Laboratório de vírus Avira

PUA/SecurityReviver.EL.2

  • Nome
    PUA/SecurityReviver.EL.2
  • Data em que surgiu
    11/09/2017
  • Tipo
    Potential Unwanted Application
  • Impacto
    Baixo 
  • Infecções relatadas
    Alto 
  • Sistema operacional
    Windows
  • Versão do VDF
    7.14.27.34 (2017-09-11 13:08)

Esta classe de sinalizadores de detecção, Aplicativos potencialmente indesejados (PUA), poderá comprometer a privacidade do usuário e a segurança do sistema local. Esses são aplicativos legítimos que frequentemente tentam usar a engenharia social para que o usuário instale ofertas adicionais durante a instalação do software que o usuário pretendia originalmente. A classificação PUA de um aplicativo é o resultado de um software, anúncio ou site que exibe um ou mais comportamentos e/ou propriedades ofensivos. A lista completa de Aplicativos potencialmente indesejados está disponível em http://www.avira.com/en/potentially-unwanted-applications. Esta detecção não significa que o arquivo é malicioso. No entanto, se o arquivo tiver sido instalado no sistema sem o conhecimento do usuário, a privacidade do usuário ou a segurança do sistema poderão estar comprometidas. A desativação dessa detecção somente é recomendada para usuários avançados que compreendem os riscos envolvidos e sabem como usar estes aplicativos.

