Precisa de ajuda? Peça à comunidade ou contrate um perito.
Acesse a Avira Answers
VrusADWARE/InstallBrain.AF.3
Data em que surgiu:29/04/2013
Tipo:Adware
Includo na lista "In The Wild"No
Nvel de danos:Baixo
Nvel de distribuio:Baixo
Nvel de risco:Baixo
Verso VDF:7.11.74.206 - segunda-feira, 29 de abril de 2013
Verso IVDF:7.11.74.206 - segunda-feira, 29 de abril de 2013

 Vulgarmente Meio de transmisso:
   • No tem rotinas de propagao


Alias:
   •  Eset: a variant of Win32/InstallBrain.Y application


Sistemas Operativos:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7


Efeitos secundrios:
   • Altera o registo do Windows


Depois de executado visualizada a seguinte informao:


 Ficheiros So criados os seguintes ficheiros:

– Ficheiros temporrios que poderam ser apagados mais tarde:
   • %temp%\ibtmpf990472\config\softango-mask.bmp
   • %temp%\ibtmpf990472\config\speedanalysis.ico
   • %temp%\ibtmpf990472\config\2074.html
   • %temp%\ibtmpf990472\config\2075.html
   • %temp%\ibtmpf990472\config\2077.html
   • %temp%\ibtmpf990472\config\3186.html
   • %temp%\ibtmpf990472\config\3466.html
   • %temp%\ibtmpf990472\config\3572.html
   • %temp%\ibtmpf990472\config\run.html
   • %temp%\ibtmpf990472\config\softango\main.css
   • %temp%\ibtmpf990472\config\conditions\conditions.js
   • %temp%\ibtmpf990472\config\js\config.js
   • %temp%\ibtmpf990472\config\events\events.js
   • %temp%\ibtmpf990472\config\js\jquery-1.7.min.js
   • %temp%\ibtmpf990472\config\js\jquery.noselect.min.js
   • %temp%\ibtmpf990472\config\js\smart.j
   • %temp%\ibtmpf990472\component_358.par
   • %temp%\ibtmpf990472\component_625.part
   • %temp%\ibtmpf990472\component_613.part
   • %temp%\ibtmpf990472\intallLog
   • %temp%\ibtmpf990472\component_358.decrpt
   • %temp%\A.tmp

%ALLUSERSPROFILE%\Application Data\IBUpdaterService\ibsvc.exe Alm disso executa-se depois de gerado.
%appdata%\speedanalysis.ico
%HOME%\Desktop\SpeedanAlysis.lnk
%ALLUSERSPROFILE%\Application Data\IBUpdaterService\repository.xml Alm disso executa-se depois de gerado.

 Registry (Registo do Windows) Um dos seguintes valores adicionado para executar o processo depois reinicializar:

  [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "RDReminder"="%PROGRAM FILES%\PC Performer\PCPerformer.exe -rem"
   • "Softango Downloader213706.exe"=""%temp%\Softango Downloader213706.exe" /XML="%temp%\9.tmp" /ROS /STP=0:1"



So adicionadas as seguintes chaves ao registo:

[HKCR\2.ScriptHostObject.1]
   • "(Default)"="Speed Analysis 2"

[HKCR\2.ScriptHostObject.1\CLSID]
   • "(Default)"="{18DBB6CE-3148-4FEC-B481-103CB3290427}"

[HKCR\2.ScriptHostObject]
   • "(Default)"="Speed Analysis 2"

[HKCR\2.ScriptHostObject\CLSID]
   • "(Default)"="{18DBB6CE-3148-4FEC-B481-103CB3290427}"

[HKCR\2.ScriptHostObject\CurVer]
   • "(Default)"="Speed Analysis 2.ScriptHostObject.1"

[HKCR\AddonsFramework.Navbar.1]
   • "(Default)"="Navbar Class"

[HKCR\AddonsFramework.Navbar.1\CLSID]
   • "(Default)"="{E65CE95B-56E9-47C9-8707-A1D1DE30760F}"

