PUA_BAIDURJDOWNLOADER.GA
Windows
Threat Type:
Potentially Unwanted Application
Destructiveness:
No
Encrypted:
No
In the wild::
Yes
OVERVIEW
Puede haberlo instalado manualmente un usuario.
Se conecta a un sitio Web para enviar y recibir información.
TECHNICAL DETAILS
Detalles de entrada
Puede haberlo instalado manualmente un usuario.
Instalación
Agrega las carpetas siguientes:
- %Program Files%\baidu\BaiduRJDownloader
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\drivers
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\Microsoft.VC80.ATL
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\Microsoft.VC80.CRT
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\skin
- %Program Files%\baidu\rj
- %ProgramData%\Baidu
- %ProgramData%\Baidu\Common
- %User Temp%\nso{random}.tmp
- %Program Files%\baidu
(Nota: %Program Files% es la carpeta Archivos de programa predeterminada, que suele estar en C:\Archivos de programa).
. %User Temp% es la carpeta Temp del usuario activo, que en el caso de Windows 2000, XP y Server 2003 suele estar en C:\Documents and Settings\{nombre de usuario}\Local Settings\Temp).)Infiltra los archivos siguientes:
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\ActivityAssistant.exe
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\AppAdTip.exe
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\AppOpenAsTip.exe
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\AppUpdater.exe
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\AppUpdateTips.exe
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\BaseDll.dll
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\bddlsvc.exe
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\BDHYServer.exe
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\BDKitUtils.dll
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\BDMNetGetInfo.dll
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\bdrcdl.exe
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\BugReport.exe
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\config.xml
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\dl.dll
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\DriverManager.dll
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\drivers\BDArKit.sys
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_10272.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_10547.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_10644.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_10849.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_11043.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_11339.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_11383.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_11390.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_11838.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_11843.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_12035.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_12276.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_12282.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_12350.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_12616.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_12812.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_12856.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_12882.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_12934.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_12993.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_13406.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_13442.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_13478.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_13598.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_13874.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_14000.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_14497.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_14744.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_14754.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_15192.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_15501.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_15752.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_16490.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_16988.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_17183.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_17519.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_17588.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_19130.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_19227.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_19412.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_20621.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_21211.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_23980.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_24655.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_28108.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_28111.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_35858.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_38200.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_40694.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_40805.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_40898.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_41065.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_41100.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_41143.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\HYSoftIcons\10002_41153.png
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\ieBDSoftHelperPlug.dll
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\Microsoft.VC80.ATL\atl80.dll
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\Microsoft.VC80.CRT\msvcm80.dll
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\Microsoft.VC80.CRT\msvcp80.dll
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\Microsoft.VC80.CRT\msvcr80.dll
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\mindownload.ico
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\ProtocolDll.dll
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\ReportDll.dll
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\ReportRecordDll.dll
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\skin\adtipsui.rdb
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\skin\color_adtips.clr
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\skin\color_desc.clr
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\skin\color_openastips.clr
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\skin\color_tips.clr
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\skin\color_uninst.clr
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\skin\color_updatetips.clr
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\skin\font_adtips.f
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\skin\font_desc.f
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\skin\font_openastips.f
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\skin\font_tips.f
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\skin\font_uninst.f
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\skin\font_updatetips.f
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\skin\haiyanui.rdb
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\skin\openastipsui.rdb
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\skin\text_adtips.str
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\skin\text_cn.str
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\skin\text_openastips.str
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\skin\text_tips.str
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\skin\text_uninst.str
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\skin\text_updatetips.str
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\skin\tipsui.rdb
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\skin\uninstui.rdb
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\skin\updatetipsui.rdb
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\skin_engine.dll
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\uninstaller.exe
- %Program Files%\baidu\BaiduRJDownloader\2.0.0.290\UtilsDll.dll
- %Program Files%\baidu\rj\favicon.ico
- %ProgramData%\Baidu\Common\Global.db
- %System%\drivers\BDArKit.sys
- %User Temp%\nso{random}.tmp\InstallHelper.dll
(Nota: %Program Files% es la carpeta Archivos de programa predeterminada, que suele estar en C:\Archivos de programa).
