[SYMANTEC] Trojan.BadabroTrojan

Informacje o najnowszych zagrożeniach i sposobach leczenia
Awatar użytkownika
cosik_ktosik

Administrator
Posty: 21302
Rejestracja: 13 lis 2008, 01:17
Lokalizacja: Szczecin
Kontaktowanie:

[SYMANTEC] Trojan.BadabroTrojan

Post25 gru 2014, 23:11

Trojan instaluje się przez menedżer pobierania.

Tworzy następujące pliki:

Kod: Zaznacz cały

    C:\Documents and Settings\All Users\Desktop\speed browser.lnk
    C:\Documents and Settings\All Users\Start Menu\Programs\speed browser\speed browser.lnk
    C:\Program Files\speed browser\Application\38.0.2125.19\37.0.2062.94.manifest
    C:\Program Files\speed browser\Application\38.0.2125.19\38.0.2125.19.manifest
    C:\Program Files\speed browser\Application\38.0.2125.19\chrome.dll
    C:\Program Files\speed browser\Application\38.0.2125.19\chrome_100_percent.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\chrome_200_percent.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\chrome_child.dll
    C:\Program Files\speed browser\Application\38.0.2125.19\chrome_elf.dll
    C:\Program Files\speed browser\Application\38.0.2125.19\d3dcompiler_46.dll
    C:\Program Files\speed browser\Application\38.0.2125.19\delegate_execute.exe
    C:\Program Files\speed browser\Application\38.0.2125.19\Extensions\external_extensions.json
    C:\Program Files\speed browser\Application\38.0.2125.19\ffmpegsumo.dll
    C:\Program Files\speed browser\Application\38.0.2125.19\icudtl.dat
    C:\Program Files\speed browser\Application\38.0.2125.19\Installer\chrmstp.exe
    C:\Program Files\speed browser\Application\38.0.2125.19\Installer\chrome.7z
    C:\Program Files\speed browser\Application\38.0.2125.19\Installer\setup.exe
    C:\Program Files\speed browser\Application\38.0.2125.19\libegl.dll
    C:\Program Files\speed browser\Application\38.0.2125.19\libexif.dll
    C:\Program Files\speed browser\Application\38.0.2125.19\libglesv2.dll
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\am.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\ar.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\bg.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\bn.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\ca.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\cs.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\da.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\de.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\el.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\en-GB.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\en-US.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\es-419.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\es.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\et.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\fa.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\fi.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\fil.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\fr.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\gu.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\he.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\hi.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\hr.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\hu.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\id.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\it.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\ja.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\kn.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\ko.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\lt.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\lv.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\ml.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\mr.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\ms.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\nb.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\nl.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\pl.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\pt-BR.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\pt-PT.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\ro.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\ru.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\sk.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\sl.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\sr.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\sv.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\sw.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\ta.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\te.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\th.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\tr.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\uk.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\vi.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\zh-CN.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\Locales\zh-TW.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\metro_driver.dll
    C:\Program Files\speed browser\Application\38.0.2125.19\nacl64.exe
    C:\Program Files\speed browser\Application\38.0.2125.19\nacl_irt_x86_32.nexe
    C:\Program Files\speed browser\Application\38.0.2125.19\nacl_irt_x86_64.nexe
    C:\Program Files\speed browser\Application\38.0.2125.19\pdf.dll
    C:\Program Files\speed browser\Application\38.0.2125.19\resources.pak
    C:\Program Files\speed browser\Application\38.0.2125.19\secondarytile.png
    C:\Program Files\speed browser\Application\38.0.2125.19\VisualElements\logo.png
    C:\Program Files\speed browser\Application\38.0.2125.19\VisualElements\smalllogo.png
    C:\Program Files\speed browser\Application\38.0.2125.19\VisualElements\splash-620x300.png
    C:\Program Files\speed browser\Application\browser.exe
    C:\Program Files\speed browser\Application\shortcut.exe
    C:\Program Files\speed browser\Application\VisualElementsManifest.xml


Następnie dodaje następujące wpisy do rejestru:

Kod: Zaznacz cały

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithProgids\BrowserHTM: ""
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.html\OpenWithProgids\BrowserHTM: ""
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml\OpenWithProgids\BrowserHTM: ""
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.webp\OpenWithProgids\BrowserHTM: ""
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xht\OpenWithProgids\BrowserHTM: ""
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xhtml\OpenWithProgids\BrowserHTM: ""
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}\id: "67fbb8efde374b22ba4edcabb2607266"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\LocalServer32\: ""C:\Program Files\speed browser\Application\38.0.2125.19\delegate_execute.exe""
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\LocalServer32\ServerExecutable: "C:\Program Files\speed browser\Application\38.0.2125.19\delegate_execute.exe"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\: "CommandExecuteImpl Class"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B33BD6CF-BF4C-4CF0-AC84-B2974BC14ABD}\id: "67fbb8efde374b22ba4edcabb2607266"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B33BD6CF-BF4C-4CF0-AC84-B2974BC14ABD}\vp: "3.0.19141299"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B33BD6CF-BF4C-4CF0-AC84-B2974BC14ABD}\p: "141299"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B33BD6CF-BF4C-4CF0-AC84-B2974BC14ABD}\ip: "141299"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B33BD6CF-BF4C-4CF0-AC84-B2974BC14ABD}\ad: "getspeedbrowserp.com"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B33BD6CF-BF4C-4CF0-AC84-B2974BC14ABD}\ns: "SPDB"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B33BD6CF-BF4C-4CF0-AC84-B2974BC14ABD}\v: "3.0.19"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\DefaultIcon\: "C:\Program Files\speed browser\Application\browser.exe,0"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HTTP\DefaultIcon\: "C:\Program Files\speed browser\Application\browser.exe,0"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\DefaultIcon\: "C:\Program Files\speed browser\Application\browser.exe,0"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHTM\shell\open\command\: ""C:\Program Files\speed browser\Application\browser.exe" -- "%1""
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHTM\DefaultIcon\: "C:\Program Files\speed browser\Application\browser.exe,0"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHTM\: "Browser HTML Document"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHTM\URL Protocol: ""
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\browser.exe\shell\open\command\: ""C:\Program Files\speed browser\Application\browser.exe""
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\browser.exe\LocalizedString: 53 00 70 00 65 00 65 00 64 00 20 00 42 00 72 00 6F 00 77 00 73 00 65 00 72 00 00 00 08 00
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\URLAssociations\ftp: "BrowserHTM"
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\URLAssociations\http: "BrowserHTM"
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\URLAssociations\https: "BrowserHTM"
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\URLAssociations\irc: "BrowserHTM"
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\URLAssociations\mailto: "BrowserHTM"
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\URLAssociations\mms: "BrowserHTM"
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\URLAssociations\news: "BrowserHTM"
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\URLAssociations\nntp: "BrowserHTM"
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\URLAssociations\sms: "BrowserHTM"
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\URLAssociations\smsto: "BrowserHTM"
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\URLAssociations\tel: "BrowserHTM"
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\URLAssociations\urn: "BrowserHTM"
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\URLAssociations\webcal: "BrowserHTM"
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\Startmenu\StartMenuInternet: "speed browser"
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\FileAssociations\.htm: "BrowserHTM"
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\FileAssociations\.html: "BrowserHTM"
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\FileAssociations\.shtml: "BrowserHTM"
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\FileAssociations\.xht: "BrowserHTM"
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\FileAssociations\.xhtml: "BrowserHTM"
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\FileAssociations\.webp: "BrowserHTM"
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\shell\open\command\: ""C:\Program Files\speed browser\Application\browser.exe""
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\InstallInfo\ReinstallCommand: ""C:\Program Files\speed browser\Application\browser.exe" --make-default-browser"
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\InstallInfo\HideIconsCommand: ""C:\Program Files\speed browser\Application\browser.exe" --hide-icons"
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\InstallInfo\ShowIconsCommand: ""C:\Program Files\speed browser\Application\browser.exe" --show-icons"
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\InstallInfo\IconsVisible: 0x00000001
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\DefaultIcon\: "C:\Program Files\speed browser\Application\browser.exe,0"
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\ApplicationDescription: "Browser is a web browser that runs webpages and applications with lightning speed. It's fast, stable, and easy to use. Browse the web more safely with malware and phishing protection built into Browser."
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\ApplicationIcon: "C:\Program Files\speed browser\Application\browser.exe,0"
