ADW_SEARCHN

Publish Date: 05 novembre 2014

Analizzato da: Rhena Inocencio

Piattaforma:

Windows

Valutazione del rischio complessivo:

Potenziale dannoso: :

Potenziale di distribuzione: :

Reported Infection:

Informazioni esposizione: :

Basso

Medio

Alto

Critico

Tipo di minaccia informatica:
Adware
Distruttivo?:
No
Crittografato?:
In the wild::
Sì

Panoramica e descrizione

Puede haberlo instalado manualmente un usuario.

Dettagli tecnici

Dimensione file: 8,244,624 bytes

Tipo di file: EXE

Residente in memoria: Sì

Data di ricezione campioni iniziali: 12 giugno 2014

Detalles de entrada

Puede haberlo instalado manualmente un usuario.

Instalación

Este malware infiltra el/los siguiente(s) archivo(s):

%Program Files%\Linkey\Helper.dll
%Program Files%\Linkey\IEExtension
%Program Files%\Linkey\IEExtension\iedll.dll
%Program Files%\Linkey\IEExtension\iedll64.dll
%Program Files%\Linkey\log.log
%Program Files%\Linkey\module.dll
%Program Files%\Linkey\module64.dll
%Program Files%\Linkey\Uninstall.exe
%Program Files%\LinkeyDeals\insthlp.dll
%Program Files%\LinkeyDeals\LinkeyDealsUninst.exe
%Program Files%\LinkeyDeals\msilnk.dll
%Program Files%\LinkeyDeals\msilnk.exe
%Program Files%\Settings Manager\systemk\favicon.ico
%Program Files%\Settings Manager\systemk\Helper.dll
%Program Files%\Settings Manager\systemk\Internet Explorer Settings.exe
%Program Files%\Settings Manager\systemk\sysapcrt.dll
%Program Files%\Settings Manager\systemk\syskldr.dll
%Program Files%\Settings Manager\systemk\syskldr_u.dll
%Program Files%\Settings Manager\systemk\systemk.dll
%Program Files%\Settings Manager\systemk\systemkbho.dll
%Program Files%\Settings Manager\systemk\systemkChrome.dll
%Program Files%\Settings Manager\systemk\systemkmgrc1.cfg
%Program Files%\Settings Manager\systemk\SystemkService.exe
%Program Files%\Settings Manager\systemk\systemku.exe
%Program Files%\Settings Manager\systemk\tbicon.exe
%Program Files%\Settings Manager\systemk\Uninstall.exe
{All Users Profile}\Application Data\systemk\coordinator.cfg
{All Users Profile}\Application Data\systemk\general.cfg
{All Users Profile}\Application Data\systemk\S-1-5-32.cfg
%Application Data%\Mozilla\Firefox\Profiles\4wwmjcqo.default\extensions\{EB25CAE0-E5F3-E993-3950-E055FE755242}\content\DnsBHO.js
%Application Data%\Mozilla\Firefox\Profiles\4wwmjcqo.default\extensions\{EB25CAE0-E5F3-E993-3950-E055FE755242}\content\Error404BHO.js
%Application Data%\Mozilla\Firefox\Profiles\4wwmjcqo.default\extensions\{EB25CAE0-E5F3-E993-3950-E055FE755242}\content\MainBHO.js
%Application Data%\Mozilla\Firefox\Profiles\4wwmjcqo.default\extensions\{EB25CAE0-E5F3-E993-3950-E055FE755242}\content\NativeHelper.js
%Application Data%\Mozilla\Firefox\Profiles\4wwmjcqo.default\extensions\{EB25CAE0-E5F3-E993-3950-E055FE755242}\content\NewTabBHO.js
%Application Data%\Mozilla\Firefox\Profiles\4wwmjcqo.default\extensions\{EB25CAE0-E5F3-E993-3950-E055FE755242}\content\overlay.js
%Application Data%\Mozilla\Firefox\Profiles\4wwmjcqo.default\extensions\{EB25CAE0-E5F3-E993-3950-E055FE755242}\content\overlay.xul
%Application Data%\Mozilla\Firefox\Profiles\4wwmjcqo.default\extensions\{EB25CAE0-E5F3-E993-3950-E055FE755242}\content\RelatedSearch.js
%Application Data%\Mozilla\Firefox\Profiles\4wwmjcqo.default\extensions\{EB25CAE0-E5F3-E993-3950-E055FE755242}\content\RequestPreserver.js
%Application Data%\Mozilla\Firefox\Profiles\4wwmjcqo.default\extensions\{EB25CAE0-E5F3-E993-3950-E055FE755242}\content\SearchBHO.js
%Application Data%\Mozilla\Firefox\Profiles\4wwmjcqo.default\extensions\{EB25CAE0-E5F3-E993-3950-E055FE755242}\content\SettingManager.js
%Application Data%\Mozilla\Firefox\Profiles\4wwmjcqo.default\extensions\{EB25CAE0-E5F3-E993-3950-E055FE755242}\components\SystemKHlpFF.xpt
%Application Data%\Mozilla\Firefox\Profiles\4wwmjcqo.default\extensions\{EB25CAE0-E5F3-E993-3950-E055FE755242}\components\SystemKHlpFF{number}.dll