. %System% es la carpeta del sistema de Windows, que en el caso de Windows 98 y ME suele estar en C:\Windows\System, en el caso de Windows NT y 2000 en C:\WINNT\System32 y en el caso de Windows XP y Server 2003 en C:\Windows\System32).. %User Temp% es la carpeta Temp del usuario activo, que en el caso de Windows 2000, XP y Server 2003 suele estar en C:\Documents and Settings\{nombre de usuario}\Local Settings\Temp).)Técnica de inicio automático
Inicia los servicios siguientes:
- Service Name: bddlsvc
Display Name: BDHY Service
Description: 百度下载助手服务,提供更加贴心的软件下载服务
Path to Executable: "%Program Files%\baidu\BaiduRJDownloader\2.0.0.290\bddlsvc.exe -r"
Startup Type: Automatic
(Nota: %Program Files% es la carpeta Archivos de programa predeterminada, que suele estar en C:\Archivos de programa).
)Otras modificaciones del sistema
Agrega las siguientes entradas de registro como parte de la rutina de instalación:
HKEY_LOCAL_MACHINE\SOFTWARE\baidu
HKEY_LOCAL_MACHINE\SOFTWARE\baidu\
BaiduRJDownloader
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
*\shell\dlhelper
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
*\shell\dlhelper\
command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{0031830A-A9D3-4f64-B6E8-3D55B68F4F9B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\ieCommonPlugin.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{D3C9CF85-72D2-4d22-B16A-0B682403AB84}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{D3C9CF85-72D2-4d22-B16A-0B682403AB84}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{D3C9CF85-72D2-4d22-B16A-0B682403AB84}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{D3C9CF85-72D2-4d22-B16A-0B682403AB84}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{D3C9CF85-72D2-4d22-B16A-0B682403AB84}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{D3C9CF85-72D2-4d22-B16A-0B682403AB84}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ieBDSoftHelperPlug.Implement
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ieBDSoftHelperPlug.Implement.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ieBDSoftHelperPlug.Implement.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ieBDSoftHelperPlug.Implement\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ieBDSoftHelperPlug.Implement\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{06AD210F-5953-4201-BB4F-81756DB68DF0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{06AD210F-5953-4201-BB4F-81756DB68DF0}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{06AD210F-5953-4201-BB4F-81756DB68DF0}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{06AD210F-5953-4201-BB4F-81756DB68DF0}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{5FA67120-F0AC-4A6E-B806-AECC0D13D9EF}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{5FA67120-F0AC-4A6E-B806-AECC0D13D9EF}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{5FA67120-F0AC-4A6E-B806-AECC0D13D9EF}\1.0\
0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{5FA67120-F0AC-4A6E-B806-AECC0D13D9EF}\1.0\
0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{5FA67120-F0AC-4A6E-B806-AECC0D13D9EF}\1.0\
FLAGS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{5FA67120-F0AC-4A6E-B806-AECC0D13D9EF}\1.0\
HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
BaiduRJDownloader
Agrega las siguientes entradas de registro:
"ieBDSoftHelperPlug Implement Class"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{0031830A-A9D3-4f64-B6E8-3D55B68F4F9B}
(Default) = "ieCommonPlugin"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\ieCommonPlugin.DLL
AppID = "{0031830A-A9D3-4f64-B6E8-3D55B68F4F9B}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ieBDSoftHelperPlug.Implement.1
(Default) = "ieBDSoftHelperPlug Implement Class"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ieBDSoftHelperPlug.Implement.1\CLSID
(Default) = "{D3C9CF85-72D2-4d22-B16A-0B682403AB84}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ieBDSoftHelperPlug.Implement
(Default) = "ieBDSoftHelperPlug Implement Class"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ieBDSoftHelperPlug.Implement\CLSID
(Default) = "{D3C9CF85-72D2-4d22-B16A-0B682403AB84}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ieBDSoftHelperPlug.Implement\CurVer
(Default) = "ieBDSoftHelperPlug.Implement.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{D3C9CF85-72D2-4d22-B16A-0B682403AB84}
