThreadingModel"="Apartment"

[HKCR\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}\ProgID]
   • "(Default)"="WebCakeIEClient.Api.1"

[HKCR\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}\TypeLib]
   • "(Default)"="{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}"

[HKCR\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}\
   VersionIndependentProgID]
   • "(Default)"="WebCakeIEClient.Api"

[HKCR\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}]
   • "(Default)"="1fcaa1f5-3b6e-422a-8670-48faa1b6f168"

[HKCR\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}\
   defaultEnableAppsList]
   • "(Default)"="layers,brain/features,newOffers/wc"

[HKCR\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}\InprocServer32]
   • "(Default)"="%SYSDIR%\catsrvut.dll"
   • "ThreadingModel"="Both"

[HKCR\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}]
   • "(Default)"="PSFactoryBuffer"

[HKCR\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}\InProcServer32]
   • "(Default)"="%PROGRAM FILES%\WebCake\WebCakeIEClient.dll"
   • "ThreadingModel"="Both"

[HKCR\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}]
   • "(Default)"="c566ff0c-d67f-4a22-9898-6422e366dd92"

[HKCR\Interface\{000C1025-0000-0000-C000-000000000046}\NumMethods]
   • "(Default)"="33"

[HKCR\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}]
   • "(Default)"="ILayers"

[HKCR\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}\NumMethods]
   • "(Default)"="7"

[HKCR\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}\
   ProxyStubClsid]
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}\
   ProxyStubClsid32]
   • "(Default)"="{DF84E609-C3A4-49CB-A160-61767DAF8899}"

[HKCR\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}\TypeLib]
   • "(Default)"="{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}"
   • "Version"="1.0"

[HKCR\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}]
   • "(Default)"="IApi"

[HKCR\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}\NumMethods]
   • "(Default)"="17"

[HKCR\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}\
   ProxyStubClsid]
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}\
   ProxyStubClsid32]
   • "(Default)"="{DF84E609-C3A4-49CB-A160-61767DAF8899}"

[HKCR\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}\TypeLib]
   • "(Default)"="{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}"
   • "Version"="1.0"

[HKCR\Msi.Package\DefaultIcon]
   • "(Default)"="%SYSDIR%\msiexec.exe,0"

[HKCR\Msi.Patch\DefaultIcon]
   • "(Default)"="%SYSDIR%\msiexec.exe,0"

[HKCR\TypeLib\{000C1092-0000-0000-C000-000000000046}\1.0\409\win32]
   • "(Default)"="%SYSDIR%\msi.dll"

[HKCR\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}\1.0]
   • "(Default)"="WebCakeIEClient 1.0 Type Library"

[HKCR\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}\1.0\0\win32]
   • "(Default)"="%PROGRAM FILES%\WebCake\WebCakeIEClient.dll"

[HKCR\WebCakeIEClient.Api.1]
   • "(Default)"="WebCake Api"

[HKCR\WebCakeIEClient.Api.1\CLSID]
   • "(Default)"="{AF6B0594-6008-4327-93E5-608AD710A6FA}"

[HKCR\WebCakeIEClient.Api]
   • "(Default)"="WebCake Api"

[HKCR\WebCakeIEClient.Api\CLSID]
   • "(Default)"="{AF6B0594-6008-4327-93E5-608AD710A6FA}"

[HKCR\WebCakeIEClient.Api\CurVer]
   • "(Default)"="WebCakeIEClient.Api.1"

[HKCR\WebCakeIEClient.Layers.1]
   • "(Default)"="WebCake"

[HKCR\WebCakeIEClient.Layers.1\CLSID]
   • "(Default)"="{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}"

[HKCR\WebCakeIEClient.Layers]
   • "(Default)"="WebCake"

[HKCR\WebCakeIEClient.Layers\CLSID]
   • "(Default)"="{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}"

[HKCR\WebCakeIEClient.Layers\CurVer]
   • "(Default)"="WebCakeIEClient.Layers.1"

[HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\
   REGISTRY\USER\S-1-5-21-602162358-2077806209-839522115-1003\Software\
   SweetIM\Toolbars\Internet Explorer\Data]
   • "UserRejectedGuard_DS"="dword:0x00000001"
   • "UserRejectedGuard_HP"="dword:0x00000001"
   • "UserSelectedDS"="0"
   • "UserSelectedHP"="0"

[HKLM\SOFTWARE\Babylon\Babylon Client\DefaultSettings]
   • "SetSearch"="dword:0x07777004"

[HKLM\SOFTWARE\Classes\AppID\
   {A2773ED4-83BD-488A-A186-73590706C916}\Instl\Data]
   • "hp_url"="http://mixidj.**********search.com/?affID=121139&babsrc=HP_ss&mntrId=D88100AB2F0C4369"
   • "kw_url"="http://mixidj.**********search.com/?affID=121139&babsrc=KW_ss&mntrId=D88100AB2F0C4369&q="
   • "nt_url"="http://mixidj.**********search.com/?affID=121139&babsrc=NT_ss&mntrId=D88100AB2F0C4369"
   • "sp_name"="Mixi.DJ Search"
   • "sp_url"="http://mixidj.**********search.com/?q={searchTerms}&affID=121139&babsrc=SP_ss&mntrId=D88100AB2F0C4369"
   • "tb_url"="http://mixidj.**********search.com/?q={searchTerms}&affID=121139&babsrc=TB_ss&mntrId=D88100AB2F0C4369"
   • "trace"="dword:0x00000000"

[HKLM\SOFTWARE\Classes\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}\
   defaultEnableAppsList]
   • "(Default)"="layers,brain/features,newOffers/wc"

[HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}\
   InprocServer32]
   • "(Default)"="%SYSDIR%\catsrvut.dll"
   • "ThreadingModel"="Both"

 Miscellaneous Internet connection:
In order to check for its internet connection the following DNS servers are contacted:
   • bi.soft**********.net
   • dl.cdn-serv**********.com
   • track.idea**********.com
   • reports.mont**********.com

Descrição enviada por Wensin Lee em sexta-feira, 7 de junho de 2013
Descrição atualizada por Wensin Lee em sexta-feira, 7 de junho de 2013

Voltar . . . .
https:// Esta janela é criptografada para sua segurança.