Precisa de ajuda? Peça à comunidade ou contrate um perito.
Acesse a Avira Answers
VírusWorm/Foreign.nbt.3
Data em que surgiu:21/09/2012
Tipo:Worm
Incluído na lista "In The Wild"Não
Nível de danos:Alto
Nível de distribuição:Médio
Nível de risco:Médio
Ficheiro estático:Não
Tamanho:~111.648 Bytes
Versão VDF:7.11.44.74 - quarta-feira, 26 de setembro de 2012
Versão IVDF:7.11.44.74 - quarta-feira, 26 de setembro de 2012

 Vulgarmente Meio de transmissão:
   • Rede local


Alias:
   •  Symantec: Trojan.ADH.2
   •  Kaspersky: Trojware Trojan-Ransom.Win32.Foreign.qpp
   •  AVG: Worm/Pakes.AXR
   •  Eset: Win32/AutoRun.Spy.Banker.M worm

Identificado anteriormente como:
   •  TR/Foreign.nbt.3


Sistemas Operativos:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows 7


Efeitos secundários:
   • Bloqueia o acesso a determinados Web sites
   • Bloqueia o acesso a Web sites de segurança
   • Pode ser usado para executar código malicioso
   • Pode ser usado por malwares ou usuários rogue para diminuir as configurações de segurança
   • Pode ser usado para modificar configurações do sistema que permitem ou aumentam o comportamento do malware em potencial.
   • Desactiva aplicações de segurança
   • Descarrega ficheiros
   • Baixa as definições de segurança
   • Altera o registo do Windows
   • Informação de roubos

 Ficheiros Autocopia-se para as seguintes localizações
   • %HOME%\3607F5C6165747279667\winlogon.exe
   • %HOME%\Start Menu\Fax y Esc?ner de Windows.exe
   • %HOME%\Start Menu\Programs\Internet Explorer.exe
   • %HOME%\Start Menu\Programs\Startup\Windows Anytime Upgrade.exe
   • %ALLUSERSPROFILE%\Start Menu\Windows DVD Maker.exe
   • %ALLUSERSPROFILE%\Programs\Windows Media Center.exe
   • %ALLUSERSPROFILE%\Programs\Startup\Windows Update.exe



Cria as seguintes pastas:
   • %TEMPDIR%\%número hexadecimal%\FOTOS
   • %TEMPDIR%\%número hexadecimal%\JUEGOS
   • %TEMPDIR%\%número hexadecimal%\LIBROS
   • %TEMPDIR%\%número hexadecimal%\MUSICA
   • %TEMPDIR%\%número hexadecimal%\PELICULAS
   • %TEMPDIR%\%número hexadecimal%\PELICULAS



Elimina o seguinte ficheiro:
   • %temporary internet files%\Content.IE5\%todas as pastas%\*.*

 Registry (Registo do Windows) São adicionadas as seguintes chaves ao registo:

– [HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\
   Layers]
   • @="RUNASADMIN"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\
   Layers]
   • @="RUNASADMIN"

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\
   Associations]
   • "LowRiskFileTypes"=".exe"

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
   • "HideSCAHealth"=dword:00000001
   • "NoFolderOptions"=dword:00000000

– [HKLM\SOFTWARE\Microsoft\Security Center\Svc]
   • "AntiVirusDisableNotify"=dword:00000001
   • "AntiVirusOverride"=dword:00000000
   • "FirewallDisableNotify"=dword:00000001
   • "FirewallOverride"=dword:00000000
   • "FirstRunDisabled"=dword:00000001
   • "UpdatesDisableNotify"=dword:00000001
   • "UacDisableNotify"=dword:00000001
   • "AntiSpywareOverride"=dword:00000000

– [HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
   • "NoAutoRebootWithLoggedOnUsers"=dword:00000001

– [HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
   • "EnableFirewall"=dword:00000000

– [HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
   • "EnableFirewall"=dword:00000000

– [HKLM\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\
   FirewallPolicy\StandardProfile\AuthorizedApplications\List]
   • "%HOME%\%número hexadecimal%\winlogon.exe"="%HOME%\%número hexadecimal%\winlogon.exe:*:Enabled:@xpsp2res.dll,-28956246"

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System]
   • "DisableRegistryTools"=dword:00000001
   • "DisableTaskMgr"=dword:00000001

– [HKCU\Software\Policies\Microsoft\Windows\System]
   • "DisableCMD"=dword:00000001

– [HKCU\Software\Microsoft\Windows Script Host\Settings]
   • "Enabled"="0"

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\
   .htm\UserChoice]
   • "Progid"="IE.AssocFile.HTM"

– [HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\
   http\UserChoice]
   • "Progid"="IE.HTTP"

– [HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\
   https\UserChoice]
   • "Progid"="IE.HTTPS"

– [HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\
   ftp\UserChoice]
   • "Progid"="IE.FTP"

– [HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel]
   • "HomePage"=dword:00000001



Altera as seguintes chaves de registo do Windows:

Desactiva a Firewall do Windows

– [HKLM\SOFTWARE\Microsoft\Security Center]
   Valor anterior:
   • "FirewallDisableNotify"=dword:00000000
   Valor recente:
   • "FirewallDisableNotify"=dword:00000001

– [HKCR\ftp\shell\open\ddeexec\Application]
   Valor recente:
   • @="IExplore"

– [HKCR\ftp\shell\open\command]
   Valor recente:
   • @="%PROGRAM FILES%\Internet Explorer\iexplore.exe"

– [HKCR\https\shell\open\ddeexec\Application]
   Valor recente:
   • @="IExplore"

– [HKCR\https\shell\open\command]
   Valor recente:
   • @="%PROGRAM FILES%\Internet Explorer\iexplore.exe"

– [HKCR\HTTP\shell\open\ddeexec\Application]
   Valor recente:
   • @="IExplore"

– [HKCR\HTTP\shell\open\command]
   Valor recente:
   • @="%PROGRAM FILES%\Internet Explorer\iexplore.exe"

– [HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings]
   Valor recente:
   • "Enabled"="0"

– [HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\
   FirewallPolicy\StandardProfile\AuthorizedApplications\List]
   Valor recente:
   • "%HOME%\%número hexadecimal%\winlogon.exe"="%HOME%\%número hexadecimal%\winlogon.exe:*:Enabled:@xpsp2res.dll,-53342401"

– [HKLM\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\
   FirewallPolicy\StandardProfile\AuthorizedApplications\List]
   Valor recente:
   • "%HOME%\%número hexadecimal%\winlogon.exe"="%HOME%\%número hexadecimal%\winlogon.exe:*:Enabled:@xpsp2res.dll,-57951861"

– [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring]
   Valor recente:
   • "DisableMonitoring"=dword:00000001

– [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\
   SymantecAntiVirus]
   Valor recente:
   • "DisableMonitoring"=dword:00000001

– [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\
   SymantecFirewall]
   Valor recente:
   • "DisableMonitoring"=dword:00000001

– [HKCR\lnkfile]
   Valor recente:
   • "IsShortcut"=-

– [HKCR\piffile]
   Valor recente:
   • "IsShortcut"=-

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
   Valor recente:
   • "ShowSuperHidden"=dword:00000000

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
   Valor anterior:
   • "TracesProcessed"=dword:00000000
   Valor recente:
   • "TracesProcessed"=dword:000000aa

– [HKCU\Software\Microsoft\Internet Explorer\Main]
   Valor recente:
   • "Default_Search_URL"="http://94n8o8diom6di5p.directorio-w.com"
   • "Default_Page_URL"="http://53tks18hw8spjwl.directorio-w.com"
   • "Check_Associations"="no"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
   Valor anterior:
   • "DisableSR"=dword:00000000
   Valor recente:
   • "DisableSR"=dword:00000001

– [HKLM\SYSTEM\ControlSet001\Services\sr]
   Valor anterior:
   • "Start"=dword:00000000
   Valor recente:
   • "Start"=dword:00000004

– [HKCU\Control Panel\Sound]
   Valor anterior:
   • "Beep"="yes"
   Valor recente:
   • "Beep"="no"

– [HKLM\SYSTEM\ControlSet001\Services\wscsvc]
   Valor anterior:
   • "Start"=dword:00000002
   Valor recente:
   • "Start"=dword:00000004

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\%substituição 1%]
   Valor recente:
   • "Debugger"="%HOME%\%número hexadecimal%\winlogon.exe"
     