(Default) = "ieBDSoftHelperPlug Implement Class"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{D3C9CF85-72D2-4d22-B16A-0B682403AB84}\ProgID
(Default) = "ieBDSoftHelperPlug.Implement.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{D3C9CF85-72D2-4d22-B16A-0B682403AB84}\VersionIndependentProgID
(Default) = "ieBDSoftHelperPlug.Implement"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{D3C9CF85-72D2-4d22-B16A-0B682403AB84}\InprocServer32
(Default) = "%Program Files%\baidu\BaiduRJDownloader\2.0.0.290\ieBDSoftHelperPlug.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{D3C9CF85-72D2-4d22-B16A-0B682403AB84}\InprocServer32
ThreadingModel = "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{D3C9CF85-72D2-4d22-B16A-0B682403AB84}\TypeLib
(Default) = "{5FA67120-F0AC-4a6e-B806-AECC0D13D9EF}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{5FA67120-F0AC-4A6E-B806-AECC0D13D9EF}\1.0
(Default) = "ieCommonPlugin 1.0 Type Library"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{5FA67120-F0AC-4A6E-B806-AECC0D13D9EF}\1.0\
FLAGS
(Default) = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{5FA67120-F0AC-4A6E-B806-AECC0D13D9EF}\1.0\
0\win32
(Default) = "%Program Files%\baidu\BaiduRJDownloader\2.0.0.290\ieBDSoftHelperPlug.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{5FA67120-F0AC-4A6E-B806-AECC0D13D9EF}\1.0\
HELPDIR
(Default) = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{06AD210F-5953-4201-BB4F-81756DB68DF0}
(Default) = "IImplement"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{06AD210F-5953-4201-BB4F-81756DB68DF0}\ProxyStubClsid
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{06AD210F-5953-4201-BB4F-81756DB68DF0}\ProxyStubClsid32
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{06AD210F-5953-4201-BB4F-81756DB68DF0}\TypeLib
(Default) = "{5FA67120-F0AC-4A6E-B806-AECC0D13D9EF}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{06AD210F-5953-4201-BB4F-81756DB68DF0}\TypeLib
Version = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\baidu\
BaiduRJDownloader
InstallDir = "%Program Files%\baidu\BaiduRJDownloader\2.0.0.290"
HKEY_LOCAL_MACHINE\SOFTWARE\baidu\
BaiduRJDownloader
Version = "2.0.0.290"
HKEY_LOCAL_MACHINE\SOFTWARE\baidu\
BaiduRJDownloader
IEPluginPath = "%Program Files%\baidu\BaiduRJDownloader\2.0.0.290\ieBDSoftHelperPlug.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\baidu\
BaiduRJDownloader
SupplyID = "10002"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
*\shell\dlhelper
icon = "%Program Files%\baidu\BaiduRJDownloader\2.0.0.290\bdrcdl.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
*\shell\dlhelper\
command
(Default) = ""%Program Files%\baidu\BaiduRJDownloader\2.0.0.290\BDHYServer.exe" "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
BaiduRJDownloader
UninstallString = "%Program Files%\baidu\BaiduRJDownloader\2.0.0.290\uninstaller.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
BaiduRJDownloader
Publisher = "Beijing baidu Netcom science and technology co.ltd"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
BaiduRJDownloader
DisplayVersion = "2.0.0.290"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
BaiduRJDownloader
DisplayIcon = "%Program Files%\baidu\BaiduRJDownloader\2.0.0.290\mindownload.ico"
HKCU\Software\Microsoft\
Windows\CurrentVersion\Ext\
Stats\{D3C9CF85-72D2-4d22-B16A-0B682403AB84}\iexplore\
AllowedDomains\*
(Default) = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{849EE4F0-6AEA-41c9-8A21-5F700C3BBDD5}
AppName = "bdrcdl.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{849EE4F0-6AEA-41c9-8A21-5F700C3BBDD5}
AppPath = "%Program Files%\baidu\BaiduRJDownloader\2.0.0.290"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{849EE4F0-6AEA-41c9-8A21-5F700C3BBDD5}
Policy = "3"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\GroupOrderList
bddriver = "02 00 00 00 01 00 00 00 02 00 00 00"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
services\bd0001
Type = "1"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
services\bd0001
Start = "1"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
services\bd0001
ErrorControl = "0"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
services\bd0001
DisplayName = "bd0001"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
services\bd0001
Description = "bd0001"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
services\bd0001
ImagePath = "system32\DRIVERS\bd0001.sys"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