  • VDF
    7.14.27.34 (2017-09-11 13:08)
  • Capturas de tela
  • Atividade em rede
    • s2.s****.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCED141%2Fl2SWCyYX308B7Khio%3D
    • sv.s****.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQe6LNDJdqx%2BJOp7hVgTeaGFJ%2FCQgQUljtT8Hkzl699g%2B8uK8zKt4YecmYCEEPKAhTPicpg8HWaxIzI43E%3D
  • Processos
    • %executed_sample_name%.exe
  • Arquivos
    Os seguintes arquivos foram criados:
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\Content\EA618097E393409AFA316F0F87E2C202_38998BEE68CAF8DF5533DF24A6ADB2B2
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_38998BEE68CAF8DF5533DF24A6ADB2B2
    • %TEMPDIR%\Cab9CC7.tmp
    • %TEMPDIR%\Tar9CC8.tmp
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE
    • %TEMPDIR%\Cab9C4F.tmp
    • %TEMPDIR%\Tar9C50.tmp
    Os seguintes arquivos foram alterados:
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_38998BEE68CAF8DF5533DF24A6ADB2B2
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\Content\EA618097E393409AFA316F0F87E2C202_38998BEE68CAF8DF5533DF24A6ADB2B2
    • %TEMPDIR%\Cab9C4F.tmp
    • %TEMPDIR%\Tar9C50.tmp
    Os seguintes arquivos foram excluídos:
    • %TEMPDIR%\Cab9CC7.tmp
    • %TEMPDIR%\Tar9CC8.tmp
    • %TEMPDIR%\Cab9C4F.tmp
    • %TEMPDIR%\Tar9C50.tmp
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2336.27628968
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2336.27628968
    • %APPDATA%\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2336.27628968
    Os seguintes drivers estão carregados:
    • \Device\KsecDD
    • %APPDATA%\LocalLow
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\Content
    • %WINDIR%\Microsoft.NET\Framework\v1.0.3705\clr.dll
    • %WINDIR%\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
    • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\clr.dll
    • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\clr.dll
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
    • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\clr.dll
    • %TEMPDIR%\%executed_sample%.config
    • %TEMPDIR%\%executed_sample%
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
    • %APPDATA%\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
    • %APPDATA%\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
    • %WINDIR%\assembly\NativeImages_v2.0.50727_32\index18f.dat
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_DF4CA81DC775CDA9B3214BDB5B55900E
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40C68D5626484A90937F0752C8B950AB
    • %SYSDIR%\en-US\WINHTTP.dll.mui
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_38998BEE68CAF8DF5533DF24A6ADB2B2
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_CC22B1AB635D142AB5956AF90DD3E252
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ECF3006D44DA211141391220EE5049F4
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    • %TEMPDIR%\Cab9C4F.tmp
    • %TEMPDIR%\Tar9C50.tmp
    • %SYSDIR%\l_intl.nls
    • %WINDIR%\assembly\pubpol17.dat
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
    • %WINDIR%\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
    • %WINDIR%\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
    • %WINDIR%\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
    Os seguintes arquivos são executados:
    • \Device\KsecDD
    • %APPDATA%\LocalLow
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\Content
    • %WINDIR%\Microsoft.NET\Framework\v1.0.3705\clr.dll
    • %WINDIR%\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
    • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\clr.dll
    • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\clr.dll
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
    • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\clr.dll
    • %TEMPDIR%\%executed_sample%.config
    • %TEMPDIR%\%executed_sample%
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
    • %APPDATA%\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
    • %APPDATA%\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
    • %WINDIR%\assembly\NativeImages_v2.0.50727_32\index18f.dat
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_DF4CA81DC775CDA9B3214BDB5B55900E
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40C68D5626484A90937F0752C8B950AB
    • %SYSDIR%\en-US\WINHTTP.dll.mui
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_38998BEE68CAF8DF5533DF24A6ADB2B2
