Laboratório de vírus Avira

ADWARE/AgentCV.A.10099

  • Nome
    ADWARE/AgentCV.A.10099
  • Data em que surgiu
    06/10/2015
  • Tipo
    Adware
  • Impacto
    Baixo 
  • Infecções relatadas
    Baixo 
  • Sistema operacional
    Windows
  • Versão do VDF
    7.11.159.226 (2014-07-10 11:50)

Essa classe de detecção sinaliza softwares que exibem anúncios, normalmente no navegador da Internet modificando páginas exibidas ou abrindo mais páginas com anúncios. Esses programas de adware são geralmente instalados pelos próprios usuários ou vêm com outros softwares também instalados pelos usuários (em geral, em troca pelo uso gratuito do software ou como uma opção de instalação padrão). Os usuários podem não saber que um software foi instalado ou não conhecer o seu comportamento. Essa detecção tem o objetivo de sinalizar o arquivo e seu comportamento como parte de softwares legítimos de exibição de anúncios. Essa detecção pode ser desativada e isso é recomendado se o usuário tiver conhecimento de que o software está instalado em seu sistema e não desejar que esse tipo de software seja detectado.

  • VDF
    7.11.159.226 (2014-07-10 11:50)
  • Alias
    Dr. Web: Adware.Searcher.2542
    G Data: Win32.Application.Wajam.A
    ESET: Win32/Wajam.B application
  • Arquivos
    Os seguintes arquivos foram excluídos: Os seguintes arquivos foram criados:
    • %TEMPDIR%\nsa4E.tmp
    • %TEMPDIR%\nsq4F.tmp
    • %TEMPDIR%\nsq50.tmp
    • %TEMPDIR%\nsq50.tmp\inetc.dll
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %temporary internet files%\Content.IE5\A9SFWXZG\WWE_1.53.1.4[1].exe
    • %TEMPDIR%\Wajam\tmp\1\wajam_install.exe
    Os seguintes arquivos foram alterados:
    • %temporary internet files%\Content.IE5\index.dat
    • %USERPROFILE%\Cookies\index.dat
    • %USERPROFILE%\Local Settings\History\History.IE5\index.dat
  • Registro
    São adicionadas as seguintes entidades de registro:
    • HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings ("ProxyEnable": dword:00000000)
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaInterEn Monitor ("Type": dword:00000010; "Start": dword:00000002; "ErrorControl": dword:00000001; "ImagePath": ""%PROGRAM FILES%\WaInterEn\Wajam.exe""; "DisplayName": "WaInterEn Monitor"; "DependOnService": "RPCSS;"; "DependOnGroup": ""; "ObjectName": "LocalSystem"; "Description": "Enhances experience when browsing the web.")
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaInterEn Monitor\Security ("Security": %hex values%)
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WAINTEREN_MONITOR ("NextInstance": dword:00000001)
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WAINTEREN_MONITOR\0000 ("Service": "WaInterEn Monitor"; "Legacy": dword:00000001; "ConfigFlags": dword:00000000; "Class": "LegacyDriver"; "ClassGUID": "{8ECC055D-047F-11D1-A537-0000F8753ED1}"; "DeviceDesc": "WaInterEn Monitor")
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WAINTEREN_MONITOR\0000\Control ("*NewlyCreated*": dword:00000000; "ActiveService": "WaInterEn Monitor")
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaInterEn Monitor\Enum ("0": "Root\LEGACY_WAINTEREN_MONITOR\0000"; "Count": dword:00000001; "NextInstance": dword:00000001)
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent (@: dword:00000011)
    Altera as seguintes entidades de registo:
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_1022&DEV_2000&SUBSYS_20001022&REV_10\4&47b7341&0&0088\LogConf (BootConfigVector: -; AllocConfigVector: -; ForcedConfigVector: -; BasicConfig: -; FilteredConfig: -; OverrideConfig: -)
    Os valores das seguintes chaves registo são removidos:
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_PSCHEDMP\0000\LogConf (BootConfigVector: -; AllocConfigVector: -; ForcedConfigVector: -; BasicConfig: -; FilteredConfig: -; OverrideConfig: -)
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_L2TPMINIPORT\0000\LogConf (BootConfigVector: -; AllocConfigVector: -; ForcedConfigVector: -; BasicConfig: -; FilteredConfig: -; OverrideConfig: -)
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_PPTPMINIPORT\0000\LogConf (BootConfigVector: -; AllocConfigVector: -; ForcedConfigVector: -; BasicConfig: -; FilteredConfig: -; OverrideConfig: -)
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_PPPOEMINIPORT\0000\LogConf (BootConfigVector: -; AllocConfigVector: -; ForcedConfigVector: -; BasicConfig: -; FilteredConfig: -; OverrideConfig: -)
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_PTIMINIPORT\0000\LogConf (BootConfigVector: -; AllocConfigVector: -; ForcedConfigVector: -; BasicConfig: -; FilteredConfig: -; OverrideConfig: -)
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_NDISWANIP\0000\LogConf (BootConfigVector: -; AllocConfigVector: -; ForcedConfigVector: -; BasicConfig: -; FilteredConfig: -; OverrideConfig: -)
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_PSCHEDMP\0001\LogConf (BootConfigVector: -; AllocConfigVector: -; ForcedConfigVector: -; BasicConfig: -; FilteredConfig: -; OverrideConfig: -)
  • Pedidos HTTP
    • www.*****ologiestuart.com/installer/getTimestamp
    • www.*****ologiestuart.com/installer/start?v=d1.53.1.4&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1444166385&ts2=&brw=iexplore&mi=1&ma=5
    • www.*****ologiestuart.com/webenhancer/logging?evt=10001&v=d1.53.1.4&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1444166385&ts2=&brw=iexplore&mi=1&ma=5
    • www.*****ologiestuart.com/installer/logging?evt=1&pge=0&pr=0&ar=0&dr=0&v=d1.53.1.4&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1444166385&ts2=&brw=iexplore&mi=1&ma=5
    • www.*****ologiestuart.com/installer/progress?section=1.0&getinstructions=1&v=d1.53.1.4&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1444166385&ts2=&brw=iexplore&mi=1&ma=5
    • www.*****ologiestuart.com/installer/progress?section=2.0&v=d1.53.1.4&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1444166385&ts2=&brw=iexplore&mi=1&ma=5
    • www.*****ologiestuart.com/installer/progress?section=3.0&v=d1.53.1.4&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1444166385&ts2=&brw=iexplore&mi=1&ma=5
    • www.*****ologiestuart.com/webenhancer/logging?evt=10023&v=d1.53.1.4&os_mj=5&os_mn=1&os_bitness=32&mid=ef096dd5675385f2f105fd9bbb320587&uid=EF8BC53D75C85E8B8914CCDD89C85F75&aid=3673&aid2=none&ts=1444166385&ts2=
    • www.*****ologiestuart.com/webenhancer/injections?v=d1.53.1.4&os_mj=5&os_mn=1&os_bitness=32&mid=ef096dd5675385f2f105fd9bbb320587&uid=EF8BC53D75C85E8B8914CCDD89C85F75&aid=3673&aid2=none&ts=1444166385&ts2=
    • www.*****ologiestuart.com/webenhancer/logging?evt=10004&v=d1.53.1.4&os_mj=5&os_mn=1&os_bitness=32&mid=ef096dd5675385f2f105fd9bbb320587&uid=EF8BC53D75C85E8B8914CCDD89C85F75&aid=3673&aid2=none&ts=1444166385&ts2=
    • www.*****ologiestuart.com/webenhancer/config?v=d1.53.1.4&os_mj=5&os_mn=1&os_bitness=32&mid=ef096dd5675385f2f105fd9bbb320587&uid=EF8BC53D75C85E8B8914CCDD89C85F75&aid=3673&aid2=none&ts=1444166385&ts2=
    • www.*****ologiestuart.com/webenhancer/update?v=d1.53.1.4&os_mj=5&os_mn=1&os_bitness=32&mid=ef096dd5675385f2f105fd9bbb320587&uid=EF8BC53D75C85E8B8914CCDD89C85F75&aid=3673&aid2=none&ts=1444166385&ts2=&retry_count=0&retry_version=&sc=1&scfr=&avs=0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
    • www.*****ologiestuart.com/installer/progress?section=4.0&v=d1.53.1.4&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1444166385&ts2=&brw=iexplore&mi=1&ma=5
    • www.*****ologiestuart.com/installer/progress?section=5.0&v=d1.53.1.4&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1444166385&ts2=&brw=iexplore&mi=1&ma=5
    • www.*****ologiestuart.com/installer/progress?section=6.0&v=d1.53.1.4&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1444166385&ts2=&brw=iexplore&mi=1&ma=5
    • www.*****ologiestuart.com/installer/downloadsLog?unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&affiliate_id=3673
    • www.*****ologiestuart.com/installer/urlsLog?unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&affiliate_id=3673&br=iexplore
    • www.*****ologiestuart.com/installer/installedProgramsLogs?unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&affiliate_id=3673
