El laboratorio de virus de Avira

TR/Samca.A.484

  • Nombre
    TR/Samca.A.484
  • Descubierto
    15/12/2015
  • Tipo
    Malware
  • Impact
    Medio 
  • Infecciones registradas
    Bajo 
  • Sistema operativo
    Windows
  • Versión VDF
    7.12.24.20 (2015-11-02 20:29)

La denominación 'TR' se refiere a un troyano que es capaz de espiar datos, invadir su esfera privada y realizar modificaciones no deseadas en el sistema.

  • VDF
    7.12.24.20 (2015-11-02 20:29)
  • Archivos
    Archivos que cambia:
    • %temporary internet files%\Content.IE5\index.dat
    • %USERPROFILE%\Cookies\index.dat
    • %USERPROFILE%\Local Settings\History\History.IE5\index.dat
    Archivos que elimina:
    • %temporary internet files%\Content.IE5\QH9ZEEV0\urg[1].htm
    • %temporary internet files%\Content.IE5\QH9ZEEV0\c[1].aspx
    • %TEMPDIR%\RsdSfxTmp\Rav.7z
    • %TEMPDIR%\RsdSfxTmp\rmv936\img\about-01.png
    • %TEMPDIR%\RsdSfxTmp\rmv936\img\about-02.png
    • %TEMPDIR%\RsdSfxTmp\rmv936\img\about-03.png
    • %TEMPDIR%\RsdSfxTmp\rmv936\img\about-04.png
    • %TEMPDIR%\RsdSfxTmp\rmv936\img\icon-mini.png
    • %TEMPDIR%\RsdSfxTmp\_rmv\rmv.ico
    • %TEMPDIR%\RsdSfxTmp\_rmv\rmvtray.ico
    • %TEMPDIR%\RsdSfxTmp\mscrt9\Microsoft.VC90.ATL.manifest
    • %TEMPDIR%\RsdSfxTmp\mscrt9\Microsoft.VC90.CRT.manifest
    • %TEMPDIR%\RsdSfxTmp\mscrt9\mscrt9.xml
    • %TEMPDIR%\RsdSfxTmp\os.xml
    • %TEMPDIR%\RsdSfxTmp\rmv936\rmv936.xml
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\rmvcloudv3.xml
    • %TEMPDIR%\RsdSfxTmp\trayfrm\rscom.xml
    • %TEMPDIR%\RsdSfxTmp\rsdk\rsdk.xml
    • %TEMPDIR%\RsdSfxTmp\RSSETUP.xml
    • %TEMPDIR%\RsdSfxTmp\_rmv\Setup.xml
    • %TEMPDIR%\RsdSfxTmp\trayfrm\tray.xml
    • %TEMPDIR%\RsdSfxTmp\trayfrm\trayfrm.xml
    • %TEMPDIR%\RsdSfxTmp\update.xml
    • %TEMPDIR%\RsdSfxTmp\_rmv\_rmv.xml
    • %TEMPDIR%\RsdSfxTmp\rmv936\about.htm
    • %TEMPDIR%\RsdSfxTmp\rmv936\ifpc.htm
    • %TEMPDIR%\RsdSfxTmp\ui\snin.htm
    • %TEMPDIR%\RsdSfxTmp\rmv936\snin.htm
    • %TEMPDIR%\RsdSfxTmp\rmv936\info.html
    • %TEMPDIR%\RsdSfxTmp\rmv936\lics936.txt
    • %TEMPDIR%\RsdSfxTmp\Auto.ini
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\url.ini
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\datastorage.db
    • %TEMPDIR%\RsdSfxTmp\_rmv\12345678.000
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\dataups.dat
    • %TEMPDIR%\RsdSfxTmp\label.dat
    • %TEMPDIR%\RsdSfxTmp\setup.dat
    • %TEMPDIR%\RsdSfxTmp\CompsVer.inf
    • %TEMPDIR%\RsdSfxTmp\RSD936\CHS.lag
    • %TEMPDIR%\RsdSfxTmp\RSD950\CHT.lag
    • %TEMPDIR%\RsdSfxTmp\RSD1252\Eng.lag
    • %TEMPDIR%\RsdSfxTmp\RSD932\Jpn.lag
    • %TEMPDIR%\RsdSfxTmp\rmv936\rmv936.lag
    • %TEMPDIR%\RsdSfxTmp\popwndexe.exe
    • %TEMPDIR%\RsdSfxTmp\RsBackup.exe
    • %TEMPDIR%\RsdSfxTmp\RsMgrSvc.exe
    • %TEMPDIR%\RsdSfxTmp\RsStub.exe
    • %TEMPDIR%\RsdSfxTmp\Setup.exe
    • %TEMPDIR%\RsdSfxTmp\trayfrm\tray.exe
    • %TEMPDIR%\RsdSfxTmp\updater.exe
    • %TEMPDIR%\RsdSfxTmp\mscrt9\atl90.dll
    • %TEMPDIR%\RsdSfxTmp\CfgDll.dll
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\cloudnotifier.dll
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\cloudstore.dll
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\Cloudv3.dll
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\cloudwork.dll
    • %TEMPDIR%\RsdSfxTmp\comx3.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\comx3.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\dfw.dll
    • %TEMPDIR%\RsdSfxTmp\localopt.dll
    • %TEMPDIR%\RsdSfxTmp\trayfrm\localopt.dll
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\localopt.dll