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_CC22B1AB635D142AB5956AF90DD3E252
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ECF3006D44DA211141391220EE5049F4
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    • %TEMPDIR%\Cab9C4F.tmp
    • %TEMPDIR%\Tar9C50.tmp
    • %SYSDIR%\l_intl.nls
    • %WINDIR%\assembly\pubpol17.dat
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
    • %WINDIR%\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
    • %WINDIR%\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
    • %WINDIR%\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
  • Registro
    São adicionadas as seguintes entidades de registro:
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing
    • HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\8c\52C64B7E
    • HKEY_CLASSES_ROOT\Local Settings\MuiCache\8C\52C64B7E ("LanguageList": "en-USen") ("@%SystemRoot%\system32\p2pcollab.dll,-8042": "Peer to Peer Trust") ("@%SystemRoot%\system32\qagentrt.dll,-10": "System Health Authentication") ("@%SystemRoot%\system32\dnsapi.dll,-103": "Domain Name System (DNS) Server Trust") ("@%SystemRoot%\System32\fveui.dll,-843": "BitLocker Drive Encryption") ("@%SystemRoot%\System32\fveui.dll,-844": "BitLocker Data Recovery Agent") ("@%SystemRoot%\System32\wuaueng.dll,-400": "Windows Update")
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\CRLs
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\CTLs
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\Certificates
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\CRLs
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\CTLs
    • HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs
    • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\CA
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs
    • HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\CA
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\CTLs
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\Certificates
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\CRLs
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\CTLs
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs
    • HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Disallowed
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs
    • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Disallowed
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs
    • HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\CRLs
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\CTLs
    • HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\CTLs
    • HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\AuthRoot
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CTLs
    • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Root
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CTLs
    • HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Root
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\CTLs
    • HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\SmartCardRoot
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs
    • HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPeople
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs
    • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPeople
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs
    • HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\TrustedPeople
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\CTLs
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\Certificates
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\CRLs
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\CTLs
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\Certificates
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\CRLs
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\CTLs
    • HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\trust
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs
    • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\trust
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs
    • HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\trust
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\CTLs
    • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application ("AutoBackupLogFiles": "0x00000000")