     
     %substituição 1%:
     .exe
     _avp.exe
     _avp32.exe
     _avpcc.exe
     _avpm.exe
     _findviru.exe
     a2servic.exe
     ackwin32.exe
     acs.exe
     advxdwin.exe
     agentsvr.exe
     agentw.exe
     ahnsd.exe
     alerter.exe
     alertsvc.exe
     alogserv.exe
     amon.exe
     amon9x.exe
     antigen.exe
     anti-trojan.exe
     antivirus.exe
     ants.exe
     apimonitor.exe
     aplica32.exe
     apvxdwin.exe
     ashWebSv.exe
     atcon.exe
     atguard.exe
     atro55en.exe
     atupdater.exe
     atwatch.exe
     aupdate.exe
     autodown.exe
     autotrace.exe
     autoupdate.exe
     avcenter.exe
     avconfig.exe
     avconsol.exe
     ave32.exe
     avgcc32.exe
     avgctrl.exe
     avgemc.exe
     avgnt.exe
     avgserv.exe
     avgserv9.exe
     avguard.exe
     avgw.exe
     avkpop.exe
     avkserv.exe
     avkservice.exe
     avkwcl9.exe
     avkwctl9.exe
     avnotify.exe
     avnt.exe
     avp.exe
     avp32.exe
     avpcc.exe
     avpdos32.exe
     avpexec.exe
     avpinst.exe
     avpm.exe
     avpmon.exe
     avpnt.exe
     avptc32.exe
     avpupd.exe
     avrescue.exe
     avscan.exe
     avsched32.exe
     avshadow.exe
     avsynmgr.exe
     avupgsvc.exe
     avwebloader.exe
     avwin95.exe
     avwinnt.exe
     avwsc.exe
     avwupd32.exe
     avxmonitor9x.exe
     avxmonitornt.exe
     avxquar.exe
     avxw.exe
     azonealarm.exe
     bd_professional.exe
     bidef.exe
     bidserver.exe
     bipcp.exe
     bipcpevalsetup.exe
     bisp.exe
     blackd.exe
     blackice.exe
     boot.exe
     bootwarn.exe
     borg2.exe
     bs120.exe
     BullGuard.exe
     callmsi.exe
     ccapp.exe
     ccevtmgr.exe
     cclaw.exe
     ccpxysvc.exe
     ccsetmgr.exe
     ccshtdwn.exe
     cdp.exe
     cfgwiz.exe
     cfiadmin.exe
     cfiaudit.exe
     cfind.exe
     cfinet.exe
     cfinet32.exe
     ChromeSetup.exe
     clamauto.exe
     claw95.exe
     claw95cf.exe
     claw95ct.exe
     clean.exe
     cleaner.exe
     cleaner3.exe
     cleanpc.exe
     cmd.exe
     cmgrdian.exe
     cmon016.exe
     ComboFix.exe
     connectionmonitor.exe
     cpd.exe
     cpdclnt.exe
     cpf.exe
     cpf9x206.exe
     cpfnt206.exe
     csinject.exe
     csinsm32.exe
     css1631.exe
     ctfmon.exe
     ctrl.exe
     cv.exe
     cwnb181.exe
     cwntdwmo.exe
     defalert.exe
     defscangui.exe
     defwatch.exe
     deputy.exe
     Diskmon.exe
     doors.exe
     dpf.exe
     drvins32.exe
     drwatson.exe
     drweb32.exe
     dumphive.exe
     dv95.exe
     dv95_o.exe
     dvp95.exe
     dvp95_0.exe
     earthagent.exe
     ecengine.exe
     ecls.exe
     ecmd.exe
     edi.exe
     efinet32.exe
     efpeadm.exe
     egui.exe
     EHttpSrv.exe
     ekrn.exe
     ent.exe
     esafe.exe
     escanh95.exe
     escanhnt.exe
     escanv95.exe
     espwatch.exe
     etrustcipe.exe
     evpn.exe
     ewido.exe
     exantivirus-cnet.exe
     exit.exe
     expert.exe
     explored.exe
     fact.exe
     f-agnt95.exe
     fameh32.exe
     fa-setup.exe
     fast.exe
     fch32.exe
     fih32.exe
     Filemon.exe
     findviru.exe
     firewall.exe
     FirewallControlPanel.exe
     FirewallSettings.exe
     fix-it.exe
     flowprotector.exe
     fnrb32.exe
     FPAVServer.exe
     fprot.exe
     f-prot.exe
     fprot95.exe
     f-prot95.exe
     fp-win.exe
     fp-win_trial.exe
     frw.exe
     fsaa.exe
     fsav.exe
     fsav32.exe
     fsav530stbyb.exe
     fsav530wtbyb.exe
     fsav95.exe
     fsave32.exe
     fsgk32.exe
     fslaunch.exe
     fsm32.exe
     fsma32.exe
     fsmb32.exe
     fssm32.exe
     f-stopw.exe
     fwenc.exe
     fwinstall.exe
     gbmenu.exe
     gbpoll.exe
     GenericRenosFix.exe
     generics.exe
     gibe.exe
     GoogleToolbarInstaller_download_signed.exe
     gpedit.exe
     guard.exe
     guarddog.exe
     guardgui.exe
     guardhlp.exe
     hacktracersetup.exe
     HelpPane.exe
     hidec.exe
     HiJackThis.exe
     HJTInstall.exe
     HostsChk.exe
     htlog.exe
     hwpe.exe
     iamapp.exe
     iamserv.exe
     iamstats.exe
     ibmasn.exe
     ibmavsp.exe
     icload95.exe
     icloadnt.exe
     icmon.exe
     icmoon.exe
     icssuppnt.exe
     icsupp.exe
     icsupp95.exe
     icsuppnt.exe
     IEDFix.exe
     iface.exe
     ifw2000.exe
     iomon98.exe
     iparmor.exe
     iris.exe
     isrv95.exe
     jammer.exe
     jed.exe
     jedi.exe
     kav8.0.0.357es.exe
     kavlite40eng.exe
     kavpers40eng.exe
     kavsvc.exe
     kerio-pf-213-en-win.exe
     kerio-wrl-421-en-win.exe
     kerio-wrp-421-en-win.exe
     killprocesssetup161.exe
     kis8.0.0.506latam.exe
     kpf.exe
     kpfw32.exe
     ldnetmon.exe
     ldpro.exe
     ldpromenu.exe
     ldscan.exe
     licmgr.exe
     localnet.exe
     lockdown.exe
     lockdown2000.exe
     lookout.exe
     lsetup.exe
     luall.exe
     luau.exe
     lucomserver.exe
     luinit.exe
     luspt.exe
     mbam.exe
     mbamgui.exe
     mbamservice.exe
     mcadmin.exe
     mcagent.exe
     mcconsol.exe
     mcmnhdlr.exe
     mcshield.exe
     mctool.exe
     mcuimgr.exe
     mcupdate.exe
     mcvsrte.exe
     mcvsshld.exe
     mdll.exe
     mfeann.exe
     mfw2en.exe
     mfweng3.02d30.exe
     mgavrtcl.exe
     mgavrte.exe
     mghtml.exe
     mgui.exe
     minilog.exe
     monitor.exe
     monsys32.exe
     monsysnt.exe
     monwow.exe
     moolive.exe
     mpfagent.exe
     mpfservice.exe
     mpftray.exe
     mrflux.exe
     MSASCui.exe
     msblast.exe
     msconfig.exe
     msinfo32.exe
     msn.exe
     mspatch.exe
     mssmmc32.exe
     mu0311ad.exe
     mwatch.exe
     mxtask.exe
     n32scan.exe
     n32scanw.exe
     nai_vs_stat.exe
     nav32_loader.exe
     nav80try.exe
     navap.exe
     navapsvc.exe
     navapw32.exe
     navauto-protect.exe
     navdx.exe
     naveng.exe
     navengnavex15.exe
     navex15.exe
     navlu32.exe
     navnt.exe
     navrunr.exe
     navsched.exe
     navstub.exe
     navw.exe
     navw32.exe
     navwnt.exe
     nc2000.exe
     ncinst4.exe
     nd98spst.exe
     ndd32.exe
     ndntspst.exe
     neomonitor.exe
     neowatchlog.exe
     netarmor.exe
     netcfg.exe
     netinfo.exe
     netmon.exe
     netscanpro.exe
     Netscape.exe
     netspyhunter-1.2.exe
     netstat.exe
     netutils.exe
     nisserv.exe
     nisum.exe
     nmain.exe
     nod32.exe
     normist.exe
     norton_internet_secu_3.0_407.exe
     notstart.exe
     npf40_tw_98_nt_me_2k.exe
     npfmessenger.exe
     nprotect.exe
     npscheck.exe
     npssvc.exe
     nsched32.exe
     ntdetect.exe
     ntrtscan.exe
     ntxconfig.exe
     nui.exe
     nupdate.exe
     nupgrade.exe
     nvapsvc.exe
     nvarch16.exe
     nvc95.exe
     nvlaunch.exe
     nvsvc32.exe
     nwinst4.exe
     nwservice.exe
     nwtool16.exe
     offguard.exe
     ogrc.exe
     opera.exe
     Opera_964_int_Setup.exe
     ostronet.exe
     outpost.exe
     outpostinstall.exe
     outpostproinstall.exe
     padmin.exe
     panixk.exe
     pathping.exe
     pavcl.exe
     pavproxy.exe
     pavsched.exe
     pavw.exe
     pcc2002s902.exe
     pcc2k_76_1436.exe
     pccclient.exe
     pccguide.exe
     pcciomon.exe
     pccmain.exe
     pccntmon.exe
     pccpfw.exe
     pccwin97.exe
     pccwin98.exe
     pcdsetup.exe
     pcfwallicon.exe
     pcip10117_0.exe
     pcscan.exe
     pcscanpdsetup.exe
     penis32.exe
     periscope.exe
     persfw.exe
     perswf.exe
     pev.exe
     pf2.exe
     pfwadmin.exe
     ping.exe
     pingscan.exe
     platin.exe
     pop3trap.exe
     poproxy.exe
     popscan.exe
     portdetective.exe
     portmon.exe
     portmonitor.exe
     ppinupdt.exe
     pptbc.exe
     ppvstop.exe
     prckiller.exe
     Process.exe
     processmonitor.exe
     procexp.exe
     procexplorerv1.0.exe
     Procmon.exe
     programauditor.exe
     proport.exe
     protectx.exe
     pspf.exe
     purge.exe
     pview.exe
     pview95.exe
     qconsole.exe
     qserver.exe
     rapapp.exe
     rav.exe
     rav7.exe
     rav7win.exe
     rav8win32eng.exe
     realmon.exe
     regedit.exe
     regedt32.exe
     Regmon.exe
     rescue.exe
     rescue32.exe
     Restart.exe
     route.exe
     routemon.exe
     rrguard.exe
     rshell.exe
     rstrui.exe
     rtvscn95.exe
     rulaunch.exe
     Safari.exe
     safeweb.exe
     SandboxieBITS.exe
     SandboxieCrypto.exe
     SandboxieDcomLaunch.exe
     SandboxieRpcSs.exe
     SandboxieWUAU.exe
     SbieCtrl.exe
     SbieSvc.exe
     sbserv.exe
     scan32.exe
     scan95.exe
     scanpm.exe
     sched.exe
     schedapp.exe
     scrscan.exe
     scvhosl.exe
     sd.exe
     sdclt.exe
     serv95.exe
     setup_flowprotector_us.exe
     setupvameeval.exe
     sgssfw32.exe
     sh.exe
     sharedaccess.exe
     shellspyinstall.exe
     shn.exe
     shstat.exe
     smc.exe
     SmitfraudFix.exe
     sofi.exe
     spf.exe
     sphinx.exe
     spider.exe
     spysweeper.exe
     spyxx.exe
     SrchSTS.exe
     srwatch.exe
     ss3edit.exe
     st2.exe
     supftrl.exe
     supporter5.exe
     sweep.exe
     sweep95.exe
     sweepnet.exe
     sweepsrv.sys.exe
     swnetsup.exe
     swreg.exe
     swsc.exe
     swxcacls.exe
     symproxysvc.exe
     symtray.exe
     sysdoc32.exe
     syshelp.exe
     taskkill.exe
     tasklist.exe
     taskmgr.exe
     taskmon.exe
     taumon.exe
     tauscan.exe
     tbscan.exe
     tc.exe
     tca.exe
     tcm.exe
     tcpsvs32.exe
     tds2.exe
     tds2-98.exe
     tds2-nt.exe
     tds-3.exe
     tfak.exe
     tfak5.exe
     tftpd.exe
     tgbob.exe
     titanin.exe
     titaninxp.exe
     tmlisten.exe
     tmntsrv.exe
     tracerpt.exe
     tracert.exe
     trjscan.exe
     trjsetup.exe
     trojantrap3.exe
     UCCLSID.exe
     UI0Detect.exe
     undoboot.exe
     unzip.exe
     update.exe
     UserAccountControlSettings.exe
     VACFix.exe
     vbcmserv.exe
     vbcons.exe
     vbust.exe
     vbwin9x.exe
     vbwinntw.exe
     vccmserv.exe
     vcleaner.exe
     vcontrol.exe
     vcsetup.exe
     vet32.exe
     vet95.exe
     vet98.exe
     vettray.exe
     vfsetup.exe
     vir-help.exe
     virusmdpersonalfirewall.exe
     vmsrvc.exe
     vnlan300.exe
     vnpc3000.exe
     vpc32.exe
     vpc42.exe
     vpcmap.exe
     vpfw30s.exe
     vptray.exe
     vscan.exe
     vscan40.exe
     vscenu6.02d30.exe
     vsched.exe
     vsecomr.exe
     vshwin32.exe
     vsisetup.exe
     vsmain.exe
     vsmon.exe
     vsscan40.exe
     vsstat.exe
     vswin9xe.exe
     vswinntse.exe
     vswinperse.exe
     vvstat.exe
     w32dsm89.exe
     w9x.exe
     watchdog.exe
     webscan.exe
     webscanx.exe
     webtrap.exe
     WerFault.exe
     wfindv32.exe
     wgfe95.exe
     whoswatchingme.exe
     wimmun32.exe
     wingate.exe
     winhlpp32.exe
     wink.exe
     winmgm32.exe
     winppr32.exe
     winrecon.exe
     winroute.exe
     winservices.exe
     winsfcm.exe
     wmias.exe
     wmiav.exe
     wnt.exe
     wradmin.exe
     wrctrl.exe
     WS2Fix.exe
     wsbgate.exe
     wuauclt.exe
     wyvernworksfirewall.exe
     xpf202en.exe
     xscan.exe
     zapro.exe
     zapsetup3001.exe
     zatutor.exe
     zatutorzauinst.exe
     zauinst.exe
     zlh.exe
     zonalarm.exe
     zonalm2601.exe
     zonealarm.exe