    • %TEMPDIR%\RsdSfxTmp\mscrt9\msvcp90.dll
    • %TEMPDIR%\RsdSfxTmp\mscrt9\msvcr90.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\procenv.dll
    • %TEMPDIR%\RsdSfxTmp\_rmv\rmvsetup.dll
    • %TEMPDIR%\RsdSfxTmp\RsAppMgr.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\rscom.dll
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\rscurl.dll
    • %TEMPDIR%\RsdSfxTmp\rsdinfo.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk.dll
    • %TEMPDIR%\RsdSfxTmp\rslang.dll
    • %TEMPDIR%\RsdSfxTmp\rsmginfo.dll
    • %TEMPDIR%\RsdSfxTmp\trayfrm\rsp2pclient.dll
    • %TEMPDIR%\RsdSfxTmp\trayfrm\rspopwnd.dll
    • %TEMPDIR%\RsdSfxTmp\RstoreDll.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\rsxml3a.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\rsxml3w.dll
    • %TEMPDIR%\RsdSfxTmp\syslay.dll
    • %TEMPDIR%\RsdSfxTmp\trayfrm\trayload.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\traywnd.dll
    • %TEMPDIR%\RsdSfxTmp\protreg.sys
    • %TEMPDIR%\RsdSfxTmp\setup.dll
    • %temporary internet files%\Content.IE5\QH9ZEEV0\ErrorNet[1].htm
    • %PROGRAM FILES%\RsTest.ini
    • %TEMPDIR%\RMV.cfg
    • %PROGRAM FILES%\Rising\RMV
    • %PROGRAM FILES%\Rising
    • %TEMPDIR%\RMV_DL
    • %TEMPDIR%\RsdSfxTmp\mscrt9
    • %TEMPDIR%\RsdSfxTmp\rmv936\img
    • %TEMPDIR%\RsdSfxTmp\rmv936
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3
    • %TEMPDIR%\RsdSfxTmp\RSD1252
    • %TEMPDIR%\RsdSfxTmp\RSD932
    • %TEMPDIR%\RsdSfxTmp\RSD936
    • %TEMPDIR%\RsdSfxTmp\RSD950
    • %TEMPDIR%\RsdSfxTmp\rsdk
    • %TEMPDIR%\RsdSfxTmp\trayfrm
    • %TEMPDIR%\RsdSfxTmp\ui
    • %TEMPDIR%\RsdSfxTmp\_rmv\12345678.000.bak
    • %TEMPDIR%\RsdSfxTmp\_rmv
    • %TEMPDIR%\RsdSfxTmp
    Archivos que crea:
    • %temporary internet files%\Content.IE5\QH9ZEEV0\urg[1].htm
    • %temporary internet files%\Content.IE5\QH9ZEEV0\c[1].aspx
    • %TEMPDIR%\RsdSfxTmp\Rav.7z
    • %TEMPDIR%\RsdSfxTmp\rmv936\img\about-01.png
    • %TEMPDIR%\RsdSfxTmp\rmv936\img\about-02.png
    • %TEMPDIR%\RsdSfxTmp\rmv936\img\about-03.png
    • %TEMPDIR%\RsdSfxTmp\rmv936\img\about-04.png
    • %TEMPDIR%\RsdSfxTmp\rmv936\img\icon-mini.png
    • %TEMPDIR%\RsdSfxTmp\_rmv\rmv.ico
    • %TEMPDIR%\RsdSfxTmp\_rmv\rmvtray.ico
    • %TEMPDIR%\RsdSfxTmp\mscrt9\Microsoft.VC90.ATL.manifest
    • %TEMPDIR%\RsdSfxTmp\mscrt9\Microsoft.VC90.CRT.manifest
    • %TEMPDIR%\RsdSfxTmp\mscrt9\mscrt9.xml
    • %TEMPDIR%\RsdSfxTmp\os.xml
    • %TEMPDIR%\RsdSfxTmp\rmv936\rmv936.xml
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\rmvcloudv3.xml
    • %TEMPDIR%\RsdSfxTmp\trayfrm\rscom.xml
    • %TEMPDIR%\RsdSfxTmp\rsdk\rsdk.xml
    • %TEMPDIR%\RsdSfxTmp\RSSETUP.xml
    • %TEMPDIR%\RsdSfxTmp\_rmv\Setup.xml
    • %TEMPDIR%\RsdSfxTmp\trayfrm\tray.xml
    • %TEMPDIR%\RsdSfxTmp\trayfrm\trayfrm.xml
    • %TEMPDIR%\RsdSfxTmp\update.xml
    • %TEMPDIR%\RsdSfxTmp\_rmv\_rmv.xml
    • %TEMPDIR%\RsdSfxTmp\rmv936\about.htm
    • %TEMPDIR%\RsdSfxTmp\rmv936\ifpc.htm
    • %TEMPDIR%\RsdSfxTmp\ui\snin.htm
    • %TEMPDIR%\RsdSfxTmp\rmv936\snin.htm
    • %TEMPDIR%\RsdSfxTmp\rmv936\info.html
    • %TEMPDIR%\RsdSfxTmp\rmv936\lics936.txt
    • %TEMPDIR%\RsdSfxTmp\Auto.ini
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\url.ini
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\datastorage.db
    • %TEMPDIR%\RsdSfxTmp\_rmv\12345678.000
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\dataups.dat
    • %TEMPDIR%\RsdSfxTmp\label.dat
    • %TEMPDIR%\RsdSfxTmp\setup.dat
    • %TEMPDIR%\RsdSfxTmp\CompsVer.inf
    • %TEMPDIR%\RsdSfxTmp\RSD936\CHS.lag
    • %TEMPDIR%\RsdSfxTmp\RSD950\CHT.lag
