Trojan.Starman.5801

Техническая информация

Для обеспечения автозапуска и распространения:

Создает или изменяет следующие файлы:

%WINDIR%\Tasks\SA.DAT

Вредоносные функции:

Запускает на исполнение:

'<SYSTEM32>\svchost.exe' -k netsvcs
'<SYSTEM32>\dumprep.exe' 1120 -dm 7 7 %TEMP%\WER0be2.dir00\svchost.exe.mdmp 16325836412030524

Изменения в файловой системе:

Создает следующие файлы:

%CommonProgramFiles%\Microsoft Shared\Stationery\brvrjrke.exe
%CommonProgramFiles%\System\ado\tsektjkj.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\ehbebsrn.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\nsqjttkv.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\njbsvtll.exe
%PROGRAM_FILES%\FireFox\chrome\toolkit\content\global\sjwzlskk.exe
%PROGRAM_FILES%\FireFox\chrome\toolkit\res\lhbtcvlt.exe
%PROGRAM_FILES%\FireFox\chrome\toolkit\content\global\hltjtlne.exe
%PROGRAM_FILES%\FireFox\chrome\toolkit\content\global\jjjthqtn.exe
%PROGRAM_FILES%\FireFox\chrome\toolkit\content\global\cpow\ketssrzn.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\bnbtzwxt.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\xrljqjzn.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\bcwvzwbh.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\bhrhnkht.exe
%TEMP%\WER0be2.dir00\svchost.exe.mdmp
%CommonProgramFiles%\Microsoft Shared\Stationery\vkjljzrn.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\bzqlkhrh.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\tlcwjrwt.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\elwtjnbj.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\czjevcet.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\qjllsjhl.exe

Сетевая активность:

Подключается к:

'80.##.93.101':139
'80.##.54.183':139
'80.##.214.91':445
'80.##.100.214':445
'80.##.49.252':139
'80.##.54.183':445
'80.##.49.252':445
'80.#9.8.195':139
'80.##.93.101':445
'80.##.251.244':445
'80.##.157.112':445
'80.#9.43.87':445
'80.#9.29.30':445
'80.##.218.28':445
'80.##.226.16':445
'80.##.80.109':445
'80.#9.47.47':445
'80.##.80.154':445
'80.#9.1.3':445
'80.#9.8.195':445
'80.##.119.209':139
'80.##.72.157':139
'80.##.111.48':139
'80.#9.13.85':139
'80.##.25.253':139
'80.##.102.74':139
'80.#9.97.78':139
'80.##.140.179':139
'80.##.20.129':139
'80.##.137.125':139
'80.##.158.54':139
'80.##.103.158':139
'80.##.169.18':139
'80.#9.54.62':139
'80.##.27.104':139
'80.##.82.122':139
'80.##.125.226':139
'80.##.51.130':139
'80.##.177.236':139
'80.##.185.102':445
'80.##.226.156':445
'80.##.206.190':445
'80.##.213.243':445
'80.##.20.227':445
'80.##.163.233':445
'80.##.146.221':445
'80.##.248.193':445
'80.#9.187.6':445
'80.##.27.240':445
'80.##.214.91':139
'80.##.100.214':139
'80.#9.47.47':139
'80.##.251.244':139
'80.##.181.206':445
'80.#9.67.65':445
'80.#9.5.233':445
'80.##.175.98':445
'80.##.162.166':445
'80.##.65.234':445
'80.##.69.173':445
'80.##.188.108':445
'80.##.214.194':445
'80.##.191.134':445
'80.##.233.126':445
'80.#9.62.25':445
'80.#9.30.58':445
'80.#9.0.250':445
'80.#9.5.244':445
'80.##.161.162':445
'80.##.139.33':445
'80.##.118.162':445
'80.#9.48.54':445
'80.##.204.100':445
'80.##.137.104':445
'80.##.167.50':445
'80.#9.0.141':445
'80.##.18.243':445
'80.##.112.248':445
'80.#9.13.94':139
'80.##.53.168':445
'80.##.118.181':445
'80.##.58.140':445
'80.##.194.12':445
'80.#9.4.227':445
'80.##.185.32':445
'80.##.129.72':445
'80.##.160.48':445
'80.##.133.214':445
'80.##.68.108':445
'80.##.25.253':445
'80.##.140.179':445
'80.##.119.209':445
'80.##.72.157':445
'80.##.20.129':445
'80.#9.13.94':445
'80.##.55.204':445
'80.##.102.74':445
'80.#9.97.78':445
'80.##.242.43':445
'80.##.148.228':445
'80.##.67.138':445
'80.##.113.209':445
'80.##.209.141':445
'80.##.154.233':445
'80.##.42.136':139
'80.##.133.126':139
'80.#9.89.87':139
'80.#9.40.89':139
'80.##.209.13':445
'80.##.165.195':445
'80.##.40.166':445
'80.##.36.242':445
'80.##.24.116':445
'80.##.100.40':445
'80.#9.22.58':445
'80.##.113.226':445
'80.##.89.100':445
'80.#9.58.89':445
'80.##.36.242':139
'80.##.24.116':139
'80.##.129.72':139
'80.##.242.43':139
'80.##.165.195':139
'80.##.89.100':139
'80.#9.58.89':139
'80.##.40.166':139
'80.##.100.40':139
'80.##.185.32':139
'80.##.58.140':139
'80.##.194.12':139
'80.##.55.204':139
'80.##.68.108':139
'80.##.53.168':139
'80.##.160.48':139
'80.##.133.214':139
'80.##.118.181':139
'80.#9.4.227':139
'80.#9.22.58':139
'80.##.51.130':445
'80.##.177.236':445
'80.##.103.158':445
'80.##.27.104':445
'80.##.82.122':445
'80.##.111.48':445
'80.#9.13.85':445
'80.##.125.226':445
'80.##.137.125':445
'80.##.158.54':445
'80.##.113.209':139
'80.##.209.141':139
'80.##.113.226':139
'80.##.209.13':139
'80.##.148.228':139
'80.##.169.18':445
'80.#9.54.62':445
'80.##.67.138':139
'80.##.154.233':139
'80.##.84.198':445
'80.#9.5.249':445
'80.#9.28.38':139
'80.##.206.240':139
'80.##.224.142':445
'80.##.106.57':445
'80.##.116.118':445
'80.##.142.18':445
'80.##.50.254':445
'80.##.147.117':139
'80.##.19.250':139
'80.##.124.225':139
'80.##.209.207':139
'80.##.195.162':139
'80.##.231.114':139
'80.#9.39.33':139
'80.#9.8.109':139
'80.##.24.232':139
'80.##.191.24':139
'80.##.178.115':445
'80.##.59.167':445
'80.##.116.59':445
'80.#9.32.34':445
'80.##.167.10':445
'80.##.185.17':445
'80.#9.31.75':445
'80.##.31.249':445
'80.##.54.101':445
'80.#9.17.15':445
'80.#9.38.98':445
'80.##.188.206':445
'80.##.131.175':445
'80.##.102.25':445
'80.##.173.102':445
'80.##.70.253':445
'80.##.77.117':445
'80.#9.17.86':445
'80.##.87.123':445
'80.##.123.206':445
'80.##.70.253':139
'80.##.87.123':139
'80.##.188.206':139
'80.##.131.175':139
'80.##.123.206':139
'80.#9.38.98':139
'80.#9.32.34':139
'80.##.77.117':139
'80.#9.17.86':139
'80.##.173.102':139
'80.##.84.198':139
'80.#9.5.249':139
'80.##.224.142':139
'80.##.142.18':139
'80.##.50.254':139
'80.##.178.115':139
'80.##.102.25':139
'80.##.106.57':139
'80.##.116.118':139
'80.##.167.10':139
'80.#9.63.27':139
'80.##.242.199':139
'80.#9.32.38':139
'80.#9.28.32':139
'80.##.155.233':139
'80.##.198.70':139
'80.##.253.31':139
'80.##.116.156':139
'80.##.100.117':139
'80.##.12.114':139
'80.##.185.17':139
'80.##.54.101':139
'80.##.59.167':139
'80.##.116.59':139
'80.#9.17.15':139
'80.##.27.127':139
'80.##.29.116':139
'80.#9.31.75':139
'80.##.31.249':139
'80.##.27.127':445
'80.#9.48.54':139
'80.##.204.100':139
'80.##.146.221':139
'80.##.65.234':139
'80.##.139.33':139
'80.##.18.243':139
'80.##.112.248':139
'80.##.118.162':139
'80.##.137.104':139
'80.##.163.233':139
'80.##.206.190':139
'80.##.213.243':139
'80.#9.5.233':139
'80.##.27.240':139
'80.##.185.102':139
'80.##.248.193':139
'80.#9.187.6':139
'80.##.226.156':139
'80.##.20.227':139
'80.##.167.50':139
'80.##.218.28':139
'80.##.157.112':139
'80.#9.30.58':139
'80.#9.29.30':139
'80.#9.43.87':139
'80.#9.1.3':139
'80.##.80.109':139
'80.##.226.16':139
'80.##.80.154':139
'80.#9.62.25':139
'80.##.214.194':139
'80.##.191.134':139
'80.#9.0.141':139
'80.##.161.162':139
'80.##.69.173':139
'80.#9.0.250':139
'80.#9.5.244':139
'80.##.188.108':139
'80.##.233.126':139
'80.##.195.162':445
'80.##.19.250':445
'80.##.253.31':445
'80.##.209.207':445
'80.##.124.225':445
'80.##.191.24':445
'80.#9.39.33':445
'80.##.231.114':445
'80.##.24.232':445
'80.##.198.70':445
'80.#9.32.38':445
'80.#9.28.32':445
'80.##.29.116':445
'80.##.12.114':445
'80.#9.63.27':445
'80.##.116.156':445
'80.##.100.117':445
'80.##.242.199':445
'80.##.155.233':445
'80.#9.8.109':445
'80.##.29.116':9988
'80.#9.28.32':9988
'80.#9.32.34':9988
'80.##.27.127':9988
'80.##.231.114':9988
'80.##.162.166':139
'80.#9.67.65':139
'80.##.181.206':139
'80.##.175.98':139
'80.##.123.206':9988
'80.##.206.240':445
'80.##.50.254':9988
'80.##.147.117':445
'80.#9.28.38':445
'80.#9.5.249':9988
'80.##.102.25':9988
'80.##.70.253':9988
'80.##.106.57':9988
'80.##.116.118':9988

Технологии

Термины

Обучение и просвещение

Мифы

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней