Adware.SoftwareUpdater

CH azonosító

Angol cím

Felfedezés dátuma

Súlyosság

Érintett rendszerek

Érintett verziók

Windows 98, Windows 95, Windows XP, Windows Server 2008, Windows 7, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000

Összefoglaló

Adware.SoftwareUpdater egy adware program, amely hirdetéseket jelenít meg a számítógépen.

Leírás

Az Adware elindítása után a következő fájlokat hozza létre:

• %ProgramFiles%Software UpdaterSoftwareUpdater.exe
• %ProgramFiles%Software Updaterunins000.dat
• %ProgramFiles%Software Updaterunins000.exe
• %ProgramFiles%Software UpdaterUninstall.exe
• %ProgramFiles%Software Updaterupdater.log
• %SystemDrive%Documents and SettingsAll UsersStart MenuSoftwareUpdater.lnk

Ezután létrehozza a következő bejegyzéseket:

• HKEY_LOCAL_MACHINESOFTWAREMicrosoftDirectDrawMostRecentApplication
• “Name” = “SoftwareUpdater.exe”
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftDirectDrawMostRecentApplication
• “ID” = “53A9B63E”
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
• UninstallSoftware Updater_is1Inno Setup”Setup Version” = “5.5.4 (a)”
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
• UninstallSoftware Updater_is1Inno Setup”App Path” = “%ProgramFiles%Software Updater”
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
• UninstallSoftware Updater_is1″InstallLocation” = “%ProgramFiles%Software Updater”
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
• UninstallSoftware Updater_is1Inno Setup”Icon Group” = “Software Updater”
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
• UninstallSoftware Updater_is1Inno Setup”User” = “Windows”
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
• UninstallSoftware Updater_is1Inno Setup”Language” = “default”
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
• UninstallSoftware Updater_is1″DisplayName” = “Software Updater version 1.9.4”
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
• UninstallSoftware Updater_is1″DisplayIcon” = “%ProgramFiles%Software UpdaterUninstallSoftwareUpdater.exe”
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
• UninstallSoftware Updater_is1″UninstallString” = “”%ProgramFiles%Software Updaterunins000.exe””
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
• UninstallSoftware Updater_is1″QuietUninstallString” = “”%ProgramFiles%Software Updaterunins000.exe” /SILENT”
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
• UninstallSoftware Updater_is1″DisplayVersion” = “1.9.4”
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
• UninstallSoftware Updater_is1″NoModify” = “1”
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
• UninstallSoftware Updater_is1″NoRepair” = “1”
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
• UninstallSoftware Updater_is1″InstallDate” = “20140701”
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
• UninstallSoftware Updater_is1″MajorVersion” = “1”
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
• UninstallSoftware Updater_is1″MinorVersion” = “9”
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
• UninstallSoftware Updater_is1″EstimatedSize” = “11B9”
• HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001SoftwareClassesVirtualStoreMACHINESOFTWAREMicrosoftDirectDraw
• MostRecentApplication”Name” = “SoftwareUpdater.exe”
• HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001SoftwareClassesVirtualStoreMACHINESOFTWAREMicrosoftDirectDraw
• MostRecentApplication”ID” = “53A9B63E”
• HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001SoftwareClassesVirtualStoreMACHINESOFTWAREMicrosoftWindows
• CurrentVersionUninstallSoftware Updater_is1Inno Setup”Setup Version” = “5.5.4 (a)”
• HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001SoftwareClassesVirtualStoreMACHINESOFTWAREMicrosoftWindows
• CurrentVersionUninstallSoftware Updater_is1Inno Setup”App Path” = “%ProgramFiles%Software Updater”
• HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001SoftwareClassesVirtualStoreMACHINESOFTWAREMicrosoftWindows
• CurrentVersionUninstallSoftware Updater_is1″InstallLocation” = “%ProgramFiles%Software Updater”
• HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001SoftwareClassesVirtualStoreMACHINESOFTWAREMicrosoftWindows
• CurrentVersionUninstallSoftware Updater_is1Inno Setup”Icon Group” = “Software Updater”
• HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001SoftwareClassesVirtualStoreMACHINESOFTWAREMicrosoftWindows
• CurrentVersionUninstallSoftware Updater_is1Inno Setup”User” = “Windows”
• HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001SoftwareClassesVirtualStoreMACHINESOFTWAREMicrosoftWindows
• CurrentVersionUninstallSoftware Updater_is1Inno Setup”Language” = “default”
• HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001SoftwareClassesVirtualStoreMACHINESOFTWAREMicrosoftWindows
• CurrentVersionUninstallSoftware Updater_is1″DisplayName” = “Software Updater version 1.9.4”
• HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001SoftwareClassesVirtualStoreMACHINESOFTWAREMicrosoftWindows
• CurrentVersionUninstallSoftware Updater_is1″DisplayIcon” = “%ProgramFiles%Software UpdaterUninstallSoftwareUpdater.exe”
• HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001SoftwareClassesVirtualStoreMACHINESOFTWAREMicrosoftWindows
• CurrentVersionUninstallSoftware Updater_is1″UninstallString” = “”%ProgramFiles%Software Updaterunins000.exe””
• HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001SoftwareClassesVirtualStoreMACHINESOFTWAREMicrosoftWindows
• CurrentVersionUninstallSoftware Updater_is1″QuietUninstallString” = “”%ProgramFiles%Software Updaterunins000.exe” /SILENT”
• HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001SoftwareClassesVirtualStoreMACHINESOFTWAREMicrosoftWindows
• CurrentVersionUninstallSoftware Updater_is1″DisplayVersion” = “1.9.4”
• HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001SoftwareClassesVirtualStoreMACHINESOFTWAREMicrosoftWindows
• CurrentVersionUninstallSoftware Updater_is1″NoModify” = “1”
• HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001SoftwareClassesVirtualStoreMACHINESOFTWAREMicrosoftWindows
• CurrentVersionUninstallSoftware Updater_is1″NoRepair” = “1”
• HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001SoftwareClassesVirtualStoreMACHINESOFTWAREMicrosoftWindows
• CurrentVersionUninstallSoftware Updater_is1″InstallDate” = “20140701”
• HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001SoftwareClassesVirtualStoreMACHINESOFTWAREMicrosoftWindows
• CurrentVersionUninstallSoftware Updater_is1″MajorVersion” = “1”
• HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001SoftwareClassesVirtualStoreMACHINESOFTWAREMicrosoftWindows
• CurrentVersionUninstallSoftware Updater_is1″MinorVersion” = “9”
• HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001SoftwareClassesVirtualStoreMACHINESOFTWAREMicrosoftWindows
• CurrentVersionUninstallSoftware Updater_is1″EstimatedSize” = “11B9”
• HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001SoftwareSoftwareUpdater”guid” = “20afa198-72e0-40e6-b05f-6b6b2b798ee9”
• HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001_ClassesVirtualStoreMACHINESOFTWAREMicrosoftDirectDrawMostRecentApplication”Name” = “SoftwareUpdater.exe”
• HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001_ClassesVirtualStoreMACHINESOFTWAREMicrosoftDirectDrawMostRecentApplication”ID” = “53A9B63E”
• HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001_ClassesVirtualStoreMACHINESOFTWAREMicrosoftWindowsCurrentVersion
• UninstallSoftware Updater_is1Inno Setup”Setup Version” = “5.5.4 (a)”
• HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001_ClassesVirtualStoreMACHINESOFTWAREMicrosoftWindowsCurrentVersion
• UninstallSoftware Updater_is1Inno Setup”App Path” = “%ProgramFiles%Software Updater”
• HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001_ClassesVirtualStoreMACHINESOFTWAREMicrosoftWindowsCurrentVersion
• UninstallSoftware Updater_is1″InstallLocation” = “%ProgramFiles%Software Updater”
• HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001_ClassesVirtualStoreMACHINESOFTWAREMicrosoftWindowsCurrentVersion
• UninstallSoftware Updater_is1Inno Setup”Icon Group” = “Software Updater”
• HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001_ClassesVirtualStoreMACHINESOFTWAREMicrosoftWindowsCurrentVersion
• UninstallSoftware Updater_is1Inno Setup”User” = “Windows”
• HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001_ClassesVirtualStoreMACHINESOFTWAREMicrosoftWindowsCurrentVersion
• UninstallSoftware Updater_is1Inno Setup”Language” = “default”
• HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001_ClassesVirtualStoreMACHINESOFTWAREMicrosoftWindowsCurrentVersion
• UninstallSoftware Updater_is1″DisplayName” = “Software Updater version 1.9.4”
• HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001_ClassesVirtualStoreMACHINESOFTWAREMicrosoftWindowsCurrentVersion
• UninstallSoftware Updater_is1″DisplayIcon” = “%ProgramFiles%Software UpdaterUninstallSoftwareUpdater.exe”
• HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001_ClassesVirtualStoreMACHINESOFTWAREMicrosoftWindowsCurrentVersion
• UninstallSoftware Updater_is1″UninstallString” = “”%ProgramFiles%Software Updaterunins000.exe””
• HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001_ClassesVirtualStoreMACHINESOFTWAREMicrosoftWindowsCurrentVersion
• UninstallSoftware Updater_is1″QuietUninstallString” = “”%ProgramFiles%Software Updaterunins000.exe” /SILENT”
• HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001_ClassesVirtualStoreMACHINESOFTWAREMicrosoftWindowsCurrentVersion
• UninstallSoftware Updater_is1″DisplayVersion” = “1.9.4”
• HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001_ClassesVirtualStoreMACHINESOFTWAREMicrosoftWindowsCurrentVersion
• UninstallSoftware Updater_is1″NoModify” = “1”
• HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001_ClassesVirtualStoreMACHINESOFTWAREMicrosoftWindowsCurrentVersion
• UninstallSoftware Updater_is1″NoRepair” = “1”
• HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001_ClassesVirtualStoreMACHINESOFTWAREMicrosoftWindowsCurrentVersion
• UninstallSoftware Updater_is1″InstallDate” = “20140701”
• HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001_ClassesVirtualStoreMACHINESOFTWAREMicrosoftWindowsCurrentVersion
• UninstallSoftware Updater_is1″MajorVersion” = “1”
• HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001_ClassesVirtualStoreMACHINESOFTWAREMicrosoftWindowsCurrentVersion
• UninstallSoftware Updater_is1″MinorVersion” = “9”
• HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001_ClassesVirtualStoreMACHINESOFTWAREMicrosoftWindowsCurrentVersion
• UninstallSoftware Updater_is1″EstimatedSize” = “11B9”

A program a kapcsolódik a következő távoli helyre, hogy frissítse magát:

• [http://]api.software-updater.com/get/d$[REMOVED]

A program ellenőrzi, hogy egy bizonyos szoftver telepítve van a számítógépen, és ha ezt a speciális szoftvert észleli, akkor a program felveszi a kapcsolatot a következő távoli hellyel:

• http://]api.software-updater.com/get/s$[REMOVED]

A következő kiegészítő információ tartalmazza: 

• szoftver neve 
• szoftver verzió 
• Letöltés URL 
• megjelenési dátum 
• feltételek 
• Segítség URL 
• kép URL

A program ekkor egy felugró üzenet  jelenít meg az asztalon, a számítógép arra kéri a felhasználót, hogy frissítse a szoftvert. Az üzenet egy hirdetés, ami kéretlen alkalmazásnak minősül.

A program frissítéseket tölt le a következő távoli helyszínről:

• [http://]cdn.software-updater.com/updater/Upgrad[REMOVED]

Megoldás

Frissítse a víruskereső adatbázisát.

Támadás típusa

Hatás

Szükséges hozzáférés

Hivatkozások

Egyéb referencia: www.symantec.com