Adware.SoftwareUpdater

CH azonosító

CH-11661

Angol cím

Adware.SoftwareUpdater

Felfedezés dátuma

2014.09.22.

Súlyosság

Alacsony

Érintett rendszerek

Microsoft

Érintett verziók

Windows 98, Windows 95, Windows XP, Windows Server 2008, Windows 7, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000

Összefoglaló

Adware.SoftwareUpdater egy adware program, amely hirdetéseket jelenít meg a számítógépen.

Leírás

Az Adware elindítása után a következő fájlokat hozza létre:

  • %ProgramFiles%Software UpdaterSoftwareUpdater.exe
  • %ProgramFiles%Software Updaterunins000.dat
  • %ProgramFiles%Software Updaterunins000.exe
  • %ProgramFiles%Software UpdaterUninstall.exe
  • %ProgramFiles%Software Updaterupdater.log
  • %SystemDrive%Documents and SettingsAll UsersStart MenuSoftwareUpdater.lnk

Ezután létrehozza a következő bejegyzéseket:

  • HKEY_LOCAL_MACHINESOFTWAREMicrosoftDirectDrawMostRecentApplication
  • “Name” = “SoftwareUpdater.exe”
  • HKEY_LOCAL_MACHINESOFTWAREMicrosoftDirectDrawMostRecentApplication
  • “ID” = “53A9B63E”
  • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
  • UninstallSoftware Updater_is1Inno Setup”Setup Version” = “5.5.4 (a)”
  • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
  • UninstallSoftware Updater_is1Inno Setup”App Path” = “%ProgramFiles%Software Updater”
  • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
  • UninstallSoftware Updater_is1″InstallLocation” = “%ProgramFiles%Software Updater”
  • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
  • UninstallSoftware Updater_is1Inno Setup”Icon Group” = “Software Updater”
  • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
  • UninstallSoftware Updater_is1Inno Setup”User” = “Windows”
  • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
  • UninstallSoftware Updater_is1Inno Setup”Language” = “default”
  • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
  • UninstallSoftware Updater_is1″DisplayName” = “Software Updater version 1.9.4”
  • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
  • UninstallSoftware Updater_is1″DisplayIcon” = “%ProgramFiles%Software UpdaterUninstallSoftwareUpdater.exe”
  • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
  • UninstallSoftware Updater_is1″UninstallString” = “”%ProgramFiles%Software Updaterunins000.exe””
  • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
  • UninstallSoftware Updater_is1″QuietUninstallString” = “”%ProgramFiles%Software Updaterunins000.exe” /SILENT”
  • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
  • UninstallSoftware Updater_is1″DisplayVersion” = “1.9.4”
  • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
  • UninstallSoftware Updater_is1″NoModify” = “1”
  • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
  • UninstallSoftware Updater_is1″NoRepair” = “1”
  • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
  • UninstallSoftware Updater_is1″InstallDate” = “20140701”
  • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
  • UninstallSoftware Updater_is1″MajorVersion” = “1”
  • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
  • UninstallSoftware Updater_is1″MinorVersion” = “9”
  • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
  • UninstallSoftware Updater_is1″EstimatedSize” = “11B9”
  • HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001SoftwareClassesVirtualStoreMACHINESOFTWAREMicrosoftDirectDraw
  • MostRecentApplication”Name” = “SoftwareUpdater.exe”
  • HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001SoftwareClassesVirtualStoreMACHINESOFTWAREMicrosoftDirectDraw
  • MostRecentApplication”ID” = “53A9B63E”
  • HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001SoftwareClassesVirtualStoreMACHINESOFTWAREMicrosoftWindows
  • CurrentVersionUninstallSoftware Updater_is1Inno Setup”Setup Version” = “5.5.4 (a)”
  • HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001SoftwareClassesVirtualStoreMACHINESOFTWAREMicrosoftWindows
  • CurrentVersionUninstallSoftware Updater_is1Inno Setup”App Path” = “%ProgramFiles%Software Updater”
  • HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001SoftwareClassesVirtualStoreMACHINESOFTWAREMicrosoftWindows
  • CurrentVersionUninstallSoftware Updater_is1″InstallLocation” = “%ProgramFiles%Software Updater”
  • HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001SoftwareClassesVirtualStoreMACHINESOFTWAREMicrosoftWindows
  • CurrentVersionUninstallSoftware Updater_is1Inno Setup”Icon Group” = “Software Updater”
  • HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001SoftwareClassesVirtualStoreMACHINESOFTWAREMicrosoftWindows
  • CurrentVersionUninstallSoftware Updater_is1Inno Setup”User” = “Windows”
  • HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001SoftwareClassesVirtualStoreMACHINESOFTWAREMicrosoftWindows
  • CurrentVersionUninstallSoftware Updater_is1Inno Setup”Language” = “default”
  • HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001SoftwareClassesVirtualStoreMACHINESOFTWAREMicrosoftWindows
  • CurrentVersionUninstallSoftware Updater_is1″DisplayName” = “Software Updater version 1.9.4”
  • HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001SoftwareClassesVirtualStoreMACHINESOFTWAREMicrosoftWindows
  • CurrentVersionUninstallSoftware Updater_is1″DisplayIcon” = “%ProgramFiles%Software UpdaterUninstallSoftwareUpdater.exe”
  • HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001SoftwareClassesVirtualStoreMACHINESOFTWAREMicrosoftWindows
