Нужен совет? Обратитесь за помощью к сообществу или специалистам.
Перейти к Avira Answers
Nume:Adware/InstallRex.O
Descoperit pe data de:16/01/2013
Tip:Adware/Spyware
ITW:Nu
Numar infectii raportate:Scazut
Potential de raspandire:Scazut
Potential de distrugere:Scazut
Versiune VDF:7.11.57.110 - miercuri, 16 ianuarie 2013
Versiune IVDF:7.11.57.110 - miercuri, 16 ianuarie 2013

 General Metoda de raspandire:
   • Nu are rutina proprie de raspandire


Alias:
   •  Eset: Win32/InstalleRex.E.Gen application


Sistem de operare:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7


Efecte secundare:
   • Modificari in registri


Imediat dupa lansarea in executie, pe ecran este afisat:


 Fisiere Sunt create fisierele:

Fisiere inofensive:
   • %temp%\11DC2CB9.dat
   • %temp%\{57C04963-CC76-4DDE-AF35-84548C236B95}\_Setup.dll
   • %temp%\{57C04963-CC76-4DDE-AF35-84548C236B95}\Setup.ico
   • %temp%\{57C04963-CC76-4DDE-AF35-84548C236B95}\Readme.txt
   • %temp%\{57C04963-CC76-4DDE-AF35-84548C236B95}\_Setupx.dll
   • %temp%\{57C04963-CC76-4DDE-AF35-84548C236B95}\Setup.exe

– Un fisier temporar care poate fi sters dupa aceea:
   • %temp%\Tsu575CCAE6.dll

 Registrii sistemului Urmatoarele chei sunt adaugate in registrii sistemului:

[HKCR\CLSID\{6DFE9FD5-C843-3189-B774-2DE96F367673}]
   • "(Default)"="Vaudix"

[HKCR\CLSID\{6DFE9FD5-C843-3189-B774-2DE96F367673}\InProcServer32]
   • "(Default)"="%ALLUSERSPROFILE%\Application Data\Vaudix\50f60051a72bb.dll"
   • "ThreadingModel"="Apartment"

[HKCR\CLSID\{6DFE9FD5-C843-3189-B774-2DE96F367673}\ProgID]
   • "(Default)"="Vaudix.1"

[HKCR\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}]
   • "(Default)"="ILocalStorage"

[HKCR\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\
   ProxyStubClsid]
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\
   ProxyStubClsid32]
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib]
   • "(Default)"="{E2343056-CC08-46AC-B898-BFC7ACF4E755}"
   • "Version"="1.0"

[HKCR\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}]
   • "(Default)"="IIEPluginMain"

[HKCR\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\
   ProxyStubClsid]
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\
   ProxyStubClsid32]
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib]
   • "(Default)"="{E2343056-CC08-46AC-B898-BFC7ACF4E755}"
   • "Version"="1.0"

[HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0]
   • "(Default)"="IEPluginLib"

[HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32]
   • "(Default)"="%ALLUSERSPROFILE%\Application Data\Vaudix\50f60051a72bb.tlb"

[HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS]
   • "(Default)"="0"

[HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR]
   • "(Default)"="%ALLUSERSPROFILE%\Application Data\Vaudix"

[HKCU\Software\AppDataLow\SProtector\_d4b953fc\0caebbe2]
   • "05502537"="H/Ah/YP/b//4/B6/UlA1/XJ/FxAg/XJ/FPAf/XV/H//j/Xq/cPAg/YP/UPAz/YZ/alA1/YV/GP/j/Xt/axAv/X6/UlAv/XD/cxAp/XV/alAj/B2/HPAs/X6////%"
   • "94362f76"="KlAu/XZ/JlAu/XD/bxAs/Xx////%"
   • "b2cc84ee"="H/Ah/YP/b//4/B6/UlA1/XJ/FxAg/XJ/FPAf/XV/H//j/Xq/cPAg/YP/UPAz/YZ/alA1/YV/GP/j/Xt/axAv/X6/Ul/9/Xl/OP/e/BF/bP/7////"
   • "d7cea243"="H/Ah/YP/b//4/B6/UlA1/XJ/FxAg/XJ/FPAf/XV/H//j/Xq/cPAg/YP/UPAz/YZ/alA1/YV/GP/j/Xt/axAv/X6/Ul////%%"
   • "fd0dde78"="KlAu/XZ/JlAu/XD/bxAs/Xx////%"

