Avira 病毒搜索

ADWARE/AgentCV.A.19782

  • 名称
    ADWARE/AgentCV.A.19782
  • 发现日期
    2015年10月1日
  • 类型
    Adware
  • 影响
     
  • 报告的感染
     
  • 操作系统
    Windows
  • VDF 版本
    7.11.162.42 (2014-07-17 17:16)

这 项检测功能对展示广告的软件进行标记,广告软件通常修改展示的页面或打开其他带广告的网页在互联网浏览器上展示广告。这些广告软件程序通常是用户自己安装的,或者是用户自己安装的软件中所携带的(通常是为了免费使用软件而安装的,或是默认安装的)。用户可能没有意识到安装了此类软件,也可能不知道此类软件的行为。这项检测功能将对正常的广告展示软件的文件和行为进行标记。如果用户知道其电脑安装了广告软件,且不想检测这类软件,那么用户可以禁用这项检测功能,若是这样,我们也建议用户禁用此功能。

  • VDF
    7.11.162.42 (2014-07-17 17:16)
  • 别名
    Dr. Web: Adware.Searcher.2467
    G Data: Win32.Application.Agent.FMYQ3O
    ESET: Win32/Wajam.B application
  • 文件
    删除以下文件: 创建以下文件:
    • %TEMPDIR%\nsk1.tmp
    • %TEMPDIR%\nsk2.tmp
    • %TEMPDIR%\nsa3.tmp
    • %TEMPDIR%\nsa3.tmp\inetc.dll
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %temporary internet files%\Content.IE5\QH9ZEEV0\WWE_1.52.1.25[1].exe
    • %TEMPDIR%\Wajam\tmp\1\wajam_install.exe
    更改以下文件:
    • %temporary internet files%\Content.IE5\index.dat
    • %USERPROFILE%\Cookies\index.dat
    • %USERPROFILE%\Local Settings\History\History.IE5\index.dat
  • 注册表
    会添加以下注册表项目:
    • HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings ("ProxyEnable": dword:00000000)
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaIntEn Monitor ("Type": dword:00000010; "Start": dword:00000002; "ErrorControl": dword:00000001; "ImagePath": ""%PROGRAM FILES%\WaIntEn\Wajam.exe""; "DisplayName": "WaIntEn Monitor"; "DependOnService": "RPCSS;"; "DependOnGroup": ""; "ObjectName": "LocalSystem"; "Description": "Enhances experience when browsing the web.")
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaIntEn Monitor\Security ("Security": %hex values%)
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WAINTEN_MONITOR ("NextInstance": dword:00000001)
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WAINTEN_MONITOR\0000 ("Service": "WaIntEn Monitor"; "Legacy": dword:00000001; "ConfigFlags": dword:00000000; "Class": "LegacyDriver"; "ClassGUID": "{8ECC055D-047F-11D1-A537-0000F8753ED1}"; "DeviceDesc": "WaIntEn Monitor")
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WAINTEN_MONITOR\0000\Control ("*NewlyCreated*": dword:00000000; "ActiveService": "WaIntEn Monitor")
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaIntEn Monitor\Enum ("0": "Root\LEGACY_WAINTEN_MONITOR\0000"; "Count": dword:00000001; "NextInstance": dword:00000001)
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent (@: dword:0000000f)
    会更改以下注册表项:
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_1022&DEV_2000&SUBSYS_20001022&REV_10\4&47b7341&0&0088\LogConf (BootConfigVector: -; AllocConfigVector: -; ForcedConfigVector: -; BasicConfig: -; FilteredConfig: -; OverrideConfig: -)
    会删除以下注册表项的注册值:
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_PSCHEDMP\0000\LogConf (BootConfigVector: -; AllocConfigVector: -; ForcedConfigVector: -; BasicConfig: -; FilteredConfig: -; OverrideConfig: -)
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_L2TPMINIPORT\0000\LogConf (BootConfigVector: -; AllocConfigVector: -; ForcedConfigVector: -; BasicConfig: -; FilteredConfig: -; OverrideConfig: -)
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_PPTPMINIPORT\0000\LogConf (BootConfigVector: -; AllocConfigVector: -; ForcedConfigVector: -; BasicConfig: -; FilteredConfig: -; OverrideConfig: -)
