Trojan.DownLoader3.21908

Техническая информация

Вредоносные функции:

Создает и запускает на исполнение:

%PROGRAM_FILES%\rar.exe a C:\Far\PLUGINS.RAR ИҐМФ±¦Ншїґїґ°Й.url a C:\Far\COLORER.RAR ИҐМФ±¦Ншїґїґ°Й.url
%PROGRAM_FILES%\build.exe
%PROGRAM_FILES%\GreenInternet\GreenInternet\GreenBrowser.exe

Изменения в файловой системе:

Создает следующие файлы:

%PROGRAM_FILES%\GreenInternet\GreenInternet\Skin\Default\Go.bmp
%PROGRAM_FILES%\GreenInternet\GreenInternet\Skin\Default\MainAnimIcon.bmp
%PROGRAM_FILES%\GreenInternet\GreenInternet\Skin\Default\MainMenu.bmp
%PROGRAM_FILES%\GreenInternet\GreenInternet\Skin\Default\BackGround.bmp
%PROGRAM_FILES%\GreenInternet\GreenInternet\Skin\A-Vista\TabNormal.bmp
%PROGRAM_FILES%\GreenInternet\GreenInternet\Skin\A-Vista\TabNormalBottom.bmp
%PROGRAM_FILES%\GreenInternet\GreenInternet\Skin\A-Vista\TaskBar.bmp
%PROGRAM_FILES%\GreenInternet\GreenInternet\Skin\Default\SearchBar.bmp
%PROGRAM_FILES%\GreenInternet\GreenInternet\Skin\Default\StatusTool.bmp
%PROGRAM_FILES%\GreenInternet\GreenInternet\Skin\Default\SystemBar.bmp
%PROGRAM_FILES%\GreenInternet\GreenInternet\Skin\Default\MainToolGray24.bmp
%PROGRAM_FILES%\GreenInternet\GreenInternet\Skin\Default\MainTool16.bmp
%PROGRAM_FILES%\GreenInternet\GreenInternet\Skin\Default\MainTool24.bmp
%PROGRAM_FILES%\GreenInternet\GreenInternet\Skin\Default\MainToolGray16.bmp
%PROGRAM_FILES%\GreenInternet\GreenInternet\Skin\A-Vista\TabActiveBottom.bmp
%PROGRAM_FILES%\GreenInternet\GreenInternet\Skin\A-Vista\Go.bmp
%PROGRAM_FILES%\GreenInternet\GreenInternet\Skin\A-Vista\MainMenu.bmp
%PROGRAM_FILES%\GreenInternet\GreenInternet\Skin\A-Vista\MainTool16.bmp
%PROGRAM_FILES%\GreenInternet\GreenInternet\Skin\A-Vista\FavBar.bmp
%PROGRAM_FILES%\GreenInternet\GreenInternet\Resource\Инјю.cgp
%PROGRAM_FILES%\GreenInternet\GreenInternet\Resource\ЈЙЈФ.cgp
%PROGRAM_FILES%\GreenInternet\GreenInternet\Skin\A-Vista\BackGround.bmp
%PROGRAM_FILES%\GreenInternet\GreenInternet\Skin\A-Vista\StatusTool.bmp
%PROGRAM_FILES%\GreenInternet\GreenInternet\Skin\A-Vista\SystemBar.bmp
%PROGRAM_FILES%\GreenInternet\GreenInternet\Skin\A-Vista\TabActive.bmp
%PROGRAM_FILES%\GreenInternet\GreenInternet\Skin\A-Vista\SearchBar.bmp
%PROGRAM_FILES%\GreenInternet\GreenInternet\Skin\A-Vista\MainTool24.bmp
%PROGRAM_FILES%\GreenInternet\GreenInternet\Skin\A-Vista\MainToolGray16.bmp
%PROGRAM_FILES%\GreenInternet\GreenInternet\Skin\A-Vista\MainToolGray24.bmp
%PROGRAM_FILES%\GreenInternet\GreenInternet\Groups\ЧЁТµНшХѕ.cgp
%PROGRAM_FILES%\GreenInternet\GreenInternet\Groups\№єОп.cgp
%PROGRAM_FILES%\GreenInternet\GreenInternet\User\FormData.ini
%PROGRAM_FILES%\GreenInternet\GreenInternet\Groups\ОТµДµзДФ.cgp
%PROGRAM_FILES%\GreenInternet\GreenInternet\Groups\Инјю.cgp
