Typ: Adware
Źródło: Symantec
System: Windows
Działanie:
Tworzy pliki:
Kod: Zaznacz cały
* %UserProfile%\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com\chrome\mmtextlinks.jar
* %UserProfile%\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com\chrome.manifest
* %UserProfile%\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com\components\mmagootlf.dll
* %UserProfile%\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com\components\mmagootlf.xpt
* %UserProfile%\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com\install.rdf
* %ProgramFiles%\Mighty Magoo\ars.cfg
* %ProgramFiles%\Mighty Magoo\icon.ico
* %ProgramFiles%\Mighty Magoo\mightymagoo32.exe
* %ProgramFiles%\Mighty Magoo\mightymagoolib32.dll
* %ProgramFiles%\Mighty Magoo\mmagootl.dll
* %ProgramFiles%\Mighty Magoo\mmagooun.exe
Tworzy wpis startowy w rejestrze:
Kod: Zaznacz cały
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Mightymagoo" = "%ProgramFiles%\Mighty Magoo\mightymagoo32.exe a"
Tworzy podklucze:
Kod: Zaznacz cały
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\MightyMagooText.DLL
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97E74A14-E5F1-40cc-9B0F-0D11946E5469}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEAD004E-7E2D-49f8-831C-A01647E85B53}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MightyMagooText.Linker
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97E74A14-E5F1-40cc-9B0F-0D11946E5469}
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEAD004E-7E2D-49f8-831C-A01647E85B53}
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MightyMagoo
* HKEY_CURRENT_USER\[SID]\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEAD004E-7E2D-49f8-831C-A01647E85B53}
* HKEY_CURRENT_USER\[SID]\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97E74A14-E5F1-40CC-9B0F-0D11946E5469}
* HKEY_CURRENT_USER\[SID]\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEAD004E-7E2D-49F8-831C-A01647E85B53}
* HKEY_CURRENT_USER\[SID]\Software\AppDataLow\mmagootl
W celu usunięcia, zapraszamy do napisania tematu na forum.