ПОЛЬЗОВАТЕЛЯМ

Закрыть

Поиск

Поиск

Поддержка
Круглосуточная поддержка

Напишите

Запрос через форму

Позвоните

Бесплатно по России:
8-800-333-79-32

ЧаВо | Форум

Напишите

Задать вопрос в поддержку

Ваши запросы

  • Все: -
  • Незакрытые: -
  • Последний: -

Позвоните

Бесплатно по России:
8-800-333-79-32

Свяжитесь с нами Незакрытые запросы: 

Профиль

Профиль

RU
RU CN DE EN ES FR IT JP KZ UZ PL BY
Закрыть

Переключение языка сайта

Сервисы
Сканеры
FixIt!
Dr.Web vxCube
Экспертиза ВКИ
Вирусная библиотека
База знаний

Технологии

Термины

Обучение и просвещение

Мифы

Новости

Android.Packed.20291

Добавлен в вирусную базу Dr.Web: 2017-04-02

Описание добавлено:

Техническая информация

Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
  • Android.Triada.38.origin
  • Android.Triada.170.origin
Сетевая активность:
Подключается к:
  • h####.####.com
  • j####.####.COM
  • z####.####.com
  • sta####.####.com
  • m####.####.click:81
  • w####.####.com
  • y####.####.com
  • logi####.####.com
  • adne####.####.com
  • nf####.com:8881
  • s####.####.com
  • m####.####.click
  • ya####.com
  • google-####.com
  • p####.####.com
  • h####.####.cn
  • f####.####.com
  • st####.####.com
  • 2y####.####.com
  • j####.####.COM:12956
  • a####.####.com
  • 3####.####.com
  • c####.####.com
  • d####.####.com
  • k####.####.com:10081
  • k####.####.com
Запросы HTTP GET:
  • h####.####.cn/assets/rev/m/style/reset.css
  • a####.####.com/afp/wayl/;ad=537eaaa340d90ea30001;ap=186204;as=55b08a165bfc519d0001;pu=4c451ece10ff899d0001;/?http://####
  • f####.####.com/it/u=3609535856,4134694241&fm=76
  • h####.####.com/hm.gif?cc=####&ck=####&cl=####&ds=####&ep=####&et=####&ja=####&ln=####&lo=####&nv=####&rnd=####&si=####&st=####&v=####&lv=####&u=####
  • p####.####.com/32/20160708/64/1467976002368_1_w190_h170_m.jpg
  • 2y####.####.com/N9687742244553469
  • f####.####.com/it/u=101789464,493941028&fm=76
  • h####.####.cn/assets/rev/m/images/user-login.png
  • f####.####.com/it/u=315500983,2095989961&fm=76
  • h####.####.com/hm.gif?cc=####&ck=####&cl=####&ds=####&ep=####&et=####&ja=####&ln=####&lo=####&lt=####&nv=####&rnd=####&si=####&st=####&su=####&v=####&...
  • h####.####.cn/www/2017-03-24/26731f68b4d2d69504aa5170f8f43f6b.jpg
  • f####.####.com/it/u=1087360078,1289494679&fm=76
  • h####.####.cn/assets/app/lib/config3.js
  • f####.####.com/it/u=406982088,1975561641&fm=76
  • google-####.com/ga.js
  • p####.####.com/32/20170401/108/1491012258668_1_w600_h290_o.jpg
  • h####.####.cn/assets/rev/m/script/3gcontent.js?v=####
  • p####.####.com/32/20170401/104/1491011061608_1_w600_h600_m.jpg
  • p####.####.com/32/20160114/71/1452773627207_1_w190_h170_m.jpg
  • 3####.####.com/bbs/api/misc.php?type=####&callback=####&callback=####&_=####
  • h####.####.cn/assets/js/globalinc/login.js?v=####
  • f####.####.com/it/u=813173256,1203596701&fm=76
  • f####.####.com/it/u=1329923037,1711015119&fm=76
  • h####.####.cn/assets/rev/m/images/new_3glm_iconh.png
  • h####.####.com/hm.gif?cc=####&ck=####&cl=####&ds=####&et=####&ja=####&ln=####&lo=####&nv=####&rnd=####&si=####&st=####&v=####&lv=####&tt=####&sn=####
  • h####.####.cn/assets/rev/m/images/bg-box-user.png
  • a####.####.com/afp/door/;ap=575;ct=js;pu=4c451ece10ff899d0001;/?
  • p####.####.com/32/20170327/76/1490605869388_1_w600_h290_o.jpg
  • p####.####.com/kcjm?di=####&dri=####&dis=####&dai=####&ps=####&coa=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=####&tpr=####&ti=####&ari=###...
  • f####.####.com/it/u=1558096429,2217214094&fm=76
