Analyse von: Jaime Benigno Reyes   
 Plattform:

Windows

 Risikobewertung (gesamt):
 Schadenspotenzial::
 Verteilungspotenzial::
 reportedInfection:
 Trend Micro Lösungen:
Niedrig
Mittel
Hoch
Kritisch

  • Malware-Typ:
    Adware

  • Zerstrerisch?:
    Nein

  • Verschlsselt?:
    Ja

  • In the wild::
    Ja

  Überblick

Infektionsweg: Aus dem Internet heruntergeladen

Wird möglicherweise manuell von einem Benutzer installiert.

Diese Malware hat keine Verbreitungsroutine.

Diese Malware hat keine Backdoor-Routine.

Beinhaltet ein Deinstallationspaket, das die eingeschleusten Dateien und die erstellten Registrierungseinträge vollständig entfernt.

  Technische Details

Dateigröße: Variiert
Dateityp: EXE
Speicherresiden: Ja
Erste Muster erhalten am: 09 Oktober 2014
Schadteil: Connects to URLs/IPs, Displays ads

Übertragungsdetails

Wird möglicherweise manuell von einem Benutzer installiert.

Installation

Schleust folgende Komponentendateien ein:

  • %All Users Profile%\Microsoft\Windows\Start Menu\Programs\NewPlayer\Uninstall.lnk (Windows Vista and higher versions)
  • %All Users Profile%\Start Menu\Programs\NewPlayer\Uninstall.lnk (Versions lower than Windows Vista)
  • %AppDataLocal%\newplayer\config\config.ini
  • %AppDataLocal%\newplayer\log.txt
  • %Desktop%\NewPlayer.lnk
  • %Program Files%\NewPlayer\AddOn\ChromeAddon\contentscript.js
  • %Program Files%\NewPlayer\AddOn\ChromeAddon\manifest.json
  • %Program Files%\NewPlayer\AddOn\ChromeAddon\script.js
  • %Program Files%\NewPlayer\AddOn\Thumbs.db
  • %Program Files%\NewPlayer\AddonNP.exe
  • %Program Files%\NewPlayer\FrameworkControl.exe
  • %Program Files%\NewPlayer\LTV2.exe
  • %Program Files%\NewPlayer\Languages\Arabic.ini
  • %Program Files%\NewPlayer\Languages\Bulgarian.ini
  • %Program Files%\NewPlayer\Languages\Catalan.ini
  • %Program Files%\NewPlayer\Languages\ChineseS.ini
  • %Program Files%\NewPlayer\Languages\ChineseT.ini
  • %Program Files%\NewPlayer\Languages\Czech.ini
  • %Program Files%\NewPlayer\Languages\Danish.ini
  • %Program Files%\NewPlayer\Languages\Dutch.ini
  • %Program Files%\NewPlayer\Languages\English.ini
  • %Program Files%\NewPlayer\Languages\Estonian.ini
  • %Program Files%\NewPlayer\Languages\Finnish.ini
  • %Program Files%\NewPlayer\Languages\French.ini
  • %Program Files%\NewPlayer\Languages\German.ini
  • %Program Files%\NewPlayer\Languages\Greek.ini
  • %Program Files%\NewPlayer\Languages\HaitianCreole.ini
  • %Program Files%\NewPlayer\Languages\Hebrew.ini
  • %Program Files%\NewPlayer\Languages\Hindi.ini
  • %Program Files%\NewPlayer\Languages\Hungarian.ini
  • %Program Files%\NewPlayer\Languages\Indonesian.ini
  • %Program Files%\NewPlayer\Languages\Italian.ini
  • %Program Files%\NewPlayer\Languages\Japanese.ini
  • %Program Files%\NewPlayer\Languages\Korean.ini
  • %Program Files%\NewPlayer\Languages\Latvian.ini
  • %Program Files%\NewPlayer\Languages\Lithuanian.ini
  • %Program Files%\NewPlayer\Languages\Norwegian.ini
  • %Program Files%\NewPlayer\Languages\Polish.ini
  • %Program Files%\NewPlayer\Languages\Portuguese.ini
  • %Program Files%\NewPlayer\Languages\Romanian.ini
