Avira Virenlabor

‹ zurück

PUA/Iolo.EL.3

Zusammenfassung
  • Name
    PUA/Iolo.EL.3
  • Entdeckt am
    13.12.2017
  • VDF Version
    7.14.37.244 (2017-12-13 11:16)
Vollständige Beschreibung

Diese Art von Gefährdung, Potenziell Unerwünschte Anwendungen (PUAs), kann die Privatsphäre des Nutzers und die Sicherheit des lokalen Systems beeinträchtigen.Es handelt sich dabei um seriöse Anwendungen, bei deren Installation der Anwender häufig mithilfe von Social Engineering dazu gebracht werden soll, zusätzlich zur gewünschten Software weitere Programme zu installieren. Diese Art von Gefährdung, Potenziell Unerwünschte Anwendungen (PUAs), kann die Privatsphäre des Nutzers und die Sicherheit des lokalen Systems beeinträchtigen.Es handelt sich dabei um seriöse Anwendungen, bei deren Installation der Anwender häufig mithilfe von Social Engineering dazu gebracht werden soll, zusätzlich zur gewünschten Software weitere Programme zu installieren. Eine Anwendung wird als PUA eingestuft, wenn eine Software, eine Werbung oder eine Webseite eine oder mehrere unerwünschte Verhaltensweisen und/oder Eigenschaften aufweist. Eine vollständige PUA-Liste erhalten Sie hier: http://www.avira.com/en/potentially-unwanted-applications. Der Fund bedeutet nicht, dass die Datei schädlich ist. Wenn die Datei jedoch ohne das Wissen des Anwenders auf dem System installiert wurde, könnte seine Privatsphäre oder die Systemsicherheit gefährdet sein. Die Deaktivierung solcher Meldungen wird nur fortgeschrittenen Benutzern empfohlen, die mit den Risiken und der Verwendung dieser Anwendungen vertraut sind.

  • VDF
    7.14.37.244 (2017-12-13 11:16)
  • Dateien
    Die folgenden Dateien werden erstellt:
    • %SYSDIR%\mfc45.dat
    • %WINDIR%\SysWOW64\mfc45.dat
    Die folgenden Dateien werden geändert:
    • %WINDIR%\SysWOW64\mfc45.dat
    Die folgenden Dateien werden gelöscht:
    • %TEMPDIR%\%executed_sample_name%.madExcept
    • %TEMPDIR%
    Die folgenden Treiber werden geladen:
    • %WINDIR%\Globalization\Sorting\sortdefault.nls
    • %WINDIR%\SysWOW64\mfc45.dat
    • %TEMPDIR%\%executed_sample%
    • %WINDIR%\SysWOW64\en-US\KERNELBASE.dll.mui
    Die folgenden Dateien werden ausgeführt:
    • %WINDIR%\Globalization\Sorting\sortdefault.nls
    • %WINDIR%\SysWOW64\mfc45.dat
    • %TEMPDIR%\%executed_sample%
    • %WINDIR%\SysWOW64\en-US\KERNELBASE.dll.mui
  • Registry
    Folgende Registryeinträge werden hinzugefügt:
    • HKEY_CURRENT_USER\Software\Embarcadero\Locales (""%executed_sample%"": ""en"")
    • HKEY_CURRENT_USER\Software\Embarca
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\iolo Applications (""MaxSize"": "dword:00100000") (""Retention"": "dword:00000000")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\System Mechanic
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\iolo Applications\System Mechanic (""EventMessageFile"": ""%APPDATA%\\Roaming\\iolo\\EventMsg.dll"") (""TypesSupported"": "dword:00000007")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Service Manager
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\iolo Applications\Service Manager (""EventMessageFile"": ""%APPDATA%\\Roaming\\iolo\\EventMsg.dll"") (""TypesSupported"": "dword:00000007")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\System Shield
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\iolo Applications\System Shield (""EventMessageFile"": ""%APPDATA%\\Roaming\\iolo\\EventMsg.dll"") (""TypesSupported"": "dword:00000007")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\ActiveCare
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\iolo Applications\ActiveCare (""EventMessageFile"": ""%APPDATA%\\Roaming\\iolo\\EventMsg.dll"") (""TypesSupported"": "dword:00000007")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Search and Recover
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\iolo Applications\Search and Recover (""EventMessageFile"": ""%APPDATA%\\Roaming\\iolo\\EventMsg.dll"") (""TypesSupported"": "dword:00000007")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\DriveScrubber
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\iolo Applications\DriveScrubber (""EventMessageFile"": ""%APPDATA%\\Roaming\\iolo\\EventMsg.dll"") (""TypesSupported"": "dword:00000007")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Installer
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\iolo Applications\Installer (""EventMessageFile"": ""%APPDATA%\\Roaming\\iolo\\EventMsg.dll"") (""TypesSupported"": "dword:00000007")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\System Guard
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\iolo Applications\System Guard (""EventMessageFile"": ""%APPDATA%\\Roaming\\iolo\\EventMsg.dll"") (""TypesSupported"": "dword:00000007")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Launch Manager
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\iolo Applications\Launch Manager (""EventMessageFile"": ""%APPDATA%\\Roaming\\iolo\\EventMsg.dll"") (""TypesSupported"": "dword:00000007")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Tune-Up Definitions
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\iolo Applications\Tune-Up Definitions (""EventMessageFile"": ""%APPDATA%\\Roaming\\iolo\\EventMsg.dll"") (""TypesSupported"": "dword:00000007")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Governor
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\iolo Applications\Governor (""EventMessageFile"": ""%APPDATA%\\Roaming\\iolo\\EventMsg.dll"") (""TypesSupported"": "dword:00000007")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Memory Mechanic
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\iolo Applications\Memory Mechanic (""EventMessageFile"": ""%APPDATA%\\Roaming\\iolo\\EventMsg.dll"") (""TypesSupported"": "dword:00000007")
    • HKEY_CURRENT_USER\Software\Embarcadero\Locales ("%TEMPDIR%\%executed_sample%": "en")
    • HKEY_CURRENT_USER\Software\Embarcadero\Locales
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications ("MaxSize": "1048576")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications ("Retention": "0")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\System Mechanic ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\System Mechanic ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Service Manager ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Service Manager ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\System Shield ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\System Shield ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\ActiveCare ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\ActiveCare ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Search and Recover ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Search and Recover ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\DriveScrubber ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\DriveScrubber ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Installer ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Installer ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\System Guard ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\System Guard ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Launch Manager ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Launch Manager ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Tune-Up Definitions ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Tune-Up Definitions ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Governor ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Governor ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Memory Mechanic ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Memory Mechanic ("TypesSupported": "7")
    Folgende Registryeinträge werden geändert:
    • HKEY_CURRENT_USER\Software\Embarcadero\Locales ("%TEMPDIR%\%executed_sample%": "en")
    • HKEY_CURRENT_USER\Software\Embarcadero\Locales
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications ("MaxSize": "1048576")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications ("Retention": "0")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\System Mechanic ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\System Mechanic ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\System Mechanic
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Service Manager ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Service Manager ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Service Manager
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\System Shield ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\System Shield ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\System Shield
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\ActiveCare ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\ActiveCare ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\ActiveCare
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Search and Recover ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Search and Recover ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Search and Recover
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\DriveScrubber ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\DriveScrubber ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\DriveScrubber
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Installer ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Installer ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Installer
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\System Guard ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\System Guard ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\System Guard
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Launch Manager ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Launch Manager ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Launch Manager
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Tune-Up Definitions ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Tune-Up Definitions ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Tune-Up Definitions
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Governor ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Governor ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Governor
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Memory Mechanic ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Memory Mechanic ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Memory Mechanic