種類 |
Adware
|
危険度/拡散度 |
/
|
発見日 |
[korea] 2009-12-21 [Foreign] 0000-00-00
|
Virobot対応 |
2009-12-22 [Able to detect & repair]
|
[Symptom of Infection]
[Adware.Onplus.827904] is an Adware that is registered to "Add/Remove Programs" but it can't be removed due to ininstaller unproviding. <Related URL> hxxp://(...)/update/default2.htm hxxp://file.(...)/update/files/updater2/(...)/onplus2.cab hxxp://file.(...)/update/files/overture2/(...)/onplusov.dat hxxp://file.(...)/update/files/(...)/onplusov.exe hxxp://file.(...)/update/files/(...)/onplusrw.dat hxxp://file.(...)/update/files/reward2/(...)/onplusrw.dll hxxp://file.(...)/update/files/overture2/(...)/onplussb.dll hxxp://file.(...)/update/files/updater2/(...)/onplusup.cab hxxp://211.xx.123.xx/(...)/install.php?partner=(...) hxxp://(...)/easy_guide/(...).html hxxp://(...)/update/onplus_up.htm [Adware.Onplus.827904] creates files like below. (Programs Folder)ONPLUS2\onplus2.exe (Programs Folder)\ONPLUS2\onplusov.dat (Programs Folder)\ONPLUS2\onplusov.exe (Programs Folder)\ONPLUS2\onplusrw.dat (Programs Folder)\ONPLUS2\onplusrw.dll (Programs Folder)\ONPLUS2\onplussb.dll (Programs Folder)\ONPLUS2\onplusup.exe HKLM\SOFTWARE\Classes\CLSID\{0C13445A-91A4-4ab5-A39B-025FD36DC428} HKLM\SOFTWARE\Classes\CLSID\{FA0D8FA9-9155-4177-85C1-4F975C491B24} HKLM\SOFTWARE\Classes\Interface\{27216405-057A-4CC3-A940-FD2B74549930} HKLM\SOFTWARE\Classes\Interface\{4261A670-E1B4-42F0-92F6-6A6E477CA681} HKLM\SOFTWARE\Classes\TypeLib\{3C820EAC-74C2-4425-93A2-29F22D5B4E36} HKLM\SOFTWARE\Classes\TypeLib\{6FFD082C-BA64-4626-BA8B-22187608DC94} HKLM\SOFTWARE\Classes\onplus2ov HKLM\SOFTWARE\Classes\onplus2ov.1 HKLM\SOFTWARE\Classes\onplus2re HKLM\SOFTWARE\Classes\onplus2re.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C13445A-91A4-4ab5-A39B-025FD36DC428} HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\onplus2 HKCU\Software\onplus2 HKCU\Microsoft\Windows\CurrentVersion\Run Name: onplus2 Value: "C:\Program Files\ONPLUS2\onplus2.exe"
|
|
[How to repair] 1. If you are WinXP/ME users, please be inactivate System Recovery Function.
|