  • %Program Files%\NewPlayer\Languages\Russian.ini
  • %Program Files%\NewPlayer\Languages\Slovak.ini
  • %Program Files%\NewPlayer\Languages\Slovenian.ini
  • %Program Files%\NewPlayer\Languages\Spanish.ini
  • %Program Files%\NewPlayer\Languages\Swedish.ini
  • %Program Files%\NewPlayer\Languages\Thai.ini
  • %Program Files%\NewPlayer\Languages\Turkish.ini
  • %Program Files%\NewPlayer\Languages\Ukrainian.ini
  • %Program Files%\NewPlayer\Languages\Vietnamese.ini
  • %Program Files%\NewPlayer\NewPlayerUpdate.xml
  • %Program Files%\NewPlayer\NewVideoPlayer.exe - also detected as ADW_PLAYNEW
  • %Program Files%\NewPlayer\NewVideoPlayerUpdater.exe
  • %Program Files%\NewPlayer\NewVideoPlayerUpdaterService.InstallLog
  • %Program Files%\NewPlayer\NewVideoPlayerUpdaterService.InstallState
  • %Program Files%\NewPlayer\NewVideoPlayerUpdaterService.exe
  • %Program Files%\NewPlayer\Newtonsoft.Json.dll
  • %Program Files%\NewPlayer\PhotoLoader.dll
  • %Program Files%\NewPlayer\UninstallAddons.exe
  • %Program Files%\NewPlayer\Windows\Thumbs.db
  • %Program Files%\NewPlayer\Windows\icon-play.ico
  • %Program Files%\NewPlayer\Windows\ifishplayer-icon.ico
  • %Program Files%\NewPlayer\dotNetFx40_Full_setup.exe
  • %Program Files%\NewPlayer\flaelojgnhjgiilnmignlkamlcncclph\1.0_0\contentscript.js
  • %Program Files%\NewPlayer\flaelojgnhjgiilnmignlkamlcncclph\1.0_0\manifest.json
  • %Program Files%\NewPlayer\flaelojgnhjgiilnmignlkamlcncclph\1.0_0\script.js
  • %Program Files%\NewPlayer\icon.ico
  • %Program Files%\NewPlayer\jid1-tce47bzfSrBDXQ@jetpack.xpi
  • %Program Files%\NewPlayer\policy.2.0.taglib-sharp.config
  • %Program Files%\NewPlayer\policy.2.0.taglib-sharp.dll
  • %Program Files%\NewPlayer\references\Interop.SHDocVw.dll
  • %Program Files%\NewPlayer\references\NDde.dll
  • %Program Files%\NewPlayer\references\NewPlayerChecker.exe
  • %Program Files%\NewPlayer\references\Newtonsoft.Json.dll
  • %Program Files%\NewPlayer\references\PhotoLoader.dll
  • %Program Files%\NewPlayer\references\Thumbs.db
  • %Program Files%\NewPlayer\references\extaudio.png
  • %Program Files%\NewPlayer\references\extvideo.png
  • %Program Files%\NewPlayer\references\ffmpeg.exe
  • %Program Files%\NewPlayer\references\folder.png
  • %Program Files%\NewPlayer\references\libreria.png
  • %Program Files%\NewPlayer\references\policy.2.0.taglib-sharp.config
  • %Program Files%\NewPlayer\references\policy.2.0.taglib-sharp.dll
  • %Program Files%\NewPlayer\references\taglib-sharp.dll
  • %Program Files%\NewPlayer\taglib-sharp.dll
  • %Program Files%\NewPlayer\uninstall.exe
  • %System Root%\Users\Administrator\Desktop\NewPlayer.lnk (Windows Vista and higher versions)

(Hinweis: %Desktop% ist der Ordner 'Desktop' für den aktuellen Benutzer, normalerweise C:\Windows\Profile\{Benutzername}\Desktop unter Windows 98 und ME, C:\WINNT\Profile\{Benutzername}\Desktop unter Windows NT und C:\Dokumente und Einstellungen\{Benutzername}\Desktop unter Windows 2000, XP und Server 2003.. %Program Files%ist der Standardordner 'Programme', normalerweise C:\Programme.. %System Root% ist der Stammordner, normalerweise C:\. Dort befindet sich auch das Betriebssystem.)