%PROGRAM_FILES%\GreenInternet\GreenInternet\Groups\ЙзЗш.cgp
%PROGRAM_FILES%\GreenInternet\GreenInternet\Groups\Йъ»о.cgp
%PROGRAM_FILES%\GreenInternet\GreenInternet\User\CollectorScript.txt
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\v1258[1]
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\favicon[1].ico
%PROGRAM_FILES%\GreenInternet\GreenInternet\User\DownManager.ini
%PROGRAM_FILES%\__rar_00.328
%PROGRAM_FILES%\__rar_00.579
%PROGRAM_FILES%\GreenInternet\GreenInternet\User\SearchEngine.ini
%PROGRAM_FILES%\GreenInternet\GreenInternet\Groups\ЈЙЈФ.cgp
%HOMEPATH%\Desktop\GreenInternot.lnk
%HOMEPATH%\Desktop\ВМЙ«ЙПНшµјєЅ..lnk
%HOMEPATH%\Start Menu\GreenВМЙ«ЙПНш.lnk
%PROGRAM_FILES%\rar.exe
%PROGRAM_FILES%\GreenInternet\GreenInternet\thanks.txt
%PROGRAM_FILES%\build.exe
%PROGRAM_FILES%\ИҐМФ±¦Ншїґїґ°Й.url
%HOMEPATH%\Desktop\Intemet Explorer.lnk
%PROGRAM_FILES%\GreenInternet\GreenInternet\User\GreenBrowser.ini
%PROGRAM_FILES%\GreenInternet\GreenInternet\User\Filter.ini
%HOMEPATH%\Favorites\ѕ©¶«НшЙПЙМіЗЧЫєП№єОп.lnk
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\GreenВМЙ«ЙПНш.lnk
%HOMEPATH%\Desktop\МФ±¦єГµкЖМµјєЅ.lnk
%HOMEPATH%\Favorites\МФ±¦НшМШјЫЖµµА.lnk
%PROGRAM_FILES%\GreenInternet\GreenInternet\Resource\№єОп.cgp
%PROGRAM_FILES%\GreenInternet\GreenInternet\Plugin\KillAd\plugin.ini
%PROGRAM_FILES%\GreenInternet\GreenInternet\Plugin\MouseUnlock\MouseUnlock.htm
%PROGRAM_FILES%\GreenInternet\GreenInternet\Plugin\MouseUnlock\MouseUnlock.ico
%PROGRAM_FILES%\GreenInternet\GreenInternet\Plugin\KillAd\killad.ico
%PROGRAM_FILES%\GreenInternet\GreenInternet\Plugin\Buy\Ву°ь°ь.url
%PROGRAM_FILES%\GreenInternet\GreenInternet\Plugin\Buy\ВуїјБЦНшЙП№єОп.url
%PROGRAM_FILES%\GreenInternet\GreenInternet\Plugin\KillAd\killad.htm
%PROGRAM_FILES%\GreenInternet\GreenInternet\Plugin\Tools\QuickTools.ini
%WINDIR%\360buy.ico
%WINDIR%\amazon.ico
%PROGRAM_FILES%\GreenInternet\GreenInternet\Plugin\Tools\QuickTools.exe
%PROGRAM_FILES%\GreenInternet\GreenInternet\Plugin\MouseUnlock\plugin.ini
%PROGRAM_FILES%\GreenInternet\GreenInternet\Plugin\SnapShot\SnapShot.exe
%PROGRAM_FILES%\GreenInternet\GreenInternet\Plugin\Tools\QuickMute.exe
%PROGRAM_FILES%\GreenInternet\GreenInternet\Plugin\Buy\МФ±¦Нш.url
%PROGRAM_FILES%\GreenInternet\GreenInternet\GreenBrowser.exe
%PROGRAM_FILES%\GreenInternet\GreenInternet\GreenBrowser.exe.manifest
%PROGRAM_FILES%\GreenInternet\GreenInternet\Language\ChineseGB.ini
%TEMP%\$inst\temp_0.tmp
%TEMP%\$inst\2.tmp
%TEMP%\$inst\4.tmp
%TEMP%\$inst\5.tmp
%PROGRAM_FILES%\GreenInternet\GreenInternet\Plugin\Buy\±±ѕ©ЅЫЙ«.url
%PROGRAM_FILES%\GreenInternet\GreenInternet\Plugin\Buy\ЧїФЅНш.url
%PROGRAM_FILES%\GreenInternet\GreenInternet\Plugin\Buy\µ±µ±НшЎЄНшЙП№єОпЦРРД.url