[HKCU\Software\AppDataLow\SProtector\_d4b953fc\2038a74d]
   • "05502537"="H/Ah/YP/b//4/B6/UlA1/XJ/FxAg/XJ/FPAf/XV/H//j/Xq/cPAg/YP/UPAz/YZ/alA1/YV/GP/j/Xt/axAv/X6/UlAv/XD/cxAp/XV/alAj/B2/HPAs/X6////%"
   • "51652492"="///%"
   • "64fc053d"="M/////%%"
   • "81339df5"="H/Ah/YP/b//4/B6/UlA1/XJ/FxAg/XJ/FPAf/XV/H//j/Xq/cPAg/YP/UPAz/YZ/alA1/YV/GP/j/Xt/axAv/X6/Ul/9/Xl/OP/e/BF/bP/7/Ym/blAu/XD/bxAs/Xx/K/Au/YZ/aPAg/Yh////%"
   • "94362f76"="KlAu/XZ/JlAu/XD/bxAs/Xx////%"
   • "b2cc84ee"="H/Ah/YP/b//4/B6/UlA1/XJ/FxAg/XJ/FPAf/XV/H//j/Xq/cPAg/YP/UPAz/YZ/alA1/YV/GP/j/Xt/axAv/X6/Ul/9/Xl/OP/e/BF/bP/7/Ym/blAu/XD/bxAs/Xx/K/Au/YZ/aPAg/Yh////%"
   • "d7cea243"="H/Ah/YP/b//4/B6/UlA1/XJ/FxAg/XJ/FPAf/XV/H//j/Xq/cPAg/YP/UPAz/YZ/alA1/YV/GP/j/Xt/axAv/X6/Ul////%%"
   • "ef34a9f6"="H/Ah/YP/b//4/B6/UlA1/XJ/FxAg/XJ/FPAf/XV/H//j/Xq/cPAg/YP/UPAz/YZ/alA1/YV/GP/j/Xt/axAv/X6/Ul////%%"
   • "f176879d"="GxAy/Xl/blAu////"
   • "fd0dde78"="KlAu/XZ/JlAu/XD/bxAs/Xx////%"

[HKCU\Software\AppDataLow\SProtector\_d4b953fc\7fe0f877]
   • "05502537"="H/Ah/YP/b//4/B6/UlA1/XJ/FxAg/XJ/FPAf/XV/H//j/Xq/cPAg/YP/UPAz/YZ/alA1/YV/GP/j/Xt/axAv/X6/UlAv/XD/cxAp/XV/alAj/B2/HPAs/X6////%"
   • "94362f76"="KlAu/XZ/JlAu/XD/bxAs/Xx////%"
   • "b2cc84ee"="H/Ah/YP/b//4/B6/UlA1/XJ/FxAg/XJ/FPAf/XV/H//j/Xq/cPAg/YP/UPAz/YZ/alA1/YV/GP/j/Xt/axAv/X6/Ul/9/Xl/OP/e/BF/bP/7/Ym/blAu/XD/bxAs/Xx/K/Au/YZ/aPAg/Yh////%"
   • "d7cea243"="H/Ah/YP/b//4/B6/UlA1/XJ/FxAg/XJ/FPAf/XV/H//j/Xq/cPAg/YP/UPAz/YZ/alA1/YV/GP/j/Xt/axAv/X6/Ul////%%"
   • "fd0dde78"="dlAB/DZ/Ml/h/DP/QP/+/Ct/UPAB/DV/M/AC/Bh/M//e/Cb/Vx/i/Ct/PPAC/CP/UP/1/CV/Vl/e/CJ/Qx/1/CD/PlAX/DF/QPA7////"

[HKCU\Software\AppDataLow\SProtector\_d4b953fc]
   • "date"="1358361536"

[HKCU\Software\AppDataLow\SProtector\_d4b953fc\eae10f9d]
   • "0c230bcb"="/P////%%"
   • "340d3099"="/P////%%"
   • "37b7a6d8"="UlAr/XJ/c//k////"
   • "414bc593"="///%"
   • "51d2f2ea"="JlAu/XD/bxAs/Xx/Z/AA/YV/blAp/YV/c/Ay/X2/c//x/Dq/cPAg/YP/PxAf/X6/clAg/XJ/Z//e/B2/Mx/0////"
   • "65114b36"="Vl/l////"
   • "72758a5d"="/P////%%"
   • "7f69fa1f"="///%"
   • "a1dcff5b"="V/////%%"
   • "a5b6d472"="M//3/CJ/Vx/1////"
   • "b10ed930"="///%"
   • "c99a5f5c"="///%"
   • "d94388d2"="FxAu/YV/c//i/Xt/axAg/YP/FPAm/Xl/GPAf/B2/HPAj/XF/al////%%"
   • "e46c271e"="/P////%%"
   • "f0bf0bde"="///%"