Erstellt die folgenden Ordner:

  • %All Users Profile%\Microsoft\Windows\Start Menu\Programs\NewPlayer (Windows Vista and higher versions)
  • %All Users Profile%\Start Menu\Programs\NewPlayer (Versions lower than Windows Vista)
  • %AppDataLocal%\newplayer
  • %AppDataLocal%\newplayer\Playlists
  • %AppDataLocal%\newplayer\Snap
  • %AppDataLocal%\newplayer\config
  • %Program Files%\NewPlayer
  • %Program Files%\NewPlayer\AddOn
  • %Program Files%\NewPlayer\AddOn\ChromeAddon
  • %Program Files%\NewPlayer\Languages
  • %Program Files%\NewPlayer\Windows
  • %Program Files%\NewPlayer\flaelojgnhjgiilnmignlkamlcncclph
  • %Program Files%\NewPlayer\flaelojgnhjgiilnmignlkamlcncclph\1.0_0
  • %Program Files%\NewPlayer\references

(Hinweis: %Program Files%ist der Standardordner 'Programme', normalerweise C:\Programme.)

Autostart-Technik

Schleust die folgende Verknüpfung in den Ordner 'Autostart' ein, die auf die Kopie der eigenen Datei verweist, so dass diese bei jedem Systemstart automatisch ausgeführt wird:

  • %All Users Profile%\Microsoft\Windows\Start Menu\Programs\NewPlayer\NewPlayer.lnk (Windows Vista and higher versions)
  • %All Users Profile%\Start Menu\Programs\NewPlayer\NewPlayer.lnk (Versions lower than Windows Vista)

Registriert die eigene eingeschleuste Komponente als Systemdienst, um zu gewährleisten, dass diese bei jedem Systemstart automatisch ausgeführt wird. Erstellt dafür die folgenden Registrierungseinträge:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
services\NewVideoPlayerUpdaterService
DelayedAutostart = "0"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\NewVideoPlayerUpdaterService
Description = "NewVideoPlayer Updater Service"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\NewVideoPlayerUpdaterService
DisplayName = "NewVideoPlayer Updater Service"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\NewVideoPlayerUpdaterService
ErrorControl = "1"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\NewVideoPlayerUpdaterService
ImagePath = "%Program Files%\NewPlayer\NewVideoPlayerUpdaterService.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\NewVideoPlayerUpdaterService
ObjectName = "LocalSystem"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\NewVideoPlayerUpdaterService
Start = "2"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\NewVideoPlayerUpdaterService
Type = "16"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\NewVideoPlayerUpdaterService\Security
Security = "{hex value"}

Registriert die eigene eingeschleuste Komponente als Systemdienst, um zu gewährleisten, dass diese bei jedem Systemstart automatisch ausgeführt wird. Erstellt dafür die folgenden Registrierungsschlüssel:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\NewVideoPlayerUpdaterService

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\NewVideoPlayerUpdaterService\Security

Andere Systemänderungen

Fügt die folgenden Registrierungseinträge als Teil der Installationsroutine hinzu:

HKEY_CLASSES_ROOT\.3gp
newp.backup = "{depends on user's media player}"

HKEY_CLASSES_ROOT\.aac
newp.backup = "{depends on user's media player}"

HKEY_CLASSES_ROOT\.aif
newp.backup = "{depends on user's media player}"

HKEY_CLASSES_ROOT\.avi
newp.backup = "{depends on user's media player}"

HKEY_CLASSES_ROOT\.divx
newp.backup = "{depends on user's media player}"

HKEY_CLASSES_ROOT\.flv
newp.backup = "{depends on user's media player}"

HKEY_CLASSES_ROOT\.mkv
newp.backup = "{depends on user's media player}"

HKEY_CLASSES_ROOT\.mov
newp.backup = "{depends on user's media player}"

HKEY_CLASSES_ROOT\.mp3
newp.backup = "{depends on user's media player}"

HKEY_CLASSES_ROOT\.mp4
newp.backup = "{depends on user's media player}"

HKEY_CLASSES_ROOT\.mpeg
newp.backup = "{depends on user's media player}"

HKEY_CLASSES_ROOT\.mpg
newp.backup = "{depends on user's media player}"

HKEY_CLASSES_ROOT\.wav
newp.backup = "{depends on user's media player}"

HKEY_CLASSES_ROOT\.wma
newp.backup = "{depends on user's media player}"

HKEY_CLASSES_ROOT\.wmv
newp.backup = "{depends on user's media player}"

HKEY_CLASSES_ROOT\Applications\NewVideoPlayer.exe\
shell\Play\command
(Default) = ""%Program Files%\NewPlayer\NewVideoPlayer.exe" /m "%1""