– [HKLM\SOFTWARE\Microsoft\Security Center]
   Valor recente:
   • "UacDisableNotify"=dword:00000001
     "AntiSpyWareDisableNotify"=dword:00000001
     "AntiVirusDisableNotify"=dword:00000001
     "InternetSettingsDisableNotify"=dword:00000001
     "AutoUpdateDisableNotify"=dword:00000001
     "cval"=dword:00000001

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
   Valor recente:
   • "ConsentPromptBehaviorAdmin"=dword:00000000
     "ConsentPromptBehaviorUser"=dword:00000000
     "EnableLUA"=dword:00000000
     "PromptOnSecureDesktop"=dword:00000001

– [HKCU\Software\Microsoft\Internet Explorer\Download]
   Valor recente:
   • "CheckExeSignatures"="no"
     "RunInvalidSignatures"=dword:00000001

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
   Valor recente:
   • "HideSCAHealth"=dword:00000001
     "NoRun"=dword:00000001
     "NoFile"=dword:00000001
     "NoFolderOptions"=dword:00000000

– [HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\
   FirewallPolicy\DomainProfile]
   Valor recente:
   • "DisableNotifications"=dword:00000001
     "DoNotAllowExceptions"=dword:00000000
     "EnableFirewall"=dword:00000000

– [HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\
   FirewallPolicy\StandardProfile]
   Valor recente:
   • "DisableNotifications"=dword:00000001
     "DoNotAllowExceptions"=dword:00000000

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
   Valor anterior:
   • "SuperHidden"=dword:00000000
     "HideFileExt"=dword:00000001
   Valor recente:
   • "SuperHidden"=dword:00000001
     "HideFileExt"=dword:00000003

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
   Valor recente:
   • "TracesSuccessful"=dword:0000001d
     "LastTraceFailure"=dword:00000004

– [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]
   Valor anterior:
   • "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"
     "Local Page"="%SystemRoot%\\system32\\blank.htm"
     "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
     "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
     "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
   Valor recente:
   • "Start Page"="http://un5967gg64ty1vo.directorio-w.com"
     "Local Page"="http://4j0snd178466456.directorio-w.com"
     "Search Page"="http://b95id8rf8ae1csf.directorio-w.com"
     "Default_Search_URL"="http://791zu81g7301ecq.directorio-w.com"
     "Default_Page_URL"="http://scibjbr9auqx0o3.directorio-w.com"

– [HKCU\Software\Microsoft\Internet Explorer\Main]
   Valor anterior:
   • "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
     "Local Page"="c:\windows\\system32\\blank.htm"
     "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   Valor recente:
   • "Start Page"="http://unapz47jl26c955.directorio-w.com"
     "Local Page"="http://4p53hw6sn67ml8o.directorio-w.com"
     "Search Page"="http://0548l7olele1q67.directorio-w.com"

 Infecção da rede  Para assegurar a sua propagação o malware tenta ligar-se a outras máquinas como descrito abaixo.

Envia cópias de si próprio às seguintes partilhas de rede:
   • %TEMPDIR%\%número hexadecimal%\FOTOS
   • %TEMPDIR%\%número hexadecimal%\JUEGOS
   • %TEMPDIR%\%número hexadecimal%\LIBROS
   • %TEMPDIR%\%número hexadecimal%\MUSICA
   • %TEMPDIR%\%número hexadecimal%\PELICULAS
   • %TEMPDIR%\%número hexadecimal%\PELICULAS

 Hospedeiros O ficheiro hospedeiro sofre as seguintes alterações:

– Neste caso valores existentes serão alterados.

– O acesso aos seguintes domínios é redireccionado para outros destinos:
   • viabcp.com; www.viabcp.com; ww2.viabcp.com; bcpzonasegura.viabcp.com;
      hotmail.com; www.hotmail.com; 13iii.com; 15660808.co.kr;
      2-spyware.com; 247fixes.com; 360.cn; 360.com; 360safe.cn; 360safe.com;
      45pounds.com; 51nb.com; 9down.com; a-2.org; a188.x.akamai.net;
      abuse.ch; acs.pandasoftware.com; ad-aware-se.uptodown.com;
      ad.fastclick.net; ads.fastclick.net; agfirewall.ru; agnitum.com;
      agnitum.de; agnitum.fr; agnitum.ru; ahn.com.cn; ahnlab.com;
      akamai.net; aknow.prevx.com; aladdin.com; alert.rising.com.cn;
      alerta-antivirus.inteco.es; alerta-antivirus.red.es; alladdin.ru;
      aluriasoftware.com; analysis.seclab.tuwien.ac.at; andymanchesta.com;
      anti-virus-software-review.com; anti-virus.by; anti-virus.com;
      antirootkit.com; antispam.sunbeltsoftware.com; antispy.ru;
      antispyware.sunbeltsoftware.com; antivir.es; antiviraldp.com;
      antivirus-online.de; antivirus-tools.com; antivirus.about.com;
      antivirus.cai.com; antivirus.comodo.com; antivirus.hispavista.com;
      antivirus.sunbeltsoftware.com; antiy.net; anubis.iseclab.org;
      apac.trendmicro.com; ar.answers.yahoo.com; ar.atwola.com; arcabit.com;
      arcabit.pl; archive.bitdefender.com; arswp.com; arwww.fortinet.cz;
      asap.authentium.com; ashampoo.com; atazita.blogspot.com; atdmt.com;
      attechnical.com; atwola.com; au.mcafee.com; auditmypc.com;
      authentium.com; auwww.ealaddin.nl; avast-home.uptodown.com; avast.com;
      avast.ru; avg-antivirus.net; avg.com; avg.vo.llnwd.net; avgate.net;
      avgfrance.com; avhide.com; avira.com; avp.ch; avp.com; avp.ru;
      avpclub.ddns.info; avu.zonelabs.com; avx.rob-have.net; awaps.net;
      b-have.orgbitdefender-ar.com; babooforum.com.br; backup.comodo.com;
      baike.360.cn; baike.360.com; bakunos.com; banner.fastclick.net;
      banners.fastclick.net; baristamagazine.com; basetendencies.com;
      bbs.360.cn; bbs.360safe.cn; bbs.360safe.com; bbs.cfan.com.cn;
      bbs.cpcw.com; bbs.dswlab.com; bbs.duba.net; bbs.ikaka.com;
      bbs.janmeng.com; bbs.kafan.cn; bbs.kafan.com; bbs.kaspersky.com.cn;
      bbs.kpfans.com; bbs.mcafeefans.com; bbs.s-sos.net; bbs.sucop.com;
      bbs.taisha.org; bbs.trendmicro.com.cn; bbs.winzheng.com;
      bestofewan.com; beta.anti-virus.by; bg.virusblokada.com; bhsbees.com;
      bitcity.info; bitcity.org; bitdefender.co.uk; bitdefender.com;
      bitdefender.com.ua; bitdefender.es; bitdefender.org;
      bitdefender.secyber.net; bitdefenderchina.com;
      bitdefenderguatemala.com; bitdefendermalaysia.com;
      bitdefendertaiwan.com; bitdefenderuruguay.com; bitdefenderusa.com;
      biz.nprotect.com; bkav.com.vn; blackice.iss.net; bleedingthreats.net;
      bleepingcomputer.com; blitzblank.com; blog.hispasec.com;
      blog.threatfire.com; blog.titanium-jewelry.com; blog.trendmicro.com;
      blogs.icerocket.com; blogs.protegerse.com; blogschapines.com;
      boardreader.com; bobbondart.com; br.mcafee.com; br.trendmicro.com;
      brazil.kaspersky.com; buddy.bitdefender.com; bugs.clamav.net;
      buscafacil.com; buscalo.in; busco.in; buy.bitdefender-es.com;
      buy.bitdefender.com; buy.bitdefender.de; buy.drweb.com;
      buy.rising.com.cn; ca.com; cacomvip.ca.com; cai.com;
      canada.karuna-shechen.org; castlecops.com; castlecrops.com;
      ccslaughterspdx.com; cddchiangmai.net; cdn.atwola.com;
      center.rising.com.cn; centralcommand.com; cert.org; cfan.com.cn;
      cgi.clamav.net; changedetection.com; changelog.fr;
      channelpartner.trendmicro.com; chickensroamfree.com; chkrootkit.org;
      chollian.nprotect.co.kr; cisrt.org; cit.kookmin.ac.kr; clamav.net;
      clamwin.com; click.atdmt.com; clicks.atdmt.com;
      cloudprotection.pandasecurity.com; clubic.com; cmmings.cn;
      cn.mcafee.com; cn.sophos.com; cn.trendmicro.com;
      codesigning.ksoftware.net; codehard.wordpress.com; cohartuk.com;
      commentcamarche.net; community.thaiware.com; comodo.com;
      company.drweb.com; company.hauri.co.kr; company.hauri.net;
      computing.net; comunidad.wilkinsonpc.com.co; configurarequipos.com;
      coresecurity.com; cou85.com; cowsmo.com; cpsecure.com;
      csc.rising.com.cn; cureit.ru; customer.symantec.com;
      customers.drweb.com; cutlines.org; cwsandbox.org;
      cybercrime.pandasecurity.com; cyberdefender.com; cybertechhelp.com;
      daboweb.com; daniloff.net; daniweb.com; darkclockers.com; dazhizhu.cn;
      de.bitdefender.com; de.mcafee.com; de.trendmicro.com;
      deckard.geekstogo.com; deerfield.com; defalcos.com;
      definitions.symantec.com; dell.symantec.com; demos.eset.es;
      descargas.eset.es; dev.depeuter.org; developmentdrums.org;
      dialognauka.ru; diamondcs.com.au; dicasweb.com.br;
      discussions.virtualdr.com; disk-encryption.comodo.com; dl.360safe.com;
      dl1.antivir-pe.com; dl1.antivir-pe.de; dl1.antivir.de; dl1.avgate.net;
      dl10.freeav.net; dl2.antivir-pe.com; dl2.antivir-pe.de;
      dl2.antivir.de; dl2.avgate.net; dl3.antivir-pe.de; dl3.antivir.de;
      dl3.avgate.net; dl4.antivir-pe.com; dl4.antivir-pe.de; dl4.antivir.de;
      dl4.avgate.net; dl5.avgate.net; dl6.avgate.net; dl7.avgate.net;
      dl8.avgate.net; dl8.freeav.net; dl9.avgate.net; dl9.freeav.net;
      dnl-cd1.kaspersky-labs.com; dnl-cd10.kaspersky-labs.com;
      dnl-cd11.kaspersky-labs.com; dnl-cd12.kaspersky-labs.com;
      dnl-cd13.kaspersky-labs.com; dnl-cd2.kaspersky-labs.com;
      dnl-cd3.kaspersky-labs.com; dnl-cd4.kaspersky-labs.com;
      dnl-cd5.kaspersky-labs.com; dnl-cd6.kaspersky-labs.com;
      dnl-cd7.kaspersky-labs.com; dnl-cd8.kaspersky-labs.com;
      dnl-cd9.kaspersky-labs.com; dnl-cn1.kaspersky-labs.com;
      dnl-cn10.kaspersky-labs.com; dnl-cn11.kaspersky-labs.com;
      dnl-cn12.kaspersky-labs.com; dnl-cn13.kaspersky-labs.com;
      dnl-cn14.kaspersky-labs.com; dnl-cn15.kaspersky-labs.com;
      dnl-cn2.kaspersky-labs.com; dnl-cn3.kaspersky-labs.com;
      dnl-cn4.kaspersky-labs.com; dnl-cn5.kaspersky-labs.com;
      dnl-cn6.kaspersky-labs.com; dnl-cn7.kaspersky-labs.com;
      dnl-cn8.kaspersky-labs.com; dnl-cn9.kaspersky-labs.com;
      dnl-eu1.kaspersky-labs.com; dnl-eu10.kaspersky-labs.com;
      dnl-eu11.kaspersky-labs.com; dnl-eu12.kaspersky-labs.com;
      dnl-eu13.kaspersky-labs.com; dnl-eu14.kaspersky-labs.com;
      dnl-eu15.kaspersky-labs.com; dnl-eu2.kaspersky-labs.com;
      dnl-eu3.kaspersky-labs.com; dnl-eu4.kaspersky-labs.com;
      dnl-eu5.kaspersky-labs.com; dnl-eu6.kaspersky-labs.com;
      dnl-eu7.kaspersky-labs.com; dnl-eu8.kaspersky-labs.com;
      dnl-eu9.kaspersky-labs.com; dnl-jp1.kaspersky-labs.com;
      dnl-jp10.kaspersky-labs.com; dnl-jp11.kaspersky-labs.com;
      dnl-jp12.kaspersky-labs.com; dnl-jp13.kaspersky-labs.com;
      dnl-jp14.kaspersky-labs.com; dnl-jp15.kaspersky-labs.com;
      dnl-jp2.kaspersky-labs.com; dnl-jp3.kaspersky-labs.com;
      dnl-jp4.kaspersky-labs.com; dnl-jp5.kaspersky-labs.com;
      dnl-jp6.kaspersky-labs.com; dnl-jp7.kaspersky-labs.com;
      dnl-jp8.kaspersky-labs.com; dnl-jp9.kaspersky-labs.com;
      dnl-kr1.kaspersky-labs.com; dnl-kr10.kaspersky-labs.com;
      dnl-kr11.kaspersky-labs.com; dnl-kr12.kaspersky-labs.com;
      dnl-kr13.kaspersky-labs.com; dnl-kr15.kaspersky-labs.com;
      dnl-kr2.kaspersky-labs.com; dnl-kr3.kaspersky-labs.com;
      dnl-kr4.kaspersky-labs.com; dnl-kr5.kaspersky-labs.com;
      dnl-kr6.kaspersky-labs.com; dnl-kr7.kaspersky-labs.com;
      dnl-kr8.kaspersky-labs.com; dnl-kr9.kaspersky-labs.com;
      dnl-ru1.kaspersky-labs.com; dnl-ru10.kaspersky-labs.com;
      dnl-ru11.kaspersky-labs.com; dnl-ru12.kaspersky-labs.com;
      dnl-ru13.kaspersky-labs.com; dnl-ru14.kaspersky-labs.com;
      dnl-ru15.kaspersky-labs.com; dnl-ru2.kaspersky-labs.com;
      dnl-ru3.kaspersky-labs.com; dnl-ru4.kaspersky-labs.com;
      dnl-ru5.kaspersky-labs.com; dnl-ru6.kaspersky-labs.com;
      dnl-ru7.kaspersky-labs.com; dnl-ru8.kaspersky-labs.com;
      dnl-ru9.kaspersky-labs.com; dnl-us1.kaspersky-labs.com;
      dnl-us10.kaspersky-labs.com; dnl-us11.kaspersky-labs.com;
      dnl-us12.kaspersky-labs.com; dnl-us13.kaspersky-labs.com;
      dnl-us14.kaspersky-labs.com; dnl-us15.kaspersky-labs.com;
      dnl-us2.kaspersky-labs.com; dnl-us3.kaspersky-labs.com;
      dnl-us4.kaspersky-labs.com; dnl-us5.kaspersky-labs.com;
      dnl-us6.kaspersky-labs.com; dnl-us7.kaspersky-labs.com;
      dnl-us8.kaspersky-labs.com; dnl-us9.kaspersky-labs.com; dougknox.com;
      down.360safe.cn; down.360safe.com; download.avg.com;
      download.bleepingcomputer.com; download.com; download.com.vn;
      download.eset.com; download.f-secure.com; download.mcafee.com;
      download.microsoft.com; download.microsoft.comguru0.grisoft.cz;
      download.nai.com; download.norman.no; download.rising.com.cn;
      download.softpedia.com; download.sysinternals.com;
      download0.avast.com; download1.avast.com; download1.emsisoft.com;
      download1.quickheal.com; download10.quickheal.com;
      download100.avast.com; download1us.softpedia.com; download2.avast.com;
      download2.quickheal.com; download200.avast.com; download201.avast.com;
      download202.avast.com; download203.avast.com; download204.avast.com;
      download205.avast.com; download206.avast.com; download207.avast.com;
      download208.avast.com; download209.avast.com; download210.avast.com;
      download211.avast.com; download212.avast.com; download213.avast.com;
      download214.avast.com; download3.avast.com; download3.quickheal.com;
      download4.avast.com; download4.emsisoft.com; download4.quickheal.com;
      download5.avast.com; download5.emsisoft.com; download5.quickheal.com;
      download501.avast.com; download502.avast.com; download503.avast.com;
      download504.avast.com; download505.avast.com; download511.avast.com;
      download512.avast.com; download513.avast.com; download514.avast.com;
      download515.avast.com; download516.avast.com; download535.avast.com;
      download6.avast.com; download6.quickheal.com; download600.avast.com;
      download601.avast.com; download602.avast.com; download603.avast.com;
      download604.avast.com; download605.avast.com; download606.avast.com;
      download607.avast.com; download608.avast.com; download609.avast.com;
      download617.avast.com; download618.avast.com; download619.avast.com;
      download620.avast.com; download621.avast.com; download622.avast.com;
      download623.avast.com; download624.avast.com; download625.avast.com;
      download626.avast.com; download627.avast.com; download628.avast.com;
      download629.avast.com; download630.avast.com; download631.avast.com;
      download632.avast.com; download633.avast.com; download634.avast.com;
      download635.avast.com; download636.avast.com; download637.avast.com;
      download638.avast.com; download639.avast.com; download640.avast.com;
      download641.avast.com; download642.avast.com; download643.avast.com;
      download644.avast.com; download645.avast.com; download646.avast.com;
      download647.avast.com; download648.avast.com; download649.avast.com;
      download650.avast.com; download651.avast.com; download652.avast.com;
      download653.avast.com; download654.avast.com; download655.avast.com;
      download656.avast.com; download658.avast.com; download659.avast.com;
      download660.avast.com; download661.avast.com; download662.avast.com;
      download663.avast.com; download664.avast.com; download665.avast.com;
      download666.avast.com; download667.avast.com; download668.avast.com;
      download669.avast.com; download670.avast.com; download671.avast.com;
      download672.avast.com; download673.avast.com; download674.avast.com;
      download675.avast.com; download676.avast.com; download677.avast.com;
      download678.avast.com; download679.avast.com; download680.avast.com;
      download681.avast.com; download682.avast.com; download683.avast.com;
      download684.avast.com; download685.avast.com; download686.avast.com;
      download687.avast.com; download688.avast.com; download689.avast.com;
      download690.avast.com; download691.avast.com; download692.avast.com;
      download693.avast.com; download694.avast.com; download695.avast.com;
      download696.avast.com; download697.avast.com; download698.avast.com;
      download699.avast.com; download7.avast.com; download7.quickheal.com;
      download700.avast.com; download701.avast.com; download702.avast.com;
      download703.avast.com; download704.avast.com; download705.avast.com;
      download706.avast.com; download707.avast.com; download708.avast.com;
      download709.avast.com; download72.avast.com; download73.avast.com;
      download74.avast.com; download75.avast.com; download76.avast.com;
      download77.avast.com; download78.avast.com; download79.avast.com;
      download8.quickheal.com; download80.avast.com; download81.avast.com;
      download82.avast.com; download83.avast.com; download84.avast.com;
      download85.avast.com; download9.quickheal.com; download900.avast.com;
      download901.avast.com; download902.avast.com; download903.avast.com;
      download904.avast.com; download905.avast.com; download906.avast.com;
      download907.avast.com; download908.avast.com; download909.avast.com;
      download91.avast.com; download910.avast.com; download911.avast.com;
      download912.avast.com; download913.avast.com; download914.avast.com;
      download915.avast.com; download916.avast.com; download917.avast.com;
      download918.avast.com; download919.avast.com; download92.avast.com;
      download920.avast.com; download921.avast.com; download922.avast.com;
      download923.avast.com; download924.avast.com; download925.avast.com;
      download926.avast.com; download927.avast.com; download928.avast.com;
      download929.avast.com; download93.avast.com; download930.avast.com;
      download931.avast.com; download932.avast.com; download933.avast.com;
      download934.avast.com; download935.avast.com; download936.avast.com;
      download937.avast.com; download938.avast.com; download939.avast.com;
      download94.avast.com; download940.avast.com; download941.avast.com;
      download942.avast.com; download943.avast.com; download944.avast.com;
      download945.avast.com; download946.avast.com; download947.avast.com;
      download948.avast.com; download949.avast.com; download95.avast.com;
      download950.avast.com; download951.avast.com; download952.avast.com;
      download953.avast.com; download954.avast.com; download955.avast.com;
      download956.avast.com; download957.avast.com; download958.avast.com;
      download959.avast.com; download96.avast.com; download960.avast.com;
      download961.avast.com; download962.avast.com; download963.avast.com;
      download964.avast.com; download965.avast.com; download966.avast.com;
      download967.avast.com; download968.avast.com; download969.avast.com;
      download97.avast.com; download970.avast.com; download971.avast.com;
      download972.avast.com; download973.avast.com; download974.avast.com;
      download975.avast.com; download976.avast.com; download977.avast.com;
      download978.avast.com; download979.avast.com; download98.avast.com;
      download980.avast.com; download99.avast.com;
      downloads-eu1.kaspersky-labs.com; downloads-eu2.kaspersky-labs.com;
      downloads-eu3.kaspersky-labs.com; downloads-eu4.kaspersky-labs.com;
      downloads-us1.kaspersky-labs.com; downloads-us2.kaspersky-labs.com;
      downloads-us3.kaspersky-labs.com; downloads-us4.kaspersky-labs.com;
      downloads.andymanchesta.com; downloads.malwarebytes.org;
      downloads.microsoft.com; downloads.my-etrust.com;
      downloads1.kaspersky-labs.com; downloads2.kaspersky-labs.com;
      downloads3.kaspersky-labs.com; downloads4.kaspersky-labs.com;
      downloads5.kaspersky-labs.com; dr-web-cureit.softonic.com;
      drsolomon.com; drweb-inside.com; drweb.com; drweb.com.es; drweb.net;
      drwebinside.com; dswlab.com; duba.net; ealaddin.net;
      ealaddin.orgeshop.aladdin.com; easy-vpn.comodo.com; edm.symantec.com;
      education.symantec.com; eeload.com; eeye.com; eicar.org;
      elblogdemanu.com; elitepvpers.de; emea.trendmicro.com; emsisoft.com;
      emsisoft.de; encarta.msn.com; engine.awaps.net;
      enterprisesecur.symantec.com; eos.eset.es; eradicatespyware.net;
      es.answers.yahoo.com; es.kioskea.net; es.mcafee.com;
      es.trendmicro.com; es.wasalive.com; esafe.com;
      esecurity.livecall.co.kr; eset-la.com; eset.com; eset.es; eset.sk;
      esp.sophos.com; espanol.answers.yahoo.com;
      espanol.dir.groups.yahoo.com; espanol.groups.yahoo.com;
      esupport.trendmicro.com; et.symantec.com; etrr.co.uk;
      eugrantsadvisor.cz; eugrantsadvisor.de; eval.symantec.com; ewido.net;
      exchangeyourcareer.net; experts-exchange.com; f-prot.com;
      f-secure.com; f-secure.frf-secure.hk; f-secure.nlfsecure.com;
      fastclick.net; feedage.com; feeds.sophos.com; feeds.trendmicro.com;
      file.ikaka.cn; file.ikaka.com; file.net; files.avast.com;
      files.filefont.com; files.trendmicro-europe.com; filseclab.com;
      final4ever.com; finjan.com; firewall.sunbeltsoftware.com;
      firewallguide.com; fixmyim.com; foro.ethek.com; foros.toxico-pc.com;
      foros.zonavirus.com; forospanish.com; forospyware.com; forospyware.es;
      fortiguardcenter.com; fortihero.com; fortilog.com; fortinet.co.at;
      fortinet.com; fortiprotect.com; fortiwifi.com;
      forum.clubedohardware.com.br; forum.emsisoft.com; forum.hardware.fr;
      forum.hijackthis.de; forum.ikaka.com; forum.jiangmin.com;
      forum.kaspersky.com; forum.malekal.com; forum.piriform.com;
      forum.securitycadets.com; forum.sysinternals.com;
      forum.telecharger.01net.com; forum.tweaks.com; forum.zazana.com;
      forums.cnet.com; forums.comodo.com; forums.devshed.com;
      forums.maddoktor2.com; forums.majorgeeks.com; forums.techguy.org;
      forums.whatthetech.com; fr.bitdefender.com; fr.drweb.com;
      fr.mcafee.com; fr.trendmicro.com; fr1.drweb.com; fr2.drweb.com;
      fr3.drweb.com; fr4.drweb.com; fr5.drweb.com; fr6.drweb.com;
      fr7.drweb.com; fractus.mat.uson.mx; free-av.com; free-av.net;
      free.antivirus.com; free.avg.com; free.drweb.com; free.grisoft.com;
      free.grisoft.cz; free.pandasecurity.com; free.prevx.com;
      free.tinypicbox.com; freeav.com; freeav.net; freespywareremoval.info;
      frisk-software.com; fsc.norman.com; fsecure.nlwebyard.com;
      ftp.avp.com; ftp.bitdefender.com; ftp.ca.co; ftp.ca.com;
      ftp.customer.symantec.com; ftp.dispatch.mcafee.com;
      ftp.download.mcafee.com; ftp.downloads-eu1.kaspersky-labs.com;
      ftp.downloads-eu2.kaspersky-labs.com;
      ftp.downloads-eu3.kaspersky-labs.com;
      ftp.downloads-eu4.kaspersky-labs.com;
      ftp.downloads-us1.kaspersky-labs.com;
      ftp.downloads-us2.kaspersky-labs.com;
      ftp.downloads-us3.kaspersky-labs.com;
      ftp.downloads-us4.kaspersky-labs.com;
      ftp.downloads1.kaspersky-labs.com; ftp.downloads2.kaspersky-labs.com;
      ftp.downloads3.kaspersky-labs.com; ftp.downloads4.kaspersky-labs.com;
      ftp.drweb.com; ftp.esafe.com; ftp.europe.f-secure.com; ftp.f-prot.com;
      ftp.f-secure.com; ftp.grisoft.com; ftp.kaspersky-labs.com;
      ftp.kaspersky.com; ftp.kasperskylab.ru; ftp.liveupdate.symantec.com;
      ftp.liveupdate.symantecliveupdate.com; ftp.mast.mcafee.com;
      ftp.mcafee.com; ftp.microworldsystems.com; ftp.my-etrust.com;
      ftp.nai.com; ftp.networkassociates.com; ftp.norton.com;
      ftp.rads.mcafee.com; ftp.sandbox.norman.com; ftp.secure.nai.com;
      ftp.securityresponse.symantec.com; ftp.sophos.com; ftp.symantec.com;
      ftp.symantecliveupdate.com; ftp.symatec.com; ftp.trendmicro.com;
      ftp.uk.trendmicro-europe.com; ftp.update.symantec.com;
      ftp.updates.symantec.com; ftp.updates1.kaspersky-labs.com;
      ftp.updates2.kaspersky-labs.com; ftp.updates3.kaspersky-labs.com;
      ftp.updates4.kaspersky-labs.com; ftp.us.mcafee.com; ftp.viruslist.com;
      funkytoad.com; futurenow.bitdefender.com; fw.rising.com.cn; fx.dk;
      gangbang.mytijn.org; gdata.de; gdata.es; gecadsoftware.com;
      geekstogo.com; global.ahnlab.com; global.jiangmin.com;
      global.nprotect.com; go.mcafee.com; go.microsoft.com;
      go.rising.com.cn; go.sunbeltsoftware.com; go.symantec.com;
      go.trendmicro.com; greatis.com; grisoft.com; grisoft.cz;
      grv.microsoft.com; guiadohardware.net; guru.avg.com; guru1.grisoft.cz;
      guru2.grisoft.cz; guru3.grisoft.cz; guru4.grisoft.cz;
      guru5.grisoft.cz; gwava.nl; hacksoft.com.pe; hacksoft.pe; halmapr.com;
      hauri.co.kr; hauri.net; haurijapan.com; help.rising.com.cn;
      hi.baidu.com; hijackthis.de; hijackthis.download3000.com;
      hishomeforchildren.com; hjt-data.trend-braintree.com;
      hjt.networktechs.com; home.mcafee.com; hostedmailsecur.symantec.com;
      hotshare.net; housecall.com; housecall.trendmicro.com;
      housecall60.trendmicro.com; housecall65.trendmicro.com;
      howsafeismypc.com; huaifai.go.th; i-vault.comodo.com; iavs.cz;
      ibusca.me; idauthority.com; ids.kaspersky-labs.com; ieupdate.gdata.de;
      ieupdate1.gdata.de; ieupdate2.gdata.de; ieupdate3.gdata.de;
      ieupdate4.gdata.de; ieupdate5.gdata.de; ieupdate6.gdata.de; ikaka.cn;
      ikaka.com; ikarus.at; ikarus.net; ilove.tigolbittys.info;
      images.kaspersky.com; in.answers.yahoo.com; incodesolutions.com;
      info.drweb.com; info.prevx.com; infos-du-net.com; infosecpodcast.com;
      infospyware.com; inicioid.com; iniciorapido.info; inline-software.de;
      internetsecurity.comodo.com; intranet.cidiroax.ipn.mx;
      investor.symantec.com; irc.bigshitsandwich.org; irc.metraiciono.com;
      iseclab.org; isotopecomics.com; iss.net; it.answers.yahoo.com;
      it.bitdefender.com; it.mcafee.com; it.trendmicro.com;
      itw.trendmicro.com; ixomodels.com; ixostore.ixomodels.com;
      javacoolsoftware.com; jetico.com; jiangmin.com; jiangmin.com.cn;
      jobs.bitdefender.com; jotti.org; jp.mcafee.com; jp.trendmicro.com;
      justfacebook.net; k-otik.com; k7computing.com; kaba.360.cn;
      kaba.360.com; karuna-shechen.org; kaspersky-fr.com;
      kaspersky-labs.com; kaspersky.co.jp; kaspersky.co.uk; kaspersky.com;
      kaspersky.com.cn; kaspersky.dk; kaspersky.es; kaspersky.gr;
      kaspersky.pl; kaspersky.ru; kaspersky.se; kasperskylab.co.kr;
      kasperskylab.nl; kav.ru; kav.zonelabs.com; kb.bitdefender.com;
      kb.bitdefender.de; kb.bitdefender.us; kerio.com; kimzimmer.net;
      kioskea.net; kpfans.com; kr.ahnlab.com; kr.sophos.com; krupunmai.com;
      kvup.jiangmin.com; kztechs.com; l33t.shadow-mods.net;
      la.trendmicro.com; ladooscuro.es; laneros.com; latam.kaspersky.com;
      latin.bitdefender.com; lavasoft.com; lavasoft.nu; lavasoftusa.com;
      lexikon.ikarus.at; license.drweb.com; linhadefensiva.org;
      linhadefensiva.uol.com.br; linux.bitdefender.com; lists.clamav.net;
      liutilities.com; live.sunbeltsoftware.com; liveprotect.net;
      liveupdate.symantec.com; liveupdate.symantec.d4p.net;
      liveupdate.symantecliveupdate.com; looknstop.com;
      lovings.technigoyous.net; lurker.clamav.net; mailcenter.rising.com;
      mailcenter.rising.com.cn; majorgeeks.com; mall.hauri.co.kr;
      malwarebytes.org; malwarecity.com; malwarecity.netmalwarecity.org;
      malwaredomainlist.com; malwarepedia.com; malwareremoval.com;
      malwarescan.emsisoft.com; malwarescan.emsisoft.de;
      malwarescan.emsisoft.es; mamutu.com; manuelruvalcaba.com;
      marian.symantec.com; mast.mcafee.com; mcafee-at-home.com; mcafee.com;
      mcafeeb2b.com; mcafeefans.com; mcafeeretail.com; mcaffee.com;
      me.kaspersky.com; media.fastclick.net; megasecurity.org; merijn.org;
      metascan-online.com; microsoft.com; microsoft.fr; midescargas.com;
      mirror02.gdata.de; misec.net; mmsk.cn; moneybookers.com; moosoft.com;
      mop.pandasecurity.com; mostz.com; mozilla-hispano.org;
      msdn.microsoft.com; msk.drweb.com; msk1.drweb.com; msk2.drweb.com;
      msk3.drweb.com; msk4.drweb.com; msk5.drweb.com; msk6.drweb.com;
      msk7.drweb.com; msncleaner.softonic.com; msnfix.changelog.fr;
      msnvirusremoval.com; msr.mcafee.com; mvps.org; mx.answers.yahoo.com;
      mx.mcafee.com; mxttchina.com; my-etrust.com; my.drweb.com;
      mygeekside.com; nabble.com; nai.com; natsko.com; naturesimages.net;
      net-security.org; network.drweb.com; networkassociates.com;
      networkassociates.nai.com; networkworld.com;
      neunet.orgnews.bitdefender.com; new-beta.drweb.com;
      new-company.drweb.com; new-estore.drweb.com; new-forum.drweb.com;
      new-partners.drweb.com; new-solutions.drweb.com;
      new-support.drweb.com; new-www.drweb.com; new.taringa.net;
      news.drweb.com; newsletters.trendmicro.com; niueight.norman.no;
      niufive.norman.no; niufour.norman.no; niunine.norman.no;
      niuone.norman.no; niuseven.norman.no; niusix.norman.no;
      niuthree.norman.no; niutwo.norman.no; nl.bitdefender.com;
      noadware.net; nod32.co.uk; nod32.com; nod32.datsec.de; nod32.lu;
      nod32.ru; norman.com; norton.com; notifier.antivir-pe.de;
      novirusthanks.org; nprobeta.norman.com; nprotect.com; nprotect.net;
      nprotect.seoul.go.kr; nsclean.com; ntfaq.co.kr; obscgi.mcafee.com;
      oem.sunbeltsoftware.com; offensivecomputing.net; office.microsoft.com;
      oldtimer.geekstogo.com; one.tinypicbox.com; onecare.live.com;
      online-backup.comodo.com; online.jiangmin.com; online.rising.com.cn;
      onlinecheck.emsisoft.com; onlinecheck.emsisoft.de;
      onlinecheck.emsisoft.net; onlinecheck.emsisoft.org;
      onlinescan.avast.com; openantivirus.org; outpost.pl; ozzu.com;
      p3dev.taringa.net; pandalabs.pandasecurity.com; pandasecurity.com;
      pandasoftware.com; pandasoftware.es; pantip.com; pcav.cn;
      pccreg.antivirus.com; pccreg.trendmicro.com; pcentraide.com;
      pcguide.com; pchell.com; pcinternetpatrol.com; pcsupportadvisor.com;
      pctools.com; pda.drweb.com; pedidos.protegerse.com; personal.psu.edu;
      personalfirewall.comodo.com; pestpatrol.com; pg.hauri.net;
      phx.corporate-ir.net; pineleafboys.com; podcasts.sophos.com;
      pogonyuto.forospanish.com; precisesecurity.com; prevx.com;
      privacy.microsoft.com; products.drweb.com; promotions.drweb.com;
      psnw.com; pspl.com; pvtc.org; qqjkw.net; quickheal.co.in;
      quickheal.com; radius.turvamies.com; rads.mcafee.com;
      ravantivirus.com; raymond.cc; reg-int.nod32-es.com; reg.eset.es;
      reg.rising.com.cn; register.norman.com; removetrojanvirus.org;
      renewalcenter.symantec.com; renewals.bitdefender.com;
      research.microsoft.com; research.pandasecurity.com;
      research.sunbelt-software.com; resplendence.com;
      retail.sp.f-secure.com; retail01.sp.f-secure.com;
      retail02.sp.f-secure.com; ribbonwarehouse.com; rising-global.com;
      rising.com; rising.com.cn; rolandovera.com; rootkit.com; rootkit.nl;
      rover800.gaima.co.uk; roysephotos.com; ru.trendmicro.com;
      ruben.bzin.net; runscanner.net; safe.qq.com; safecomputing.umn.edu;
      safer-networking.org; safetynet.com; sales.bitdefender.com;
      samroeng.hi5.com; sandbox.norman.com; sandboxie.com; sapcupgrades.com;
      sarahmcconnellphotography.net; saverssite.com; scan.anti-trojan.net;
      scan.kingsoft.com; scan4you.net; scanner.novirusthanks.org;
      scanner.virus.org; scanner2.novirusthanks.or; schemas.microsoft.com;
      schemas.xmlsoap.org; sea.symantec.com; search.ca.com;
      search.mcafee.com; search.symantec.com; seasonsecurity.com;
      secdreg.org; secubox.aldria.com; secunia.com; secure-email.comodo.com;
      secure.av-desk.com; secure.nai.com; securecomputing.com; secureme.com;
      securitoo.com; security.symantec.com; securitycheck.symantec.com;
      securitynewsportal.com; securityrespons.symantec.com;
      securityresponse.symantec.com; securitywonks.net; secuser.com;
      secuser.model-fx.com; sergiwa.com; service.mcafee.com;
      service1.symantec.com; servicenews.symantec.com;
      sfdoccentral.symantec.com; shadow.grisoft.cz; shadu.baidu.com;
      shadu.duba.net; shield.prevx.com; shop.hauri.co.kr;
      shop.pandasecurity.com; shop.sunbeltsoftware.com; shop.symantec.com;
      shop.trendmicro.com; shudoo.com; simplysup.com; siren24.nprotect.com;
      siteadvisor.com; sitedirector.symantec.com; smallbiz.symantec.com;
      smbstore.trendmicro.com; smokey-services.eu; soccersuck.com;
      softfaq.com; softonic.com; software-files.download.com;
      solutions.drweb.com; sophos.com; sophos.fr; sophos1.ucd.ie;
      sophos10.ucd.ie; sophos2.ucd.ie; sophos5.ucd.ie; sophos6.ucd.ie;
      sophos7.ucd.ie; sophos8.ucd.ie; sophos9.ucd.ie;
      soporte.pandasecurity.com; sos.rising.com.cn; sosvirus.changelog.fr;
      spd.atdmt.com; specs.xmlsoap.org; speedtest.comodo.com;
      spftrl.digitalriver.com; spyany.com; spyblocker-software.com;
      spybot.info; spycheck.co.uk; spycheck.es; spychecker.com; spycop.com;
      spywaredb.com; spywaredlls.prevx.com; spywarefiles.prevx.com;
      spywareguide.com; spywareinfo.com; spywareterminator.com;
      square.bitdefender.com; static.yoreparo.com; stats.norton.com;
      stdio-labs.blogspot.com; stiller.com; store.bitdefender.com;
      store.de.bitdefender.com; store.drweb.com; store.trendmicro.com;
      subs.geekstogo.com; subwiz.trendmicro.com; sucop.com;
      sun.symantec.com; sunbelt-software.com; sunbeltsecurity.com;
      sunbeltsoftware.com; superboy2010.com.au; superdicas.com.br;
      superuser.co.kr; support.drweb.com; support.f-secure.com;
      support.kaspersky.co; support.mcafee.com; support.microsoft.com;
      support.pandasecurity.com; support.rising-global.com; sybari.com;
      sygate.com; symantec-ese.baynote.net; symantec.com;
      symantecliveupdate.com; symatec.com; sysinternals.com;
      system-cleaner.comodo.com; tallemu.com; taringa.net;
      tds.diamondcs.com.au; tech.pantip.com; techimo.com; techspot.com;
      techsupportforum.com; tecniservicioslys.com; tecno-soft.com;
      tempuri.org; thecomputerpitstop.com; thejokerx.blogspot.com;
      thetechguide.com; thinkpad.cn; threatexpert.com;
      threatinfo.trendmicro.com; timeforyourbusi.pandasecurity.com;
      timestamp.comodoca.com; timestamp.wosign.com; tinysoftware.com;
      tms.symantec.com; together.pctools.com; tool.ikaka.com; toonbox.de;
      tr.mcafee.com; trackingtheworld.com; training.drweb.com;
      training.trendmicro.com; trapware.com; trendmicro.com;
      trendmicro.com.cn; trendmicro.fr; trendsecure.com;
      trial.trendmicro.com; trucoswindows.es; trucoswindows.net;
      tw.mcafee.com; tw.sophos.com; tw.trendmicro.com; tweaksforgeeks.com;
      u0.eset.com; u1.eset.com; u10.eset.com; u100.eset.com; u11.eset.com;
      u12.eset.com; u13.eset.com; u14.eset.com; u15.eset.com; u16.eset.com;
      u17.eset.com; u18.eset.com; u19.eset.com; u2.eset.com; u20.eset.com;
      u21.eset.com; u22.eset.com; u23.eset.com; u24.eset.com; u25.eset.com;
      u26.eset.com; u27.eset.com; u28.eset.com; u29.eset.com; u3.eset.com;
      u30.eset.com; u31.eset.com; u32.eset.com; u33.eset.com; u34.eset.com;
      u35.eset.com; u36.eset.com; u36eset.com; u37.eset.com; u37eset.com;
      u38.eset.com; u39.eset.com; u4.eset.com; u40.eset.com; u41.eset.com;
      u42.eset.com; u43.eset.com; u44.eset.com; u45.eset.com; u46.eset.com;
      u47.eset.com; u48.eset.com; u49.eset.com; u5.eset.com; u50.eset.com;
      u51.eset.com; u52.eset.com; u53.eset.com; u54.eset.com; u55.eset.com;
      u56.eset.com; u57.eset.com; u58.eset.com; u59.eset.com; u6.eset.com;
      u60.eset.com; u61.eset.com; u62.eset.com; u63.eset.com; u64.eset.com;
      u65.eset.com; u66.eset.com; u67.eset.com; u68.eset.com; u69.eset.com;
      u7.eset.com; u70.eset.com; u71.eset.com; u72.eset.com; u73.eset.com;
      u74.eset.com; u75.eset.com; u76.eset.com; u77.eset.com; u78.eset.com;
      u79.eset.com; u8.eset.com; u80.eset.com; u81.eset.com; u82.eset.com;
      u83.eset.com; u84.eset.com; u85.eset.com; u86.eset.com; u87.eset.com;
      u88.eset.com; u89.eset.com; u9.eset.com; u90.eset.com; u91.eset.com;
      u92.eset.com; u93.eset.com; u94.eset.com; u95.eset.com; u96.eset.com;
      u97.eset.com; u98.eset.com; u99.eset.com; uk.mcafee.com;
      uk.trendmicro-europe.com; uk.trendmicro.com; ulove.tigolbittys.info;
      up.duba.net; up.rising.com.cn; up1.nod123.cn; upd.zonelabs.com;
      update.360safe.cn; update.360safe.com; update.aladdin.com;
      update.authentium.com; update.avg.com; update.avgfrance.com;
      update.bitdefender.com; update.drweb.com; update.ewido.com;
      update.grisoft.com; update.grisoft.cz; update.hispasec.com;
      update.ikaka.com; update.ikarus-software.at; update.quickheal.com;
      update.rising.com.cn; update.sophos.com; update.symantec.com;
      update.trendmicro.com; update7.jiangmin.com; updatem.360safe.cn;
      updatem.360safe.com; updates.a-2.org; updates.drweb.com;
      updates.f-prot.com; updates.sald.com; updates.symantec.com;
      updates3.kaspersky-labs.com; updates4.kaspersky-labs.com;
      updates5.kaspersky-labs.com; upgrade.bitdefender.com;
      upgrade1.bitdefender.com; upgrade2.bitdefender.com;
      upgrade3.bitdefender.com; upgrade4.bitdefender.com;
      upload.changelog.fr; us.bitdefender.com; us.mcafee.com;
      us.trendmicro.com; usa.kaspersky.com; usbcleaner.cn;
      ushousecall02.trendmicro.com; utilidades-utiles.com; v.dreamwiz.com;
      v4.windowsupdate.microsoft.com; v5.windowsupdate.microsoft.com;
      vet.com.au; vicentevirtual.com; viguard.com; vil.nai.com;
      vil.nail.com; virobot.co.kr; virscan.org; virus.org; virusbuster.hu;
      viruschief.com; virusdoctor.jp; virusfreezone.info;
      virusinfo.prevx.com; viruslist.com; viruslist.ru; virusscan.jotti.org;
      virusscanonline.net; virusspy.com; virustotal.com;
      visualizesoftware.com; visualtracking.symantec.com; vivo-austin.com;
      vms.drweb.com; vncsvr.com; vos.symantec.com; vrv.com.cn;
      vsantivirus.com; webadmin.norman.no; webphand.com; webroot.com;
      wedoantivirus.com; welkam.co.jp; wexperts-exchange.com;
      whatthetech.com; wikio.es; wilderssecurity.com; wilderssecurity.net;
      wildlist.com; windowsupdate.microsoft.com; winpatrol.com; wmcafee.com;
      woottonfootball.com; wtc.trendmicro.com; ww.emsisoft.com;
      www.1stavenuelimousines.co.uk; www.2xlgames.com; www.ahnlab.com;
      www.aks.com; www.aladdin.com; www.anti-trojan-software.net;
      www.anti-trojan.net; www.anti-virus.by; www.antivir.es;
      www.antivirus-tools.com; www.antiy.net; www.apsecure.com;
      www.arpia.be; www.authentium.com; www.authentium.com.au;
      www.av-desk.com; www.avast.com; www.avg.com; www.avhide.com;
      www.avoncourt.com; www.avx.ro; www.barder.com; www.beautybar.com;
      www.bg.virusblokada.com; www.bit-defender.de; www.bitdefende.de;
      www.bitdefender-es.com; www.bitdefender.be; www.bitdefender.cl;
      www.bitdefender.co.uk; www.bitdefender.com; www.bitdefender.com.au;
      www.bitdefender.com.sg; www.bitdefender.com.tw;
      www.bitdefender.com.vn; www.bitdefender.de; www.bitdefender.es;
      www.bitdefender.fr; www.bitdefender.hk; www.bitdefender.us;
      www.bitdefenderme.com; www.briarhurst.com; www.brightoctober.com;
      www.buraka.tv; www.buscafacil.com; www.buscalo.in; www.busco.in;
      www.ca.com; www.cambridge-steiner-school.co.uk; www.ccssforum.org;
      www.celticmerchant.com; www.clamav.net; www.collectedcurios.com;
      www.comodo.com; www.comodo.tv; www.comodoantispam.com;
      www.comodopartners.com; www.computing.net; www.configurarequipos.com;
      www.contentverification.com; www.deborahshelton.net; www.dr-bull.com;
      www.drweb.com; www.ealaddin.com; www.elvis-express.com;
      www.emeraldclassic.co.uk; www.emsisoft.at; www.emsisoft.com;
      www.emsisoft.de; www.emsisoft.es; www.emsisoft.fr; www.emsisoft.it;
      www.emsisoft.jp; www.emsisoft.net; www.emsisoft.nl; www.emsisoft.org;
      www.engyro.com; www.entercept.com; www.esafe.com; www.eset.es;
      www.eugrantsadvisor.com; www.eugrantsadvisor.de;
      www.eugrantsadvisor.ie; www.eugrantsadvisor.se;
      www.exchangeyourcareer.com; www.f-prot.com; www.f-secure.com;
      www.fimasys.com; www.flairweddings.co.uk; www.forospyware.com;
      www.fortifed.com; www.fortiid.com; www.fortimail.com;
      www.fortinet-apac.com; www.fortinet.ch; www.fortinet.co.il;
      www.fortinet.com; www.fortinet.net; www.fortinet.nl; www.fortinet.sg;
      www.fortinetuk.com; www.freeality.com; www.freedrweb.ru;
      www.freerav.com; www.frisk-software.com; www.frisk.is;
      www.fsecure.com; www.garryowen.com; www.gdata.es; www.globalhauri.com;
      www.gokidding.com; www.grisoft.com; www.hackshields.com;
      www.hacksoft.com.pe; www.hacksoft.pe; www.handwritingforkids.com;
      www.hasp.se; www.hauri.co.kr; www.hauri.net; www.hxproduction.com;
      www.ibusca.me; www.ikarus.at; www.imddomains.co.uk;
      www.indielisboa.com; www.inicioid.com; www.iniciorapido.info;
      www.internationalservicecheck.com; www.irangoals.com; www.iseclab.org;
      www.ixomodels.com; www.jiangmin.com; www.jiangmin.com.cn;
      www.jotti.org; www.kaspersky.com; www.kioskea.net;
      www.latin-mass-society.org; www.livepcsupport.com;
      www.malwarecity.com; www.malwarecity.fr; www.mamutu.com;
      www.mamutu.de; www.manchester-offices.co.uk; www.mcafee.at;
      www.mcafee.com; www.metascan-online.com; www.microsoft.com;
      www.midescargas.com; www.mountainlakeslodge.com; www.mtr-design.com;
      www.mygeekside.com; www.netegrity.com; www.norman.com;
      www.nottinghampoetryseries.com; www.novirusthanks.org; www.npin.co.kr;
      www.nprotect.co.kr; www.nprotect.com; www.nprotect.com.br;
      www.nsclean.com; www.owen.org; www.pandasecurity.com; www.pctools.com;
      www.peterhearnwaste.co.uk; www.phoenixtrikeworks.com;
      www.prdouglas.co.uk; www.prevx.com; www.prevx1.com;
      www.professorbeyer.com; www.quickheal.com; www.removetrojanvirus.org;
      www.renningers.com; www.residentphotography.com; www.retento.com;
      www.reviewsofbooks.com; www.rising-global.com; www.risingav.com.au;
      www.safenet-inc.com; www.scan4you.net; www.seasonsecurity.com;
      www.secondchanceboxer.com; www.secure-elements.com;
      www.sheffieldmind.co.uk; www.smf.org; www.softfaq.com; www.sophos.com;
      www.spycheck.co.uk; www.spycheck.es; www.stadiumpage.com;
      www.sunbeltsoftware.com; www.symantec.com; www.sysinternals.com;
      www.tecniservicioslys.com; www.testmypcsecurity.com;
      www.threatexpert.com; www.tomorrowsedge.net; www.trendmicro.com;
      www.trojaner.info; www.trustix.com; www.trustlogo.com; www.vba.com.by;
      www.virscan.org; www.virus.fi; www.virus.org; www.virusbuster.hu;
      www.viruschief.com; www.virusfreezone.info; www.virustotal.com;
      www.wellgousa.com; www.whichssl.com; www.willsee.com; www.xmlsoap.org;
      www.zarya.info; www1.my-etrust.com; www3.ca.com; www3.safenet-inc.com;
      www4.symantec.com; wwws.clamav.net; x-cleaner.com; x.360safe.com;
      yoreparo.com; z-oleg.com; zeustracker.abuse.ch; zeylstra.nl;
      zhidao.baidu.com; zhidao.ikaka.com; ziggamza.net; zonavirus.com;
      zonealarm.com; zonelabs.com; zonelabs.fr; zonelog.co.uk;
      zs.kingsoft.com; ztl.comodo.com




O ficheiro hospedeiro (alterado) terá a seguinte aparência:


 Terminar o processo São terminados os processos com um dos seguintes textos:
   • -----AV_Processes; Antivirus string [360safe]; Antivirus string
      [antivir]; Antivirus string [atwola]; Antivirus string [awaps.net];
      Antivirus string [bitdef]; Antivirus string [cureit]; Antivirus string
      [kaspersky]; Antivirus string [mcafee]; Antivirus string [spybot];
      Antivirus string [symantec]; Antivirus string [viruslist]; Antivirus
      string [zonealarm]; Antivirus string [trendmicro]; Antivirus string
      [hijackthis]; Antivirus string [f-prot]; Antivirus string [drweb];
      Antivirus string [clam]; Antivirus string [avast]; -----Antianalysis;
      Analysis tool string [sandbox]; Analysis tool string [sysinternals]


Desactiva processos em execução com um dos seguintes textos no nome do ficheiro:
   • -----AV_Processes; Antivirus string [360safe]; Antivirus string
      [antivir]; Antivirus string [atwola]; Antivirus string [awaps.net];
      Antivirus string [bitdef]; Antivirus string [cureit]; Antivirus string
      [kaspersky]; Antivirus string [mcafee]; Antivirus string [spybot];
      Antivirus string [symantec]; Antivirus string [viruslist]; Antivirus
      string [zonealarm]; Antivirus string [trendmicro]; Antivirus string
      [hijackthis]; Antivirus string [f-prot]; Antivirus string [drweb];
      Antivirus string [clam]; Antivirus string [avast]; -----Antianalysis;
      Analysis tool string [sandbox]; Analysis tool string [sysinternals]

