Precisa de ajuda? Peça à comunidade ou contrate um perito.
Acesse a Avira Answers
Virus:ADWARE/WebCake.A
Date discovered:13/07/2013
Type:Adware
In the wild:Yes
Reported Infections:High
Distribution Potential:Low
Damage Potential:Low
Static file:Yes
File size:1.212.288 Bytes
MD5 checksum:FE6B34DA2D16E6C6D10B6C126B137C15
VDF version:7.11.90.94 - Saturday, July 13, 2013
IVDF version:7.11.90.94 - Saturday, July 13, 2013

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Eset: Win32/Adware.Yontoo.B
   •  DrWeb: Adware.Plugin.11
   •  Fortinet: Adware/Yontoo.A


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7


Side effects:
   • Drops files
   • Registry modification


Right after execution the following information is displayed:


 Files – A file that is for temporary use and it might be deleted afterwards:
   • %TEMPDIR%\sample-062C.exe

%PROGRAM FILES%\WebCake\WebCakeDesktop.Updater.exe Furthermore it gets executed after it was fully created.
– %APPDATA%\WebCake\WebCakeDesktop.exe Furthermore it gets executed after it was fully created.

 Registry The following registry keys are added in order to load the service after reboot:

– [HKLM\SYSTEM\ControlSet001\Services\WebCake Desktop Updater]
   • "Type"=dword:00000010
   • "Start"=dword:00000002
   • "ErrorControl"=dword:00000001
   • "ImagePath"="%PROGRAM FILES%\WebCake\WebCakeDesktop.Updater.exe" "%APPDATA%\WebCake\WebCakeDesktop.exe"
   • "DisplayName"="WebCake Desktop Updater"
   • "ObjectName"="LocalSystem"
   • "Description"="Provides limited updating assistance for WebCake Desktop"

Descrição enviada por Eric Burk em domingo, 14 de julho de 2013
Descrição atualizada por Eric Burk em domingo, 14 de julho de 2013

Voltar . . . .
https:// Esta janela é criptografada para sua segurança.