Atakowane systemy: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000
Program ten jest klasycznym reklamiarzem. Może on utworzyć następujące pliki:
Kod: Zaznacz cały
* C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSA.dat
* C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht
* C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSAau_update.dat
* C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht
* C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf_update.dat
* C:\Documents and Settings\All Users\Start Menu\Programs\ClickPotato\About Us.lnk
* C:\Documents and Settings\All Users\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk
* C:\Documents and Settings\All Users\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk
* %ProgramFiles%\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll
* %ProgramFiles%\ClickPotatoLite\bin\[VERSION NUMBER]\ClickPotatoLiteSA.exe
* %ProgramFiles%\ClickPotatoLite\bin\[VERSION NUMBER]\ClickPotatoLiteSAAX.dll
* %ProgramFiles%\ClickPotatoLite\bin\[VERSION NUMBER]\ClickPotatoLiteSABHO.dll
* %ProgramFiles%\ClickPotatoLite\bin\[VERSION NUMBER]\ClickPotatoLiteSAHook.dll
* %ProgramFiles%\ClickPotatoLite\bin\[VERSION NUMBER]\ClickPotatoLiteUninstaller.exe
* %ProgramFiles%\ClickPotatoLite\bin\[VERSION NUMBER]\firefox\extensions\install.rdf
* %ProgramFiles%\ClickPotatoLite\bin\[VERSION NUMBER]\firefox\extensions\plugins\npclntax_ClickPotatoLiteSA.dll
Ponadto tworzy wpis rejestru:
Kod: Zaznacz cały
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\"ClickPotatoLite@ClickPotatoLite.com" = "%ProgramFiles%\ClickPotatoLite\bin\[VERSION NUMBER]\firefox\extensions"
Zidentyfikowane inne podklucze:
Kod: Zaznacz cały
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\MenuButtonIE.DLL
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{11C27351-716B-4052-9361-E3B0A3F8221C}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7A3D6D17-9DD5-4C60-8076-D1784DABAF8C}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{814BAA91-DC22-4350-87D6-0C86E93F7F08}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C55CA95C-324B-451C-B2D2-6E895AA75FEC}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ClickPotatoLiteAx.Info
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ClickPotatoLiteAx.Info.1
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ClickPotatoLiteAX.UserProfiles
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ClickPotatoLiteAX.UserProfiles.1
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MenuButtonIE.ButtonIE
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MenuButtonIE.ButtonIE.1
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE}
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC}
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA}
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5}
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE}
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ClickPotatoLiteSA
* HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite
* HKEY_CURRENT_USER\Software\clickpotatolitesa
Leczenie:
Po wyłączeniu przywracania systemu, aktualizacji antywirusa i skanowaniu nim dysku, należy usunąć wspomniane klucze z rejestru.
W przypadku potrzeby pomocy, prosimy pisać na forum w dziale Bezpieczeństwo.
Źródło: Symantec