[HKCR\AddonsFramework.Navbar]
   • "(Default)"="Navbar Class"

[HKCR\AddonsFramework.Navbar\CLSID]
   • "(Default)"="{E65CE95B-56E9-47C9-8707-A1D1DE30760F}"

[HKCR\AddonsFramework.Navbar\CurVer]
   • "(Default)"="AddonsFramework.Navbar.1"

[HKCR\AddonsFramework.PropertySyncObj.1]
   • "(Default)"="PropertySyncObj Class"

[HKCR\AddonsFramework.PropertySyncObj.1\CLSID]
   • "(Default)"="{EB93AADE-9884-47F0-AA9D-0920E1D1203F}"

[HKCR\AddonsFramework.PropertySyncObj]
   • "(Default)"="PropertySyncObj Class"

[HKCR\AddonsFramework.PropertySyncObj\CLSID]
   • "(Default)"="{EB93AADE-9884-47F0-AA9D-0920E1D1203F}"

[HKCR\AddonsFramework.PropertySyncObj\CurVer]
   • "(Default)"="AddonsFramework.PropertySyncObj.1"

[HKCR\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}]
   • "(Default)"="PropertySync"

[HKCR\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}]
   • "(Default)"="AddonsFramework"

[HKCR\AppID\{562B9316-C08A-444A-9482-62080DD851AE}]
   • "(Default)"="Speed Analysis 2"

[HKCR\AppID\{562B9317-C08A-444A-9482-62080DD851AE}]
   • "(Default)"="ButtonSite"

[HKCR\AppID\AddonsFramework.DLL]
   • "AppID"="{19975B78-1907-4DD6-A437-4C48120F46A4}"

[HKCR\AppID\ButtonSite.DLL]
   • "AppID"="{562B9317-C08A-444A-9482-62080DD851AE}"

[HKCR\AppID\PropertySync.EXE]
   • "AppID"="{18B9B16E-716F-43DF-A6AD-512C7D2EB983}"

[HKCR\AppID\ScriptHost.DLL]
   • "AppID"="{562B9316-C08A-444A-9482-62080DD851AE}"

[HKCR\CLSID\{18DBB6CE-3148-4FEC-B481-103CB3290427}]
   • "(Default)"="Speed Analysis 2"

[HKCR\CLSID\{18DBB6CE-3148-4FEC-B481-103CB3290427}\InprocServer32]
   • "(Default)"="%PROGRAM FILES%\Speed Analysis 2\ScriptHost.dll"

[HKCR\ScriptHost.Tool.1]
   • "(Default)"="Tool Class"

[HKCR\ScriptHost.Tool.1\CLSID]
   • "(Default)"="{4B48FBF2-BA2B-44C5-A20F-8E25D17FEF29}"

[HKCR\ScriptHost.Tool]
   • "(Default)"="Tool Class"

[HKCR\ScriptHost.Tool\CLSID]
   • "(Default)"="{4B48FBF2-BA2B-44C5-A20F-8E25D17FEF29}"

[HKCR\ScriptHost.Tool\CurVer]
   • "(Default)"="ScriptHost.Tool.1"

[HKCU\Software\Mozilla\Firefox\Extensions]
   • "speedanalysis02@SpeedAnalysis.com"="%appdata%\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com"

[HKLM\SOFTWARE\Classes\2.ScriptHostObject.1]
   • "(Default)"="Speed Analysis 2"

[HKLM\SOFTWARE\Classes\2.ScriptHostObject.1\CLSID]
   • "(Default)"="{18DBB6CE-3148-4FEC-B481-103CB3290427}"

[HKLM\SOFTWARE\Classes\2.ScriptHostObject\CurVer]
   • "(Default)"="Speed Analysis 2.ScriptHostObject.1"

[HKLM\SOFTWARE\Classes\AddonsFramework.Navbar.1]
   • "(Default)"="Navbar Class"

[HKLM\SOFTWARE\Classes\AddonsFramework.Navbar.1\CLSID]
   • "(Default)"="{E65CE95B-56E9-47C9-8707-A1D1DE30760F}"