  • f####.####.com/it/u=3820631650,2263538423&fm=76
  • f####.####.com/it/u=913812838,1094906491&fm=76
  • a####.####.com/afp/door/;ap=186206;ct=js;pu=4c451ece10ff899d0001;/?
  • f####.####.com/it/u=1462783551,2175524194&fm=76
  • h####.####.cn/assets/rev/other/download/expect_android_m3g.apk?v=####
  • p####.####.com/32/20170324/66/1490323800002_1_w600_h726_m.jpg
  • p####.####.com/32/20170324/80/1490323257424_1_w310_h310_m.jpg
  • 3####.####.com/parenting/201703241030567.shtml
  • f####.####.com/it/u=2380101096,3097916593&fm=76
  • f####.####.com/it/u=285481876,3167449850&fm=76
  • p####.####.com/32/20160129/72/1454049498184_1_w190_h170_m.jpg
  • p####.####.com/32/20170324/71/1490323654727_1_w600_h396_m.jpg
  • p####.####.com/32/20170324/57/1490323886649_1_w600_h866_m.jpg
  • h####.####.cn/assets/css/global/head_foot.css?v=####
  • p####.####.com/32/20170401/10/1491011059210_1_w600_h830_m.jpg
  • a####.####.com/afp/door/;ap=628;ct=js;pu=4c451ece10ff899d0001;/?
  • p####.####.com/32/20170331/35/1490952410147_1_w72_h50_o.jpg
  • a####.####.com/afp/door/;ap=186216;ct=if;pu=4c451ece10ff899d0001;/?
  • f####.####.com/it/u=482945954,3180061971&fm=76
  • h####.####.cn/assets/js/globalinc/UserAction.js
  • sta####.####.com/service/yaolan/yaolan_wap.js
  • h####.####.cn/assets/js/newfix.js?v=####
  • f####.####.com/it/u=653424537,4000125188&fm=76
  • p####.####.com/32/20170324/2/1490323069698_1_w526_h477_m.jpg
  • h####.####.cn/assets/rev/m/images/icon-triangle.png
  • h####.####.cn/assets/rev/m/images/new_3glm_icond.png
  • p####.####.com/32/20170324/99/1490322963939_1_w395_h300_m.jpg
  • h####.####.cn/assets/rev/m/script/img-scroll.js
  • h####.####.cn/assets/js/plugins/jquery.cookie.js
  • p####.####.com/32/20170324/38/1490323930278_1_w600_h277_m.jpg
  • d####.####.com/2.0/PageView.do?p_p=####&tma=####&tmc=####&tmd=####&rs=####&ja=####&oc=####&ln=####&lk=####&ep=####&ct=####&bt=####&ot=####&fv=####&coo...
  • a####.####.com/afp/door/;ap=573;ct=js;pu=4c451ece10ff899d0001;/?
  • h####.####.cn/www/js/ylfinal_2015.js
  • 3####.####.com/images/bbs.gif
  • h####.####.cn/assets/rev/m/script/3g-login.js?v=####
  • adne####.####.com/js/adpubs.js
  • f####.####.com/it/u=1055696524,1156911338&fm=76
  • f####.####.com/it/u=348836012,2169883789&fm=76
  • a####.####.com/afp/door/;ap=410;ct=js;pu=4c451ece10ff899d0001;/?
  • a####.####.com/afp/wayl/;ad=539565a7706a24cb0001;ap=186216;as=55b08a165bfc519d0001;pu=4c451ece10ff899d0001;/?http://####
  • d####.####.com/2.0/EndPageView.do?ep=####&pageflag=####&fingerprint=####&fpduration=####&sid=####&cid=####&d_s=####&uid=####&p_t=####&gid=####&tma=###...
  • f####.####.com/it/u=1381030684,1989577180&fm=76
  • h####.####.cn/assets/rev/m/images/icon-login-01.png
  • p####.####.com/32/20170324/9/1490323773833_1_w430_h430_m.jpg
  • f####.####.com/it/u=524048946,3212006316&fm=76
  • h####.####.cn/assets/rev/m/images/logo.png
  • h####.####.cn/assets/images/health_xq_12.png
  • a####.####.com/afp/door/;ap=578;ct=js;pu=4c451ece10ff899d0001;/?
  • p####.####.com/32/20170324/38/1490323796518_1_w600_h699_m.jpg
  • f####.####.com/it/u=4240953905,1089989786&fm=76
  • h####.####.cn/assets/rev/m/script/shenmago_download_app_1.js?v=####
  • a####.####.com/afp/door/;ap=409;ct=js;pu=4c451ece10ff899d0001;/?
  • p####.####.com/32/20170330/116/1490865677300_1_w600_h290_o.jpg
  • p####.####.com/kcjm?sz=####&rdid=####&dc=####&di=####&dri=####&dis=####&dai=####&ps=####&coa=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=###...
  • p####.####.com/32/20161114/11/1479087516427_1_w115_h115_m.jpg