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Security Reviver ("EventMessageFile": "%WINDIR%\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("mscorlib,2.0.0.0,,b77a5c561934e089,x86": "D½?+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Web.Services,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "´ê°Ž+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System,2.0.0.0,,b77a5c561934e089,MSIL": "t>…+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Xml,2.0.0.0,,b77a5c561934e089,MSIL": "!.ƒ+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "àÒ;+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Data,2.0.0.0,,b77a5c561934e089,x86": "w¸ÈŽ+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Design,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "¬G/˜+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.DirectoryServices,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "]B+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.EnterpriseServices,2.0.0.0,,b03f5f7f11d50a3a,x86": "êû_Ž+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86": "€îõ™+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL": "ûȃ+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "DÁ™“+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "ܼ+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "<,Þ¬êÉ")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "זêÉ")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "¯U¡+‰Ë")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application ("AutoBackupLogFiles": "0")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Security Reviver ("EventMessageFile": "")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Security Reviver ("EventMessageFile": "%WINDIR%\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Security Reviver
    • HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\29\52C64B7E ("LanguageList": "en-USen")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing ("State": "146432")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE ("Blob": "")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE ("Blob": " 'œÖRÄâR¿¾R¬r"×r›¤ Œúžmž[¹N¯ñ TMicrosoft Root Certificate Authority 2011b „}ö§„—”?'ürë“ù¦72 µaЩ èzxí|ar-:1C¹Náê§Ç1Ñ#‰4î¶(Ö¥™HيMÝhaÀi0  +‚7<C(ŠÒró;o±B„…ê0À¼þ ñ0‚í0‚Õ ?‹ÈµüŸ²–CµiÖlBáD0  *†H†÷  0ˆ1 0 UUS10U Washington10URedmond10U Microsoft Corporation1200U)Microsoft Root Certificate Authority 20110 110322220528Z 360322221304Z0ˆ1 0 UUS10U Washington10URedmond10U Microsoft Corporation1200U)Microsoft Root Certificate Authority 20110‚"0  *†H†÷ ‚0‚ ‚²€Aª58Mr2h"M¸²ñÿÕR¼lÇõÒJŒ6îÑÂ\~ŒŠ®¯(oÀsã:ÎÐ%¨Z:m器Y«#hÍ )‡Ño€\D]RX¬QÅ_*‡ÜÜØ Á¹{°Vè£Þdažøó|¹ì µTþL¶eOˆðœH™ B |1Yyx(‰:L%¾qj\ ç„`¤™"ãÒ¯„¤§ûÑ˜í ©Þ”‰á ÜÀΙ=êR»Vy䄺¸´ÄI\O1K‡ÝÝg&™€àq£¸¥Aâ¤S¹÷2)ƒ ¿6^³KCG/kâ‘ӘOÝBÈèü™©k>’~ÈÖi:üd½¶ Êý ¢›w`K”¤0iÖB-ÁALÊܪý[ƒFšÙü±Ñã³ÉHzÍ$ðA\tЬ° I·Ç-!ÈWãІóhûÐÎqÁ‰™Jdlýì0‘ÏA<’Ç庆a„Ç_ƒ9b®´’/Gó øUë Yлt›Ðvæòé×èúdÞiÆ5–ˆðF¸?'™oËq‰)5÷H5Õy|MÏ_늃OEqˆù© NréœÏINcQŒ^ØÁU,¶ÆàÂeNÉ49õœ³Ä~èan_Ä_Ù~íÎîDìË.†±ì8öpí«\ÁÙ ǀ²Uí4÷¬›äÃÚçG<¦µ1ßÅK¯ëñ£Q0O0 U†0Uÿ0ÿ0Ur-:1C¹Náê§Ç1Ñ#‰40 +‚70  *†H†÷  ‚rÏ·ÅۛÀIÊ&[þžæÓðÒۗ_òK?M³®®íח ¬ï©:£ÂA°å¸‘ž$æ ý[email protected]!$VÑ/[email protected]©6†K´SWšûñ~‰þlQªèí •µåqÉ¡é‡u¦É~7T^t“ÅÃgÌ Ok¨ m’~‹Ýª-p!Ã=»¿$^§„×?!"½KۗØ^ÔÅ \‡nP¤èÃ8¤ûË,Œf›…^Ëzl“|€)X[Wµ@iºy¦db‡–Eµf# ‹s Ó¢y3àPY†Û/å%ês*ŸÈ6ǒ;éNìØV ¹3IÒT «¬G¶‘)}L´u€RèʂöŸÌ¬œê/&°«r¬ þžQÇCUgOQ³WÖ¶ìîR·:éNáׁˆ¼OŽu»K¨ð5ª&ÔggI²pL;“Üßx†r²8¤ÑܒMÉXë+\Ô;®Œk°ƒå?ø 2ö“54"¯Ý7 w €+ÍHñŒ™GéÑ¿ÑNÐæ(C7™¤ JٚqsÒªÍ1cv¡7o’8}<f2çËmáüR‰ÝÊÖfš–a¾¢(Ç£§6P<:¤ßJnæ‡;Îëðà7<RŽ½¹4ÆÕ j=˜)pŒ‰*Ñ«‚HÜôï¥Å»U8c„N·l­•Tìe"I¸ÀǬTG")
    Altera as seguintes entidades de registo:
    • HKEY_CLASSES_ROOT\Local Settings\MuiCache\8C\52C64B7E ("LanguageList": "en-USen") ("@%SystemRoot%\system32\p2pcollab.dll,-8042": "Peer to Peer Trust") ("@%SystemRoot%\system32\qagentrt.dll,-10": "System Health Authentication") ("@%SystemRoot%\system32\dnsapi.dll,-103": "Domain Name System (DNS) Server Trust") ("@%SystemRoot%\System32\fveui.dll,-843": "BitLocker Drive Encryption") ("@%SystemRoot%\System32\fveui.dll,-844": "BitLocker Data Recovery Agent") ("@%SystemRoot%\System32\wuaueng.dll,-400": "Windows Update")
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application ("AutoBackupLogFiles": "0x00000000")