    • www.*****ologiestuart.com/installer/progress?section=7.0&v=d1.53.1.4&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1444166385&ts2=&brw=iexplore&mi=1&ma=5
    • www.*****ologiestuart.com/installer/progress?section=8.0&v=d1.53.1.4&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1444166385&ts2=&brw=iexplore&mi=1&ma=5
    • www.*****ologiestuart.com/index.php?firstrun=1&bg=1&v=d1.53.1.4&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1444166385&ts2=&brw=iexplore&mi=1&ma=5
    • www.*****ologiestuart.com/signup?aid=3673
    • www.*****ologiestuart.com/webenhancer/logging?evt=10009&v=d1.53.1.4&os_mj=5&os_mn=1&os_bitness=32&mid=ef096dd5675385f2f105fd9bbb320587&uid=EF8BC53D75C85E8B8914CCDD89C85F75&aid=3673&aid2=none&ts=1444166385&ts2=&brw=IE&brw_v=6%2E0%2E2900%2E5512&brw_bitness=32&metro=0
    • www.*****ologiestuart.com/installer/finish?v=d1.53.1.4&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1444166385&ts2=&brw=iexplore&mi=1&ma=5
    • www.*****ologiestuart.com/index.php?firstrun=1&lp=1&v=d1.53.1.4&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1444166385&ts2=&brw=iexplore&mi=1&ma=5
    • www.*****ologiestuart.com/webenhancer/logging?evt=10002&v=d1.53.1.4&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1444166385&ts2=&brw=iexplore&mi=1&ma=5
    • ajax.*****eapis.com/ajax/libs/jquery/1.7/jquery.min.js?1.00373.0
    • ajax.*****eapis.com/ajax/libs/jqueryui/1.8.16/jquery-ui.js?1.00373.0
    • www.*****ologiestuart.com/js/min_general_en.js?1.00373.0
    • staticwajam-wajam.*****a-ssl.com/js/cdn/min_general_en.js?1_00373_0=
    • staticwajam-wajam.*****a-ssl.com/js/cdn/min_signup_page.js?1_00373_0=
    • staticwajam-wajam.*****a-ssl.com/js/cdn/min_fancybox.js?1_00373_0=
    • staticwajam-wajam.*****a-ssl.com/css/cdn/min_signup.css?1_00373_0=
    • staticwajam-wajam.*****a-ssl.com/css/cdn/min_fancybox.css?1_00373_0=
    • www.*****ologiestuart.com/js/min_signup_page.js?1.00373.0
    • www.*****ologiestuart.com/js/min_fancybox.js?1.00373.0
    • www.*****ologiestuart.com/css/min_signup.css?1.00373.0
    • www.*****ologiestuart.com/css/min_general.css?1.00373.0
    • staticwajam-wajam.*****a-ssl.com/css/cdn/min_general.css?1_00373_0=
    • www.*****ologiestuart.com/css/min_fancybox.css?1.00373.0
    • www.*****ologiestuart.com/js/html5.js
    • fonts.*****eapis.com/css?family=Signika:400,300,600,700
    • www.*****.com/css/webfonts/F37F5_0.eot?
    • www.*****.com/css/webfonts/Lato-Black-webfont.eot?
    • www.*****.com/css/webfonts/F37F5_1.eot?
    • www.*****ologiestuart.com/imgs/logo-facebook-f.png
    • www.*****ologiestuart.com/imgs/logo-wajam-signup.png
    • www.*****ologiestuart.com/imgs/logo-twitter-bird.png
    • www.*****ologiestuart.com/imgs/signup-shadow.png
    • staticwajam-wajam.*****a-ssl.com/imgs/fancybox/blank.gif
    • staticwajam-wajam.*****a-ssl.com/imgs/fancybox/fancy_close.png
    • staticwajam-wajam.*****a-ssl.com/imgs/fancybox/fancy_nav_right.png
    • staticwajam-wajam.*****a-ssl.com/imgs/fancybox/fancybox.png
    • staticwajam-wajam.*****a-ssl.com/imgs/fancybox/fancy_loading.png
    • staticwajam-wajam.*****a-ssl.com/imgs/fancybox/fancy_nav_left.png
    • connect.*****ook.net/en_US/all.js

Ajude a tornar a rede mais segura enviando-nos arquivos/URLs suspeitos para análise.

Envie o seu arquivo/URL Ou Acesse o Avira Answers

Porque enviar um arquivo suspeito?

Se você encontrou um arquivo ou um website suspeito que não está na nossa base de dados, nós analisaremos e determinaremos se ele é nocivo. As nossas descobertas são, então, enviadas aos nossos milhões de usuários através da próxima atualização da base de dados de vírus. Se você possui o Avira, você obterá essa atualização também. Não possui o Avira? Obtenha-o através do nossa página inicial.

O que é o Avira Answers?

Esta é a nossa próspera comunidade de profissionais técnicos e especialistas a meio período, trabalhando em conjunto para ajudar a resolver os problemas da tecnologia. É o lugar perfeito onde fazer as suas perguntas, em uma comunidade de colegas usuários do Avira.