Precisa de ajuda? Peça à comunidade ou contrate um perito.
Acesse a Avira Answers
Virus:ADWARE/InstallCore.Gen7
Date discovered:18/12/2012
Type:Adware
In the wild:Yes
Reported Infections:Low to medium
Distribution Potential:Low
Damage Potential:Low
Static file:No
File size:655.200 Bytes
MD5 checksum:15DFBD389345B2C54E7F7D6AA728F4E5
VDF version:7.11.54.46 - Tuesday, December 18, 2012
IVDF version:7.11.54.46 - Tuesday, December 18, 2012

 General ADWARE/ - Adware

This class of detection flags software that display ads, usually in the internet browser by modifying displayed pages or opening aditional pages with ads. These adware programs are usually installed by the users themselves or come with other software that the users install themselves (usually in exchange for using the software for free or as a default install option).

Users might be unaware that this software was installed or of its behaviour. This detection is meant to flag the file and the behaviour as part of legitimate ad displaying software.

This detection can be disabled and is recommended if the user is aware of the software installed on his/her system and doesn't want this type of software to be detected.
Method of propagation:
   • No own spreading routine


Aliases:
   •  Eset: Win32/InstallCore.BG
   •  DrWeb: Adware.InstallCore.125


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7


Side effects:
   • Downloads files
   • Drops files


Right after execution it runs a windows application which will display the following window:


 Files – %APPDATA%\eIntaller\%random character string% \eGdpSvc.exe Furthermore it gets executed after it was fully created.
– %APPDATA%\eIntaller\%random character string% \eXQ.exe Furthermore it gets executed after it was fully created.

 Miscellaneous  Checks for an internet connection by contacting the following web sites:
   • http://www.tw**********pSvc.exe
   • http://www.tw**********Q.exe

Descrição enviada por Eric Burk em sexta-feira, 9 de agosto de 2013
Descrição atualizada por Eric Burk em sexta-feira, 9 de agosto de 2013

Voltar . . . .
https:// Esta janela é criptografada para sua segurança.