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Security Reviver ("EventMessageFile": "%WINDIR%\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("mscorlib,2.0.0.0,,b77a5c561934e089,x86": "D½?+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Web.Services,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "´ê°Ž+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System,2.0.0.0,,b77a5c561934e089,MSIL": "t>…+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Xml,2.0.0.0,,b77a5c561934e089,MSIL": "!.ƒ+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "àÒ;+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Data,2.0.0.0,,b77a5c561934e089,x86": "w¸ÈŽ+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Design,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "¬G/˜+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.DirectoryServices,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "]B+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.EnterpriseServices,2.0.0.0,,b03f5f7f11d50a3a,x86": "êû_Ž+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86": "€îõ™+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL": "ûȃ+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "DÁ™“+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "ܼ+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "<,Þ¬êÉ")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "זêÉ")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "¯U¡+‰Ë")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application ("AutoBackupLogFiles": "0")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Security Reviver ("EventMessageFile": "")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Security Reviver ("EventMessageFile": "%WINDIR%\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Security Reviver
    • HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\29\52C64B7E ("LanguageList": "en-USen")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing ("State": "146432")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE ("Blob": "")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE ("Blob": " 'œÖRÄâR¿¾R¬r"×r›¤ Œúžmž[¹N¯ñ TMicrosoft Root Certificate Authority 2011b „}ö§„—”?'ürë“ù¦72 µaЩ èzxí|ar-:1C¹Náê§Ç1Ñ#‰4î¶(Ö¥™HيMÝhaÀi0  +‚7<C(ŠÒró;o±B„…ê0À¼þ ñ0‚í0‚Õ ?‹ÈµüŸ²–CµiÖlBáD0  *†H†÷  0ˆ1 0 UUS10U Washington10URedmond10U Microsoft Corporation1200U)Microsoft Root Certificate Authority 20110 110322220528Z 360322221304Z0ˆ1 0 UUS10U Washington10URedmond10U Microsoft Corporation1200U)Microsoft Root Certificate Authority 20110‚"0  *†H†÷ ‚0‚ ‚²€Aª58Mr2h"M¸²ñÿÕR¼lÇõÒJŒ6îÑÂ\~ŒŠ®¯(oÀsã:ÎÐ%¨Z:m器Y«#hÍ )‡Ño€\D]RX¬QÅ_*‡ÜÜØ Á¹{°Vè£Þdažøó|¹ì µTþL¶eOˆðœH™ B |1Yyx(‰:L%¾qj\ ç„`¤™"ãÒ¯„¤§ûÑ˜í ©Þ”‰á ÜÀΙ=êR»Vy䄺¸´ÄI\O1K‡ÝÝg&™€àq£¸¥Aâ¤S¹÷2)ƒ ¿6^³KCG/kâ‘ӘOÝBÈèü™©k>’~ÈÖi:üd½¶ Êý ¢›w`K”¤0iÖB-ÁALÊܪý[ƒFšÙü±Ñã³ÉHzÍ$ðA\tЬ° I·Ç-!ÈWãІóhûÐÎqÁ‰™Jdlýì0‘ÏA<’Ç庆a„Ç_ƒ9b®´’/Gó øUë Yлt›Ðvæòé×èúdÞiÆ5–ˆðF¸?'™oËq‰)5÷H5Õy|MÏ_늃OEqˆù© NréœÏINcQŒ^ØÁU,¶ÆàÂeNÉ49õœ³Ä~èan_Ä_Ù~íÎîDìË.†±ì8öpí«\ÁÙ ǀ²Uí4÷¬›äÃÚçG<¦µ1ßÅK¯ëñ£Q0O0 U†0Uÿ0ÿ0Ur-:1C¹Náê§Ç1Ñ#‰40 +‚70  *†H†÷  ‚rÏ·ÅۛÀIÊ&[þžæÓðÒۗ_òK?M³®®íח ¬ï©:£ÂA°å¸‘ž$æ ý[email protected]!$VÑ/[email protected]©6†K´SWšûñ~‰þlQªèí •µåqÉ¡é‡u¦É~7T^t“ÅÃgÌ Ok¨ m’~‹Ýª-p!Ã=»¿$^§„×?!"½KۗØ^ÔÅ \‡nP¤èÃ8¤ûË,Œf›…^Ëzl“|€)X[Wµ@iºy¦db‡–Eµf# ‹s Ó¢y3àPY†Û/å%ês*ŸÈ6ǒ;éNìØV ¹3IÒT «¬G¶‘)}L´u€RèʂöŸÌ¬œê/&°«r¬ þžQÇCUgOQ³WÖ¶ìîR·:éNáׁˆ¼OŽu»K¨ð5ª&ÔggI²pL;“Üßx†r²8¤ÑܒMÉXë+\Ô;®Œk°ƒå?ø 2ö“54"¯Ý7 w €+ÍHñŒ™GéÑ¿ÑNÐæ(C7™¤ JٚqsÒªÍ1cv¡7o’8}<f2çËmáüR‰ÝÊÖfš–a¾¢(Ç£§6P<:¤ßJnæ‡;Îëðà7<RŽ½¹4ÆÕ j=˜)pŒ‰*Ñ«‚HÜôï¥Å»U8c„N·l­•Tìe"I¸ÀǬTG")
    Os valores das seguintes chaves registo são removidos:
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates
  • Alias
    Avast: Win32:SecurityReviver-A
    ESET: MSIL/UwS.SecurityReviver.A application
    G Data: Adware.GenericKD.5523396

Ajude a tornar a rede mais segura enviando-nos arquivos/URLs suspeitos para análise.

Envie o seu arquivo/URL Ou Acesse o Avira Answers

Porque enviar um arquivo suspeito?

Se você encontrou um arquivo ou um website suspeito que não está na nossa base de dados, nós analisaremos e determinaremos se ele é nocivo. As nossas descobertas são, então, enviadas aos nossos milhões de usuários através da próxima atualização da base de dados de vírus. Se você possui o Avira, você obterá essa atualização também. Não possui o Avira? Obtenha-o através do nossa página inicial.

O que é o Avira Answers?

Esta é a nossa próspera comunidade de profissionais técnicos e especialistas a meio período, trabalhando em conjunto para ajudar a resolver os problemas da tecnologia. É o lugar perfeito onde fazer as suas perguntas, em uma comunidade de colegas usuários do Avira.