需要修復電腦?
聘請專家
Nume:ADWARE/InstallMat.D
Descoperit pe data de:06/11/2012
Tip:Adware
ITW:Da
Numar infectii raportate:Scazut
Potential de raspandire:Scazut
Potential de distrugere:Scazut
Fisier static:Da
Marime:~ 280 000 Bytes
Versiune VDF:7.11.49.22 - marți, 6 noiembrie 2012
Versiune IVDF:7.11.49.22 - marți, 6 noiembrie 2012

 General ADWARE/ - Adware

Acest tip de detectie marcheaza software care afiseaza reclame, de regula in navigatorul de internet prin modificarea paginilor afisate sau prin deschiderea unor pagini aditionale cu reclame. Aceste programe adware sunt instalate de utilizatori (de obicei pentru a folosi software in mod gratuit sau ca optiune implicita de instalare).

Este posibil ca utilizatorii sa nu stie ca acest software a fost instalat si nici comportamentul acestuia. Aceasta detectie este menita sa marcheze fisierul ca parte a unui software publicitar legitim.

Acest tip de detectie poate fi dezactivat si acest lucru este recomandat daca utilizatorul stie ce software are instalat pe sistem si nu doreste ca acest tip de software sa fie detectat.
Metoda de raspandire:
   • Nu are rutina proprie de raspandire


Alias:
   •  Symantec: Downloader
   •  Mcafee: Generic PUP.x!bxk
     Avast: Skodna.Generic.AFC
     PCTools: Downloader.Generic
   •  Eset: Win32/InstallMate
     DrWeb: Adware.Downware.448
     Norman: W32/Suspicious_Gen4.BGZMA


Sistem de operare:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows 7


Efecte secundare:
   • Creeaza fisiere
   • Modificari in registri

 Fisiere Sunt create fisierele:

Fisiere inofensive:
   • C:\Documents and Settings\Administrator\Local Settings\Temp\Tsu%sir de 8
      caractere aleatoare%
.dll; C:\Documents and Settings\Administrator\Local
      Settings\Temp\%sir de 8 caractere aleatoare%.dat; C:\Documents and
      Settings\Administrator\Local Settings\Temp\%sir de 8 caractere
      aleatoare%
\_Setup.dll; C:\Documents and Settings\Administrator\Local
      Settings\Temp\%sir de 8 caractere aleatoare%\Setup.ico; C:\Documents
      and Settings\Administrator\Local Settings\Temp\%sir de 8 caractere
      aleatoare%
\_Setupx.dll; C:\Documents and Settings\Administrator\Local
      Settings\Temp\%sir de 8 caractere aleatoare%\Setup.exe;
      %ALLUSERSPROFILE%\TSR8.tmp; %ALLUSERSPROFILE%\Application Data\TSR9.tmp;
      %ALLUSERSPROFILE%\Application Data\TSRA.tmp; %ALLUSERSPROFILE%\Application
      Data\TSRB.tmp; %ALLUSERSPROFILE%\Application
      Data\InstallMate\{F46AD279-DAAF-44D1-9E83-6D44907CAA50}\_Setup.dll;
      %ALLUSERSPROFILE%\Application
      Data\InstallMate\{F46AD279-DAAF-44D1-9E83-6D44907CAA50}\Setup.ico;
      %ALLUSERSPROFILE%\Application
      Data\InstallMate\{F46AD279-DAAF-44D1-9E83-6D44907CAA50}\_Setupx.dll;
      %ALLUSERSPROFILE%\Application
      Data\InstallMate\{F46AD279-DAAF-44D1-9E83-6D44907CAA50}\Setup.exe;
      %ALLUSERSPROFILE%\Application
      Data\InstallMate\{F46AD279-DAAF-44D1-9E83-6D44907CAA50}\TsuDll.dll;
      C:\Documents and Settings\Administrator\Local Settings\Temp\%sir de 8
      caractere aleatoare%
\x86\regsvr32.exe; C:\Documents and
      Settings\Administrator\Local Settings\Temp\%sir de 8 caractere
      aleatoare%
\x64\regsvr32.exe; %ALLUSERSPROFILE%\Application
      Data\InstallMate\{F46AD279-DAAF-44D1-9E83-6D44907CAA50}\Setup.dat;
      C:\Documents and Settings\Administrator\Local Settings\Temp\sample.log




Incearca se execute urmatorul fisier:

Numele fisierului:
   • %ALLUSERSPROFILE%\Application Data\Premium\Agent\Agent.exe

 Registrii sistemului Se adauga in registrii sistemului:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
   {F46AD279-DAAF-44D1-9E83-6D44907CAA50}]
   • "UninstallString"="C:\DOCUME~1\\ALLUSE~1\\APPLIC~1\\INSTAL~1\\{F46AD~1\\Setup.exe /remove /q0"
   • "QuietUninstallString"="C:\DOCUME~1\\ALLUSE~1\\APPLIC~1\\INSTAL~1\\{F46AD~1\\Setup.exe /remove /q"
   • "ModifyPath"="C:\DOCUME~1\\ALLUSE~1\\APPLIC~1\\INSTAL~1\\{F46AD~1\\Setup.exe /q0"
   • "Version"=dword:01000000
   • "VersionMajor"=dword:00000001
   • "VersionMinor"=dword:00000000
   • "EstimatedSize"=dword:000000e4
   • "Language"=dword:00000409
   • "TSAware"=dword:00000001
   • "TinFolder"="C:\Documents and Settings\\All Users\\Application Data\\InstallMate\\{F46AD279-DAAF-44D1-9E83-6D44907CAA50}"
   • "TinVersion"="7022"
   • "InstallDate"="20121204"
   • "InstallLocation"=" %ALLUSERSPROFILE%\\Application Data\\Premium\\Agent"
   • "InstallSource"="C:\%directorul de activare malware%"
   • "DisplayIcon"=" %ALLUSERSPROFILE%\\Application Data\\InstallMate\\{F46AD279-DAAF-44D1-9E83-6D44907CAA50}\\Setup.ico"
   • "DisplayName"="Agent"
   • "DisplayVersion"="1.0"
   • "Publisher"="Premium"
   • "TizPath"="C:\%directorul de activare malware% \\%fisier malware%"
   • "CategoryName"="Bflix"

說明撰寫者 Elias Lan 開啟 2012年12月6日星期四
說明更新者 Elias Lan 開啟 2012年12月6日星期四

返回 . . . .
https:// 為了你的安全,此視窗已加密。