需要修復電腦?
聘請專家
Nome del virus:ADWARE/Vittalia.L
Scoperto:05/04/2013
Tipo:Adware/Spyware
In circolazione (ITW):No
Numero delle infezioni segnalate:Medio-Basso
Potenziale di propagazione:Basso
Potenziale di danni:Basso
Versione VDF:7.11.70.100 - venerdì 5 aprile 2013
Versione IVDF:7.11.70.100 - venerdì 5 aprile 2013

 Generale Metodo di propagazione:
   • Nessuna propria procedura di propagazione


Alias:
     AVG: Win32/Validace_partial.nsis1
   •  Eset: Win32/Toolbar.Babylon application


Piattaforme / Sistemi operativi:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7


Effetti secondari:
   • Modifica del registro


Giusto dopo l'esecuzione viene visualizzata la seguente informazione:


 File Vengono creati i seguenti file:

File non maligni:
   • %temp%\nsk4.tmp\modern-header.bmp; %temp%\nsk4.tmp\modern-wizard.bmp;
      %temp%\nsk4.tmp\NSISdl.dll; %temp%\nsk4.tmp\nsArray.dll;
      %temp%\nsk4.tmp\Metainstallerlicense_ES.txt;
      %temp%\nsk4.tmp\Metainstallerlicense_EN.txt;
      %temp%\nsk4.tmp\Metainstallerlicense_PT.txt;
      %temp%\nsk4.tmp\Metainstallerlicense_NL.txt;
      %temp%\nsk4.tmp\Metainstallerlicense_DE.txt;
      %temp%\nsk4.tmp\Metainstallerlicense_IT.txt;
      %temp%\nsk4.tmp\Metainstallerlicense_FR.txt; %temp%\nsk4.tmp\nsDialogs.dll;
      %temp%\nsk4.tmp\nsRichEdit.dll; %temp%\nsk4.tmp\headerleft.bmp;
      %temp%\nsk4.tmp\System.dll

– File ad uso temporaneo che possono essere cancellati in seguito:
   • %temp%\nsu3.tmp
   • %temp%\nsk4.tmp
   • %temp%\nsp5.tmp

 Registro Le seguenti chiavi di registro vengono aggiunte per caricare il servizio dopo il riavvio:

[HKCU\Software\Microsoft\Internet Explorer\Main]
   • "bProtector Start Page"="http://www.delta-**********.com/?affID=119721&babsrc=HP_ss&mntrId=D88100AB2F0**********"
   • "Start Page"="http://www.delta-**********.com/?affID=119721&babsrc=HP_ss&mntrId=D88100AB2F0**********"



Vengono aggiunte le seguenti chiavi di registro:

[HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}\Instl\Data]
   • "admin"="false"
   • "aflt"="babsst"
   • "afltId"="babsst"
   • "autoRvrt"="false"
   • "chrInstl"="all"
   • "dfltLng"="en"
   • "dpblck"=""
   • "dpk"="aa47d3b25b124baacd7848c927c05948"
   • "ds_url"=""
   • "dsFFX"="Delta Search"
   • "dsIE"=""
   • "excTlbr"="false"
   • "ffxInstl"="all"
   • "ffxUnstlRst"="true"
   • "hp_url"="http://www.delta-**********.com/?affID=119721&babsrc=HP_ss&mntrId=D88100AB2F0**********"
   • "hrdId"="d8812eb100000000000000ab2f0c4369"
   • "ieInstl"="all"
   • "instlDay"="dword:0x00003dbd"
   • "instlRef"="sst"
   • "kw_url"="http://www.delta-**********&q="
   • "newTab"="false"
   • "nt_url"="http://www.delta-**********"
   • "postUninstall"=""
   • "run4ie"="end"
   • "rvrt"="false"
   • "smplGrp"="none"
   • "sp_name"="Delta Search"
   • "sp_url"="http://www.delta-**********.com/?q={searchTerms}&affID=119721&babsrc=SP_ss&mntrId=D88100AB2F0**********"
   • "tb_url"="http://www.delta-**********.com/?q={searchTerms}&affID=119721&babsrc=TB_ss&mntrId=D88100AB2F0**********"
   • "tlbrId"="base"
   • "tlbrSrchUrl"=""
   • "trace"="dword:0x00000000"
   • "uninstallAll"="true"
   • "uninstaller"="%PROGRAM FILES%\Delta\delta\1.8.16.16\uninstall.exe"
   • "uninstExt"="false"
   • "vrsni"="1.8.16.16"
   • "vrsnTs"="1.8.16.1610:20:06"

[HKCR\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}\LocalServer32]
   • "(Default)"=""%PROGRAM FILES%\Delta\delta\1.8.16.16\deltasrv.exe""
   • "ThreadingModel"="apartment"

[HKCR\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}\InprocServer32]
   • "(Default)"="%PROGRAM FILES%\Delta\delta\1.8.16.16\bh\delta.dll"
   • "ThreadingModel"="apartment"

[HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}\InprocServer32]
   • "(Default)"="%PROGRAM FILES%\Delta\delta\1.8.16.16\deltaTlbr.dll"
   • "ThreadingModel"="apartment"

[HKCR\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}\InprocServer32]
   • "(Default)"="%PROGRAM FILES%\Delta\delta\1.8.16.16\deltaEng.dll"
   • "ThreadingModel"="apartment"

[HKCR\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}\InprocServer32]
   • "(Default)"="%PROGRAM FILES%\Delta\delta\1.8.16.16\bh\delta.dll"
   • "ThreadingModel"="apartment"