[HKLM\SOFTWARE\Classes\AddonsFramework.Navbar]
   • "(Default)"="Navbar Class"

[HKLM\SOFTWARE\Classes\AddonsFramework.Navbar\CLSID]
   • "(Default)"="{E65CE95B-56E9-47C9-8707-A1D1DE30760F}"

[HKLM\SOFTWARE\Classes\AddonsFramework.Navbar\CurVer]
   • "(Default)"="AddonsFramework.Navbar.1"

[HKLM\SOFTWARE\Classes\AddonsFramework.PropertySyncObj.1]
   • "(Default)"="PropertySyncObj Class"

[HKLM\SOFTWARE\Classes\AddonsFramework.PropertySyncObj.1\CLSID]
   • "(Default)"="{EB93AADE-9884-47F0-AA9D-0920E1D1203F}"

[HKLM\SOFTWARE\Classes\AddonsFramework.PropertySyncObj]
   • "(Default)"="PropertySyncObj Class"

[HKLM\SOFTWARE\Classes\AddonsFramework.PropertySyncObj\CLSID]
   • "(Default)"="{EB93AADE-9884-47F0-AA9D-0920E1D1203F}"

[HKLM\SOFTWARE\Classes\AddonsFramework.PropertySyncObj\CurVer]
   • "(Default)"="AddonsFramework.PropertySyncObj.1"

[HKLM\SOFTWARE\Classes\AppID\
   {18B9B16E-716F-43DF-A6AD-512C7D2EB983}]
   • "(Default)"="PropertySync"

[HKLM\SOFTWARE\Classes\AppID\
   {19975B78-1907-4DD6-A437-4C48120F46A4}]
   • "(Default)"="AddonsFramework"

[HKLM\SOFTWARE\Classes\AppID\
   {562B9316-C08A-444A-9482-62080DD851AE}]
   • "(Default)"="Speed Analysis 2"

[HKLM\SOFTWARE\Classes\AppID\
   {562B9317-C08A-444A-9482-62080DD851AE}]
   • "(Default)"="ButtonSite"

[HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL]
   • "AppID"="{19975B78-1907-4DD6-A437-4C48120F46A4}"

[HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLL]
   • "AppID"="{562B9317-C08A-444A-9482-62080DD851AE}"

[HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE]
   • "AppID"="{18B9B16E-716F-43DF-A6AD-512C7D2EB983}"

[HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL]
   • "AppID"="{562B9316-C08A-444A-9482-62080DD851AE}"

[HKLM\SOFTWARE\Classes\ScriptHost.Tool.1]
   • "(Default)"="Tool Class"

[HKLM\SOFTWARE\Classes\ScriptHost.Tool.1\CLSID]
   • "(Default)"="{4B48FBF2-BA2B-44C5-A20F-8E25D17FEF29}"

[HKLM\SOFTWARE\Classes\ScriptHost.Tool]
   • "(Default)"="Tool Class"

[HKLM\SOFTWARE\Classes\ScriptHost.Tool\CLSID]
   • "(Default)"="{4B48FBF2-BA2B-44C5-A20F-8E25D17FEF29}"

[HKLM\SOFTWARE\Classes\ScriptHost.Tool\CurVer]
   • "(Default)"="ScriptHost.Tool.1"

[HKLM\SOFTWARE\Google\Chrome\Extensions\
   dgjkhjdcljddbedokogakmmdjgnbeanf]
   • "path"="%appdata%\SpeedAnalysis2\speedanalysis.crx"
   • "version"="1.0.0.0"

 Informaes diversas Ligao internet:
Para conferir a sua ligao internet so contatados os seguintes servidores de DNS :
   • certificates.**********daddy.com
   • crl.**********daddy.com
   • softo**********.com
   • **********ango.com

Descrição enviada por Wensin Lee em quinta-feira, 2 de maio de 2013
Descrição atualizada por Wensin Lee em quinta-feira, 2 de maio de 2013

Voltar . . . .
https:// Esta janela é criptografada para sua segurança.