Avira 病毒搜尋

TR/Clicker.adad

  • 名稱
    TR/Clicker.adad
  • 发现日期
    2015年12月16日
  • 類型
    Malware
  • 影響
     
  • 報告的感染
     
  • 作業系統
    Windows
  • VDF 版本
    7.11.228.234 (2015-05-04 22:40)

'TR' 一詞表示特洛伊木馬程式,它能夠偵察資料來侵害您的隱私,或是對系統執行有害的通知。

  • VDF
    7.11.228.234 (2015-05-04 22:40)
  • 別名
    Avast: Win32:Malware-gen
    AVG: Atros.ADAZ
    Dr. Web: Trojan.DownLoader16.54796
    G Data: Gen:Variant.Kazy.696696
    Kaspersky Lab: Trojan-Clicker.MSIL.Agent.arz
    Bitdefender: Gen:Variant.Kazy.696696
    ESET: MSIL/Lardosy.A worm
  • 檔案
    變更下列檔案:
    • %USERPROFILE%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    • %temporary internet files%\Content.IE5\index.dat
    • %USERPROFILE%\Cookies\index.dat
    • %USERPROFILE%\Local Settings\History\History.IE5\index.dat
    建立下列檔案:
    • %temporary internet files%\Content.IE5\QH9ZEEV0\git[1].php
  • 登錄
    新增下列登錄授權碼:
    • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION ("sample.exe": dword:00002710)
    • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AJAX_CONNECTIONEVENTS ("sample.exe": dword:00000001)
    • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_CLIPCHILDREN_OPTIMIZATION ("sample.exe": dword:00000001)
    • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS ("sample.exe": dword:00000001)
    • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOMSTORAGE ("sample.exe": dword:00000001)
    • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING ("sample.exe": dword:00000001)
    • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IVIEWOBJECTDRAW_DMLT9_WITH_GDI ("sample.exe": dword:00000000)
    • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION ("sample.exe": dword:00000001)
    • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN ("sample.exe": dword:00000000)
    • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT ("sample.exe": dword:00000000)
    • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT ("sample.exe": dword:00000000)
    • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS ("sample.exe": dword:00000001)
    • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION ("sample.exe": dword:00000001)
    • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SPELLCHECKING ("sample.exe": dword:00000000)
    • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_STATUS_BAR_THROTTLING ("sample.exe": dword:00000001)
    • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_TABBED_BROWSING ("sample.exe": dword:00000001)
    • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL ("sample.exe": dword:00000001)
    • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM ("sample.exe": dword:00000001)
    • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT ("sample.exe": dword:00000000)
    • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD ("sample.exe": dword:00000001)
    • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT ("sample.exe": dword:00000000)
    • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBSOCKET ("sample.exe": dword:00000001)
    • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS ("sample.exe": dword:00000000)
    • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XMLHTTP ("sample.exe": dword:00000001)
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TAPISRV\0000\Control ("ActiveService": "TapiSrv")
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RASMAN\0000\Control ("ActiveService": "RasMan")
    • HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings ("ProxyEnable": dword:00000000)
  • HTTP 請求
    • a.*****tformum.info/timer.txt
    • a.*****tformum.info/user.txt
    • a.*****tformum.info/site.txt
    • a.*****tformum.info/hit/git.php

將可疑的檔案/URL 送予我們分析,助力構建更安全的網站。

送出您的檔案/URL 或者 請前往 Avira 問答區

為何送出可疑的檔案?

如果您遇到不在我們資料庫中的可疑檔案或網站,我們會對其進行分析,確定其是否有害。我們的分析結果將向數百萬名用戶公開,並納入下一次病毒資料庫更新。如果您擁有 Avira,您也將取得此更新。尚未擁有 Avira?請前往 我們的首頁獲取。

何為 Avira 問答區?

Avira 問答區是我們大力發展的社區,由專業技術人員和兼職專家並肩合作,幫助解決技術問題。這一 Avira 用戶社區是您提出問題的絕佳場所。