Besoin d’aide ? Fais appel à la communauté ou embauche un spécialiste.
Aller à Avira Answers
Virus:ADWARE/WebCake.A
Date discovered:13/07/2013
Type:Adware
In the wild:Yes
Reported Infections:High
Distribution Potential:Low
Damage Potential:Low
Static file:Yes
File size:1.212.288 Bytes
MD5 checksum:FE6B34DA2D16E6C6D10B6C126B137C15
VDF version:7.11.90.94 - Saturday, July 13, 2013
IVDF version:7.11.90.94 - Saturday, July 13, 2013

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Eset: Win32/Adware.Yontoo.B
   •  DrWeb: Adware.Plugin.11
   •  Fortinet: Adware/Yontoo.A


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7


Side effects:
   • Drops files
   • Registry modification


Right after execution the following information is displayed:


 Files – A file that is for temporary use and it might be deleted afterwards:
   • %TEMPDIR%\sample-062C.exe

%PROGRAM FILES%\WebCake\WebCakeDesktop.Updater.exe Furthermore it gets executed after it was fully created.
– %APPDATA%\WebCake\WebCakeDesktop.exe Furthermore it gets executed after it was fully created.

 Registry The following registry keys are added in order to load the service after reboot:

– [HKLM\SYSTEM\ControlSet001\Services\WebCake Desktop Updater]
   • "Type"=dword:00000010
   • "Start"=dword:00000002
   • "ErrorControl"=dword:00000001
   • "ImagePath"="%PROGRAM FILES%\WebCake\WebCakeDesktop.Updater.exe" "%APPDATA%\WebCake\WebCakeDesktop.exe"
   • "DisplayName"="WebCake Desktop Updater"
   • "ObjectName"="LocalSystem"
   • "Description"="Provides limited updating assistance for WebCake Desktop"

Description insérée par Eric Burk le dimanche 14 juillet 2013
Description mise à jour par Eric Burk le dimanche 14 juillet 2013

Retour . . . .
https:// Cet écran est crypté pour votre sécurité.