  • CurrentVersionUninstallSoftware Updater_is1″UninstallString” = “”%ProgramFiles%Software Updaterunins000.exe””
  • HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001SoftwareClassesVirtualStoreMACHINESOFTWAREMicrosoftWindows
  • CurrentVersionUninstallSoftware Updater_is1″QuietUninstallString” = “”%ProgramFiles%Software Updaterunins000.exe” /SILENT”
  • HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001SoftwareClassesVirtualStoreMACHINESOFTWAREMicrosoftWindows
  • CurrentVersionUninstallSoftware Updater_is1″DisplayVersion” = “1.9.4”
  • HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001SoftwareClassesVirtualStoreMACHINESOFTWAREMicrosoftWindows
  • CurrentVersionUninstallSoftware Updater_is1″NoModify” = “1”
  • HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001SoftwareClassesVirtualStoreMACHINESOFTWAREMicrosoftWindows
  • CurrentVersionUninstallSoftware Updater_is1″NoRepair” = “1”
  • HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001SoftwareClassesVirtualStoreMACHINESOFTWAREMicrosoftWindows
  • CurrentVersionUninstallSoftware Updater_is1″InstallDate” = “20140701”
  • HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001SoftwareClassesVirtualStoreMACHINESOFTWAREMicrosoftWindows
  • CurrentVersionUninstallSoftware Updater_is1″MajorVersion” = “1”
  • HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001SoftwareClassesVirtualStoreMACHINESOFTWAREMicrosoftWindows
  • CurrentVersionUninstallSoftware Updater_is1″MinorVersion” = “9”
  • HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001SoftwareClassesVirtualStoreMACHINESOFTWAREMicrosoftWindows
  • CurrentVersionUninstallSoftware Updater_is1″EstimatedSize” = “11B9”
  • HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001SoftwareSoftwareUpdater”guid” = “20afa198-72e0-40e6-b05f-6b6b2b798ee9”
  • HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001_ClassesVirtualStoreMACHINESOFTWAREMicrosoftDirectDrawMostRecentApplication”Name” = “SoftwareUpdater.exe”
  • HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001_ClassesVirtualStoreMACHINESOFTWAREMicrosoftDirectDrawMostRecentApplication”ID” = “53A9B63E”
  • HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001_ClassesVirtualStoreMACHINESOFTWAREMicrosoftWindowsCurrentVersion
  • UninstallSoftware Updater_is1Inno Setup”Setup Version” = “5.5.4 (a)”
  • HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001_ClassesVirtualStoreMACHINESOFTWAREMicrosoftWindowsCurrentVersion
  • UninstallSoftware Updater_is1Inno Setup”App Path” = “%ProgramFiles%Software Updater”
  • HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001_ClassesVirtualStoreMACHINESOFTWAREMicrosoftWindowsCurrentVersion
  • UninstallSoftware Updater_is1″InstallLocation” = “%ProgramFiles%Software Updater”
  • HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001_ClassesVirtualStoreMACHINESOFTWAREMicrosoftWindowsCurrentVersion
  • UninstallSoftware Updater_is1Inno Setup”Icon Group” = “Software Updater”
  • HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001_ClassesVirtualStoreMACHINESOFTWAREMicrosoftWindowsCurrentVersion
  • UninstallSoftware Updater_is1Inno Setup”User” = “Windows”
  • HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001_ClassesVirtualStoreMACHINESOFTWAREMicrosoftWindowsCurrentVersion
  • UninstallSoftware Updater_is1Inno Setup”Language” = “default”
  • HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001_ClassesVirtualStoreMACHINESOFTWAREMicrosoftWindowsCurrentVersion
  • UninstallSoftware Updater_is1″DisplayName” = “Software Updater version 1.9.4”
  • HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001_ClassesVirtualStoreMACHINESOFTWAREMicrosoftWindowsCurrentVersion
  • UninstallSoftware Updater_is1″DisplayIcon” = “%ProgramFiles%Software UpdaterUninstallSoftwareUpdater.exe”
  • HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001_ClassesVirtualStoreMACHINESOFTWAREMicrosoftWindowsCurrentVersion
  • UninstallSoftware Updater_is1″UninstallString” = “”%ProgramFiles%Software Updaterunins000.exe””
  • HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001_ClassesVirtualStoreMACHINESOFTWAREMicrosoftWindowsCurrentVersion
  • UninstallSoftware Updater_is1″QuietUninstallString” = “”%ProgramFiles%Software Updaterunins000.exe” /SILENT”
  • HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001_ClassesVirtualStoreMACHINESOFTWAREMicrosoftWindowsCurrentVersion
  • UninstallSoftware Updater_is1″DisplayVersion” = “1.9.4”
  • HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001_ClassesVirtualStoreMACHINESOFTWAREMicrosoftWindowsCurrentVersion
  • UninstallSoftware Updater_is1″NoModify” = “1”
  • HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001_ClassesVirtualStoreMACHINESOFTWAREMicrosoftWindowsCurrentVersion
  • UninstallSoftware Updater_is1″NoRepair” = “1”
  • HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001_ClassesVirtualStoreMACHINESOFTWAREMicrosoftWindowsCurrentVersion
  • UninstallSoftware Updater_is1″InstallDate” = “20140701”
  • HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001_ClassesVirtualStoreMACHINESOFTWAREMicrosoftWindowsCurrentVersion
  • UninstallSoftware Updater_is1″MajorVersion” = “1”
  • HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001_ClassesVirtualStoreMACHINESOFTWAREMicrosoftWindowsCurrentVersion
  • UninstallSoftware Updater_is1″MinorVersion” = “9”
  • HKEY_USERSS-1-5-21-3598304965-2135194631-3668321749-1001_ClassesVirtualStoreMACHINESOFTWAREMicrosoftWindowsCurrentVersion
  • UninstallSoftware Updater_is1″EstimatedSize” = “11B9”