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_PPPOEMINIPORT\0000\LogConf (BootConfigVector: -; AllocConfigVector: -; ForcedConfigVector: -; BasicConfig: -; FilteredConfig: -; OverrideConfig: -)
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_PTIMINIPORT\0000\LogConf (BootConfigVector: -; AllocConfigVector: -; ForcedConfigVector: -; BasicConfig: -; FilteredConfig: -; OverrideConfig: -)
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_NDISWANIP\0000\LogConf (BootConfigVector: -; AllocConfigVector: -; ForcedConfigVector: -; BasicConfig: -; FilteredConfig: -; OverrideConfig: -)
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_PSCHEDMP\0001\LogConf (BootConfigVector: -; AllocConfigVector: -; ForcedConfigVector: -; BasicConfig: -; FilteredConfig: -; OverrideConfig: -)
  • HTTP 请求
    • www.*****ologiestuart.com/installer/getTimestamp
    • www.*****ologiestuart.com/installer/start?v=d1.52.1.25&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1443706193&ts2=&brw=firefox&mi=1&ma=5
    • www.*****ologiestuart.com/webenhancer/logging?evt=10001&v=d1.52.1.25&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1443706193&ts2=&brw=firefox&mi=1&ma=5
    • www.*****ologiestuart.com/installer/logging?evt=1&pge=0&pr=0&ar=0&dr=0&v=d1.52.1.25&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1443706193&ts2=&brw=firefox&mi=1&ma=5
    • www.*****ologiestuart.com/installer/progress?section=1.0&getinstructions=1&v=d1.52.1.25&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1443706193&ts2=&brw=firefox&mi=1&ma=5
    • www.*****ologiestuart.com/installer/progress?section=2.0&v=d1.52.1.25&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1443706193&ts2=&brw=firefox&mi=1&ma=5
    • www.*****ologiestuart.com/installer/progress?section=3.0&v=d1.52.1.25&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1443706193&ts2=&brw=firefox&mi=1&ma=5
    • www.*****ologiestuart.com/webenhancer/injections?v=d1.52.1.25&os_mj=5&os_mn=1&os_bitness=32&mid=ef096dd5675385f2f105fd9bbb320587&uid=EF8BC53D75C85E8B8914CCDD89C85F75&aid=3673&aid2=none&ts=1443706193&ts2=
    • www.*****ologiestuart.com/webenhancer/logging?evt=10023&v=d1.52.1.25&os_mj=5&os_mn=1&os_bitness=32&mid=ef096dd5675385f2f105fd9bbb320587&uid=EF8BC53D75C85E8B8914CCDD89C85F75&aid=3673&aid2=none&ts=1443706193&ts2=
    • www.*****ologiestuart.com/webenhancer/logging?evt=10004&v=d1.52.1.25&os_mj=5&os_mn=1&os_bitness=32&mid=ef096dd5675385f2f105fd9bbb320587&uid=EF8BC53D75C85E8B8914CCDD89C85F75&aid=3673&aid2=none&ts=1443706193&ts2=
    • www.*****ologiestuart.com/webenhancer/config?v=d1.52.1.25&os_mj=5&os_mn=1&os_bitness=32&mid=ef096dd5675385f2f105fd9bbb320587&uid=EF8BC53D75C85E8B8914CCDD89C85F75&aid=3673&aid2=none&ts=1443706193&ts2=
    • www.*****ologiestuart.com/installer/progress?section=4.0&v=d1.52.1.25&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1443706193&ts2=&brw=firefox&mi=1&ma=5
    • www.*****ologiestuart.com/installer/progress?section=5.0&v=d1.52.1.25&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1443706193&ts2=&brw=firefox&mi=1&ma=5
    • www.*****ologiestuart.com/installer/progress?section=6.0&v=d1.52.1.25&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1443706193&ts2=&brw=firefox&mi=1&ma=5
    • www.*****ologiestuart.com/installer/downloadsLog?unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&affiliate_id=3673
    • www.*****ologiestuart.com/installer/urlsLog?unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&affiliate_id=3673&br=firefox
    • www.*****ologiestuart.com/webenhancer/update?v=d1.52.1.25&os_mj=5&os_mn=1&os_bitness=32&mid=ef096dd5675385f2f105fd9bbb320587&uid=EF8BC53D75C85E8B8914CCDD89C85F75&aid=3673&aid2=none&ts=1443706193&ts2=&retry_count=0&retry_version=&sc=1&scfr=&avs=0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
    • www.*****ologiestuart.com/installer/installedProgramsLogs?unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&affiliate_id=3673
    • www.*****ologiestuart.com/installer/progress?section=7.0&v=d1.52.1.25&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1443706193&ts2=&brw=firefox&mi=1&ma=5
    • www.*****ologiestuart.com/installer/progress?section=8.0&v=d1.52.1.25&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1443706193&ts2=&brw=firefox&mi=1&ma=5
    • www.*****ologiestuart.com/index.php?firstrun=1&bg=1&v=d1.52.1.25&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1443706193&ts2=&brw=firefox&mi=1&ma=5
    • www.*****ologiestuart.com/signup?aid=3673
    • www.*****ologiestuart.com/webenhancer/logging?evt=10008&v=d1.52.1.25&os_mj=5&os_mn=1&os_bitness=32&mid=ef096dd5675385f2f105fd9bbb320587&uid=EF8BC53D75C85E8B8914CCDD89C85F75&aid=3673&aid2=none&ts=1443706193&ts2=&brw=Firefox&brw_v=9%2E0%2E1%2E0&brw_bitness=32&metro=0
    • www.*****ologiestuart.com/installer/finish?v=d1.52.1.25&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1443706193&ts2=&brw=firefox&mi=1&ma=5
    • www.*****ologiestuart.com/webenhancer/logging?evt=10002&v=d1.52.1.25&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1443706193&ts2=&brw=firefox&mi=1&ma=5
    • www.*****ologiestuart.com/index.php?firstrun=1&lp=1&v=d1.52.1.25&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1443706193&ts2=&brw=firefox&mi=1&ma=5
    • ajax.*****eapis.com/ajax/libs/jquery/1.7/jquery.min.js?1.00372.0
    • ajax.*****eapis.com/ajax/libs/jqueryui/1.8.16/jquery-ui.js?1.00372.0
    • www.*****ologiestuart.com/favicon.ico
    • www.*****ologiestuart.com/js/min_general_en.js?1.00372.0
    • www.*****ologiestuart.com/js/min_signup_page.js?1.00372.0
    • www.*****ologiestuart.com/js/min_fancybox.js?1.00372.0
    • www.*****ologiestuart.com/css/min_signup.css?1.00372.0
    • www.*****ologiestuart.com/css/min_general.css?1.00372.0
    • www.*****ologiestuart.com/css/min_fancybox.css?1.00372.0
    • www.*****ologiestuart.com/imgs/logo-wajam-signup.png
    • www.*****ologiestuart.com/imgs/logo-facebook-f.png
    • www.*****ologiestuart.com/imgs/logo-twitter-bird.png
    • staticwajam-wajam.*****a-ssl.com/js/cdn/min_signup_page.js?1_00372_0=
    • staticwajam-wajam.*****a-ssl.com/css/cdn/min_signup.css?1_00372_0=
    • staticwajam-wajam.*****a-ssl.com/css/cdn/min_general.css?1_00372_0=
    • staticwajam-wajam.*****a-ssl.com/js/cdn/min_fancybox.js?1_00372_0=
    • staticwajam-wajam.*****a-ssl.com/js/cdn/min_general_en.js?1_00372_0=
    • staticwajam-wajam.*****a-ssl.com/imgs/signup-shadow.png
    • staticwajam-wajam.*****a-ssl.com/css/cdn/min_fancybox.css?1_00372_0=
    • g.*****.com/
    • fonts.*****eapis.com/css?family=Signika:400,300,600,700
    • connect.*****ook.net/en_US/all.js
    • ocsp.*****ert.com/

将可疑文件/URL 送予我们分析,帮助构建更加安全的网站。

提交您的文件/URL 或者 转到 Avira 疑难解答

为何提交可疑文件?

如果您遇到不在我们数据库中的可疑文件或网站,我们将对其进行分析,确定其是否有害。我们的分析结果将惠及数百万用户,并将纳入下一次病毒数据库更新。如果您已经拥有 Avira,则会获取此更新。尚未拥有 Avira? 请前往 获取

什么是 Avira 疑难解答?

这是我们大力发展的社区,由专业技术人员和兼职专家通力合作,为广大用户解决技术问题。这一 Avira 用户社群是提出问题的绝佳场所。