  • h####.####.cn/assets/rev/m/script/fn-index.js?v=####
  • h####.####.cn/www/js/yl.index.dateselector.js
  • h####.####.com/hm.gif?cc=####&ck=####&cl=####&ds=####&et=####&ja=####&ln=####&lo=####&lt=####&nv=####&rnd=####&si=####&st=####&su=####&v=####&lv=####&...
  • h####.####.cn/assets/js/lyDialog.js
  • d####.####.com/2.0/StdID.do?bfdid=####
  • f####.####.com/it/u=515640285,1695050039&fm=76
  • p####.####.com/32/20160113/65/1452651790017_1_w190_h170_m.jpg
  • f####.####.com/it/u=1708176499,2818453066&fm=76
  • p####.####.com/32/20170324/111/1490322917487_1_w600_h600_m.jpg
  • c####.####.com/sync.htm?cproid=####
  • h####.####.cn/ya/yl.js?d=####
  • f####.####.com/it/u=707846342,3698315228&fm=76
  • adne####.####.com/bjyy.js
  • h####.####.cn/assets/images/health_expert_logo_1128.png
  • f####.####.com/it/u=150917128,2120100349&fm=76
  • f####.####.com/it/u=680283836,3892434301&fm=76
  • z####.####.com/customer_search/api/ping?logid=####&version=####&prod_id=####&plate_url=####&referrer=####&time=####&page_id=####&source=####&site_id=#...
  • y####.####.com/ya2.gif?nvid=####&userid=####&cc=####&rr=####&nn=####&nh=####&nw=####&nt=####&nl=####&mt=####&ml=####&sw=####&sh=####&pr=####&ht=####&h...
  • f####.####.com/it/u=64918116,458977602&fm=76
  • h####.####.cn/assets/rev/m/images/bg-to-top.png
  • f####.####.com/it/u=2424449769,3188775445&fm=76
  • ya####.com/parenting/201703241030567.shtml
  • d####.####.com/js/om.js
  • h####.####.cn/assets/rev/m/images/new_3glm_icona.png
  • p####.####.com/32/20170324/63/1490324182079_1_w600_h323_m.jpg
  • h####.####.cn/assets/rev/lib/final/pcfinalpage.js
  • f####.####.com/it/u=2032406467,2133819773&fm=76
  • f####.####.com/it/u=1907625326,2413943414&fm=76
  • h####.####.cn/assets/rev/m/images/icon-check.png
  • h####.####.cn/assets/rev/m/script/md5.js
  • h####.####.cn/assets/rev/m/images/app_down_yy.png
  • f####.####.com/it/u=3720202824,275285770&fm=76
  • h####.####.cn/assets/app/lib/ovgap.js
  • st####.####.com/api/2.0/bcore.min.js
  • 3####.####.com/api/relation/collect/check_many_type?userId=####&typeIdList=####&objId=####&callback=####&_=####
  • h####.####.cn/assets/rev/m/images/down_yy.png
  • y####.####.com/ylk.ad.mini.js
  • h####.####.cn/www/js/datepicker_2015.js
  • p####.####.com/32/20170324/37/1490323593765_1_w600_h331_m.jpg
  • h####.####.cn/assets/rev/m/images/new_3glm_iconf.png
  • f####.####.com/it/u=133067644,4293557259&fm=76
  • f####.####.com/it/u=2810202993,1306148900&fm=76
  • d####.####.com/js/os.js
  • h####.####.com/hm.gif?cc=####&ck=####&cl=####&ds=####&ep=####&et=####&ja=####&ln=####&lo=####&nv=####&rnd=####&si=####&st=####&v=####&lv=####&sn=####
  • y####.####.com/mpids.mini.js
  • h####.####.cn/assets/js/libs/m.js?v=####
  • h####.####.cn/global/head/js/ceshi.js?ver=####
  • p####.####.com/lcjm?sz=####&rdid=####&dc=####&di=####&dri=####&dis=####&dai=####&ps=####&coa=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=###...
  • 3####.####.com/news/201704010943470.shtml
  • f####.####.com/it/u=265350669,3351291075&fm=76
  • d####.####.com/jar/2_0_0011/jvmsupport.jar
  • google-####.com/r/__utm.gif?utmwv=####&utms=####&utmn=####&utmhn=####&utmcs=####&utmsr=####&utmvp=####&utmsc=####&utmul=####&utmje=####&utmfl=####&utm...
  • h####.####.cn/assets/images/health_opacity_p.png
  • p####.####.com/32/20161114/7/1479087516295_1_w48_h48_m.jpg
  • h####.####.cn/assets/rev/m/images/new_3glm_top.png
  • p####.####.com/kcjm?di=####&dri=####&dis=####&dai=####&ps=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=####&tpr=####&ti=####&ari=####&dbv=###...
  • h####.####.cn/assets/css/newfix.css?v=####
  • d####.####.com/2.0/Pos.do?x=####&y=####&prs=####&ep=####&pageflag=####&fingerprint=####&fpduration=####&sid=####&cid=####&d_s=####&uid=####&p_t=####&g...
  • p####.####.com/32/20170324/69/1490322820421_1_w500_h329_m.jpg
  • h####.####.com/hm.gif?cc=####&ck=####&cl=####&ds=####&et=####&ja=####&ln=####&lo=####&lt=####&nv=####&rnd=####&si=####&st=####&v=####&lv=####&tt=####&...
  • p####.####.com/mcsm?di=####&dri=####&dis=####&dai=####&ps=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=####&tpr=####&ti=####&ari=####&dbv=###...
  • h####.####.cn/assets/rev/m/style/common.css?v=####
  • a####.####.com/afp/monitor/;rt=1;?http://####
  • f####.####.com/it/u=192865222,2068531196&fm=76
  • f####.####.com/it/u=544575444,543594239&fm=76
  • f####.####.com/it/u=233527041,4161438016&fm=76
  • h####.####.cn/global/head/css/footer_black_new.css?ver=####
  • a####.####.com/afp/door/;ap=186204;ct=if;pu=4c451ece10ff899d0001;/?
  • 2y####.####.com/R6214789642340040
  • 3####.####.com/3g/comment_health/behavior.js?v=####
  • h####.####.cn/assets/js/libs/comment.com.js?v=####
  • f####.####.com/it/u=557148778,3451301669&fm=76
  • s####.####.com/k.js
  • f####.####.com/it/u=3598326817,184444336&fm=76
  • f####.####.com/it/u=4069643375,1644567090&fm=76
  • f####.####.com/it/u=123406542,2058679511&fm=76
  • f####.####.com/it/u=1475840596,1788898085&fm=76
  • f####.####.com/it/u=487542151,2209229642&fm=76
  • f####.####.com/it/u=475681276,1457265872&fm=76
  • h####.####.cn/assets/rev/m/images/new_3glm_icong.png
  • p####.####.com/32/20170324/4/1490322878340_1_w600_h600_o.gif
  • p####.####.com/32/20170401/34/1491011057058_1_w600_h830_m.jpg
  • f####.####.com/it/u=699009500,3806243872&fm=76
  • f####.####.com/it/u=720909000,3836465810&fm=76
  • h####.####.cn/assets/rev/m/images/close.png
  • a####.####.com/afp/door/;ap=281;ct=js;pu=4c451ece10ff899d0001;/?
  • f####.####.com/it/u=273440354,625088683&fm=76
  • h####.####.cn/assets/rev/m/images/icon-star.png
  • f####.####.com/it/u=459219245,635003017&fm=76
  • h####.####.cn/assets/rev/m/images/new_3glm_iconc.png
  • d####.####.com/2.0/StdID.do?bfdid=####&gid=####
  • h####.####.cn/assets/js/globalinc/loginbar.js
  • f####.####.com/it/u=3358683410,4114292494&fm=76
  • logi####.####.com/getuserinfo.ashx?isnew=####
  • p####.####.com/sync_pos.htm?cproid=####&t=####
  • f####.####.com/it/u=3044958702,3722697594&fm=76
  • y####.####.com/ylk.mini.js
  • s####.####.com/s.htm?cproid=####&t=####
  • h####.####.cn/assets/rev/m/images/icon-ability.png
  • h####.####.cn/assets/rev/lib/final/3gfinalpage.js
  • h####.####.cn/assets/rev/m/images/new_3glm_iconb.png
  • h####.####.cn/assets/rev/m/images/icon-triangle-down.png
  • z####.####.com/customer_search/api/js?sid=####&plate_url=####&t=####
  • h####.####.cn/assets/rev/m/script/iScroll.js
  • h####.####.com/hm.gif?cc=####&ck=####&cl=####&ds=####&ep=####&et=####&ja=####&ln=####&lo=####&nv=####&rnd=####&si=####&st=####&v=####&lv=####&sn=####&...
  • h####.####.cn/assets/js/DatePicker/WdatePicker.js?1####
  • h####.####.cn/www/css/yl_final_2015.css
  • google-####.com/__utm.gif?utmwv=####&utms=####&utmn=####&utmhn=####&utmcs=####&utmsr=####&utmvp=####&utmsc=####&utmul=####&utmje=####&utmfl=####&utmdt...
  • sta####.####.com/service/bcore/clientData.html
  • p####.####.com/mcsm?sz=####&rdid=####&dc=####&di=####&dri=####&dis=####&dai=####&ps=####&coa=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=###...
  • 2y####.####.com/N6555212374124793
  • h####.####.cn/assets/js/globalinc/header.check.js?v=####
  • a####.####.com/afp/door/;ap=186208;ct=js;pu=4c451ece10ff899d0001;/?
  • h####.####.cn/assets/rev/m/images/icon-share.png
  • p####.####.com/32/20170401/31/1491011064607_1_w589_h900_m.jpg
  • h####.####.cn/www/js/jquery.1.9.1.min.js
  • h####.####.com/hm.gif?cc=####&ck=####&cl=####&ds=####&ep=####&et=####&ja=####&ln=####&lo=####&lt=####&nv=####&rnd=####&si=####&st=####&v=####&lv=####
  • a####.####.com/afp/door/;ap=186207;ct=js;pu=4c451ece10ff899d0001;/?
  • p####.####.com/32/20170328/32/1490690712608_1_w600_h290_o.jpg
  • p####.####.com/32/20170401/22/1491011066134_1_w600_h875_m.jpg
  • p####.####.com/32/20170331/64/1490952333248_1_w600_h290_o.jpg
  • c####.####.com/pixel?dspid=####
  • y####.####.com/ya.jpg?&_nvid=####&userid=####&babybirth=####&username=####&_nurl=####&_ntit=####&_keywords=####&_nref=####&_d=####&cc=####&_yl_ft=####...
  • p####.####.com/32/20170329/110/1490772753262_1_w600_h290_o.jpg
  • 3####.####.com/today/jump?id=####
  • h####.####.cn/assets/rev/m/images/new_3glm_icon.png
  • h####.####.cn/assets/rev/m/images/new_3glm_icone.png?
  • p####.####.com/32/20170330/118/1490865793142_1_w72_h50_o.jpg
  • a####.####.com/afp/door/;ap=407;ct=js;pu=4c451ece10ff899d0001;/?
  • 2y####.####.com/R4562458532240021
  • h####.####.cn/assets/rev/m/style/module-index.css?v=####
  • p####.####.com/lcjm?di=####&dri=####&dis=####&dai=####&ps=####&coa=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=####&tpr=####&ti=####&ari=###...
  • p####.####.com/32/20170401/62/1491011063102_1_w589_h900_m.jpg
  • f####.####.com/it/u=1386749618,1885223204&fm=76
  • y####.####.com/ya1.jpg?&_nvid=####&userid=####&title=####&curl=####&from=####&ref=####&d=####&cc=####&
  • p####.####.com/32/20170324/27/1490323802139_1_w505_h900_m.jpg
  • 3####.####.com/ask/phpapi/essence/index?callback=####&_=####
  • p####.####.com/32/20170324/16/1490323712528_1_w426_h295_m.jpg
  • h####.####.cn/assets/rev/m/script/jquery.min.js
  • h####.####.com/hm.gif?cc=####&ck=####&cl=####&ds=####&ep=####&et=####&ja=####&ln=####&lo=####&lt=####&nv=####&rnd=####&si=####&st=####&v=####&lv=####&...
  • p####.####.com/32/20170324/66/1490323296194_1_w600_h600_m.jpg
  • f####.####.com/it/u=78041141,1486761205&fm=76
  • p####.####.com/lcjm?di=####&dri=####&dis=####&dai=####&ps=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=####&tpr=####&ti=####&ari=####&dbv=###...
  • h####.####.cn/assets/images/health_video_icon_1128.png
  • 2y####.####.com/Z68541522154565901
  • f####.####.com/it/u=3994775997,3408780380&fm=76
  • f####.####.com/it/u=381214148,3284524657&fm=76
  • h####.####.com/hm.js?0b90b86####
  • f####.####.com/it/u=221698679,1810946718&fm=76
  • h####.####.cn/assets/css/models/comment.css?v=####
  • p####.####.com/32/20170401/17/1491011066769_1_w550_h836_m.jpg
  • p####.####.com/sync_pos.htm?cproid=####
  • f####.####.com/it/u=260301342,3141524355&fm=76
  • d####.####.com/2.0/StdID.do?bfdid=####&setcookie=####&is_newgid=####
  • p####.####.com/mcsm?di=####&dri=####&dis=####&dai=####&ps=####&coa=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=####&tpr=####&ti=####&ari=###...
  • f####.####.com/it/u=1977309556,2689822215&fm=76
  • f####.####.com/it/u=2455984708,2881329002&fm=76
  • a####.####.com/afp/door/;ap=576;ct=js;pu=4c451ece10ff899d0001;/?
  • h####.####.cn/www/js/jquery.select.1.3.7.1.js?ver=####
  • c####.####.com/cpro/ui/noexpire/img/2.0.1/bd-logo4.png
  • a####.####.com/afp/door/;ap=581;ct=js;pu=4c451ece10ff899d0001;/?