HKEY_CLASSES_ROOT\Applications\NewVideoPlayer.exe\
SupportedTypes
.3gp = ""

HKEY_CLASSES_ROOT\Applications\NewVideoPlayer.exe\
SupportedTypes
.aac = ""

HKEY_CLASSES_ROOT\Applications\NewVideoPlayer.exe\
SupportedTypes
.aif = ""

HKEY_CLASSES_ROOT\Applications\NewVideoPlayer.exe\
SupportedTypes
.avi = ""

HKEY_CLASSES_ROOT\Applications\NewVideoPlayer.exe\
SupportedTypes
.divx = ""

HKEY_CLASSES_ROOT\Applications\NewVideoPlayer.exe\
SupportedTypes
.flv = ""

HKEY_CLASSES_ROOT\Applications\NewVideoPlayer.exe\
SupportedTypes
.mkv = ""

HKEY_CLASSES_ROOT\Applications\NewVideoPlayer.exe\
SupportedTypes
.mov = ""

HKEY_CLASSES_ROOT\Applications\NewVideoPlayer.exe\
SupportedTypes
.mp3 = ""

HKEY_CLASSES_ROOT\Applications\NewVideoPlayer.exe\
SupportedTypes
.mp4 = ""

HKEY_CLASSES_ROOT\Applications\NewVideoPlayer.exe\
SupportedTypes
.mpeg = ""

HKEY_CLASSES_ROOT\Applications\NewVideoPlayer.exe\
SupportedTypes
.mpg = ""

HKEY_CLASSES_ROOT\Applications\NewVideoPlayer.exe\
SupportedTypes
.wav = ""

HKEY_CLASSES_ROOT\Applications\NewVideoPlayer.exe\
SupportedTypes
.wma = ""

HKEY_CLASSES_ROOT\Applications\NewVideoPlayer.exe\
SupportedTypes
.wmv = ""

HKEY_CLASSES_ROOT\Applications\NewVideoPlayer.exe
FriendlyAppName = "NewPlayer"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.aac
newp.backup = "{depends on user's media player}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.aif
newp.backup = "{depends on user's media player}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.avi
newp.backup = "{depends on user's media player}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.divx
newp.backup = "{depends on user's media player}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.flv
newp.backup = "{depends on user's media player}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.mkv
newp.backup = "{depends on user's media player}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.mov
newp.backup = "{depends on user's media player}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.3gp
newp.backup = "{depends on user's media player}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.mp3
newp.backup = "{depends on user's media player}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.mp4
newp.backup = "{depends on user's media player}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.mpeg
newp.backup = "{depends on user's media player}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.mpg
newp.backup = "{depends on user's media player}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.wav
newp.backup = "{depends on user's media player}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.wma
newp.backup = "{depends on user's media player}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.wmv
newp.backup = "{depends on user's media player}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Applications\NewVideoPlayer.exe\shell\
Play\command
(Default) = ""%Program Files%\NewPlayer\NewVideoPlayer.exe" /m "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Applications\NewVideoPlayer.exe\SupportedTypes
.3gp = ""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Applications\NewVideoPlayer.exe\SupportedTypes
.aac = ""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Applications\NewVideoPlayer.exe\SupportedTypes
.aif = ""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Applications\NewVideoPlayer.exe\SupportedTypes
.avi = ""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Applications\NewVideoPlayer.exe\SupportedTypes
.divx = ""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Applications\NewVideoPlayer.exe\SupportedTypes
.flv = ""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Applications\NewVideoPlayer.exe\SupportedTypes
.mkv = ""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Applications\NewVideoPlayer.exe\SupportedTypes
.mov = ""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Applications\NewVideoPlayer.exe\SupportedTypes
.mp3 = ""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Applications\NewVideoPlayer.exe\SupportedTypes
.mp4 = ""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Applications\NewVideoPlayer.exe\SupportedTypes
.mpeg = ""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Applications\NewVideoPlayer.exe\SupportedTypes
.mpg = ""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Applications\NewVideoPlayer.exe\SupportedTypes
.wav = ""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Applications\NewVideoPlayer.exe\SupportedTypes
.wma = ""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Applications\NewVideoPlayer.exe\SupportedTypes
.wmv = ""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Applications\NewVideoPlayer.exe
FriendlyAppName = "NewPlayer"

