Техническая информация
Для обеспечения автозапуска и распространения:
Модифицирует следующие ключи реестра:
- [<HKLM>\SOFTWARE\Classes\UUTRAN\shell\open\command] '' = '"%PROGRAM_FILES%\uusee\Uutran.exe" "%1"'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'UUSeeMediaCenter' = '"%CommonProgramFiles%\uusee\UUSeeMediaCenter.exe"'
- [<HKLM>\SOFTWARE\Classes\uuupgrade\shell\open\command] '' = '"%CommonProgramFiles%\uusee\UUUpgrade.exe"'
- [<HKLM>\SOFTWARE\Classes\UUSEE\shell\open\command] '' = '"%PROGRAM_FILES%\uusee\uutran.exe" -url "%1"'
- [<HKLM>\SOFTWARE\Classes\UUTRAN\shell\open\command] '' = '"%PROGRAM_FILES%\uusee\uutran.exe" -url "%1"'
Создает или изменяет следующие файлы:
- %WINDIR%\Tasks\uuseeupdatetask.job
Вредоносные функции:
Создает и запускает на исполнение:
- '%CommonProgramFiles%\uusee\UUUpgrade.exe' -i UUPlayer_2011
- '%CommonProgramFiles%\uusee\UUSeeMediaCenter.exe' -handle 131314
- '%TEMP%\sckj.exe' %CommonProgramFiles%\uusee\UUSeeMediaCenter.exe
- '%TEMP%\nsv3.tmp\ns4.tmp' schtasks /create /tn uuseeupdatetask /tr "\"%CommonProgramFiles%\uusee\UUUpgrade.exe\" -i UUPlayer_2011" /sc onlogon /RU SYSTEM
- '%PROGRAM_FILES%\uusee\uutran.exe' -minimize
Запускает на исполнение:
- '<SYSTEM32>\schtasks.exe' /create /tn uuseeupdatetask /tr "\"%CommonProgramFiles%\uusee\UUUpgrade.exe\" -i UUPlayer_2011" /sc onlogon /RU SYSTEM
Ищет ветки реестра, отвечающие за хранение паролей сторонними программами:
- [<HKLM>\Software\Microsoft\MSNMessenger]
Изменения в файловой системе:
Создает следующие файлы:
- %ALLUSERSPROFILE%\Start Menu\Programs\UUSee НшВзµзКУ\Жф¶ЇUUSee НшВзµзКУ.lnk
- %PROGRAM_FILES%\uusee\UUSee.url
- %ALLUSERSPROFILE%\Start Menu\Programs\UUSee НшВзµзКУ\УЖКУУОП·ЦРРД.lnk
- %PROGRAM_FILES%\uusee\skin\images_setting\us2.gif
- %PROGRAM_FILES%\uusee\skin\images_setting\us5.gif
- %PROGRAM_FILES%\uusee\skin\images_setting\us6.gif
- %ALLUSERSPROFILE%\Start Menu\Programs\UUSee НшВзµзКУ\·ГОКUUSee НшХѕ.lnk
- %ALLUSERSPROFILE%\Desktop\UUSee НшВзµзКУ.lnk
- %PROGRAM_FILES%\Mozilla Firefox\plugins\npuuseep.dll
- %PROGRAM_FILES%\Mozilla Firefox\plugins\npstartservicep.dll
- %ALLUSERSPROFILE%\Start Menu\Programs\UUSee НшВзµзКУ\Р¶ФШUUSee НшВзµзКУ.lnk
- %ALLUSERSPROFILE%\Start Menu\UUSee НшВзµзКУ.lnk
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\UUSee НшВзµзКУ.lnk
- %PROGRAM_FILES%\uusee\skin\images_setting\Thumbs.db
- %PROGRAM_FILES%\uusee\skin\images_setting\btn3.gif
- %PROGRAM_FILES%\uusee\skin\images_setting\btn4.gif
- %PROGRAM_FILES%\uusee\skin\images_default\nav_bj1.gif
- %PROGRAM_FILES%\uusee\skin\images_default\nav_bj_hover.gif
- %PROGRAM_FILES%\uusee\skin\images_default\nav_ls.gif
- %PROGRAM_FILES%\uusee\skin\images_setting\btn5.gif
- %PROGRAM_FILES%\uusee\skin\images_setting\checkbox4.gif
- %PROGRAM_FILES%\uusee\skin\images_setting\close.gif
- %PROGRAM_FILES%\uusee\skin\images_setting\settings_nav_bj.gif
- %PROGRAM_FILES%\uusee\skin\images_setting\checkbox1.gif
- %PROGRAM_FILES%\uusee\skin\images_setting\checkbox2.gif
- %PROGRAM_FILES%\uusee\skin\images_setting\checkbox3.gif
