Sound card virus program disguised AdWare.Win32.Agent.eih
Virus Name: AntiVir: –
AVG: –
Kaspersky: not-a-virus: AdWare.Win32.Agent.eih
NOD32v2: archive damaged
Rising: –
VT killing rate: 4 / 36 (11.12%)
VT Scan Time: 2008.08.23 10:19:38 (CET)
EQS Lab ID: 080823036
Virus size: 264 KB (270,457 bytes)
MD5 code: 66F6DA5DC11BD99D15BFEA50AC710A2E
Virus Type: malicious program
The main mode of transmission: the network
Platform test: WinXP SP3 system (the default Shell for BBlean) EQSecurity (HIPS) Live
Damage:
Virus:
After running modify the registry Start Page
2008-08-23 19:27:15 modify the registry content
Process path: F: \ Once \ soundman \ soundman.exe
Path of the registry: HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ Main
Name of the registry: Start Page
After the change: http://www.go2000.cn/
Before the change: http://www.shendu.com/
Trigger rules: All the rules of procedure -> IE browser-related -> * \ Software \ Microsoft \ Internet explorer \ Main
Amend the relevant registry search
2008-08-23 19:27:15 create a registry value
Process path: F: \ Once \ soundman \ soundman.exe
Path of the registry: HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ SearchScopes \ (5B8225C7-757A-44B2-96BB-1E3AC529B03B)
Name of the registry: [Key]
Trigger rules: All the rules of procedure -> IE browser-related -> * \ Software \ Microsoft \ Internet explorer \ Search *
2008-08-23 19:27:15 modify the registry content
Process path: F: \ Once \ soundman \ soundman.exe
Path of the registry: HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ SearchScopes \ (24588FA4-10F1-41D7-B19D-6E22361E47FA)
Name registry: URL
After the change: http://www.baidu.com/s?wd = (searchTerms) & tn = go2000_pg & cl = 3 & ie = utf-8
Trigger rules: All the rules of procedure -> IE browser-related -> * \ Software \ Microsoft \ Internet explorer \ Search *
The creation of start of
2008-08-23 19:27:15 create a registry value
Process path: F: \ Once \ soundman \ soundman.exe
Path of the registry: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
Name registry: SoundMan
Trigger rules: All the rules of procedure -> run automatically -> * \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run *
The key: to amend the relevant registry IE
HIPS preventive measures: changes in procedures to prevent new to IE-related registry.
Related posts:
- When windows prompts to install the sound card hardware drivers not found As a result of such failure is generally the first...
- Error 1325: Favorites is not a valid short file solution Today, home to a colleague installed photoshop cs9, installation tips...
- Typhoon Acoustic 4 Sound Card Driver 0621 Windows 2000/XP Platform: Windows 2000/XP License: Free Driver Size: 1.78 Mb Version:...
- Refused to install the sound card driver solutions visit Recently installed sound card drivers (security is SIS7012) found that...
- Solve CQ515 or 511,516 sound drivers make the system shutdown due to slow program In the installed system and the drive-way and found the...
May 27th, 2010 at 3:38 pm
Hello!
Check out
an excellent search engine –
baza sie pojebala
P.S. Yahoo – everything will be found! Google: nothing was really lost…
Bye to everyone!