Adware.Win32.WowSearch.GB
Windows
Tipo de malware
Adware
Destructivo?
No
Cifrado
In the Wild:
Sí
Resumen y descripción
Puede haberlo instalado manualmente un usuario.
Detalles técnicos
Detalles de entrada
Puede haberlo instalado manualmente un usuario.
Instalación
Agrega las carpetas siguientes:
- %Program Files%\EZ YouTube Video Downloader
- %Program Files%\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}
- %Program Files%\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}\chrome\content
- %Program Files%\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}\chrome\skin
- %Program Files%\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}\defaults
- %Program Files%\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}\defaults\preferences
- %Program Files%\Security Updates Service
- %User Temp%\ns{random}.tmp
(Nota: %Program Files% es la carpeta Archivos de programa predeterminada, que suele estar en C:\Archivos de programa).
. %User Temp% es la carpeta Temp del usuario activo, que en el caso de Windows 2000, XP y Server 2003 suele estar en C:\Documents and Settings\{nombre de usuario}\Local Settings\Temp).)Infiltra los archivos siguientes:
- %Program Files%\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}\chrome.manifest
- %Program Files%\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}\chrome\content\main.js
- %Program Files%\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}\chrome\content\main.xul
- %Program Files%\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}\chrome\skin\icon48.png
- %Program Files%\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}\defaults\preferences\prefs.js
- %Program Files%\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}\install.rdf
- %Program Files%\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}\yvd.xpi.7z
- %Program Files%\EZ YouTube Video Downloader\install.ico
- %Program Files%\EZ YouTube Video Downloader\uninstall.exe
- %Program Files%\EZ YouTube Video Downloader\yvd.dll
- %Program Files%\Security Updates Service\search_checker.exe
- %Program Files%\Security Updates Service\winupdsvc.exe
- %User Temp%\jsonparser.dll
- %User Temp%\ns{random}.tmp
- %User Temp%\ns{random}.tmp\inetc.dll
- %User Temp%\ns{random}.tmp\LogEx.dll
- %User Temp%\ns{random}.tmp\modern-wizard.bmp
- %User Temp%\ns{random}.tmp\ns{random}.tmp
- %User Temp%\ns{random}.tmp\nsDialogs.dll
- %User Temp%\ns{random}.tmp\nsExec.dll
- %User Temp%\ns{random}.tmp\nsis7z.dll
- %User Temp%\ns{random}.tmp\nsProcess.dll
- %User Temp%\ns{random}.tmp\System.dll
- %User Temp%\ns{random}.tmp\UAC.dll
- %User Temp%\ns{random}.tmp\version.dll
- %User Temp%\PrefJsonCpp.exe
- %User Temp%\sqlite3.exe
- %User Temp%\ytvd.json
- %User Temp%\ytvd.json_backup
- %User Temp%\ytvd_install.log
(Nota: %Program Files% es la carpeta Archivos de programa predeterminada, que suele estar en C:\Archivos de programa).