- %PROGRAM_FILES%\uusee\skin\new_default\myt_002.gif
- %PROGRAM_FILES%\uusee\skin\new_default\myt_003.gif
- %PROGRAM_FILES%\uusee\skin\new_default\myt_meilitao.gif
- %PROGRAM_FILES%\uusee\skin\new_default\logo.gif
- %PROGRAM_FILES%\uusee\skin\new_default\lssc2_20130126.gif
- %PROGRAM_FILES%\uusee\skin\new_default\myt_001.gif
- %PROGRAM_FILES%\uusee\skin\new_default\nav.gif
- %PROGRAM_FILES%\uusee\cache\8C\8CBAD5064F7EE4C5AFBE9899C56109BC
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\skin.zip[1].html
- %CommonProgramFiles%\uusee\flvads.xml
- %PROGRAM_FILES%\uusee\skin\new_default\nav_bj.gif
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\browseController[1].ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\localpage[1].ini
- %CommonProgramFiles%\desktop\desktopiconX86.dll
- %TEMP%\sckj.exe
- %PROGRAM_FILES%\uusee\skin\expjs.txt
- %TEMP%\nsv3.tmp\Math.dll
- %TEMP%\nsv3.tmp\nsExec.dll
- %TEMP%\nsv3.tmp\ns4.tmp
- %PROGRAM_FILES%\uusee\skin\new_default\Delete.gif
- %PROGRAM_FILES%\uusee\skin\new_default\body_bj.jpg
- %PROGRAM_FILES%\uusee\skin\new_default\btn3.gif
- %PROGRAM_FILES%\uusee\skin\new_default\collection1.gif
- %PROGRAM_FILES%\uusee\skin\new_default\Delete1.gif
- %PROGRAM_FILES%\uusee\skin\new_default\Prompt1.gif
- %PROGRAM_FILES%\uusee\skin\new_default\Prompt2.gif
- %PROGRAM_FILES%\uusee\skin\images_default\nav_bj.gif
- %PROGRAM_FILES%\zhibo.ico
- %CommonProgramFiles%\uusee\uninst.exe
- %CommonProgramFiles%\uusee\LocalInfo.ini
- %CommonProgramFiles%\uusee\MediaCenter.ini
- %CommonProgramFiles%\uusee\UUUpgrade.ini
- %CommonProgramFiles%\uusee\Localserver.dll
- %PROGRAM_FILES%\uusee\UUPlayer_2011_update.ini
- %PROGRAM_FILES%\uusee\skin.zip
- %PROGRAM_FILES%\uusee\uninstuusee.exe
- %PROGRAM_FILES%\uusee\uutran.exe
- %CommonProgramFiles%\uusee\UUPlayer_2011_path.ini
- %PROGRAM_FILES%\uusee\UUSeeExplorer.exe
- %PROGRAM_FILES%\uusee\pro.ini
- <SYSTEM32>\nsis_loader.dll
- %TEMP%\nsv3.tmp\UUSeeLog.dll
- %TEMP%\nsv3.tmp\AccessControl.dll
- %TEMP%\nsa2.tmp
- %TEMP%\nsv3.tmp\System.dll
- %TEMP%\nsv3.tmp\FindProcDLL.dll
- %CommonProgramFiles%\uusee\StartService.ocx
- %CommonProgramFiles%\uusee\UUUpgrade.exe
- %CommonProgramFiles%\uusee\trafficlight.dll
- %CommonProgramFiles%\uusee\UUSeeMediaCenter.exe
- %CommonProgramFiles%\uusee\npstartservicep.dll
- %CommonProgramFiles%\uusee\in_net.dll
- %CommonProgramFiles%\uusee\UUNet.dll
- %PROGRAM_FILES%\uusee\skin\func.html
- %PROGRAM_FILES%\uusee\skin\localpage.ini
- %PROGRAM_FILES%\uusee\skin\setting.html
- %PROGRAM_FILES%\uusee\cache\F7\F7CF9FEC2CF8444FC3E3D6721BC7B504
- %PROGRAM_FILES%\uusee\skin\client_404_new.html
- %PROGRAM_FILES%\uusee\skin\default.html
- %PROGRAM_FILES%\uusee\skin\images_default\Prompt1.gif
- %PROGRAM_FILES%\uusee\skin\images_default\Thumbs.db
- %PROGRAM_FILES%\uusee\skin\images_default\bottom.gif
- %PROGRAM_FILES%\uusee\skin\images_default\nav.jpg
- %PROGRAM_FILES%\uusee\skin\images_default\Prompt2.gif
- %PROGRAM_FILES%\uusee\skin\images_default\State2.jpg
- %PROGRAM_FILES%\uusee\skin\images_default\State3.jpg
- %PROGRAM_FILES%\uusee\cache\5E\5E876AA842EAE8DBC836A77728380F74
- %PROGRAM_FILES%\uusee\cache\6C\6C67AFA2417CB6D9CAFB224277C6518E
- %PROGRAM_FILES%\uusee\cache\7E\7E681514D502E345CF732E2DA1DC345A
- %PROGRAM_FILES%\uusee\cache\1C\1CE92A7B273F08AAC78747D7AB1C7D72
- %PROGRAM_FILES%\uusee\cache\46\4657524B0DF28396E9F9BCD90FD5AC89.xml
- %PROGRAM_FILES%\uusee\cache\5C\5CACD8D891055D1513D7AE33DD118E36
- %PROGRAM_FILES%\uusee\cache\AC\ACA6CCAA9A70108615A6E407DB356736.xml
- %PROGRAM_FILES%\uusee\cache\F3\F31D5674BC24DCC28BEEE5B4686DB4E2
- %PROGRAM_FILES%\uusee\cache\F4\F4AE19D2639120BB0C0D4810D5BA3EB4
- %PROGRAM_FILES%\uusee\cache\F7\F799DB3876054ADE36CCFC5F0C3A78A4
- %PROGRAM_FILES%\uusee\cache\D1\D1BD958567A641D4933EB7A785B201EC
- %PROGRAM_FILES%\uusee\cache\E2\E24A5D74D84D8EDEFB2E58FAA31D7DB4
- %PROGRAM_FILES%\uusee\cache\E2\E2C81B264318E8B54E6D976AC2099A19.xml
Удаляет следующие файлы:
- %PROGRAM_FILES%\uusee\skin\images_setting\us6.gif
- %PROGRAM_FILES%\uusee\skin\localpage.ini
- %PROGRAM_FILES%\uusee\skin\setting.html
- %PROGRAM_FILES%\uusee\skin\images_setting\settings_nav_bj.gif
- %PROGRAM_FILES%\uusee\skin\images_setting\us2.gif
- %PROGRAM_FILES%\uusee\skin\images_setting\us5.gif
- %TEMP%\sckj.exe
- %TEMP%\nsv3.tmp\nsExec.dll
- %TEMP%\nsv3.tmp\System.dll
- %TEMP%\nsv3.tmp\UUSeeLog.dll
- %TEMP%\nsv3.tmp\AccessControl.dll
- %TEMP%\nsv3.tmp\FindProcDLL.dll
- %TEMP%\nsv3.tmp\Math.dll
- %PROGRAM_FILES%\uusee\skin\images_setting\close.gif
- %PROGRAM_FILES%\uusee\skin\client_404_new.html
- %PROGRAM_FILES%\uusee\skin\default.html
- %PROGRAM_FILES%\uusee\skin\func.html
- <SYSTEM32>\nsis_loader.dll
- %PROGRAM_FILES%\uusee\UUPlayer_2011_update.ini
- %TEMP%\nsv3.tmp\ns4.tmp
- %PROGRAM_FILES%\uusee\skin\images_setting\btn3.gif
- %PROGRAM_FILES%\uusee\skin\images_setting\checkbox2.gif
- %PROGRAM_FILES%\uusee\skin\images_setting\checkbox3.gif
- %PROGRAM_FILES%\uusee\skin\images_setting\checkbox4.gif
- %PROGRAM_FILES%\uusee\skin\images_setting\btn4.gif
- %PROGRAM_FILES%\uusee\skin\images_setting\btn5.gif
- %PROGRAM_FILES%\uusee\skin\images_setting\checkbox1.gif
Сетевая активность:
Подключается к:
- 'pl####.uusee.com':80
- 'localhost':1042
TCP:
Запросы HTTP GET:
- pl####.uusee.com/transformer/2012/page/local/local2013/skin.zip.html?
- pl####.uusee.com/transformer/2012/page/local/local2013/localpage.ini
- pl####.uusee.com/transformer/client_2011/daoshi/browseController.ini
UDP:
- DNS ASK ne####.uusee.com
- DNS ASK uh##.uusee.com
- DNS ASK www.uu##e.com
- DNS ASK sa.##see.com
- DNS ASK up####.uusee.com
- DNS ASK lo#.#usee.com
- DNS ASK pl####.uusee.com
- DNS ASK lo####ver.uusee.com
- '23#.#51.92.3':9800
- '19#.#03.186.0':9800
- '22#.#29.55.0':10110
- 'lo####ver.uusee.com':10150
- '10#.#7.114.67':10110
- 'any':10110
- 'lo#.#usee.com':17200
- 'lo#.#usee.com':10080
- 'lo####ver.uusee.com':10080
- 'lo#.#usee.com':10110
- '19#.#03.186.0':18100
- '19#.#03.186.0':10150
- 'lo####ver.uusee.com':17200
Другое:
Ищет следующие окна:
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