services\bd0001
Group = "bddriver"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
services\bd0001
Tag = "1"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
services\bd0004
Type = "1"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
services\bd0004
Start = "1"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
services\bd0004
ErrorControl = "0"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
services\bd0004
DisplayName = "bd0004"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
services\bd0004
Description = "bd0004"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
services\bd0004
ImagePath = "system32\DRIVERS\bd0004.sys"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
services\bd0004
Group = "bddriver"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
services\bd0004
Tag = "2"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
services\bd0004
InstallDir_gj = "%Program Files%\baidu\BaiduRJDownloader\2.0.0.290"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
services\BDArKit
Type = "1"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
services\BDArKit
Start = "2"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
services\BDArKit
ErrorControl = "0"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
services\BDArKit
DisplayName = "BDArKit"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
services\BDArKit
Description = "BDArKit"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
services\BDArKit
ImagePath = "system32\DRIVERS\BDArKit.sys"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
services\BDArKit
Group = "bddriver"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
services\BDArKit
Tag = "4"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
services\BDMWrench
Type = "1"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
services\BDMWrench
Start = "1"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
services\BDMWrench
ErrorControl = "0"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
services\BDMWrench
DisplayName = "BDMWrench"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
services\BDMWrench
Description = "BDMWrench"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
services\BDMWrench
ImagePath = "system32\DRIVERS\BDMWrench.sys"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
services\BDMWrench
Group = "bddriver"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
services\BDMWrench
Tag = "5"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Unknown\shell\opendlg\
command
(Default) = "%Program Files%\baidu\BaiduRJDownloader\2.0.0.290\BDHYServer.exe 1 2 "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Unknown\shell\openas\
command
(Default) = "%Program Files%\baidu\BaiduRJDownloader\2.0.0.290\BDHYServer.exe 1 3 "%1""
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\GroupOrderList
bddriver = "02 00 00 00 01 00 00 00 02 00 00 00"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Unknown\shell\opendlg\
command
(Default) = "%Program Files%\baidu\BaiduRJDownloader\2.0.0.290\BDHYServer.exe 1 2 "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Unknown\shell\openas\
command
(Default) = "%Program Files%\baidu\BaiduRJDownloader\2.0.0.290\BDHYServer.exe 1 3 "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
BaiduRJDownloader
DisplayName = "百度下载助手 2.0.0.290"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
*\shell\dlhelper
(Default) = "使用 下载助手 打开"
Rutina de puerta trasera
Se conecta a los sitios Web siguientes para enviar y recibir información:
- dl.{BLOCKED}y.{BLOCKED}u.com
SOLUTION
Step 1
Los usuarios de Windows ME y XP, antes de llevar a cabo cualquier exploración, deben comprobar que tienen desactivada la opción Restaurar sistema para permitir la exploración completa del equipo.
Step 3
Quitar PUA_BAIDURJDOWNLOADER.GA por medio de su propia opción de desinstalación
Step 4
Buscar y eliminar estas carpetas
- %ProgramData%\Baidu
- %Program Files%\baidu
- %User Temp%\nso{random}.tmp
Step 5
Explorar el equipo con su producto de Trend Micro para eliminar los archivos detectados como PUA_BAIDURJDOWNLOADER.GA En caso de que el producto de Trend Micro ya haya limpiado, eliminado o puesto en cuarentena los archivos detectados, no serán necesarios más pasos. Puede optar simplemente por eliminar los archivos en cuarentena. Consulte esta página de Base de conocimientos para obtener más información.
Did this description help? Tell us how we did.