    • %TEMPDIR%\RsdSfxTmp\RSD1252\Eng.lag
    • %TEMPDIR%\RsdSfxTmp\RSD932\Jpn.lag
    • %TEMPDIR%\RsdSfxTmp\rmv936\rmv936.lag
    • %TEMPDIR%\RsdSfxTmp\popwndexe.exe
    • %TEMPDIR%\RsdSfxTmp\RsBackup.exe
    • %TEMPDIR%\RsdSfxTmp\RsMgrSvc.exe
    • %TEMPDIR%\RsdSfxTmp\RsStub.exe
    • %TEMPDIR%\RsdSfxTmp\Setup.exe
    • %TEMPDIR%\RsdSfxTmp\trayfrm\tray.exe
    • %TEMPDIR%\RsdSfxTmp\updater.exe
    • %TEMPDIR%\RsdSfxTmp\mscrt9\atl90.dll
    • %TEMPDIR%\RsdSfxTmp\CfgDll.dll
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\cloudnotifier.dll
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\cloudstore.dll
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\Cloudv3.dll
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\cloudwork.dll
    • %TEMPDIR%\RsdSfxTmp\comx3.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\comx3.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\dfw.dll
    • %TEMPDIR%\RsdSfxTmp\localopt.dll
    • %TEMPDIR%\RsdSfxTmp\trayfrm\localopt.dll
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\localopt.dll
    • %TEMPDIR%\RsdSfxTmp\mscrt9\msvcp90.dll
    • %TEMPDIR%\RsdSfxTmp\mscrt9\msvcr90.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\procenv.dll
    • %TEMPDIR%\RsdSfxTmp\_rmv\rmvsetup.dll
    • %TEMPDIR%\RsdSfxTmp\RsAppMgr.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\rscom.dll
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\rscurl.dll
    • %TEMPDIR%\RsdSfxTmp\rsdinfo.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk.dll
    • %TEMPDIR%\RsdSfxTmp\rslang.dll
    • %TEMPDIR%\RsdSfxTmp\rsmginfo.dll
    • %TEMPDIR%\RsdSfxTmp\trayfrm\rsp2pclient.dll
    • %TEMPDIR%\RsdSfxTmp\trayfrm\rspopwnd.dll
    • %TEMPDIR%\RsdSfxTmp\RstoreDll.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\rsxml3a.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\rsxml3w.dll
    • %TEMPDIR%\RsdSfxTmp\syslay.dll
    • %TEMPDIR%\RsdSfxTmp\trayfrm\trayload.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\traywnd.dll
    • %TEMPDIR%\RsdSfxTmp\protreg.sys
    • %TEMPDIR%\RsdSfxTmp\setup.dll
    • %TEMPDIR%\sample.exe.log
    • %temporary internet files%\Content.IE5\QH9ZEEV0\ErrorNet[1].htm
    • %PROGRAM FILES%\RsTest.ini
    • %TEMPDIR%\RMV.cfg
    • %TEMPDIR%\RMV.cfg.tmp
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\os.xml
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\rslang.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\RsAppMgr.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\CfgDll.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\Setup.exe
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\updater.exe
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\RsStub.exe
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\RsMgrSvc.exe
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\RsBackup.exe
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\setup.dat
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\comx3.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\syslay.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\protreg.sys
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\update.xml
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\rsdinfo.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\RSD936\CHS.lag
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\RSD950\CHT.lag
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\RSD1252\Eng.lag
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\RSD932\Jpn.lag
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\popwndexe.exe
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\localopt.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\rsmginfo.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\rsdk.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\ui\snin.htm
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\RstoreDll.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\RSSetup.xml
    • %PROGRAM FILES%\Rising\RSD\os.xml
    • %PROGRAM FILES%\Rising\RSD\rslang.dll
    • %PROGRAM FILES%\Rising\RSD\RsAppMgr.dll
    • %PROGRAM FILES%\Rising\RSD\CfgDll.dll
    • %PROGRAM FILES%\Rising\RSD\Setup.exe
    • %PROGRAM FILES%\Rising\RSD\updater.exe
    • %PROGRAM FILES%\Rising\RSD\RsStub.exe
    • %PROGRAM FILES%\Rising\RSD\RsMgrSvc.exe
    • %PROGRAM FILES%\Rising\RSD\RsBackup.exe
    • %PROGRAM FILES%\Rising\RSD\setup.dat
    • %PROGRAM FILES%\Rising\RSD\comx3.dll
    • %PROGRAM FILES%\Rising\RSD\syslay.dll
    • %SYSDIR%\drivers\protreg.sys
    • %PROGRAM FILES%\Rising\RSD\update.xml
    • %PROGRAM FILES%\Rising\RSD\rsdinfo.dll
    • %PROGRAM FILES%\Rising\RSD\RSD936\CHS.lag
    • %PROGRAM FILES%\Rising\RSD\RSD950\CHT.lag
    • %PROGRAM FILES%\Rising\RSD\RSD1252\Eng.lag
    • %PROGRAM FILES%\Rising\RSD\RSD932\Jpn.lag
    • %PROGRAM FILES%\Rising\RSD\popwndexe.exe
    • %PROGRAM FILES%\Rising\RSD\localopt.dll
    • %PROGRAM FILES%\Rising\RSD\rsmginfo.dll
    • %PROGRAM FILES%\Rising\RSD\rsdk.dll
    • %PROGRAM FILES%\Rising\RSD\ui\snin.htm
    • %PROGRAM FILES%\Rising\RSD\RstoreDll.dll
    • %PROGRAM FILES%\Rising\RSD\XMLS\RSSetup.xml
    • %PROGRAM FILES%\Rising\RSD\RsMgrsvc.ini
    • %PROGRAM FILES%\Rising\RSD\Data\RMV\RMV.ini
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\_RMV\Setup.xml
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\_RMV\rmvtray.ico
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\_RMV\rmv.ico
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\_RMV\12345678.000
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\_RMV\rmvsetup.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\_RMV\_RMV.xml
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\TRAYFRM\tray.exe
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\TRAYFRM\trayload.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\TRAYFRM\localopt.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\TRAYFRM\rspopwnd.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\TRAYFRM\rscom.xml
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\TRAYFRM\tray.xml
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\TRAYFRM\rsp2pclient.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\TRAYFRM\TRAYFRM.xml
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\MSCRT9\atl90.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\MSCRT9\Microsoft.VC90.ATL.manifest
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\MSCRT9\Microsoft.VC90.CRT.manifest
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\MSCRT9\msvcp90.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\MSCRT9\msvcr90.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\MSCRT9\MSCRT9.xml
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RSDK\rscom.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RSDK\procenv.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RSDK\traywnd.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RSDK\dfw.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RSDK\comx3.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RSDK\rsxml3w.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RSDK\rsxml3a.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RSDK\RSDK.xml
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMV936\rmv936.lag
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMV936\lics936.txt
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMV936\about.htm
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMV936\info.html
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMV936\snin.htm
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMV936\ifpc.htm
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMV936\img\about-01.png
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMV936\img\about-02.png
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMV936\img\about-03.png
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMV936\img\about-04.png
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMV936\img\icon-mini.png
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMV936\RMV936.xml
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMVCLOUDV3\Cloudv3.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMVCLOUDV3\localopt.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMVCLOUDV3\cloudstore.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMVCLOUDV3\cloudwork.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMVCLOUDV3\dataups.dat
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMVCLOUDV3\cloudnotifier.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMVCLOUDV3\rscurl.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMVCLOUDV3\datastorage.db
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMVCLOUDV3\url.ini
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMVCLOUDV3\RMVCLOUDV3.xml
    • %DISKDRIVE%\Documents and Settings\All Users\Application Data\Rising\RMV\Update.log
    • %PROGRAM FILES%\Rising\RMV\CompsVer.inf
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\CompsVer.inf
    • %PROGRAM FILES%\Rising\RMV\Label.dat
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\Label.dat
    • %PROGRAM FILES%\Rising\RMV\XMLS\Setup.xml
    • %PROGRAM FILES%\Rising\RMV\rmvtray.ico
    • %PROGRAM FILES%\Rising\RMV\rmv.ico
    • %PROGRAM FILES%\Rising\RMV\12345678.000
    • %PROGRAM FILES%\Rising\RMV\rmvsetup.dll
    • %PROGRAM FILES%\Rising\RMV\XMLS\_RMV.xml
    • %PROGRAM FILES%\Rising\RMV\tray.exe
    • %PROGRAM FILES%\Rising\RMV\trayload.dll
    • %PROGRAM FILES%\Rising\RMV\localopt.dll
    • %PROGRAM FILES%\Rising\RMV\rspopwnd.dll
    • %PROGRAM FILES%\Rising\RMV\rscom.xml
    • %PROGRAM FILES%\Rising\RMV\tray.xml
    • %PROGRAM FILES%\Rising\RMV\rsp2pclient.dll
    • %PROGRAM FILES%\Rising\RMV\XMLS\TRAYFRM.xml
    • %PROGRAM FILES%\Rising\RMV\atl90.dll
    • %PROGRAM FILES%\Rising\RMV\Microsoft.VC90.ATL.manifest
    • %PROGRAM FILES%\Rising\RMV\Microsoft.VC90.CRT.manifest
    • %PROGRAM FILES%\Rising\RMV\msvcp90.dll
    • %PROGRAM FILES%\Rising\RMV\msvcr90.dll
    • %PROGRAM FILES%\Rising\RMV\XMLS\MSCRT9.xml
    • %PROGRAM FILES%\Rising\RMV\rscom.dll
    • %PROGRAM FILES%\Rising\RMV\procenv.dll
    • %PROGRAM FILES%\Rising\RMV\traywnd.dll
    • %PROGRAM FILES%\Rising\RMV\dfw.dll
    • %PROGRAM FILES%\Rising\RMV\comx3.dll
    • %PROGRAM FILES%\Rising\RMV\rsxml3w.dll
    • %PROGRAM FILES%\Rising\RMV\rsxml3a.dll
    • %PROGRAM FILES%\Rising\RMV\XMLS\RSDK.xml
    • %PROGRAM FILES%\Rising\RMV\rmv936.lag
    • %PROGRAM FILES%\Rising\RMV\lics936.txt
    • %PROGRAM FILES%\Rising\RMV\ui\about.htm
    • %PROGRAM FILES%\Rising\RMV\ui\info.html
    • %PROGRAM FILES%\Rising\RMV\ui\snin.htm
    • %PROGRAM FILES%\Rising\RMV\ui\ifpc.htm
    • %PROGRAM FILES%\Rising\RMV\ui\img\about-01.png
    • %PROGRAM FILES%\Rising\RMV\ui\img\about-02.png
    • %PROGRAM FILES%\Rising\RMV\ui\img\about-03.png
    • %PROGRAM FILES%\Rising\RMV\ui\img\about-04.png
    • %PROGRAM FILES%\Rising\RMV\ui\img\icon-mini.png
    • %PROGRAM FILES%\Rising\RMV\XMLS\RMV936.xml
    • %PROGRAM FILES%\Rising\RMV\Cloudv3.dll
    • %PROGRAM FILES%\Rising\RMV\cloudstore.dll
    • %PROGRAM FILES%\Rising\RMV\cloudwork.dll
    • %PROGRAM FILES%\Rising\RMV\dataups.dat
    • %PROGRAM FILES%\Rising\RMV\cloudnotifier.dll
    • %PROGRAM FILES%\Rising\RMV\rscurl.dll
    • %DISKDRIVE%\Documents and Settings\All Users\Application Data\Rising\RMV\datastorage.db
    • %PROGRAM FILES%\Rising\RMV\url.ini
    • %PROGRAM FILES%\Rising\RMV\XMLS\RMVCLOUDV3.xml
    • %PROGRAM FILES%\Rising\RMV\NetConfig.ini
    • %DISKDRIVE%\Documents and Settings\All Users\Start Menu\Programs\Rising Software Deployment System\Restore.lnk
    • %DISKDRIVE%\Documents and Settings\All Users\Start Menu\Programs\Rising Software Deployment System\Rising Software Deployment System.lnk
    Archivos a los que cambia el nombre:
    • %TEMPDIR%\RsdSfxTmp\_rmv\12345678.000
    • %TEMPDIR%\RMV.cfg
    • %TEMPDIR%\RMV.cfg.tmp
  • Registro
    Añade las siguientes entradas al registro:
    • HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings ("ProxyEnable": dword:00000000)
    • HKEY_CLASSES_ROOT\CLSID\{CAA2D3B1-4BB5-4a45-A17A-122773379D99} ("ProcID": "{EA565346-D40F-6648-3030-303030303030}")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ("RSDTRAY": ""%PROGRAM FILES%\Rising\RSD\popwndexe.exe""; "RMVTRAY": ""%PROGRAM FILES%\Rising\RMV\TRAY.EXE" -system")
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RsMgrSvc ("Type": dword:00000110; "Start": dword:00000002; "ErrorControl": dword:00000001; "ImagePath": ""%PROGRAM FILES%\Rising\RSD\RsMgrSvc.exe""; "DisplayName": "Rsd Service"; "Group": "COM Infrastructure"; "DependOnService": "RpcSs;"; "DependOnGroup": ""; "ObjectName": "LocalSystem"; "FailureActions": %hex values%)
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RsMgrSvc\Security ("Security": %hex values%)
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rsdsys ("Type": dword:00000001; "Start": dword:00000002; "ErrorControl": dword:00000001; "ImagePath": "\??\%SYSDIR%\drivers\protreg.sys"; "DisplayName": "rsd protect")
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rsdsys\Security ("Security": %hex values%)
    Modifica las siguientes entradas del registro:
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services (Rising: -)
  • Solicitudes HTTP
    • info.*****g.cn/pc/rsmsgreq.xml
    • info.*****g.cn/pc/getmsgurl.aspx?info=LWJol7QSBj9sfnU0GigUaXNUZVkaGAQlZ1xvGgRVa18ZHwJSY18ZHwJSY18ZHwJHADlrZ3c4bj5kehQgEDhgY3woF1EYGAFZZFQbCmcyFj5gYnQubl2m
    • dl.*****.cn/dl/qdtg/st1855810.exe

Ayude a convertir la web en un lugar más seguro enviándonos archivos sospechosos o URL sospechosas para que los analicemos.

Enviar un archivo o una URL O Ir a Avira Answers

¿Por qué enviar un archivo sospechoso?

Si ha encontrado un archivo o un sitio web sospechoso que no está en nuestra base de datos, lo analizaremos y determinaremos si es dañino. Nuestros resultados se envían a continuación a millones de usuarios con la siguiente actualización de la base de datos de virus. Si tiene Avira, también recibirá esa actualización. ¿No tiene Avira? Obténgalo en nuestra página de inicio.

¿Qué es Avira Answers?

Es nuestra comunidad, activa y próspera, formada por profesionales técnicos y expertos independientes que trabajan juntos para resolver problemas técnicos. Es el lugar perfecto para plantear su pregunta a una comunidad de usuarios en su misma situación.