Need help? Ask the community or hire an expert.
Go to Avira Answers
病毒:Adware/Bundlore.C
发现日期:13/12/2012
类型:广告软件/间谍软件
广泛传播:
病毒传播个案呈报:中等程度
感染/传播能力:低程度
破坏 / 损害程度:低程度
VDF 版本:7.11.53.216 - 13 Aralık 2012 Perşembe
IVDF 版本:7.11.53.216 - 13 Aralık 2012 Perşembe

 况概描述 传播方法:
   • 无内置传播例程


别名:
   •  Microsoft: Adware:Win32/Babylon
   •  Eset: Win32/Adware.Bundlore application


平台/操作系统:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7


副作用:
   • 注册表修改


执行完毕之后会显示以下信息:


 文件 创建以下文件:

– 非恶意文件:
   • %temp%\nsw5.tmp\Single_BABYLON.ini; %temp%\nsw5.tmp\Single_Conduit.ini;
      %temp%\nsw5.tmp\Single_Conduit_webdialog_fallback.ini;
      %temp%\nsw5.tmp\Single_incr.ini; %temp%\nsw5.tmp\Single_mood_dply.ini;
      %temp%\nsw5.tmp\Single_swim.ini; %temp%\nsw5.tmp\Single_swim.prev.ini;
      %temp%\nsw5.tmp\Single_vgmt.ini; %temp%\nsw5.tmp\ask1.ini;
      %temp%\nsw5.tmp\safeWeber.ini; %temp%\nsw5.tmp\BabylonToolbar.bmp;
      %temp%\nsw5.tmp\ConduitToolbar.bmp; %temp%\nsw5.tmp\ToolbarASK.bmp;
      %temp%\nsw5.tmp\ToolbarSafeWeber.bmp; %temp%\nsw5.tmp\ask.bmp;
      %temp%\nsw5.tmp\facemoodsToolbar.bmp; %temp%\nsw5.tmp\incr.bmp;
      %temp%\nsw5.tmp\swim.bmp; %temp%\nsw5.tmp\swl.bmp; %temp%\nsw5.tmp\win.bmp;
      %temp%\nsw5.tmp\swim_logo.jpg; %temp%\nsw5.tmp\modern-wizard.bmp;
      %temp%\nsh4.tmp

– 之后可删除的临时文件:
   • %temp%\nsh3.tmp
   • %temp%\nsh5.tmp

 注册表 会添加以下注册表项,以便在系统重新引导之后加载服务:

– [HKLM\SYSTEM\ControlSet001\Control\Session Manager]
   • "PendingFileRenameOperations"="\??\%temp%\nsf5.tmp\;"

 其他 互联网连接:
为了检查互联网连接,会访问以下 DNS 服务器:
   • track.**********performance.info

Açıklamayı yerleştiren Wensin Lee tarihinde 8 Ekim 2012 Pazartesi
Açıklamayı güncelleyen: Wensin Lee tarihinde 8 Ekim 2012 Pazartesi

Geri . . . .
https:// Bu pencere güvenlik amacıyla şifrelenmiştir.