HKEY_LOCAL_MACHINE\SOFTWARE\NewPlayer\
NewPlayer
(Default) = "%Program Files%\NewPlayer\NewPlayer.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\NewPlayer\
NewPlayer
InstallDir = "%Program Files%\NewPlayer"

Fügt die folgenden Registrierungsschlüssel als Teil der Installationsroutine hinzu:

HKEY_CLASSES_ROOT\Applications\NewVideoPlayer.exe

HKEY_CLASSES_ROOT\Applications\NewVideoPlayer.exe\
shell

HKEY_CLASSES_ROOT\Applications\NewVideoPlayer.exe\
shell\Play

HKEY_CLASSES_ROOT\Applications\NewVideoPlayer.exe\
shell\Play\command

HKEY_CLASSES_ROOT\Applications\NewVideoPlayer.exe\
SupportedTypes

HKEY_CLASSES_ROOT\newp.3gp

HKEY_CLASSES_ROOT\newp.aac

HKEY_CLASSES_ROOT\newp.aif

HKEY_CLASSES_ROOT\newp.avi

HKEY_CLASSES_ROOT\newp.divx

HKEY_CLASSES_ROOT\newp.flv

HKEY_CLASSES_ROOT\newp.mkv

HKEY_CLASSES_ROOT\newp.mov

HKEY_CLASSES_ROOT\newp.mp3

HKEY_CLASSES_ROOT\newp.mp4

HKEY_CLASSES_ROOT\newp.mpeg

HKEY_CLASSES_ROOT\newp.mpg

HKEY_CLASSES_ROOT\newp.wav

HKEY_CLASSES_ROOT\newp.wma

HKEY_CLASSES_ROOT\newp.wmv

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Applications\NewVideoPlayer.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Applications\NewVideoPlayer.exe\shell

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Applications\NewVideoPlayer.exe\shell\
Play

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Applications\NewVideoPlayer.exe\shell\
Play\command

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Applications\NewVideoPlayer.exe\SupportedTypes

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
newp.3gp

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
newp.aac

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
newp.aif

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
newp.avi

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
newp.divx

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
newp.flv

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
newp.mkv

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
newp.mov

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
newp.mp3

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
newp.mp4

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
newp.mpeg

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
newp.mpg

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
newp.wav

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
newp.wma

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
newp.wmv

HKEY_LOCAL_MACHINE\SOFTWARE\NewPlayer

HKEY_LOCAL_MACHINE\SOFTWARE\NewPlayer\
NewPlayer

Ändert die folgenden Registrierungseinträge:

HKEY_CLASSES_ROOT\.3gp
(Default) = "newp.3gp"

(Note: The default value data of the said registry entry is "{depends on user's media player}".)

HKEY_CLASSES_ROOT\.AAC
(Default) = "newp.aac"

(Note: The default value data of the said registry entry is "{depends on user's media player}".)

HKEY_CLASSES_ROOT\.aif
(Default) = "newp.aif"

(Note: The default value data of the said registry entry is "{depends on user's media player}".)

HKEY_CLASSES_ROOT\.divx
(Default) = "newp.divx"

(Note: The default value data of the said registry entry is "{depends on user's media player}".)

HKEY_CLASSES_ROOT\.avi
(Default) = "newp.avi"

(Note: The default value data of the said registry entry is "{depends on user's media player}".)

HKEY_CLASSES_ROOT\.flv
(Default) = "newp.flv"

(Note: The default value data of the said registry entry is "{depends on user's media player}".)

HKEY_CLASSES_ROOT\.mkv
(Default) = "newp.mkv"

(Note: The default value data of the said registry entry is "{depends on user's media player}".)

HKEY_CLASSES_ROOT\.mov
(Default) = "newp.mov"

(Note: The default value data of the said registry entry is "{depends on user's media player}".)

HKEY_CLASSES_ROOT\.mp3
(Default) = "newp.mp3"

(Note: The default value data of the said registry entry is "{depends on user's media player}".)

HKEY_CLASSES_ROOT\.mp4
(Default) = "newp.mp4"

(Note: The default value data of the said registry entry is "{depends on user's media player}".)

HKEY_CLASSES_ROOT\.mpeg
(Default) = "newp.mpeg"

(Note: The default value data of the said registry entry is "{depends on user's media player}".)

HKEY_CLASSES_ROOT\.mpg
(Default) = "newp.mpg"

(Note: The default value data of the said registry entry is "{depends on user's media player}".)