  • h####.####.com/hm.gif?cc=####&ck=####&cl=####&ds=####&ep=####&et=####&ja=####&ln=####&lo=####&nv=####&rnd=####&si=####&st=####&v=####&lv=####
  • p####.####.com/32/20170401/31/1491011060895_1_w600_h830_m.jpg
  • 3####.####.com/index/global/loadmore.js
  • f####.####.com/it/u=4289053094,1377627403&fm=76
  • f####.####.com/it/u=1861146046,2543258818&fm=76
  • h####.####.cn/assets/images/health_vide_bg_1128.png
  • adne####.####.com/js/ad-cktj.js
  • c####.####.com/du?&baidu_user_id=####&cookie_version=####&timestamp=####&ext_data=####
  • h####.####.cn/assets/rev/m/script/public-module.js?v=####
  • f####.####.com/it/u=1895803041,2508141799&fm=76
  • h####.####.cn/assets/rev/m/script/fastclick.js
  • c####.####.com/cpro/ui/cm.js
  • f####.####.com/it/u=969869148,4066472398&fm=76
  • w####.####.com/adx.php?c=####
  • a####.####.com/afp/door/;ap=408;ct=js;pu=4c451ece10ff899d0001;/?
  • h####.####.cn/www/js/jquery.1.6.4.min.js?ver=####
  • 3####.####.com/
  • f####.####.com/it/u=1199003834,1270108792&fm=76
  • h####.####.cn/assets/rev/m/images/icon-search2.png
  • p####.####.com/32/20170401/0/1491039447808_1_w72_h50_o.jpg
  • f####.####.com/it/u=367384514,716709150&fm=76
  • h####.####.cn/global/head/css/global.pop.css?ver=####
  • f####.####.com/it/u=358019013,1405156801&fm=76
  • 3####.####.com/jk/image/plug_a.png
  • f####.####.com/it/u=2207260966,3245088097&fm=76
  • 3####.####.com/api/relation/collect/count?typeId=####&objId=####&isReal=####&callback=####&_=####
  • d####.####.com/2.0/LinkClick.do?pth=####&lt=####&tp=####&ep=####&ln=####&pageflag=####&fingerprint=####&fpduration=####&sid=####&cid=####&d_s=####&uid...
  • f####.####.com/it/u=489553148,3235573682&fm=76
Запросы HTTP POST:
  • j####.####.COM:12956/fsds988d1e7f2c2c/interface.php
  • nf####.com:8881/rtr
  • m####.####.click:81/hladserver/api/1
  • m####.####.click/hladserver/api/2
  • k####.####.com/OsService/OsStrategy
  • m####.####.click/hladserver/api/4
  • k####.####.com:10081/OsService/OsStrategy
  • j####.####.COM/fsds988d1e7f2c2c/interface.php
Изменения в файловой системе:
Создает следующие файлы:
  • /data/data/####/cache/webviewCacheChromium/f_00002f
  • /data/data/####/cache/webviewCacheChromium/f_00002e
  • /data/data/####/cache/webviewCacheChromium/f_00002d
  • /data/data/####/cache/webviewCacheChromium/f_00002c
  • /data/data/####/cache/webviewCacheChromium/f_00002b
  • /data/data/####/cache/webviewCacheChromium/f_00002a
  • /data/data/####/cache/webviewCacheChromium/f_000020
  • /data/data/####/cache/webviewCacheChromium/f_000052
  • /data/data/####/cache/webviewCacheChromium/f_000053
  • /data/data/####/cache/webviewCacheChromium/f_000050
  • /data/data/####/cache/webviewCacheChromium/f_000051
  • /data/data/####/cache/webviewCacheChromium/f_000056
  • /data/data/####/cache/webviewCacheChromium/f_000057
  • /data/data/####/cache/webviewCacheChromium/f_000054
  • /data/data/####/cache/webviewCacheChromium/f_000055
  • /data/data/####/cache/webviewCacheChromium/data_3
  • /data/data/####/cache/webviewCacheChromium/data_2
  • /data/data/####/cache/webviewCacheChromium/data_1
  • /data/data/####/cache/webviewCacheChromium/data_0
  • /data/data/####/databases/webviewCookiesChromium.db-journal
  • /data/data/####/shared_prefs/xapcinfo.xml
  • /data/data/####/shared_prefs/zhhopdgegd.xml
  • /data/data/####/cache/webviewCacheChromium/f_00005b
  • /data/data/####/cache/webviewCacheChromium/f_00005c
  • /data/data/####/cache/webviewCacheChromium/f_00005a
  • /sdcard/.JVM/dev.ba_
  • /data/data/####/cache/webviewCacheChromium/f_00005d
  • /data/data/####/files/sss.pdb
  • /data/data/####/cache/webviewCacheChromium/f_000026
  • /data/data/####/cache/webviewCacheChromium/f_000025
  • /data/data/####/cache/webviewCacheChromium/f_000024
  • /data/data/####/cache/webviewCacheChromium/f_000023
  • /data/data/####/cache/webviewCacheChromium/f_000022
  • /data/data/####/cache/webviewCacheChromium/f_000021
  • /data/data/####/shared_prefs/config.xml
  • /data/data/####/cache/webviewCacheChromium/f_000029
  • /data/data/####/cache/webviewCacheChromium/f_000028
  • /data/data/####/files/sfgg.jar
  • /data/data/####/shared_prefs/config.xml.bak
  • /data/data/####/cache/webviewCacheChromium/index
  • /data/data/####/cache/webviewCacheChromium/f_00000a
  • /data/data/####/cache/webviewCacheChromium/f_00000c
  • /data/data/####/cache/webviewCacheChromium/f_00000b
  • /data/data/####/cache/webviewCacheChromium/f_00000e
  • /data/data/####/cache/webviewCacheChromium/f_00000d
  • /data/data/####/cache/webviewCacheChromium/f_00000f
  • /data/data/####/cache/webviewCacheChromium/f_000034
  • /data/data/####/cache/webviewCacheChromium/f_000035
  • /data/data/####/cache/webviewCacheChromium/f_000036
  • /data/data/####/cache/webviewCacheChromium/f_000037
  • /data/data/####/cache/webviewCacheChromium/f_000030
  • /data/data/####/cache/webviewCacheChromium/f_000031
  • /data/data/####/cache/webviewCacheChromium/f_000032
  • /data/data/####/cache/webviewCacheChromium/f_000033
  • /data/data/####/cache/webviewCacheChromium/f_000038
  • /data/data/####/cache/webviewCacheChromium/f_000039
  • /data/data/####/cache/webviewCacheChromium/f_000058
  • /data/data/####/cache/webviewCacheChromium/f_000059
  • /data/data/####/shared_prefs/phone.xml
  • /data/data/####/files/.plugin/sign.ba_
  • /data/data/####/cache/webviewCacheChromium/f_00003d
  • /data/data/####/cache/webviewCacheChromium/f_00003e
  • /data/data/####/cache/webviewCacheChromium/f_00003f
  • /data/data/####/cache/webviewCacheChromium/f_00003a
  • /data/data/####/cache/webviewCacheChromium/f_00003b
  • /data/data/####/cache/webviewCacheChromium/f_00003c
  • /sdcard/.JVM/sign.ba_
  • /data/data/####/cache/webviewCacheChromium/f_000009
  • /data/data/####/cache/webviewCacheChromium/f_000008
  • /data/data/####/files/jldz.png
  • /data/data/####/files/kssets/libxy.arm64
  • /data/data/####/cache/webviewCacheChromium/f_000001
  • /data/data/####/cache/webviewCacheChromium/f_000003
  • /data/data/####/cache/webviewCacheChromium/f_000002
  • /data/data/####/cache/webviewCacheChromium/f_000005
  • /data/data/####/cache/webviewCacheChromium/f_000004
  • /data/data/####/cache/webviewCacheChromium/f_000007
  • /data/data/####/cache/webviewCacheChromium/f_000006
  • /data/data/####/files/.plugin/jvmsupport.jar
  • /sdcard/.JVM/-487806348
  • /data/data/####/files/sfgg
  • /data/data/####/files/kssets/config.properties
  • /data/data/####/cache/webviewCacheChromium/f_000027
  • /sdcard/.JVM/close.png
  • /data/data/####/databases/zhhlivedb
  • /data/data/####/cache/webviewCacheChromium/f_000018
  • /data/data/####/cache/webviewCacheChromium/f_000019
  • /data/data/####/cache/webviewCacheChromium/f_000016
  • /data/data/####/cache/webviewCacheChromium/f_000017
  • /data/data/####/cache/webviewCacheChromium/f_000014
  • /data/data/####/cache/webviewCacheChromium/f_000015
  • /data/data/####/cache/webviewCacheChromium/f_000012
  • /data/data/####/cache/webviewCacheChromium/f_000013
  • /data/data/####/cache/webviewCacheChromium/f_000010
  • /data/data/####/cache/webviewCacheChromium/f_000011
  • /data/data/####/databases/download.db-journal
