Adware / Vittalia.Z

28/06/13

Ping your blog, website, or RSS feed for Free
Adware / Vittalia.Z


Virus: Adware / Vittalia.Z
Tanggal ditemukan: 25/06/2013
Jenis: Adware / Spyware
Di alam liar: Tidak ada
Dilaporkan Infeksi: Rendah
Distribusi Potensi: Rendah
Kerusakan Potensi: Rendah
VDF version: 7.11.86.204 - Selasa, Juni 25, 2013
IVDF versi: 7.11.86.204 - Selasa, Juni 25, 2013

umum
Metode perbanyakan:
    • Tidak rutin menyebarkan sendiri


Deteksi dengan anti virus lainnya :
    • Kaspersky: tidak-a-virus: RiskTool.Win32.Agent.rv
    • AVG: Adware / Vittalia.Z
    • Eset: Win32/Vittalia.C
    • DrWeb: Adware.Downware.744


Platform / OS:
    • Windows 2000
    • Windows XP
    • Windows 2003
    • Windows Vista
    • Windows Server 2008
    • Windows 7



arsip
Berkas berikut ini dibuat:

-          File berbahaya Non:

 • %appdata%\temp\7b31Installer.exe; %appdata%\temp\7b31Installer.INI;
      %temp%p\ajax_loader.gif; %temp%p\instloffer.exe;
      %temp%p\square_babylonv3.bmp; %temp%p\toolbar_bbv3.bmp;
      %temp%p\square_babylonv2.bmp; %temp%p\toolbar_bbv2.bmp;
      %temp%p\mockup_softwareupdater.bmp; %temp%p\config.xml;
      %temp%p\nslA.tmp\modern-header.bmp; %temp%p\nslA.tmp\modern-wizard.bmp;
      %temp%p\nslA.tmp\ButtonEvent.dll; %temp%p\nslA.tmp\System.dll;
      %temp%p\nslA.tmp\ToolkitOffers.dll; %temp%p\nslA.tmp\nsArray.dll;
      %temp%p\nslA.tmp\nsDialogs.dll; %temp%p\nslA.tmp\BgWorker.dll;
      %temp%p\nslA.tmp\ExecDos.dll; %temp%p\nslA.tmp\AnimGif.dll

Sementara file yang mungkin dihapus setelah:
    •% AppData% \ temp \ 7b31fondo.bmp.zip
    •% AppData% \ temp \ 7b31header.bmp.zip
    •% temp% \ nsf9.tmp
    • C: \ loader64.gif
    • C: \ icon.ico
    •% temp% \ nslA.tmp

Registri :
Kunci registri berikut ditambahkan untuk memuat layanan setelah reboot:

– [HKLM\SYSTEM\ControlSet001\Services\RemoteAccess\Performance]
   • "Disable Performance Counters"="dword:0x00000001"

– [HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Performance]
   • "Disable Performance Counters"="dword:0x00000001"

Kunci registri berikut ditambahkan:

– [HKLM\SYSTEM\ControlSet001\Services\HidUsb\Enum]
   • "Count"="dword:0x00000000"
   • "NextInstance"="dword:0x00000000"

– [HKLM\SYSTEM\ControlSet001\Services\Mouclass\Enum]
   • "Count"="dword:0x00000002"
   • "NextInstance"="dword:0x00000002"

– [HKLM\SYSTEM\ControlSet001\Services\mouhid\Enum]
   • "Count"="dword:0x00000000"
   • "NextInstance"="dword:0x00000000"

– [HKLM\SYSTEM\ControlSet001\Services\usbccgp\Enum]
   • "Count"="dword:0x00000000"
   • "NextInstance"="dword:0x00000000"

– [HKLM\SYSTEM\ControlSet001\Services\usbhub\Enum]
   • "Count"="dword:0x00000001"
   • "NextInstance"="dword:0x00000001"

– [HKLM\SYSTEM\CurrentControlSet\Services\HidUsb\Enum]
   • "Count"="dword:0x00000000"
   • "NextInstance"="dword:0x00000000"

– [HKLM\SYSTEM\CurrentControlSet\Services\Mouclass\Enum]
   • "Count"="dword:0x00000002"
   • "NextInstance"="dword:0x00000002"

– [HKLM\SYSTEM\CurrentControlSet\Services\mouhid\Enum]
   • "Count"="dword:0x00000000"
   • "NextInstance"="dword:0x00000000"

– [HKLM\SYSTEM\CurrentControlSet\Services\usbccgp\Enum]
   • "Count"="dword:0x00000000"
   • "NextInstance"="dword:0x00000000"

– [HKLM\SYSTEM\CurrentControlSet\Services\usbhub\Enum]
   • "Count"="dword:0x00000001"
   • "NextInstance"="dword:0x00000001"

Kunci registri berikut berubah:

– [HKLM\SYSTEM\ControlSet001\Services\RemoteAccess\Performance]
   Old value:
   • "Error Count"=dword:00000012
   New value:
   • "Error Count"="dword:0x000003e8"

– [HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Performance]
   Old value:
   • "Error Count"=dword:00000012
   New value:
   • "Error Count"="dword:0x000003e8"




0 Komentar:

Poskan Komentar

Cari Posting Blog

Memuat...

Translate

Follow by Email

Download Software

Download Software
FREE AVIRA

Baidu PC Faster

Baidu PC Faster
FREE DOWNLOAD

Rek 2960 398486

Rek 2960 398486
Khairul Maddy

Google+ Followers

Pengikut

Grade

Entri Populer

Total Tayangan Laman

Backlink

eXTReMe Tracker
Free Capricorn Red Cursors at www.totallyfreecursors.com