 Backdoor Contacta o servidor:
Seguintes:
   • www.bu**********d.com
   • 03hge**********ker.com
   • 03m82**********eat.com
   • 04egf**********ker.com
   • 07eh4**********eat.com
   • 0i86h**********eat.com
   • 0pdfe**********ker.com
   • 0ud54**********eat.com
   • 0ue20**********ker.com
   • 0vku8**********eat.com
   • 11fj0**********ker.com
   • 14164**********ker.com
   • 15q1o**********eat.com
   • 178vy**********ker.com
   • 187ed**********ker.com
   • 195pj**********eat.com
   • 19j47**********ker.com
   • 1bgn1**********ker.com
   • 1u6w8**********ker.com
   • 1xn8x**********eat.com
   • 219a2**********ker.com
   • 25067**********eat.com
   • 25490**********ker.com
   • 26qqy**********ker.com
   • 2805x**********eat.com
   • 2b691**********ker.com
   • 2q5t0**********eat.com
   • 2rn50**********ker.com
   • 2w6u8**********eat.com
   • 2zsbr**********eat.com
   • 30445**********eat.com
   • 30j85**********ker.com
   • 350p1**********eat.com
   • 355dn**********ker.com
   • 387w0**********ker.com
   • 38ew0**********eat.com
   • 38va4**********ker.com
   • 3k8f4**********eat.com
   • 3las1**********eat.com
   • 3mg02**********eat.com
   • 3n88b**********ker.com
   • 3z0dd**********ker.com
   • 3z80u**********ker.com
   • 42sf7**********eat.com
   • 43hgl**********eat.com
   • 440w4**********eat.com
   • 45svw**********ker.com
   • 4852x**********eat.com
   • 4e3as**********eat.com
   • 4k76t**********eat.com
   • 4lr0s**********ker.com
   • 4qky5**********ker.com
   • 4ss68**********ker.com
   • 4vxj4**********ker.com
   • 515ad**********eat.com
   • 54581**********eat.com
   • 58fup**********ker.com
   • 5auit**********eat.com
   • 5cczm**********eat.com
   • 5d484**********eat.com
   • 5dr35**********eat.com
   • 5gi2f**********ker.com
   • 5pw28**********ker.com
   • 5sd1d**********ker.com
   • 5u034**********ker.com
   • 5u272**********ker.com
   • 60571**********eat.com
   • 60k61**********ker.com
   • 6118w**********ker.com
   • 62df6**********eat.com
   • 63z98**********ker.com
   • 6617t**********eat.com
   • 67hi2**********ker.com
   • 6925j**********eat.com
   • 69617**********eat.com
   • 6eh1g**********eat.com
   • 6vfv0**********eat.com
   • 6y4rk**********eat.com
   • 707d3**********ker.com
   • 72iu4**********ker.com
   • 73ok0**********ker.com
   • 7458a**********ker.com
   • 745nx**********eat.com
   • 75e69**********eat.com
   • 76lju**********eat.com
   • 770if**********eat.com
   • 7805c**********ker.com
   • 78q6m**********ker.com
   • 7du90**********eat.com
   • 7m735**********ker.com
   • 7o6w1**********eat.com
   • 7s2m0**********ker.com
   • 7wy2e**********ker.com
   • 8495q**********ker.com
   • 84se9**********eat.com
   • 85793**********ker.com
   • 863j8**********eat.com
   • 86hy2**********ker.com
   • 87ej0**********ker.com
   • 886zn**********eat.com
   • 88o04**********eat.com
   • 892ps**********ker.com
   • 8i37c**********eat.com
   • 8iol4**********ker.com
   • 8k23l**********eat.com
   • 8n54o**********eat.com
   • 8u4ns**********ker.com
   • 8we25**********eat.com
   • 8xe36**********eat.com
   • 8z7t2**********ker.com
   • 959d0**********eat.com
   • 966l0**********eat.com
   • 96tu7**********eat.com
   • 98002**********eat.com
   • 995xd**********ker.com
   • 9f5yx**********ker.com
   • 9gauz**********eat.com
   • a1f87**********eat.com
   • a38gw**********ker.com
   • a6jer**********ker.com
   • ae76z**********ker.com
   • b31te**********ker.com
   • b4q12**********ker.com
   • b5u3i**********ker.com
   • b839f**********eat.com
   • bvw7z**********eat.com
   • c40j4**********ker.com
   • c58v8**********eat.com
   • cb830**********ker.com
   • ceeg9**********eat.com
   • cz32t**********eat.com
   • d1bs3**********ker.com
   • d6tdp**********eat.com
   • d71l5**********ker.com
   • ddgsm**********ker.com
   • ddr83**********eat.com
   • dynkm**********eat.com
   • e28jj**********ker.com
   • e757e**********eat.com
   • e7r59**********ker.com
   • e88dw**********eat.com
   • e9yz5**********ker.com
   • ed6ny**********ker.com
   • ejl51**********eat.com
   • elb77**********eat.com
   • ev6si**********ker.com
   • exoc7**********eat.com
   • f2854**********eat.com
   • f6exj**********ker.com
   • f81gp**********ker.com
   • fda71**********ker.com
   • fg41z**********eat.com
   • fod93**********ker.com
   • fy3od**********eat.com
   • fz90h**********ker.com
   • g7nf2**********eat.com
   • gf75q**********ker.com
   • h528p**********eat.com
   • h9522**********eat.com
   • hvec9**********eat.com
   • hw45v**********eat.com
   • i041d**********eat.com
   • i4w47**********ker.com
   • i6511**********ker.com
   • i83cl**********ker.com
   • ilqe0**********ker.com
   • iwyf2**********ker.com
   • jd8qc**********ker.com
   • jfz34**********ker.com
   • ju9d9**********ker.com
   • jx192**********ker.com
   • k222f**********ker.com
   • k3yrc**********eat.com
   • k997q**********ker.com
   • knw23**********eat.com
   • lr6y0**********eat.com
   • lyk86**********ker.com
   • m0q1m**********eat.com
   • m374t**********eat.com
   • m563p**********eat.com
   • m748j**********eat.com
   • m8r6r**********eat.com
   • m8ryv**********ker.com
   • md53x**********eat.com
   • mrgtq**********ker.com
   • n14c3**********ker.com
   • n2371**********ker.com
   • n4360**********ker.com
   • n526n**********ker.com
   • o180v**********eat.com
   • o1w44**********ker.com
   • o4486**********ker.com
   • o5agx**********eat.com
   • o6avv**********ker.com
   • o724f**********eat.com
   • o9zm7**********eat.com
   • opyyj**********ker.com
   • oq223**********eat.com
   • ovb3r**********ker.com
   • p2h80**********eat.com
   • p6w1o**********eat.com
   • p9g40**********ker.com
   • pil1o**********eat.com
   • pm0u9**********eat.com
   • po3a9**********ker.com
   • psqqt**********ker.com
   • pxl3j**********eat.com
   • q4y39**********eat.com
   • q518g**********eat.com
   • qgqq4**********eat.com
   • r2b8v**********eat.com
   • r2v66**********ker.com
   • r5q5i**********ker.com
   • r60v7**********eat.com
   • rat4v**********eat.com
   • ru108**********eat.com
   • s003f**********ker.com
   • s01mp**********ker.com
   • s908k**********eat.com
   • sb5l6**********eat.com
   • srkj4**********eat.com
   • t2vh5**********ker.com
   • t6dm2**********ker.com
   • td806**********eat.com
   • tp8sh**********ker.com
   • tt7q2**********ker.com
   • u2z5u**********eat.com
   • u3034**********eat.com
   • u51ys**********ker.com
   • u61u4**********ker.com
   • ui9xf**********eat.com
   • uqw11**********ker.com
   • vdcgq**********eat.com
   • vg9ig**********ker.com
   • w1n90**********eat.com
   • ws519**********eat.com
   • x4rxo**********ker.com
   • x7do7**********eat.com
   • xt1en**********eat.com
   • xw497**********ker.com
   • y1t0g**********ker.com
   • y5abo**********eat.com
   • y9948**********ker.com
   • yhjoe**********eat.com
   • yl36k**********ker.com
   • z65x1**********eat.com
   • z7re2**********ker.com
   • z8cvi**********ker.com
   • z9qey**********ker.com
   • zpn99**********eat.com
   • zv386**********eat.com
   • zvi7w**********eat.com

Como resultado pode enviar informação poderiam e dar capacidade de controlo remoto.

 Informações diversas Partilhas de rede:
As seguintes partilhas de rede serão eliminadas:
   • %TEMPDIR%\%número hexadecimal%\FOTOS
   • %TEMPDIR%\%número hexadecimal%\JUEGOS
   • %TEMPDIR%\%número hexadecimal%\LIBROS
   • %TEMPDIR%\%número hexadecimal%\MUSICA
   • %TEMPDIR%\%número hexadecimal%\PELICULAS
   • %TEMPDIR%\%número hexadecimal%\PELICULAS


 Detalhes do ficheiro Linguagem de programação:
O programa de malware está escrito em Visual Basic.


Empacotador de Runtime:
De forma a agravar a detecção e reduzir o tamanho do ficheiro é lançado com o seguinte empacotador de runtime:
   • UPX

Descrição enviada por Daniel Mocanu em quarta-feira, 26 de setembro de 2012
Descrição atualizada por Daniel Mocanu em quarta-feira, 26 de setembro de 2012

Voltar . . . .
https:// Esta janela é criptografada para sua segurança.