[HKCU\Software\AppDataLow\SProtector\_d4b953fc]
   • "prid"="Search Assistant JustBrowse"
   • "uiid"="2814282789"
   • "upid"="320"
   • "usid"="2174292622"
   • "uuid"="b6826bde-d3eeb2c0-d8812eb1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
   {681002C6-5019-81A2-7871-A43754F71E56}]
   • "CategoryName"="VaudiX"
   • "DisplayIcon"="%ALLUSERSPROFILE%\Application Data\Vaudix\uninstall.exe"
   • "DisplayName"="Vaudix"
   • "DisplayVersion"=""
   • "InstallDate"="20120116"
   • "NoModify"="dword:0x00000001"
   • "NoRepair"="dword:0x00000001"
   • "Publisher"="Vaudix"
   • "UninstallString"=""%ALLUSERSPROFILE%\Application Data\Vaudix\uninstall.exe" /path=%ALLUSERSPROFILE%\Application Data\Vaudix"
   • "URLInfoAbout"="http://vaudix.com/"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\
   {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}]
   • "DisplayName"="WebSearch"
   • "FaviconURL"="http://websearch.just-browse.info/favicon.ico"
   • "FaviconURLFallback"="http://websearch.just-browse.info/favicon.ico"
   • "URL"="http://websearch.just-browse.info/?l=1&q={searchTerms}"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes]
   • "DefaultScope"="{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}"

[HKLM\SOFTWARE\Classes\CLSID\
   {6DFE9FD5-C843-3189-B774-2DE96F367673}]
   • "(Default)"="Vaudix"

[HKLM\SOFTWARE\Classes\CLSID\{6DFE9FD5-C843-3189-B774-2DE96F367673}\
   InProcServer32]
   • "(Default)"="%ALLUSERSPROFILE%\Application Data\Vaudix\50f60051a72bb.dll"
   • "ThreadingModel"="Apartment"

[HKLM\SOFTWARE\Classes\CLSID\{6DFE9FD5-C843-3189-B774-2DE96F367673}\
   ProgID]
   • "(Default)"="Vaudix.1"

[HKLM\SOFTWARE\Classes\Interface\
   {31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}]
   • "(Default)"="ILocalStorage"

[HKLM\SOFTWARE\Classes\Interface\
   {31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid]
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Classes\Interface\
   {31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32]
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Classes\Interface\
   {31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib]
   • "(Default)"="{E2343056-CC08-46AC-B898-BFC7ACF4E755}"
   • "Version"="1.0"

[HKLM\SOFTWARE\Classes\Interface\
   {C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}]
   • "(Default)"="IIEPluginMain"

[HKLM\SOFTWARE\Classes\Interface\
   {C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid]
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Classes\Interface\
   {C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32]
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Classes\Interface\
   {C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib]
   • "(Default)"="{E2343056-CC08-46AC-B898-BFC7ACF4E755}"
   • "Version"="1.0"

[HKLM\SOFTWARE\Classes\TypeLib\
   {E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0]
   • "(Default)"="IEPluginLib"

[HKLM\SOFTWARE\Classes\TypeLib\
   {E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32]
   • "(Default)"="%ALLUSERSPROFILE%\Application Data\Vaudix\50f60051a72bb.tlb"

[HKLM\SOFTWARE\Classes\TypeLib\
   {E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS]
   • "(Default)"="0"

[HKLM\SOFTWARE\Classes\TypeLib\
   {E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR]
   • "(Default)"="%ALLUSERSPROFILE%\Application Data\Vaudix"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
   Browser Helper Objects\{6DFE9FD5-C843-3189-B774-2DE96F367673}]
   • "(Default)"="Vaudix"
   • "NoExplorer"="dword:0x00000001"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID]
   • "{6DFE9FD5-C843-3189-B774-2DE96F367673}"="1"



Urmatoarea cheie din registri este modificata:

Pagina de start in Internet Explorer:

[HKCU\Software\Microsoft\Internet Explorer\Main]
   Vechea valoare:
   • "Start Page"="about:blank"
   Noua valoare:
   • "Start Page"="http://websearch.just-browse.info/"

 Alte informatii Pentru a verifica legatura la internet se conecteaza la urmatoarele servere DNS:
   • i1.**********box1.info
   • r1.**********box1.info
   • **********nrex.info

Описание добавил Wensin Lee в(о) среда, 16 января 2013 г.
Описание обновил Wensin Lee в(о) среда, 16 января 2013 г.

Назад . . . .
https:// Это окно зашифровано для вашей безопасности.