Adware/PurityScan.g是一個潛在性令人討厭的廣告程式,此程式需用戶下載安裝,並出現EULA(最終使用者使用授權協定)供用戶選擇,
基本介紹
- 中文名:Adware/PurityScan.g
- 外文名:無
- 病毒長度:變長
- 影響平台:Win9X/2000/XP/NT/Me/2003
Adware/PurityScan.g
它利用傳送包含連結到安裝頁面的AOL即時訊息給好友名單里的所有用戶進行傳播。此程式在你訪問 www.wgutv.com 或download.buddylinks.net 網站時運行,點擊連線後會出現一個提示安裝的對話框。
傳播過程及特徵:
1.生成下列資料夾:
%Program Files%\buddylinks.net
%Program Files%\Common Files\PSD Tools
2.修改註冊表:
添加鍵值:"PSD Tools Channel" = "%Program Files%\Common Files\PSD Tools\ChannelUp.exe"
到註冊表:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
生成下列子鍵:
HKEY_CLASSES_ROOT\Interface\{00D38C81-14B3-44DE-B023-3BDC5BDE4FEC}
HKEY_CLASSES_ROOT\CLSID\{FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4}
3.可能生成下列檔案:
%開始選單%\buddylinks.net\Games\Saddam Escapes\Play.lnk
%開始選單%\buddylinks.net\Games\Saddam Escapes\Uninstall.lnk
%Program Files%\buddylinks.net\Games\Saddam Game\Disabled.jpg
%Program Files%\buddylinks.net\Games\Saddam Game\Down.jpg
%Program Files%\buddylinks.net\Games\Saddam Game\Mask.bmp
%Program Files%\buddylinks.net\Games\Saddam Game\Normal.jpg
%Program Files%\buddylinks.net\Games\Saddam Game\Over.jpg
%Program Files%\buddylinks.net\Games\Saddam Game\saddam.swf
%Program Files%\buddylinks.net\Games\Saddam Game\shell.exe
%Program Files%\buddylinks.net\Games\Saddam Game\skin.ini
%Program Files%\buddylinks.net\Games\Saddam Game\uninst.exe
%Program Files%\Common Files\PSD Tools\ChannelUp.exe
%Windir%\Downloaded Program Files\ShellInstaller.INF
%Windir%\Downloaded Program Files\ShellInstaller.ocx
%temp%\game_dl.exe
%temp%\game_install.exe
4.此程式將協同當前即時訊息客戶允許自動傳送源廣告訊息給所有好友,如果想停止它的運行可以從開始選單打開"buddylinks.net Configuration"項,並去掉"適當選項"的勾。
註:%Windir%為變數,一般為C:\Windows 或 C:\Winnt;
%Temp%一般為C:\Windows\TEMP (Windows 95/98/Me/XP)
or C:\WINNT\Temp (Windows NT/2000);
%Program Files%一般為C:\Program Files;
%開始選單%一般為c:\Documents and Settings\用戶名\開始選單;
%System%為變數,一般為C:\Windows\System (Windows 95/98/Me),
C:\Winnt\System32 (Windows NT/2000),
或 C:\Windows\System32 (Windows XP)。