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\Capabilities\ApplicationName: "speed browser"
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\speed browser\: "speed browser"
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}\: "speed browser"
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}\StubPath: ""C:\Program Files\speed browser\Application\38.0.2125.19\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level"
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}\Localized Name: "speed browser"
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}\IsInstalled: 0x00000001
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}\Version: "24,0,0,0"
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\browser.exe\: "C:\Program Files\speed browser\Application\browser.exe"
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\browser.exe\Path: "C:\Program Files\speed browser\Application"
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\speed browser\DisplayName: "speed browser"
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\speed browser\UninstallString: ""C:\Program Files\speed browser\Application\38.0.2125.19\Installer\setup.exe" --uninstall --system-level"
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\speed browser\InstallLocation: "C:\Program Files\speed browser\Application"
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\speed browser\DisplayIcon: "C:\Program Files\speed browser\Application\browser.exe,0"
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\speed browser\NoModify: 0x00000001
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\speed browser\NoRepair: 0x00000001
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\speed browser\Publisher: "Smart Applications"
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\speed browser\Version: "38.0.2125.19"
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\speed browser\DisplayVersion: "38.0.2125.19"
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\speed browser\InstallDate: "20141205"
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\speed browser\VersionMajor: 0x0000084D
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\speed browser\VersionMinor: 0x00000013
    HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications\speed browser: "Software\Clients\StartMenuInternet\speed browser\Capabilities"
    HKEY_LOCAL_MACHINE\SOFTWARE\Chromium\Commands\on-os-upgrade\CommandLine: ""C:\Program Files\speed browser\Application\38.0.2125.19\Installer\setup.exe" --on-os-upgrade --system-level --verbose-logging"
    HKEY_LOCAL_MACHINE\SOFTWARE\Chromium\Commands\on-os-upgrade\AutoRunOnOSUpgrade: 0x00000001
    HKEY_LOCAL_MACHINE\SOFTWARE\Chromium\Commands\install-extension\CommandLine: ""C:\Program Files\speed browser\Application\browser.exe" --limited-install-from-webstore=%1"
    HKEY_LOCAL_MACHINE\SOFTWARE\Chromium\Commands\install-extension\SendsPings: 0x00000001
    HKEY_LOCAL_MACHINE\SOFTWARE\Chromium\Commands\install-extension\WebAccessible: 0x00000001
    HKEY_LOCAL_MACHINE\SOFTWARE\Chromium\Commands\install-extension\RunAsUser: 0x00000001
    HKEY_LOCAL_MACHINE\SOFTWARE\Chromium\UninstallString: "C:\Program Files\speed browser\Application\38.0.2125.19\Installer\setup.exe"
    HKEY_LOCAL_MACHINE\SOFTWARE\Chromium\UninstallArguments: " --uninstall --system-level"
    HKEY_LOCAL_MACHINE\SOFTWARE\Chromium\name: "speed browser"
    HKEY_LOCAL_MACHINE\SOFTWARE\Chromium\oopcrashes: 0x00000001
    HKEY_LOCAL_MACHINE\SOFTWARE\Chromium\pv: "38.0.2125.19"
    HKEY_LOCAL_MACHINE\SOFTWARE\Chromium\InstallerResult: 0x00000000
    HKEY_LOCAL_MACHINE\SOFTWARE\Chromium\InstallerError: 0x00000000
    HKEY_LOCAL_MACHINE\SOFTWARE\Chromium\InstallerSuccessLaunchCmdLine: ""C:\Program Files\speed browser\Application\browser.exe""
    HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBrowser\ct: "ct3330500"
    HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBrowser\domain: "getspeedbrowserp.com"
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\speed browser\Application\browser.exe: "C:\Program Files\speed browser\Application\browser.exe:*:Enabled:speed browser"
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\speed browser\Application\browser.exe: "C:\Program Files\speed browser\Application\browser.exe:*:Enabled:speed browser"



    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\shell\open\command\: ""C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\shell\open\command\: ""C:\Program Files\speed browser\Application\browser.exe" -- "%1""
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\shell\open\ddeexec\: ""%1",,-1,0,,,,"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\shell\open\ddeexec\: ""
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HTTP\shell\open\command\: ""C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HTTP\shell\open\command\: ""C:\Program Files\speed browser\Application\browser.exe" -- "%1""
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HTTP\shell\open\ddeexec\: ""%1",,-1,0,,,,"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HTTP\shell\open\ddeexec\: ""
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\shell\open\command\: ""C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\shell\open\command\: ""C:\Program Files\speed browser\Application\browser.exe" -- "%1""
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\shell\open\ddeexec\: ""%1",,-1,0,,,,"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\shell\open\ddeexec\: ""
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\: "chrome.exe"
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\: "browser.exe"


Instaluje nową przeglądarkę dodającą własne reklamy, w tym reklamy w tekście do klikania. Wyświetla też okienka pop-up.
Hotfix
Pozdrawiam, cosik_ktosik :)


  • Reklama

Wróć do „Zagrożenia i leczenie”



Kto jest online

Użytkownicy przeglądający to forum: Obecnie na forum nie ma żadnego zarejestrowanego użytkownika i 1 gość