Trojan.StartPage1.51153

Техническая информация

Для обеспечения автозапуска и распространения:

Модифицирует следующие ключи реестра:

[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'swg' = '%ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe'

Создает следующие сервисы:

[<HKLM>\SYSTEM\ControlSet001\Services\gusvc] 'ImagePath' = '"%ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe"'

Изменения в файловой системе:

Создает следующие файлы:

%WINDIR%\Temp\MORJ_log.txt
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_zh-TW_9960D2E6B4ED16E3.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_zh-CN_41A015373E7606F5.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_vi_E38598359C3EE6AC.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_uk_7217839ECA62DE08.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_tr_09795C481A16E4EC.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_th_9577DAF1922E0974.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_sv_34DA9BDD6D670FF7.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_sr_F35F1876EDE91B31.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_sl_0FEEF4CB98DE6C68.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_sk_5F1D5A23A80F67F4.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_ru_673C0E087BF8CC47.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_ro_B05297E202FE4904.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_pt-PT_BED7EF1172E21C9F.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_pt-BR_B00768DD650029D3.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_pl_AEA7D4B8342B484E.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_no_88D7CBA92A906565.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_nl_A7FCCEEA1A758E11.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarUser_32_1D643E0FC0BE74CC.exe
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarUser_64_BADB6DECFC517831.exe
%ProgramFiles%\Google\Google Toolbar\Component\GoogleUpdaterService_5898FABCFA121C11.exe
%ProgramFiles%\Google\GoogleToolbarNotifier\5.2.4204.1700\gth.dll
%ProgramFiles%\Google\GoogleToolbarNotifier\5.2.4204.1700\gtn.dll
%ProgramFiles%\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
%ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe
%WINDIR%\Installer\2a708.msi
C:\Config.Msi\2a707.rbs
%WINDIR%\Installer\MSI3.tmp
%WINDIR%\Installer\2a706.ipi
%ProgramFiles%\Google\Google Toolbar\GoogleToolbarHelperPatch_signed.msp
%WINDIR%\Installer\2a704.msi
%ProgramFiles%\Google\Google Toolbar\GoogleToolbarHelper_signed.msi
%ProgramFiles%\Google\Google Toolbar\GoogleToolbarUser_64.exe
%ProgramFiles%\Google\Google Toolbar\GoogleToolbarUser_32.exe
%ProgramFiles%\Google\Google Toolbar\GoogleToolbar_64.dll
%ProgramFiles%\Google\Google Toolbar\GoogleToolbar_32.dll
%TEMP%\GoogleToolbarInstaller1.log
%ProgramFiles%\Google\Google Toolbar\Component\SearchWithGoogleUpdate_C5C67DF5D46FB314.exe
%ProgramFiles%\Google\Google Toolbar\Component\QuickSearchBoxInstaller_F914CE817EB4648E.exe
%ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_lv_D34E611F71527B69.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_lt_208AD9D2135B98B6.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_ko_77CD4D6E883F21BB.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_D5B8545F3CFB02D4.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbar_64_18A9496A32B30FED.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbar_32_73DD003E17144CAC.dll
%ProgramFiles%\Google\Google Toolbar\Component\googledict_en2zh-TW_6DDBABBF3B6874E6.dat
%ProgramFiles%\Google\Google Toolbar\Component\googledict_en2zh-CN_BD4EBFDF896BA244.dat
%ProgramFiles%\Google\Google Toolbar\Component\googledict_en2ru_45FC2F302159C0AC.dat
%ProgramFiles%\Google\Google Toolbar\Component\googledict_en2ko_2E8A88975F586360.dat
%ProgramFiles%\Google\Google Toolbar\Component\googledict_en2ja_BF3954DA2966B0D9.dat
%ProgramFiles%\Google\Google Toolbar\Component\googledict_en2it_ADEFDA0A79F00730.dat
%ProgramFiles%\Google\Google Toolbar\Component\googledict_en2fr_A049D2572F766D62.dat
%ProgramFiles%\Google\Google Toolbar\Component\googledict_en2es_76D5B51588E8E478.dat
%ProgramFiles%\Google\Google Toolbar\Component\googledict_en2de_B9AAB95D6C6F4C36.dat
%ProgramFiles%\Google\Google Toolbar\Component\GoogleCld_AE2927CDD77381B4.dll
%ProgramFiles%\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbar.6.2.1910.1554.manifest.xml
%TEMP%\GoogleToolbarInstaller2.log
%TEMP%\googletoolbarinstaller_full_signed_6.2.1910.1554.exe
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_64_3A8A20607C96A7B3.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_ext_zh-CN_32_0FFED2D4C1FBE43A.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_ext_zh-CN_64_530479070E65839F.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_bg_1E7CAB4FE653A9A8.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_it_68C02405220E245B.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_is_4F4C3D2524494307.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_id_AFC58C3329E6B16B.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_hu_B5FE67B29C0F7B85.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_hr_A49A80CF32854302.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_hi_266A39AB4415F1AC.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_fr_9C42DE989B044781.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_fil_4D01FAC67D8A1C1F.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_et_A5B0988BF2D3135B.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_fi_18DB5FDEF4DF679A.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_es_F17E4DA361FC4B61.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_9655453EC427A513.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en-GB_085E51D5AFED124E.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_el_CC37231610868B2A.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_de_09C19AB1E0C43781.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_da_EB56743860E1C45A.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_cs_099DE2E54B9E008A.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_ca_631D28F768E2A58F.dll
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_ja_49D5FC7876D61389.dll
%ProgramFiles%\Google\GoogleToolbarNotifier\5.2.4204.1700\Readme.url

Удаляет следующие файлы:

%WINDIR%\Installer\MSI3.tmp
C:\Config.Msi\2a707.rbs
%WINDIR%\Installer\2a704.msi
%WINDIR%\Installer\2a706.ipi

Сетевая активность:

Подключается к:

'wp#d':80
'crl.verisign.com':80
'csc3-2004-crl.verisign.com':80

TCP:

Запросы HTTP GET:

http://11#.#11.111.1/wpad.dat via wp#d
http://crl.verisign.com/pca3.crl
http://CSC3-2004-crl.verisign.com/CSC3-2004.crl via csc3-2004-crl.verisign.com
http://crl.verisign.com/ThawteTimestampingCA.crl
http://crl.verisign.com/tss-ca.crl

UDP:

DNS ASK wp#d
DNS ASK crl.verisign.com
DNS ASK csc3-2004-crl.verisign.com

Другое:

Ищет следующие окна:

ClassName: 'IEFrame' WindowName: ''
ClassName: 'ATL:6481C630' WindowName: ''

Создает и запускает на исполнение:

'%TEMP%\googletoolbarinstaller_full_signed_6.2.1910.1554.exe' /o:99 /e:ask /d:set /s:jp /h:asknot /q /r:MORJ
'%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe' /install /sid:S-1-5-21-2052111302-484763869-725345543-1003 /o:99 /e:ask /d:set /s:jp /h:asknot /q /r:MORJ
'%ProgramFiles%\Google\Google Toolbar\Component\GoogleUpdaterService_5898FABCFA121C11.exe' /install /appid=tbie
'%ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe' /Service
'%ProgramFiles%\Google\Google Toolbar\Component\SearchWithGoogleUpdate_C5C67DF5D46FB314.exe' ietb MORJ
'%ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe' /RegServer "/dll=%ProgramFiles%\Google\GoogleToolbarNotifier\5.2.4204.1700\gtn.dll"
'%ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe' /install /appid=swg

Запускает на исполнение:

'<SYSTEM32>\msiexec.exe' /V

Технологии

Термины

Обучение и просвещение

Мифы

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней