放大镜

pup.optional.searchband.tsklnk.

短生物

pup.optional.searchband.tsklnk是Mal必威平台APPwareBytes的检测名称,用于俄罗斯源的搜索劫持者定位Windows系统。

症状

pup.optional.SearchBand.tsklnk通过在注册表中创建运行密钥来增强持久性预定的任务

SearchBand计划任务

计划在登录时运行的任务

用户在安装期间可能会看到此类警告:

pup.optional.searchBand.tsklnk安装

而此条目在其已安装的程序和功能列表中:

PUP.OPTIONAL.SearchBand.TSKLNK安装

感染类型和来源

pup.optional.searchBand.tsklnk在受影响的Windows系统的任务栏中放置一个搜索对话框。
pup.optional.searchBand.tsklnk通常由捆绑

SearchBand对话框

SearchBand对话框

保护

必威平台APPMalwarebytes通过使用实时保护保护用户免受PUP.Optional.SearchBand.TskLnk的攻击。

块PUP.OPTIONAL.SearchBand.TSKLNK.

必威平台APPMalwarebytes块PUP.OPTIONAL.SearchBand.TSKLNK.

修复

必威平台APPMalwarebytes可以检测和删除pup.optional.searchband.tsklnk,无需进一步的用户交互。

  1. 下载伪必威平台APP到你的桌面。
  2. 双击mbsetup.exe.并按照提示安装程序。
  3. 当你的必威平台APP伪的窗户安装完成后,该程序打开了欢迎来到Malwarebytes屏幕。必威平台APP
  4. 点击开始按钮。
  5. 点击扫描开始威胁扫描
  6. 点击隔离删除找到的威胁。
  7. 如果出现提示完成删除过程,重新启动系统。

必威平台APP伪删除日志

删除必威平台APP的Malwarebytes日志将类似于此图片:

必威平台APPMalwarebytes www.Malwarebytes.com-日志详细信息-扫描日期:10/5/18扫描时间:上午9:55日志文件:fc9152da-c873-11e8-9de5-00ffdcc6fdfc.json-软件信息-版本:3.5.1.2522组件版本:1.0.441更新包版本:1.0.7193许可证:高级-系统信息-操作系统:Windows 7 Service Pack 1 CPU:x64文件系统:NTFS用户:{computername}\{username}-扫描摘要-扫描类型:威胁扫描扫描发起人:手动结果:扫描完成的对象:238865检测到的威胁:154隔离的威胁:154经过的时间:2分钟,41秒-扫描选项-内存:启用启动:启用文件系统:启用存档:启用根工具包:启用启发式:启用PUP:检测PUM:检测-扫描详细信息-进程:1 PUP.Optional.SearchBand.TskLnk,C:\USERS\{username}\APPDATA\LOCAL\YANDEX\SearchBand\APPLICATION\4.6.0.1790\searchbandapp64.exe,隔离,[5092],[575166],1.0.7193模块:4 PUP.Optional.SearchBand.TskLnk,C:\USERS\{username}\APPDATA\LOCAL\YANDEX\SearchBand\APPLICATION\4.6.0.1790\searchbandapp64.exe,隔离,[5092],[575166],1.0.7193 PUP.Optional.SearchBand.TskLnk,C:\USERS\{username}\APPDATA\LOCAL\YANDEX\SearchBand\APPLICATION\4.6.0.1790.searchband64.dll,隔离,[5092],[575166],1.0.7193 PUP.Optional.SearchBand.TskLnk,C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\searchband64.dll,隔离,[5092],[575166],1.0.7193 PUP.Optional.SearchBand.TskLnk,C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\speechkitlib64.dll,隔离,[5092],[575166],1.0.7193注册表项:6 PUP.Optional.SearchBand.TskLnk,HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Yandex.Stroka.User.S-1-5-21-{userid},隔离,[5092],[575166],1.0.7193 PUP.Optional.SearchBand.TskLnk,HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2D4DC59B-C068-4924-B3EB-21740B8CA1FF},已隔离,[5092],[575166],1.0.7193 PUP.Optional.SearchBand.TskLnk,HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{2D4DC59B-C068-4924-B3EB-21740B8CA1FF},已隔离,[5092],[575166],1.0.7193 PUP.Optional.SearchBand.TskLnk,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yandex.Stroka.User.S-1-5-21-{userid},隔离,[5092],-1],0.0.0 PUP.Optional.SearchBand.TskLnk,HKEY\U LOCAL\U MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D4DC59B-C068-4924-B3EB-21740B8CA1FF},隔离,[5092],-1],0.0.0 PUP.Optional.SearchBand.TskLnk,HKEY\U LOCAL\U MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2D4DC59B-C068-4924-B3EB-21740B8CA1FF},隔离,[5092-1],[5092-1],0.0.0注册表值:1 PUP.Optional.SearchBand.TskLnk,HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN | YandexSearchBand,隔离,[5092],[575166],1.0.7193注册表数据:0(未检测到恶意项目)数据流:0(未检测到恶意项目)文件夹:19 PUP.Optional.SearchBand.TskLnk,C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\full Yandex,隔离,[5092],[575166],1.0.7193 PUP.Optional.SearchBand.TskLnk,C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\full alice,隔离,[5092],[575166],1.0.7193 PUP.Optional.SearchBand.TskLnk,C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\simple,隔离,[5092],[575166],1.0.7193 PUP.Optional.SearchBand.TskLnk,C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation,隔离,[5092],[575166],1.0.7193 PUP.Optional.SearchBand.TskLnk,C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons,隔离,[5092],[575166],1.0.7193 PUP.Optional.SearchBand.TskLnk,C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790.1790\data\resources\images,隔离,[5092],[575166],1.0.7193 PUP.Optional.SearchBand.TskLnk,C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\settings,隔离,[5092],[575166],1.0.7193 PUP.Optional.SearchBand.TskLnk,C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\software,隔离,[5092],[575166],1.0.7193 PUP.Optional.SearchBand.TskLnk,C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\balloon,隔离,[5092],[575166],1.0.7193 PUP.Optional.SearchBand.TskLnk,C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\about,隔离,[5092],[575166],1.0.7193 PUP.Optional.SearchBand.TskLnk,C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo,隔离,[5092],[575166],1.0.7193 PUP.Optional.SearchBand.TskLnk,C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voice,隔离,[5092],[575166],1。0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\ie8\i, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\ie8, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\USERS\{username}\APPDATA\LOCAL\YANDEX\SEARCHBAND\APPLICATION, Quarantined, [5092], [575166],1.0.7193 File: 123 PUP.Optional.SearchBand.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\Yandex.Stroka.User.S-1-5-21-{userid}, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\USERS\{username}\APPDATA\LOCAL\YANDEX\SEARCHBAND\APPLICATION\4.6.0.1790\searchbandapp64.exe, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\about\config.json, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\about\vendor-fallback.xml, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\balloon\wakeup.json, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\balloon\wakeup1.json, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\balloon\wakeup2.json, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\balloon\wakeup3.json, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\balloon\wakeup4.json, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\balloon\wakeup5.json, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\settings\1.json, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\settings\10.json, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\settings\11.json, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\settings\2.json, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\settings\3.json, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\settings\4.json, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\settings\default.json, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\software\answers.data, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\software\description.data, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\software\extrawords.data, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\software\inputs.data, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\software\weights.data, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\afisha.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\auto.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\direct.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\disk.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\img.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\kinopoisk.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\mail.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\maps.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\market.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\metrika.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\money.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\morda.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\music.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\news.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\pogoda.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\radio.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\rasp.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\realty.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\taxi.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\translate.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\tv.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\video.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\defaultThumbs.json, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voice\incomplete.txt, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\full-alice\acoustic_model.nnet, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\full-alice\flags.txt, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\full-alice\words.txt, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\full-yandex\acoustic_model.nnet, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\full-yandex\flags.txt, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\full-yandex\lda.mat, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\full-yandex\words.txt, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\simple\acoustic_model.nnet, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\simple\flags.txt, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\simple\words.txt, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\words.json, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\ie8\i\logo.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\ie8\i\progress-tile.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\ie8\index.html, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\05ebde31d097a7cb947e941402987f88.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\09a67bdfb3d6315077ef5bd608586d41.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\0c1ca1fa4ee14fc7d189a6fcc0fee9a0.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\135f8b81c9fe10c0a0abdd714ad2bb88.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\16e2c4c4cae50612e5fed914b6f6bb11.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\18e12bbdd7a3716b43990ee2cb6ac9d1.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\1a402b4c9b17fa169ddbcee02ef3d298.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\354da2a21800375b9f68d0f03e4b7d55.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\365dd4aeeae5279d5cec696951169f4f.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\446208ea1da603f383d8216cd18b54ee.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\45e7c9e1692e4e6df8c2a0d643345732.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\5f6e4fac39fa157b058dfce66ea6d7fa.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\6610a8dc2cfe54de2b19ab4214ead921.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\6e9b93dde9718df37f4e6304b6014ab1.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\7029ca87143ab943537b5eefc95e3785.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\705e136143277c2986432b3617a90ea4.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\7665739267487d44c45b501fc28deffc.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\82914e6e48bde41be1820ae9f01725cb.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\83b9610648bb8e32cc2b3ff26c9fa655.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\843251ab9da9020210c44ec4b6115a57.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\84e614c36b5387bf6811f78cabf97511.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\8aab37c8cce590b49bf63c37ccb9f0d6.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\91c0a7601e9958fef7c3f05a1d5693ca.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\99065624d956ef8a61df41abc594dbb9.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\9d88e20f12a4df66cd3b8b3477c9de95.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\a5205d97098c6aef2da90a934d66c150.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\a7ea87c33b6715a005cc448f3f129244.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\a8c1c69dac3c019bd7016b58dc14ab0e.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\ac587ed0e8ea1139fa0704e707272f44.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\b1c1bfca7034c4201c272afab0794c32.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\b22a7f76af40da6ed9940bbf8c4658e1.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\c6bd8974ea95cd62a4427c3bb283a542.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\c7ebe7cb007f484cedbfb04665012d52.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\ca1c2de513123b9d989dafdb0151172b.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\cb24e221adff8604b5cafba027f67eb2.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\27da3903bb8f8292458cfd3ec9e13caf.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\89207d028c6f4f81b8dde2f26f7c05b9.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\cf982a1997e07c536b52c867148a038f.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\d06f80b701405cb4db73c8745dd67190.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\d34a00b16e3c44485da521109eb36d15.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\d39cf5eced58c4c1c7b686e294282d98.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\d536f62048a877be0c1ab666926a7577.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\d83248271354a95812977167fd606336.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\dc5f0131e9d900956d1c3655e719161c.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\de2a7ef02ba3694da6fffef0d30ae1e1.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\e8d9818135c3fe3b010b3036bd0f7cc5.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\f0e108732dad78b133924628871f6bba.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\f9fa33e3d4f5dc6080093b7826005cbb.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\fa5d20b33de423cdb2aa0f865f00bd26.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\balloon.css, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\balloon.html, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\balloon.js, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\main.css, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\main.html, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\main.js, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\preview.css, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\preview.html, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\preview.js, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\crashreporter64.exe, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\searchband64.dll, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\searchbandcf64.exe, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\speechkitlib64.dll, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\Yandex.Stroka.User.S-1-5-21-{userid}, Quarantined, [5092], [-1],0.0.0 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)

添加一个排斥

如果用户希望保留该程序并在以后的扫描中排除它,他们可以将该程序添加到排除列表中。以下是如何做到这一点。

  • 打开Win必威平台APPdows恶意软件。
  • 单击检测的历史
  • 单击允许列表
  • 将项目添加到允许列表, 点击添加
  • 选择排除类型允许文件或文件夹并使用选择一个文件夹按钮以选择要保留的软件的主文件夹。
  • 对属于该软件的任何辅助文件或文件夹重复此操作。

如果要允许程序连接到Internet(例如要获取更新),也添加了排除类型允许应用程序连接到互联网并使用浏览按钮选择要授予访问权限的文件。

追踪/ IOC

您可能会在FRST日志中看到这些条目:

(yandex llc)c:\ users \ {username} \ appdata \ local \ yandex \ searchband \ application \ 4.6.0.1790 \ searchbandapp64.exe hkcu \ ... \运行:[YandexsearchBand] => C:\ Users \ {用户名} \ appdata \ local \ yandex \ searchband \ application \ 4.6.0.1790 \ searchbandapp64.exe [3623928 2018-08-21](yandex llc)c:\ windows \ system32 \ tasks \ yandex.stroka.user.s-1-5-21- {userid} c:\ users \ {username} \ appdata \ roaming \ yandex c:\ users \ {username} \ appdata \ roaming \ microsoft \ windows \ start menu \ program \голосовойпомошникАлисаC:\用户\ {username} \ appdata \ local \ yandex(Microsoft Corporation)C:\ Users \ {username} \ Desktop \ Yandex-Alice.exeГолосовойполосовойпомощникАлиса(HKLM-X32 \ ... \ {8F2A70BE-546D-47A9-BFF1-d4bc8472134b})(版本:4.6.0.1790  - яндекс)任务:{2d4dc59b-c068-4924-b3eb-21740b8ca1ff}  -  system32 \ tasks \ yandex.stroka.user.s-1-5-21- {userid} =>C:\用户\ {username} \ appdata \ local \ yandex \ searchband \ application \ 4.6.0.1790 \ searchbandapp64.exe [2018-08-21](Yandex LLC)()C:\ Users \ {username} \ appdata \本地\ yandex \ searchband \ application \ 4.6.0.1790 \ sPeechkitlib64.dll.

相关博客内容

广告软件与广告欺诈

广告软件:交付方法

选择你的语言