HKEY_CLASSES_ROOT\.wav
(Default) = "newp.wav"

(Note: The default value data of the said registry entry is "{depends on user's media player}".)

HKEY_CLASSES_ROOT\.wma
(Default) = "newp.wma"

(Note: The default value data of the said registry entry is "{depends on user's media player}".)

HKEY_CLASSES_ROOT\.wmv
(Default) = "newp.wmv"

(Note: The default value data of the said registry entry is "{depends on user's media player}".)

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.3gp
(Default) = "newp.3gp"

(Note: The default value data of the said registry entry is "{depends on user's media player}".)

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.AAC
(Default) = "newp.aac"

(Note: The default value data of the said registry entry is "{depends on user's media player}".)

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.aif
(Default) = "newp.aif"

(Note: The default value data of the said registry entry is "{depends on user's media player}".)

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.avi
(Default) = "newp.avi"

(Note: The default value data of the said registry entry is "{depends on user's media player}".)

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.divx
(Default) = "newp.divx"

(Note: The default value data of the said registry entry is "{depends on user's media player}".)

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.flv
(Default) = "newp.flv"

(Note: The default value data of the said registry entry is "{depends on user's media player}".)

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.mkv
(Default) = "newp.mkv"

(Note: The default value data of the said registry entry is "{depends on user's media player}".)

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.mov
(Default) = "newp.mov"

(Note: The default value data of the said registry entry is "{depends on user's media player}".)

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.mp3
(Default) = "newp.mp3"

(Note: The default value data of the said registry entry is "{depends on user's media player}".)

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.mp4
(Default) = "newp.mp4"

(Note: The default value data of the said registry entry is "{depends on user's media player}".)

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.mpeg
(Default) = "newp.mpeg"

(Note: The default value data of the said registry entry is "{depends on user's media player}".)

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.mpg
(Default) = "newp.mpg"

(Note: The default value data of the said registry entry is "{depends on user's media player}".)

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.wav
(Default) = "newp.wav"

(Note: The default value data of the said registry entry is "{depends on user's media player}".)

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.wma
(Default) = "newp.wma"

(Note: The default value data of the said registry entry is "{depends on user's media player}".)

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.wmv
(Default) = "newp.wmv"

(Note: The default value data of the said registry entry is "{depends on user's media player}".)

Verbreitung

Diese Malware hat keine Verbreitungsroutine.

Backdoor-Routine

Diese Malware hat keine Backdoor-Routine.

Andere Details

Fügt die folgenden Registrierungseinträge hinzu, um der Systemsteuerung eine Deinstallationsoption hinzuzufügen:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
NewPlayer
DisplayIcon = "%Program Files%\NewPlayer\NewVideoPlayer.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
NewPlayer
DisplayName = "NewPlayer"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
NewPlayer
DisplayVersion = "v2.1.2.6"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
NewPlayer
EstimatedSize = "31391"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
NewPlayer
Publisher = ""

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
NewPlayer
UninstallString = "%Program Files%\NewPlayer\uninstall.exe"

Beinhaltet ein Deinstallationspaket, das die eingeschleusten Dateien und die hinzugefügten Registrierungseinträge vollständig entfernt.

  Lösungen

Mindestversion der Scan Engine: 9.700
SSAPI Pattern-Datei: 1.557.00
SSAPI Pattern veröffentlicht am: 16 Oktober 2014

Step 1

Für Windows ME und XP Benutzer: Stellen Sie vor einer Suche sicher, dass die Systemwiederherstellung deaktiviert ist, damit der gesamte Computer durchsucht werden kann.

Step 3

ADW_PLAYNEW über die eigene Option zum Deinstallieren entfernen

[ learnMore ]
Den Grayware-Prozess deinstallieren

Step 4

Führen Sie den Neustart im normalen Modus durch, und durchsuchen Sie Ihren Computer mit Ihrem Trend Micro Produkt nach Dateien, die als ADW_PLAYNEW entdeckt werden. Falls die entdeckten Dateien bereits von Ihrem Trend Micro Produkt gesäubert, gelöscht oder in Quarantäne verschoben wurden, sind keine weiteren Schritte erforderlich. Dateien in Quarantäne können einfach gelöscht werden. Auf dieser Knowledge-Base-Seite finden Sie weitere Informationen.


Nehmen Sie an unserer Umfrage teil