“Win32.ADWARE.Roogooo”的意思、由来-中文百科全书

基本信息

病毒行为

生成文件到系统目录，文件名为下列中的一种

quartz32.dll

wshcon32.dll

secur.dll

raspapi.dll

winipsec32.dll　添加注册表

HKEY_CLASSES_ROOT\\Adplus.XLink

HKEY_CLASSES_ROOT\\Adplus.XLink.1

HKEY_CLASSES_ROOT\\CLSID\\

"InprocServer32" = "C:\\WINNT\\System32\\quartz32.dll"

HKEY_CLASSES_ROOT\\Interface\\

"IXLink"

HKEY_CLASSES_ROOT\\TypeLib\\\\1.0\\0\\win32

"C:\\WINNT\\System32\\quartz32.dll"

HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ComDlg32\\LastVisitedMRU

hex:49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,57,00,61,00,74,00,63,00,68,00,2e,00,65,00,78,00,65,00,00,00,43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,00,73,00,20,00,61,00,6e,00,64,00,20,00,53,00,65,00,74,00,74,00,69,00,6e,00,67,00,73,00,5c,00,61,00,64,00,6d,00,69,00,6e,00,69,00,73,00,74,00,72,00,61,00,74,00,6f,00,72,00,5c,00,4d,00,79,00,20,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,00,73,00,00,00,

HKEY_LOCAL_MACHINE\\SOFTWARE\\Roogoo

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion

FROMID = "roogoo"

HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Enum\\Root\\LEGACY_WS2IFSL

HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WS2IFSL

HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000012

PackedCatalogItem

hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,6d,73,61,66,64,2e,64,6c,6c,00,00,00,3a,00,35,00,36,00,20,00,33,00,32,00,34,00,2e,00,31,00,39,00,30,00,32,00,5d,00,00,00,00,00,00,00,00,00,00,00,00,00,04,02,00,00,00,00,00,00,00,00,00,00,00,00,ed,55,d8,41,bf,01,00,00,00,00,01,00,93,08,00,00,05,00,19,00,0e,00,00,01,0c,00,00,00,00,00,00,00,00,00,e0,1a,00,00,60,9e,fc,36,65,c4,cf,11,80,56,44,45,53,54,00,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,09,02,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,48,a1,92,f3,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,

HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000013

PackedCatalogItem

hex:43,3a,5c,57,49,4e,4e,54,5c,53,79,73,74,65,6d,33,32,5c,71,75,61,72,74,7a,33,32,2e,64,6c,6c,00,00,00,00,3a,00,35,00,36,00,20,00,33,00,32,00,34,00,2e,00,31,00,39,00

词条	Win32.ADWARE.Roogooo
释义	Win32.ADWARE.Roogooo是一个广告软件。功能是用户在使用google等搜索引擎时，会在桌面右下角弹出与搜索的内容相关的广告。该广告使用的文件名类似系统文件名，迷惑用户；该广告会注册SPI服务，并不提供卸载，所以，当该文件出现故障时，可能会导致机器无法上网。基本信息(处理时间病毒类型影响系统) 病毒行为基本信息处理时间 2006-07-19 威胁级别：★ 病毒类型 Win32病毒影响系统 Win 9x/ME,Win 2000/NT,Win XP,Win 2003 病毒行为生成文件到系统目录，文件名为下列中的一种 quartz32.dll wshcon32.dll secur.dll raspapi.dll winipsec32.dll　添加注册表 HKEY_CLASSES_ROOT\\Adplus.XLink HKEY_CLASSES_ROOT\\Adplus.XLink.1 HKEY_CLASSES_ROOT\\CLSID\\ "InprocServer32" = "C:\\WINNT\\System32\\quartz32.dll" HKEY_CLASSES_ROOT\\Interface\\ "IXLink" HKEY_CLASSES_ROOT\\TypeLib\\\\1.0\\0\\win32 "C:\\WINNT\\System32\\quartz32.dll" HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ComDlg32\\LastVisitedMRU hex:49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,57,00,61,00,74,00,63,00,68,00,2e,00,65,00,78,00,65,00,00,00,43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,00,73,00,20,00,61,00,6e,00,64,00,20,00,53,00,65,00,74,00,74,00,69,00,6e,00,67,00,73,00,5c,00,61,00,64,00,6d,00,69,00,6e,00,69,00,73,00,74,00,72,00,61,00,74,00,6f,00,72,00,5c,00,4d,00,79,00,20,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,00,73,00,00,00, HKEY_LOCAL_MACHINE\\SOFTWARE\\Roogoo HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion FROMID = "roogoo" HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Enum\\Root\\LEGACY_WS2IFSL HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WS2IFSL HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000012 HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000012 PackedCatalogItem hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,6d,73,61,66,64,2e,64,6c,6c,00,00,00,3a,00,35,00,36,00,20,00,33,00,32,00,34,00,2e,00,31,00,39,00,30,00,32,00,5d,00,00,00,00,00,00,00,00,00,00,00,00,00,04,02,00,00,00,00,00,00,00,00,00,00,00,00,ed,55,d8,41,bf,01,00,00,00,00,01,00,93,08,00,00,05,00,19,00,0e,00,00,01,0c,00,00,00,00,00,00,00,00,00,e0,1a,00,00,60,9e,fc,36,65,c4,cf,11,80,56,44,45,53,54,00,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,09,02,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,48,a1,92,f3,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00, HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000013 HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000013 PackedCatalogItem hex:43,3a,5c,57,49,4e,4e,54,5c,53,79,73,74,65,6d,33,32,5c,71,75,61,72,74,7a,33,32,2e,64,6c,6c,00,00,00,00,3a,00,35,00,36,00,20,00,33,00,32,00,34,00,2e,00,31,00,39,00
随便看	香草冲自然村香草醇香草醇丁醚香草蛋烘面包丁香草蛋奶香草蛋奶酱香草蛋奶酥香草的味道香草地图：芳香精油的精致生活香草叠溪香草豆茶香草豆腐汤面香草豆浆蛋糕卷香草番茄炒空心面香草番茄烩排骨香草番茄烩烧排骨香草番茄烤鸡香草风味菲力牛排香草凤尾虾香草干贝爆茄子香草瓜子香草广场香草海皇玉子豆腐香草海绵蛋糕香草红莓马提尼

基本信息

处理时间

病毒类型

影响系统

病毒行为