A program a kapcsolódik a következő távoli helyre, hogy frissítse magát:

  • [http://]api.software-updater.com/get/d$[REMOVED]

A program ellenőrzi, hogy egy bizonyos szoftver telepítve van a számítógépen, és ha ezt a speciális szoftvert észleli, akkor a program felveszi a kapcsolatot a következő távoli hellyel:

  • http://]api.software-updater.com/get/s$[REMOVED]

következő kiegészítő információ tartalmazza: 

  • szoftver neve 
  • szoftver verzió 
  • Letöltés URL 
  • megjelenési dátum 
  • feltételek 
  • Segítség URL 
  • kép URL

A program ekkor egy felugró üzenet  jelenít meg az asztalon, a számítógép arra kéri a felhasználót, hogy frissítse a szoftvert. Az üzenet egy hirdetés, ami kéretlen alkalmazásnak minősül.

A program frissítéseket tölt le a következő távoli helyszínről:

  • [http://]cdn.software-updater.com/updater/Upgrad[REMOVED]

Megoldás

Frissítse a víruskereső adatbázisát.

Hivatkozások

Egyéb referencia: www.symantec.com


Legfrissebb sérülékenységek
CVE-2019-11001 – Reolink Multiple IP Cameras OS Command Injection sebezhetősége
CVE-2021-40407 – Reolink RLC-410W IP Camera OS Command Injection sebezhetősége
CVE-2024-20767 – Adobe ColdFusion Improper Access Control sebezhetősége
CVE-2024-55956 – Cleo Multiple Products Unauthenticated File Upload sebezhetősége
CVE-2024-50623 – Cleo Multiple Products Unrestricted File Upload sebezhetősége
CVE-2024-49138 – Windows Common Log File System Driver Elevation of Privilege sebezhetősége
CVE-2024-11639 – Ivanti CSA sérülékenysége
CVE-2024-42449 – Veeam Service Provider Console sérülékenysége
CVE-2024-42448 – Veeam Service Provider Console sérülékenysége
CVE-2024-42327 – Zabbix SQLi sérülékenysége
Tovább a sérülékenységekhez »