Need help? Ask the community or hire an expert.
Go to Avira Answers
病毒:Adware/InstallBrain.CX
发现日期:23/01/2013
类型:广告软件/间谍软件
广泛传播:
病毒传播个案呈报:低程度
感染/传播能力:低程度
破坏 / 损害程度:低程度
VDF 版本:7.11.58.92 - 23 Ocak 2013 Çarşamba
IVDF 版本:7.11.58.92 - 23 Ocak 2013 Çarşamba

 况概描述 传播方法:
   • 无内置传播例程


别名:
   •  Eset: Win32/InstallBrain.S potentially unwanted


平台/操作系统:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7


副作用:
   • 注册表修改


执行完毕之后会显示以下信息:


 文件 它将本身复制到以下位置:
   • %temp%\PC Performer513405.exe
   • %appdata%\IBUpdaterService\ibsvc.exe



删除以下文件:
   • %temp%\ibtmpc2f8301\component_140
   • %temp%\ibtmpc2f8301\component_600
   • %temp%\ibtmpc2f8301\config\js
   • %temp%\ibtmpc2f8301\config\ib
   • %temp%\ibtmpc2f8301\config\conditions
   • %temp%\ibtmpc2f8301\config
   • %temp%\ibtmpc2f8301



创建以下文件:

– 之后可删除的临时文件:
   • %temp%\1.tmp
   • %temp%\2.tmp
   • %temp%\ibtmpc2f8301\config\ajax-loader.gif
   • %temp%\ibtmpc2f8301\config\ajax-loader2.gif
   • %temp%\ibtmpc2f8301\config\ib\arrow.gif
   • %temp%\ibtmpc2f8301\config\ib\b-bg.gif
   • %temp%\ibtmpc2f8301\config\ib\b3.gif
   • %temp%\ibtmpc2f8301\config\ib\b4.gif
   • %temp%\ibtmpc2f8301\config\ib\lbg-bottom.gif
   • %temp%\ibtmpc2f8301\config\ib\lbg-top.gif
   • %temp%\ibtmpc2f8301\config\ib\lbg.gif
   • %temp%\ibtmpc2f8301\config\ib\trust.gif
   • %temp%\ibtmpc2f8301\config\ib\center2.jpg
   • %temp%\ibtmpc2f8301\config\check.jpg
   • %temp%\ibtmpc2f8301\config\ib\mid.jpg
   • %temp%\ibtmpc2f8301\config\pb-bg-left.jpg
   • %temp%\ibtmpc2f8301\config\pb-bg-right.jpg
   • %temp%\ibtmpc2f8301\config\pb-bg.jpg
   • %temp%\ibtmpc2f8301\config\red-pb-act-left.jpg
   • %temp%\ibtmpc2f8301\config\red-pb-act-right.jpg
   • %temp%\ibtmpc2f8301\config\red-pb-act.jpg
   • %temp%\ibtmpc2f8301\config\ib\arrow.png
   • %temp%\ibtmpc2f8301\config\ib\btn.png
   • %temp%\ibtmpc2f8301\config\ib\btn2.png
   • %temp%\ibtmpc2f8301\config\ib\corn1.png
   • %temp%\ibtmpc2f8301\config\ib\corn2.png
   • %temp%\ibtmpc2f8301\config\ib\corn3.png
   • %temp%\ibtmpc2f8301\config\ib\corn4.png
   • %temp%\ibtmpc2f8301\config\page_1235_attr_3.png
   • %temp%\ibtmpc2f8301\config\page_1236_attr_3.png
   • %temp%\ibtmpc2f8301\config\page_1237_attr_3.png
   • %temp%\ibtmpc2f8301\config\template_40.png
   • %temp%\ibtmpc2f8301\config\page_1235_attr_46.bmp
   • %temp%\ibtmpc2f8301\config\page_1236_attr_46.bmp
   • %temp%\ibtmpc2f8301\config\page_1237_attr_46.bmp
   • %temp%\ibtmpc2f8301\config\1235.html
   • %temp%\ibtmpc2f8301\config\1236.html
   • %temp%\ibtmpc2f8301\config\1237.html
   • %temp%\ibtmpc2f8301\config\start.html
   • %temp%\ibtmpc2f8301\config\ib\main.css
   • %temp%\ibtmpc2f8301\config\conditions\conditions.js
   • %temp%\ibtmpc2f8301\config\js\config.js
   • %temp%\ibtmpc2f8301\config\js\jquery-1.7.min.js
   • %temp%\ibtmpc2f8301\config\js\jquery.noselect.min.js
   • %temp%\ibtmpc2f8301\config\js\smart.js
   • %temp%\ibtmpc2f8301\config\ib\Thumbs.db
   • %temp%\ibtmpc2f8301\intallLog
   • %HOME%\Desktop\Continue PC Performer installation.lnk

 注册表 会添加以下注册表项目注册值:

– [HKLM\SYSTEM\ControlSet001\Services\IBUpdaterService]
   • "Type"=dword:00000020
   • "Start"=dword:00000002
   • "ErrorControl"=dword:00000001
   • "ImagePath"="\"%appdata%\\IBUpdaterService\\ibsvc.exe\" /SERVICE"
   • "DisplayName"="Updater Service"
   • "ObjectName"="LocalSystem"
   • "FailureActions"=hex:ff,ff,ff,ff,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\00,01,00,00,00,30,75,00,00
   • "Description"="Updater Service"

– [HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Epoch]
   • "Epoch"=dword:00000036

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
   Updater Service]
   • "NoModify"=dword:00000001
   • "NoRepair"=dword:00000001
   • "DisplayName"="Updater Service"
   • "UninstallString"="\"%appdata%\\IBUpdaterService\\ibsvc.exe\" /UNINSTALL"
   • "DisplayVersion"="14,12,8,9"
   • "VersionMajor"=dword:0000000e
   • "VersionMinor"=dword:0000000c
   • "InstallLocation"="%appdata%\\IBUpdaterService"

– [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_IBUPDATERSERVICE\0000]
   • "Service"="IBUpdaterService"
   • "Legacy"=dword:00000001
   • "ConfigFlags"=dword:00000000
   • "Class"="LegacyDriver"
   • "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
   • "DeviceDesc"="Updater Service"

– [HKLM\SYSTEM\ControlSet001\Services\IBUpdaterService\Enum]
   • "0"="Root\\LEGACY_IBUPDATERSERVICE\\0000"
   • "Count"=dword:00000001
   • "NextInstance"=dword:00000001

 其他 为了检查互联网连接,会访问以下 DNS 服务器:
   • s3.**********zonaws.com
   • www.ib**********o.com


通过访问以下网站来检查 Internet 连接:
   • s3.**********zonaws.com/www.bit89.com/download/pcperformer/pcperformersetup03012012.exe

Açıklamayı yerleştiren Wensin Lee tarihinde 25 Ocak 2013 Cuma
Açıklamayı güncelleyen: Wensin Lee tarihinde 25 Ocak 2013 Cuma

Geri . . . .
https:// Bu pencere güvenlik amacıyla şifrelenmiştir.