Laboratoire antivirus Avira

‹ Retour

PUA/Iolo.EL.3

Brève description
  • Nom
    PUA/Iolo.EL.3
  • La date de la découverte
    13 déc. 2017
  • Version VDF
    7.14.37.244 (2017-12-13 11:16)
Description complète

Cette classe d'indicateurs de détection, applications potentiellement indésirables (PUA), peut nuire à la vie privée de l'utilisateur et à la sécurité du système local. Il s'agit d'applications légitimes qui tentent souvent d'utiliser l'ingénierie sociale pour inciter l'utilisateur à installer des offres supplémentaires au cours de l'installation du logiciel voulu initialement par l'utilisateur. Les logiciels, publicités ou sites Internet affichant l'un ou l'autre comportement et/ou propriétés répréhensibles sont classés en tant que PUA. Une liste complète des PUA est disponible sous http://www.avira.com/en/potentially-unwanted-applications. Cette détection ne signifie pas que le fichier est malveillant. Toutefois, si le fichier a été installé sur le système sans que l'utilisateur en soit informé, la vie privée de ce dernier ou la sécurité du système peuvent être en danger. Il n'est recommandé de désactiver cette détection qu'aux seuls utilisateurs avancés connaissant les risques et la façon d'utiliser ces applications.

  • VDF
    7.14.37.244 (2017-12-13 11:16)
  • Fichiers
    Les fichiers suivants sont créés:
    • %SYSDIR%\mfc45.dat
    • %WINDIR%\SysWOW64\mfc45.dat
    Les fichiers suivants sont modifiés:
    • %WINDIR%\SysWOW64\mfc45.dat
    Les fichiers suivants sont supprimés:
    • %TEMPDIR%\%executed_sample_name%.madExcept
    • %TEMPDIR%
    Les pilotes suivants sont chargés:
    • %WINDIR%\Globalization\Sorting\sortdefault.nls
    • %WINDIR%\SysWOW64\mfc45.dat
    • %TEMPDIR%\%executed_sample%
    • %WINDIR%\SysWOW64\en-US\KERNELBASE.dll.mui
    Les fichiers suivants sont exécutés:
    • %WINDIR%\Globalization\Sorting\sortdefault.nls
    • %WINDIR%\SysWOW64\mfc45.dat
    • %TEMPDIR%\%executed_sample%
    • %WINDIR%\SysWOW64\en-US\KERNELBASE.dll.mui
  • Registre
    Les entrées de registre suivantes sont ajoutées:
    • HKEY_CURRENT_USER\Software\Embarcadero\Locales (""%executed_sample%"": ""en"")
    • HKEY_CURRENT_USER\Software\Embarca
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\iolo Applications (""MaxSize"": "dword:00100000") (""Retention"": "dword:00000000")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\System Mechanic
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\iolo Applications\System Mechanic (""EventMessageFile"": ""%APPDATA%\\Roaming\\iolo\\EventMsg.dll"") (""TypesSupported"": "dword:00000007")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Service Manager
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\iolo Applications\Service Manager (""EventMessageFile"": ""%APPDATA%\\Roaming\\iolo\\EventMsg.dll"") (""TypesSupported"": "dword:00000007")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\System Shield
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\iolo Applications\System Shield (""EventMessageFile"": ""%APPDATA%\\Roaming\\iolo\\EventMsg.dll"") (""TypesSupported"": "dword:00000007")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\ActiveCare
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\iolo Applications\ActiveCare (""EventMessageFile"": ""%APPDATA%\\Roaming\\iolo\\EventMsg.dll"") (""TypesSupported"": "dword:00000007")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Search and Recover
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\iolo Applications\Search and Recover (""EventMessageFile"": ""%APPDATA%\\Roaming\\iolo\\EventMsg.dll"") (""TypesSupported"": "dword:00000007")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\DriveScrubber
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\iolo Applications\DriveScrubber (""EventMessageFile"": ""%APPDATA%\\Roaming\\iolo\\EventMsg.dll"") (""TypesSupported"": "dword:00000007")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Installer
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\iolo Applications\Installer (""EventMessageFile"": ""%APPDATA%\\Roaming\\iolo\\EventMsg.dll"") (""TypesSupported"": "dword:00000007")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\System Guard
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\iolo Applications\System Guard (""EventMessageFile"": ""%APPDATA%\\Roaming\\iolo\\EventMsg.dll"") (""TypesSupported"": "dword:00000007")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Launch Manager
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\iolo Applications\Launch Manager (""EventMessageFile"": ""%APPDATA%\\Roaming\\iolo\\EventMsg.dll"") (""TypesSupported"": "dword:00000007")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Tune-Up Definitions
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\iolo Applications\Tune-Up Definitions (""EventMessageFile"": ""%APPDATA%\\Roaming\\iolo\\EventMsg.dll"") (""TypesSupported"": "dword:00000007")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Governor
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\iolo Applications\Governor (""EventMessageFile"": ""%APPDATA%\\Roaming\\iolo\\EventMsg.dll"") (""TypesSupported"": "dword:00000007")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Memory Mechanic
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\iolo Applications\Memory Mechanic (""EventMessageFile"": ""%APPDATA%\\Roaming\\iolo\\EventMsg.dll"") (""TypesSupported"": "dword:00000007")
    • HKEY_CURRENT_USER\Software\Embarcadero\Locales ("%TEMPDIR%\%executed_sample%": "en")
    • HKEY_CURRENT_USER\Software\Embarcadero\Locales
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications ("MaxSize": "1048576")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications ("Retention": "0")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\System Mechanic ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\System Mechanic ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Service Manager ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Service Manager ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\System Shield ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\System Shield ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\ActiveCare ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\ActiveCare ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Search and Recover ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Search and Recover ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\DriveScrubber ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\DriveScrubber ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Installer ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Installer ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\System Guard ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\System Guard ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Launch Manager ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Launch Manager ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Tune-Up Definitions ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Tune-Up Definitions ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Governor ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Governor ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Memory Mechanic ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Memory Mechanic ("TypesSupported": "7")
    Les entrées de registre suivantes sont modifiées:
    • HKEY_CURRENT_USER\Software\Embarcadero\Locales ("%TEMPDIR%\%executed_sample%": "en")
    • HKEY_CURRENT_USER\Software\Embarcadero\Locales
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications ("MaxSize": "1048576")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications ("Retention": "0")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\System Mechanic ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\System Mechanic ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\System Mechanic
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Service Manager ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Service Manager ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Service Manager
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\System Shield ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\System Shield ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\System Shield
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\ActiveCare ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\ActiveCare ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\ActiveCare
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Search and Recover ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Search and Recover ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Search and Recover
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\DriveScrubber ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\DriveScrubber ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\DriveScrubber
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Installer ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Installer ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Installer
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\System Guard ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\System Guard ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\System Guard
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Launch Manager ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Launch Manager ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Launch Manager
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Tune-Up Definitions ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Tune-Up Definitions ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Tune-Up Definitions
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Governor ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Governor ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Governor
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Memory Mechanic ("EventMessageFile": "%APPDATA%\Roaming\iolo\EventMsg.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Memory Mechanic ("TypesSupported": "7")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\iolo Applications\Memory Mechanic