(Nota: %Program Files% es la carpeta Archivos de programa predeterminada, que suele estar en C:\Archivos de programa).

. %Application Data% es la carpeta Application Data del usuario activo, que en el caso de Windows 98 y ME suele estar ubicada en C:\Windows\Profiles\{nombre de usuario}\Application Data, en el caso de Windows NT en C:\WINNT\Profiles\{nombre de usuario}\Application Data y en el caso de Windows 2000, XP y Server 2003 en C:\Documents and Settings\{nombre de usuario}\Local Settings\Application Data).

)

Crea las carpetas siguientes:

%Program Files%\Linkey
%Program Files%\LinkeyDeals
%Program Files%\Settings Manager
%Program Files%\Settings Manager\systemk
{All Users Profile}\Application Data\systemk

(Nota: %Program Files% es la carpeta Archivos de programa predeterminada, que suele estar en C:\Archivos de programa).

)

Técnica de inicio automático

Agrega las siguientes entradas de registro para permitir su propia instalación como objeto de ayuda del explorador (BHO):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
(Default) = "Linkey"

Otras modificaciones del sistema

Agrega las siguientes entradas de registro como parte de la rutina de instalación:

HKEY_CURRENT_USER\"Software\Linkey"

HKEY_CURRENT_USER\Software\SystemK

HKEY_LOCAL_MACHINE\SOFTWARE\Linkey

HKEY_LOCAL_MACHINE\SOFTWARE\LinkeyDeals

HKEY_LOCAL_MACHINE\SOFTWARE\SystemK

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Linkey.Linkey

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SettingsManagerIEHelper.DNSGuard

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\SystemkService

Agrega las siguientes entradas de registro:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
bitguard.exe
debugger = "tasklist.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
bprotect.exe
debugger = "tasklist.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
bpsvc.exe
debugger = "tasklist.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
browserdefender.exe
debugger = "tasklist.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
browserprotect.exe
debugger = "tasklist.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
browsersafeguard.exe
debugger = "tasklist.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
dprotectsvc.exe
debugger = "tasklist.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
jumpflip
debugger = "tasklist.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
protectedsearch.exe
debugger = "tasklist.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
searchinstaller.exe
debugger = "tasklist.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
searchprotection.exe
debugger = "tasklist.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
searchprotector.exe
debugger = "tasklist.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
searchsettings.exe
debugger = "tasklist.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
searchsettings64.exe
debugger = "tasklist.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
snapdo.exe
debugger = "tasklist.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
stinst32.exe
debugger = "tasklist.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
stinst64.exe
debugger = "tasklist.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
umbrella.exe
debugger = "tasklist.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
utiljumpflip.exe
debugger = "tasklist.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
volaro
debugger = "tasklist.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
vonteera
debugger = "tasklist.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
websteroids.exe
debugger = "tasklist.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
websteroidsservice.exe
debugger = "tasklist.exe"

ADW_SEARCHN

Panoramica e descrizione

Dettagli tecnici

Risorse

Assistenza

Informazioni su Trend

ADW_SEARCHN

Panoramica e descrizione

Dettagli tecnici

Risorse

Assistenza

Informazioni su Trend

America

Medio Oriente e Africa

Europa

Asia e Pacifico