Adware / Vittalia.Z
Virus: Adware /
Vittalia.Z
Tanggal
ditemukan: 25/06/2013
Jenis: Adware /
Spyware
Di alam liar:
Tidak ada
Dilaporkan
Infeksi: Rendah
Distribusi
Potensi: Rendah
Kerusakan
Potensi: Rendah
VDF version:
7.11.86.204 - Selasa, Juni 25, 2013
IVDF versi:
7.11.86.204 - Selasa, Juni 25, 2013
umum
Metode
perbanyakan:
• Tidak rutin menyebarkan sendiri
Deteksi dengan
anti virus lainnya :
• Kaspersky: tidak-a-virus: RiskTool.Win32.Agent.rv
• AVG: Adware / Vittalia.Z
• Eset: Win32/Vittalia.C
• DrWeb: Adware.Downware.744
Platform / OS:
• Windows 2000
• Windows XP
• Windows 2003
• Windows Vista
• Windows Server 2008
• Windows 7
arsip
Berkas berikut
ini dibuat:
-
File
berbahaya Non:
• %appdata%\temp\7b31Installer.exe;
%appdata%\temp\7b31Installer.INI;
%temp%p\ajax_loader.gif; %temp%p\instloffer.exe;
%temp%p\square_babylonv3.bmp; %temp%p\toolbar_bbv3.bmp;
%temp%p\square_babylonv2.bmp; %temp%p\toolbar_bbv2.bmp;
%temp%p\mockup_softwareupdater.bmp; %temp%p\config.xml;
%temp%p\nslA.tmp\modern-header.bmp; %temp%p\nslA.tmp\modern-wizard.bmp;
%temp%p\nslA.tmp\ButtonEvent.dll; %temp%p\nslA.tmp\System.dll;
%temp%p\nslA.tmp\ToolkitOffers.dll; %temp%p\nslA.tmp\nsArray.dll;
%temp%p\nslA.tmp\nsDialogs.dll; %temp%p\nslA.tmp\BgWorker.dll;
%temp%p\nslA.tmp\ExecDos.dll; %temp%p\nslA.tmp\AnimGif.dll
%temp%p\ajax_loader.gif; %temp%p\instloffer.exe;
%temp%p\square_babylonv3.bmp; %temp%p\toolbar_bbv3.bmp;
%temp%p\square_babylonv2.bmp; %temp%p\toolbar_bbv2.bmp;
%temp%p\mockup_softwareupdater.bmp; %temp%p\config.xml;
%temp%p\nslA.tmp\modern-header.bmp; %temp%p\nslA.tmp\modern-wizard.bmp;
%temp%p\nslA.tmp\ButtonEvent.dll; %temp%p\nslA.tmp\System.dll;
%temp%p\nslA.tmp\ToolkitOffers.dll; %temp%p\nslA.tmp\nsArray.dll;
%temp%p\nslA.tmp\nsDialogs.dll; %temp%p\nslA.tmp\BgWorker.dll;
%temp%p\nslA.tmp\ExecDos.dll; %temp%p\nslA.tmp\AnimGif.dll
Sementara file
yang mungkin dihapus setelah:
•% AppData% \ temp \ 7b31fondo.bmp.zip
•% AppData% \ temp \ 7b31header.bmp.zip
•% temp% \ nsf9.tmp
• C: \ loader64.gif
• C: \ icon.ico
•% temp% \ nslA.tmp
Registri :
Kunci registri
berikut ditambahkan untuk memuat layanan setelah reboot:
–
[HKLM\SYSTEM\ControlSet001\Services\RemoteAccess\Performance]
• "Disable Performance Counters"="dword:0x00000001"
– [HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Performance]
• "Disable Performance Counters"="dword:0x00000001"
• "Disable Performance Counters"="dword:0x00000001"
– [HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Performance]
• "Disable Performance Counters"="dword:0x00000001"
Kunci registri
berikut ditambahkan:
– [HKLM\SYSTEM\ControlSet001\Services\HidUsb\Enum]
• "Count"="dword:0x00000000"
• "NextInstance"="dword:0x00000000"
– [HKLM\SYSTEM\ControlSet001\Services\Mouclass\Enum]