  • /data/data/####/cache/webviewCacheChromium/f_00001f
  • /data/data/####/cache/webviewCacheChromium/f_00001d
  • /data/data/####/cache/webviewCacheChromium/f_00001e
  • /data/data/####/cache/webviewCacheChromium/f_00001b
  • /data/data/####/cache/webviewCacheChromium/f_00001c
  • /data/data/####/files/kssets.zip
  • /data/data/####/cache/webviewCacheChromium/f_00001a
  • /data/data/####/files/.Ag/Agcr
  • /data/data/####/databases/zhhlivedb-journal
  • /data/data/####/shared_prefs/zhhopdgegd.xml.bak
  • /data/data/####/files/kssets/libxy.so
  • /data/data/####/databases/webview.db-journal
  • /data/data/####/files/mySdk.jar
  • /data/data/####/cache/webviewCacheChromium/f_00004e
  • /data/data/####/cache/webviewCacheChromium/f_00004d
  • /data/data/####/cache/webviewCacheChromium/f_00004f
  • /data/data/####/cache/webviewCacheChromium/f_00004a
  • /data/data/####/cache/webviewCacheChromium/f_00004c
  • /data/data/####/cache/webviewCacheChromium/f_00004b
  • /sdcard/.JVM/thinpot.png
  • /data/data/####/cache/webviewCacheChromium/f_000049
  • /data/data/####/cache/webviewCacheChromium/f_000048
  • /data/data/####/cache/webviewCacheChromium/f_000045
  • /data/data/####/cache/webviewCacheChromium/f_000044
  • /data/data/####/cache/webviewCacheChromium/f_000047
  • /data/data/####/cache/webviewCacheChromium/f_000046
  • /data/data/####/cache/webviewCacheChromium/f_000041
  • /data/data/####/cache/webviewCacheChromium/f_000040
  • /data/data/####/cache/webviewCacheChromium/f_000043
  • /data/data/####/cache/webviewCacheChromium/f_000042
  • /sdcard/.JVM/fatpot.png
  • /data/data/####/files/.plugin/ac.ba_
  • /data/data/####/files/Agcr.tmp
Присваивает атрибут 'исполняемый' для следующих файлов:
  • /data/data/####/files/.Ag/Agcr
  • /data/data/####/files/kssets.zip
Другие:
Запускает следующие shell-скрипты:
  • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  • chmod 777 /data/data/####/files/.Ag
  • chmod 755 /data/data/####/files/kssets.zip
  • cufsdosck ac554db364f
  • chmod 777 /data/data/####/files/.Ag/Agcr
  • cufsmgr eb47495f7bb
  • conbb od2gf04pd9
  • getprop ro.product.cpu.abi
  • sh
  • getprop ro.board.platform
  • cat /proc/version
Может автоматически отправлять СМС-сообщения.

Рекомендации по лечению

Android

  1. Если мобильное устройство функционирует в штатном режиме, загрузите и установите на него бесплатный антивирусный продукт Dr.Web для Android Light. Выполните полную проверку системы и используйте рекомендации по нейтрализации обнаруженных угроз.
  2. Если мобильное устройство заблокировано троянцем-вымогателем семейства Android.Locker (на экране отображается обвинение в нарушении закона, требование выплаты определенной денежной суммы или иное сообщение, мешающее нормальной работе с устройством), выполните следующие действия:
    • загрузите свой смартфон или планшет в безопасном режиме (в зависимости от версии операционной системы и особенностей конкретного мобильного устройства эта процедура может быть выполнена различными способами; обратитесь за уточнением к инструкции, поставляемой вместе с приобретенным аппаратом, или напрямую к его производителю);
    • после активации безопасного режима установите на зараженное устройство бесплатный антивирусный продукт Dr.Web для Android Light и произведите полную проверку системы, выполнив рекомендации по нейтрализации обнаруженных угроз;
    • выключите устройство и включите его в обычном режиме.

Подробнее о Dr.Web для Android

Демо бесплатно на 14 дней

Выдаётся при установке

Скачать с сайта
Скачать с Google Play