. %User Temp% es la carpeta Temp del usuario activo, que en el caso de Windows 2000, XP y Server 2003 suele estar en C:\Documents and Settings\{nombre de usuario}\Local Settings\Temp).)Otras modificaciones del sistema
Agrega las siguientes entradas de registro como parte de la rutina de instalación:
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Ext\
Settings\{fdbfea30-ec51-4b8d-b4f0-8ca4f7253c0a}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{FDBFEA30-EC51-4B8D-B4F0-8CA4F7253C0A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{FDBFEA30-EC51-4B8D-B4F0-8CA4F7253C0A}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\EZ YouTube Video Downloader
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
Browser Helper Objects\{FDBFEA30-EC51-4B8D-B4F0-8CA4F7253C0A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Policies\
Ext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
EZ YouTube Video Downloader
HKEY_LOCAL_MACHINE\SOFTWARE\SecurityUpdatesService
HKEY_USERS\.DEFAULT\Software\
Microsoft\Windows\CurrentVersion\
Ext\Settings\{fdbfea30-ec51-4b8d-b4f0-8ca4f7253c0a}
HKEY_USERS\{SID}\Software\
Microsoft\Windows\CurrentVersion\
Ext\Settings\{fdbfea30-ec51-4b8d-b4f0-8ca4f7253c0a}
Agrega las siguientes entradas de registro:
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Ext\
Settings\{fdbfea30-ec51-4b8d-b4f0-8ca4f7253c0a}
Flags = 1024
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{FDBFEA30-EC51-4B8D-B4F0-8CA4F7253C0A}
(Default) = EZ YouTube Video Downloader {version}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{FDBFEA30-EC51-4B8D-B4F0-8CA4F7253C0A}\InprocServer32
(Default) = %Program Files%\EZYOUT~1\yvd.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{FDBFEA30-EC51-4B8D-B4F0-8CA4F7253C0A}\InprocServer32
ThreadingModel = Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\EZ YouTube Video Downloader
loc_inst_chr_ext = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
Browser Helper Objects\{FDBFEA30-EC51-4B8D-B4F0-8CA4F7253C0A}
NoExplorer = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Policies\
Ext
IgnoreFrameApprovalCheck = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
EZ YouTube Video Downloader
DisplayIcon = %Program Files%\EZ YouTube Video Downloader\install.ico
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
EZ YouTube Video Downloader
DisplayName = EZ YouTube Video Downloader
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
EZ YouTube Video Downloader
DisplayVersion = {version}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
EZ YouTube Video Downloader
Publisher = XtensionPlus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
EZ YouTube Video Downloader
UninstallString = %Program Files%\EZ YouTube Video Downloader\uninstall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
EZ YouTube Video Downloader
URLInfoAbout = http://{BLOCKED}o.tv/
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\
Firefox\Extensions
{8167E8F2-A770-4EFB-BA53-8A511051CD9B} = %Program Files%\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}
HKEY_LOCAL_MACHINE\SOFTWARE\SecurityUpdatesService
chrome_se_last_update = 0
HKEY_LOCAL_MACHINE\SOFTWARE\SecurityUpdatesService
chrome_se_next_update = 1
HKEY_LOCAL_MACHINE\SOFTWARE\SecurityUpdatesService
chrome_tab_last_update = 0
HKEY_LOCAL_MACHINE\SOFTWARE\SecurityUpdatesService
distributor_id = 0
HKEY_LOCAL_MACHINE\SOFTWARE\SecurityUpdatesService
firefox_se_last_update = 0
HKEY_LOCAL_MACHINE\SOFTWARE\SecurityUpdatesService
firefox_se_next_update = 1
HKEY_LOCAL_MACHINE\SOFTWARE\SecurityUpdatesService
firefox_tab_last_update = 0
HKEY_LOCAL_MACHINE\SOFTWARE\SecurityUpdatesService
first_run = 0
HKEY_LOCAL_MACHINE\SOFTWARE\SecurityUpdatesService
ie_se_last_update = 0
HKEY_LOCAL_MACHINE\SOFTWARE\SecurityUpdatesService
ie_se_next_update = 1
HKEY_LOCAL_MACHINE\SOFTWARE\SecurityUpdatesService
ie_tab_last_update = 0
HKEY_LOCAL_MACHINE\SOFTWARE\SecurityUpdatesService
last_build_check = 0
HKEY_LOCAL_MACHINE\SOFTWARE\SecurityUpdatesService
name = Security Updates Service
HKEY_LOCAL_MACHINE\SOFTWARE\SecurityUpdatesService
next_build_check = 1
HKEY_LOCAL_MACHINE\SOFTWARE\SecurityUpdatesService
tmp = C:\Users\DYITUS~1\AppData\Local\Temp\
HKEY_LOCAL_MACHINE\SOFTWARE\SecurityUpdatesService
url = http://{BLOCKED}o.tv/youtubedownloader/update.jsp
HKEY_LOCAL_MACHINE\SOFTWARE\SecurityUpdatesService
version = 1.2.1
HKEY_USERS\.DEFAULT\Software\
Microsoft\Windows\CurrentVersion\
Ext\Settings\{fdbfea30-ec51-4b8d-b4f0-8ca4f7253c0a}
Flags = 1024
HKEY_USERS\{SID}\Software\
Microsoft\Windows\CurrentVersion\
Ext\Settings\{fdbfea30-ec51-4b8d-b4f0-8ca4f7253c0a}
Flags = 1024