• "Count"="dword:0x00000002"
• "NextInstance"="dword:0x00000002"
– [HKLM\SYSTEM\ControlSet001\Services\mouhid\Enum]
• "Count"="dword:0x00000000"
• "NextInstance"="dword:0x00000000"
– [HKLM\SYSTEM\ControlSet001\Services\usbccgp\Enum]
• "Count"="dword:0x00000000"
• "NextInstance"="dword:0x00000000"
– [HKLM\SYSTEM\ControlSet001\Services\usbhub\Enum]
• "Count"="dword:0x00000001"
• "NextInstance"="dword:0x00000001"
– [HKLM\SYSTEM\CurrentControlSet\Services\HidUsb\Enum]
• "Count"="dword:0x00000000"
• "NextInstance"="dword:0x00000000"
– [HKLM\SYSTEM\CurrentControlSet\Services\Mouclass\Enum]
• "Count"="dword:0x00000002"
• "NextInstance"="dword:0x00000002"
– [HKLM\SYSTEM\CurrentControlSet\Services\mouhid\Enum]
• "Count"="dword:0x00000000"
• "NextInstance"="dword:0x00000000"
– [HKLM\SYSTEM\CurrentControlSet\Services\usbccgp\Enum]
• "Count"="dword:0x00000000"
• "NextInstance"="dword:0x00000000"
– [HKLM\SYSTEM\CurrentControlSet\Services\usbhub\Enum]
• "Count"="dword:0x00000001"
• "NextInstance"="dword:0x00000001"
• "Count"="dword:0x00000000"
• "NextInstance"="dword:0x00000000"
– [HKLM\SYSTEM\ControlSet001\Services\Mouclass\Enum]
• "Count"="dword:0x00000002"
• "NextInstance"="dword:0x00000002"
– [HKLM\SYSTEM\ControlSet001\Services\mouhid\Enum]
• "Count"="dword:0x00000000"
• "NextInstance"="dword:0x00000000"
– [HKLM\SYSTEM\ControlSet001\Services\usbccgp\Enum]
• "Count"="dword:0x00000000"
• "NextInstance"="dword:0x00000000"
– [HKLM\SYSTEM\ControlSet001\Services\usbhub\Enum]
• "Count"="dword:0x00000001"
• "NextInstance"="dword:0x00000001"
– [HKLM\SYSTEM\CurrentControlSet\Services\HidUsb\Enum]
• "Count"="dword:0x00000000"
• "NextInstance"="dword:0x00000000"
– [HKLM\SYSTEM\CurrentControlSet\Services\Mouclass\Enum]
• "Count"="dword:0x00000002"
• "NextInstance"="dword:0x00000002"
– [HKLM\SYSTEM\CurrentControlSet\Services\mouhid\Enum]
• "Count"="dword:0x00000000"
• "NextInstance"="dword:0x00000000"
– [HKLM\SYSTEM\CurrentControlSet\Services\usbccgp\Enum]
• "Count"="dword:0x00000000"
• "NextInstance"="dword:0x00000000"
– [HKLM\SYSTEM\CurrentControlSet\Services\usbhub\Enum]
• "Count"="dword:0x00000001"
• "NextInstance"="dword:0x00000001"
Kunci registri
berikut berubah:
–
[HKLM\SYSTEM\ControlSet001\Services\RemoteAccess\Performance]
Old value:
• "Error Count"=dword:00000012
New value:
• "Error Count"="dword:0x000003e8"
– [HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Performance]
Old value:
• "Error Count"=dword:00000012
New value:
• "Error Count"="dword:0x000003e8"
Old value:
• "Error Count"=dword:00000012
New value:
• "Error Count"="dword:0x000003e8"
– [HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Performance]
Old value:
• "Error Count"=dword:00000012
New value:
• "Error Count"="dword:0x000003e8"
0 Komentar:
Posting Komentar