[HKCU\Software\Delta\delta]
   • "lastB"="http://www.delta-**********.com/?affID=119721&babsrc=HP_ss&mntrId=D88100AB2F0**********"
   • "tlbrSrchUrl"=""

[HKCU\Software\fed6d8b669be40]
   • "GUID"="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
   • "HPCHREGEXP0"="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE"
   • "HPCHREGEXP1"="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig=="
   • "HPCHREGEXP2"="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U="
   • "HPFFREGEXP0"="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE"
   • "HPFFREGEXP1"="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig=="
   • "HPFFREGEXP2"="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U="
   • "HPIEREGEXP0"="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE"
   • "HPIEREGEXP1"="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig=="
   • "HPIEREGEXP2"="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U="
   • "INSTALL_FOLDER_NAME"="BrowserProtect"
   • "KWFFREGEXP0"="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE"
   • "KWFFREGEXP1"="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig=="
   • "KWFFREGEXP2"="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U="
   • "NTCHREGEXP0"="FO81jovjQUF+5S6+haV7vGe3TMfw8oqWAhSaKzFS9OtdgZ1j5X+B4jW/459R"
   • "NTFFREGEXP0"="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE"
   • "NTFFREGEXP1"="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig=="
   • "NTFFREGEXP2"="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U="
   • "PROTECT_EXE_NAME"="BrowserProtect.exe"
   • "PROTECTOR_DLL_NAME"="BrowserProtect.dll"
   • "SECHREGEXP0"="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE"
   • "SECHREGEXP1"="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig=="
   • "SECHREGEXP2"="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U="
   • "SEFFREGEXP0"="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE"
   • "SEFFREGEXP1"="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig=="
   • "SEFFREGEXP2"="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U="
   • "SEIEREGEXP0"="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE"
   • "SEIEREGEXP1"="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig=="
   • "SEIEREGEXP2"="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U="
   • "SERVICE_NAME"="BrowserProtect"
   • "usrcheckbox"="0"
   • "version"="2.6.1125.80"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\
   {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
   • "DisplayName"="Delta Search"
   • "FaviconURL"="search.bab**********.com/favicon.ico"
   • "Key"=""
   • "SuggestionsURL"=""
   • "URL"="http://www.delta-**********.com/?q={searchTerms}&affID=119721&babsrc=SP_ss&mntrId=D88100AB2F0**********"

[HKCU\Software\mozilla\Firefox\Extensions]
   • "{0F827075-B026-42F3-885D-98981EE7B1AE}"="%ALLUSERSPROFILE%\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension"

[HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}\
   Instl\Data]
   • "admin"="false"
   • "aflt"="babsst"
   • "afltId"="babsst"
   • "autoRvrt"="false"
   • "chrInstl"="all"
   • "dfltLng"="en"
   • "dpblck"=""
   • "dpk"="aa47d3b25b124baacd7848c927c05948"
   • "ds_url"=""
   • "dsFFX"="Delta Search"
   • "dsIE"=""
   • "excTlbr"="false"
   • "ffxInstl"="all"
   • "ffxUnstlRst"="true"
   • "hp_url"="http://www.delta-**********.com/?affID=119721&babsrc=HP_ss&mntrId=D88100AB2F0**********"
   • "hrdId"="d8812eb100000000000000ab2f0c4369"
   • "ieInstl"="all"
   • "instlDay"="dword:0x00003dbd"
   • "instlRef"="sst"
   • "kw_url"="http://www.delta-**********.com/?affID=119721&babsrc=KW_ss&mntrId=D88100AB2F0**********&q="
   • "newTab"="false"
   • "nt_url"="http://www.delta-**********.com/?affID=119721&babsrc=NT_ss&mntrId=D88100AB2F0**********"
   • "postUninstall"=""
   • "run4ie"="end"
   • "rvrt"="false"
   • "smplGrp"="none"
   • "sp_name"="Delta Search"
   • "sp_url"="http://www.delta-**********.com/?q={searchTerms}&affID=119721&babsrc=SP_ss&mntrId=D88100AB2F0**********"
   • "tb_url"="http://www.delta-**********.com/?q={searchTerms}&affID=119721&babsrc=TB_ss&mntrId=D88100AB2F0**********"
   • "tlbrId"="base"
   • "tlbrSrchUrl"=""
   • "trace"="dword:0x00000000"
   • "uninstallAll"="true"
   • "uninstaller"="%PROGRAM FILES%\Delta\delta\1.8.16.16\uninstall.exe"
   • "uninstExt"="false"
   • "vrsni"="1.8.16.16"
   • "vrsnTs"="1.8.16.1610:20:06"

[HKLM\SYSTEM\ControlSet001\Services\BrowserProtect]
   • "Start"="dword:0x00000002"
   • "Type"="dword:0x00000020"

[HKLM\SYSTEM\CurrentControlSet\Services\BrowserProtect]
   • "ErrorControl"="dword:0x00000001"
   • "FailureActions"="hex:ff,ff,ff,ff,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,01,\
   • ,00,00,00,30,75,00,00"
   • "ImagePath"="%ALLUSERSPROFILE%\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe"
   • "ObjectName"="LocalSystem"

[HKLM\SYSTEM\CurrentControlSet\Services\BrowserProtect]
   • "Start"="dword:0x00000002"
   • "Type"="dword:0x00000020"

 Varie Collegamento a internet:
Per verificare la propria connessione internet, vengono contattati i seguenti server DNS:
   • blue**********.github.io
   • www.uplstat**********.com

說明撰寫者 Wensin Lee 開啟 2013年4月10日星期三
說明更新者 Wensin Lee 開啟 2013年4月10日星期三

返回 . . . .
https:// 為了你的安全,此視窗已加密。