%PROGRAM_FILES%\GreenInternet\GreenInternet\Plugin\Buy\ѕ©¶«НшЙПЙМіЗ.url
%PROGRAM_FILES%\GreenInternet\GreenInternet\Plugin\Buy\DHC.url
%PROGRAM_FILES%\GreenInternet\GreenInternet\Plugin\Buy\VANCL.url
%PROGRAM_FILES%\GreenInternet\GreenInternet\Plugin\Buy\ЦР№ъНјКйНш.url
%PROGRAM_FILES%\GreenInternet\GreenInternet\Resource\shopping.ico
%PROGRAM_FILES%\GreenInternet\GreenInternet\Resource\Software.ico
%PROGRAM_FILES%\GreenInternet\GreenInternet\Resource\SpeedDial.htm
%PROGRAM_FILES%\GreenInternet\GreenInternet\Resource\Resource.htm
%PROGRAM_FILES%\GreenInternet\GreenInternet\Resource\news.ico
%PROGRAM_FILES%\GreenInternet\GreenInternet\Resource\PopFilter.WAV
%PROGRAM_FILES%\GreenInternet\GreenInternet\Resource\Proxy.ini.default
%PROGRAM_FILES%\GreenInternet\GreenInternet\Resource\ОТµДµзДФ.cgp
%PROGRAM_FILES%\GreenInternet\GreenInternet\Resource\Йъ»о.cgp
%PROGRAM_FILES%\GreenInternet\GreenInternet\Resource\ЙзЗш.cgp
%PROGRAM_FILES%\GreenInternet\GreenInternet\Resource\ЧЁТµНшХѕ.cgp
%WINDIR%\taobao.ico
%PROGRAM_FILES%\GreenInternet\GreenInternet\Resource\Update.ini
%WINDIR%\x.ico
%PROGRAM_FILES%\GreenInternet\GreenInternet\Resource\Music.ico
%PROGRAM_FILES%\GreenInternet\GreenInternet\Resource\GreenBrowser.ini.default
%PROGRAM_FILES%\GreenInternet\GreenInternet\Resource\GreenBrowserUpdate.exe
%PROGRAM_FILES%\GreenInternet\GreenInternet\Resource\GreenBrowserUpdate.exe.manifest
%PROGRAM_FILES%\GreenInternet\GreenInternet\Resource\Filter.ini.default
%PROGRAM_FILES%\GreenInternet\GreenInternet\Resource\CollectorScript.txt.default
%WINDIR%\dangdang.ico
%PROGRAM_FILES%\GreenInternet\GreenInternet\Resource\DownManager.ini.default
%WINDIR%\maibao.ico
%PROGRAM_FILES%\GreenInternet\GreenInternet\Resource\man.ico
%PROGRAM_FILES%\GreenInternet\GreenInternet\Resource\maps.ico
%WINDIR%\m18.ico
%PROGRAM_FILES%\GreenInternet\GreenInternet\Resource\GreenImageConvert.exe
%PROGRAM_FILES%\GreenInternet\GreenInternet\Resource\image.ico
%PROGRAM_FILES%\GreenInternet\GreenInternet\Resource\lucky.ico

Удаляет следующие файлы:

%TEMP%\$inst\5.tmp
%PROGRAM_FILES%\ИҐМФ±¦Ншїґїґ°Й.url
%PROGRAM_FILES%\rar.exe
%TEMP%\$inst\temp_0.tmp
%TEMP%\$inst\2.tmp
%TEMP%\$inst\4.tmp

Сетевая активность:

Подключается к:

'www.v1##8.com':80
'localhost':1037

TCP:

Запросы HTTP GET:

www.v1##8.com/favicon.ico
www.v1##8.com/?gr###

UDP:

DNS ASK www.v1##8.com

Другое:

Ищет следующие окна:

ClassName: 'MS_AutodialMonitor' WindowName: ''
ClassName: 'MS_WebcheckMonitor' WindowName: ''
ClassName: 'Shell_TrayWnd' WindowName: ''
ClassName: 'Internet Explorer_Server' WindowName: ''

Технологии

Термины

Обучение и просвещение

Мифы

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней