El laboratorio de virus de Avira

TR/Dropper.Gen

  • Nombre
    TR/Dropper.Gen
  • Descubierto
    21/7/2016
  • Tipo
    Malware
  • Impact
    Medio 
  • Infecciones registradas
    Medio 
  • Sistema operativo
    Windows

El término 'TR' hace referencia a un troyano que es capaz de espiar datos, violar su privacidad y realizar modificaciones no deseadas en el sistema.

Una rutina de detección genérica, creada para detectar las características comunes de ciertas familias, presentadas en varias versiones.Esta rutina de detección especial ha sido desarrollada para detectar las versiones aún no descubiertas, y será mejorada constantemente.

  • Procesos
    • %APPDATA%\Roaming\Images\image.exe
    • %APPDATA%\Roaming\Images\NsCpuCNMiner32.exe
    • %executed_sample_name%.exe
  • Archivos
    Archivos que crea:
    • %TEMPDIR%\nsr7619.tmp
    • %TEMPDIR%\nsg7629.tmp
    • %TEMPDIR%\nsg7629.tmp\inetc.dll
    • C:\xrdmnsxx\temp.txt
    • %TEMPDIR%\nsrB9BD.tmp
    • %TEMPDIR%\nsgB9CD.tmp
    • %TEMPDIR%\nsgB9CD.tmp\inetc.dll
    • %APPDATA%\Roaming\Images\NsCpuCNMiner32.exe
    • %APPDATA%\Roaming\Images\NsCpuCNMiner64.exe
    • %APPDATA%\Roaming\Images\NsGpuCNMiner.exe
    • %APPDATA%\Roaming\Images\Data.bin
    • %APPDATA%\Roaming\Images\pools.txt
    • %APPDATA%\Roaming\Images\tmp.ini
    • %APPDATA%\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\image.lnk
    • %APPDATA%\Roaming\Images\temp.txt
    • %TEMPDIR%\nseCC11.tmp\inetc.dll
    • %APPDATA%\Roaming\Images\image.exe
    Archivos que cambia:
    • %temporary_internet_files%\Content.IE5\index.dat
    • %APPDATA%\Roaming\Microsoft\Windows\Cookies\index.dat
    • %APPDATA%\Local\Microsoft\Windows\History\History.IE5\index.dat
    • %APPDATA%\Roaming\Microsoft\Windows\IETldCache\index.dat
    • %TEMPDIR%\nseCC11.tmp\inetc.dll
    • %APPDATA%\Roaming\Images\image.exe
    Archivos que elimina:
    • %TEMPDIR%\nsr7619.tmp
    • %TEMPDIR%\nsg7629.tmp
    • %TEMPDIR%\nsg7629.tmp\inetc.dll
    • C:\xrdmnsxx\temp.txt
    • %TEMPDIR%\nsrB9BD.tmp
    • %TEMPDIR%\nsgB9CD.tmp
    • %APPDATA%\Roaming\Images\tmp.ini
    • %APPDATA%\Roaming\Images\temp.txt
    • %APPDATA%\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
    • %TEMPDIR%\nse7380.tmp
    • %TEMPDIR%\nseCC11.tmp
    • %TEMPDIR%\temp.txt
    Copias de sí mismo que crea:
    • %APPDATA%\Roaming\Images\image.exe
    • C:\images.scr
    • E:\images.scr
    Controladores que carga:
    • %SYSDIR%\shdocvw.dll
    • %WINDIR%\Globalization\Sorting\sortdefault.nls
    • %APPDATA%\Local\Microsoft\Windows\Caches\cversions.1.db
    • %ALLUSERSPATH%\desktop.ini
    • %USERPATH%\Desktop\desktop.ini
    • %USERPATH%\Searches\desktop.ini
    • %USERPATH%\Videos\desktop.ini
    • %USERPATH%\Pictures\desktop.ini
    • %USERPATH%\Contacts\desktop.ini
    • %USERPATH%\Favorites\desktop.ini
    • %USERPATH%\Music\desktop.ini
    • %USERPATH%\Downloads\desktop.ini
    • %USERPATH%\Documents\desktop.ini
    • %USERPATH%\Links\desktop.ini
    • %USERPATH%\Saved Games\desktop.ini
    • %WINDIR%\AppPatch\sysmain.sdb
    • %SYSDIR%\en-US\shdocvw.dll.mui
    • %TEMPDIR%\nse7380.tmp
    • %TEMPDIR%\%executed_sample%
    • %TEMPDIR%\nseCC11.tmp
    • %TEMPDIR%\temp.txt
    • C:\
    • %WINDIR%\SysWOW64\en-US\SHELL32.dll.mui
    • %APPDATA%\Roaming\Images\image.exe
    Archivos que ejecuta:
    • %SYSDIR%\shdocvw.dll
    • %WINDIR%\Globalization\Sorting\sortdefault.nls
    • %APPDATA%\Local\Microsoft\Windows\Caches\cversions.1.db
    • %ALLUSERSPATH%\desktop.ini
    • %USERPATH%\Desktop\desktop.ini
    • %USERPATH%\Searches\desktop.ini
    • %USERPATH%\Videos\desktop.ini
    • %USERPATH%\Pictures\desktop.ini
    • %USERPATH%\Contacts\desktop.ini
    • %USERPATH%\Favorites\desktop.ini
    • %USERPATH%\Music\desktop.ini
    • %USERPATH%\Downloads\desktop.ini
    • %USERPATH%\Documents\desktop.ini
    • %USERPATH%\Links\desktop.ini
    • %USERPATH%\Saved Games\desktop.ini
    • %WINDIR%\AppPatch\sysmain.sdb
    • %SYSDIR%\en-US\shdocvw.dll.mui
    • %TEMPDIR%\nse7380.tmp
    • %TEMPDIR%\%executed_sample%
    • %TEMPDIR%\nseCC11.tmp
    • %TEMPDIR%\temp.txt
    • C:\
    • %WINDIR%\SysWOW64\en-US\SHELL32.dll.mui
    • %APPDATA%\Roaming\Images\image.exe
  • Registro
    Añade las siguientes entradas al registro:
    • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\%executed_sample_name%_RASAPI32
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\%executed_sample_name%_RASAPI32 ("EnableFileTracing": "0x00000000") ("EnableConsoleTracing": "0x00000000") ("FileTracingMask": "0x0000FFFF") ("ConsoleTracingMask": "0x0000FFFF") ("MaxFileSize": "0x00001000") ("FileDirectory": "%windir%\tracing")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\%executed_sample_name%_RASMANCS
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\%executed_sample_name%_RASMANCS ("EnableFileTracing": "0x00000000") ("EnableConsoleTracing": "0x00000000") ("FileTracingMask": "0x0000FFFF") ("ConsoleTracingMask": "0x0000FFFF") ("MaxFileSize": "0x00001000") ("FileDirectory": "%windir%\tracing")
    • HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
    • HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings ("ProxyEnable": "0x00000000") ("ProxyServer": "") ("ProxyOverride": "") ("AutoConfigURL": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections ("SavedLegacySettings": "RgAAAB8AAAAJAAAAAAAAAAAAAAAAAAAABAAAAAAAAADAs5VCEA3RAQAAAAAAAAAAAAAAAAIA AAAXAAAAAAAAAP6AAAAAAAAA5aw1NW8R55ELAAAAHAAAAAAAAAAAAAAAAAAAAAAgAAAAIAAA ABAAAAEAAADtAwAACQYCAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAD/////wLDq+dQm0BG7vwCqAGw05AIAAADAqHQEAAAAAAAAAAAADUgAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA") ("DefaultConnectionSettings": "RgAAAAQAAAAJAAAAAAAAAAAAAAAAAAAABAAAAAAAAABAAr6P4nXUAQAAAAAAAAAAAAAAAAMA AAAXAAAAAAAAAP6AAAAAAAAAPI88tD9Xo3oNAAAAHAAAAAAAAAAAAAAAAAAAAAAgAAAAIAAA ABAAAAEAAADtAwAACQYCAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAD/////wLDq+dQm0BG7vwCqAGw05AIAAADAqFyFAAAAAAAAAAAY0iEAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwAAAAAAAAAgAQAA PorvLTyPPLQ/V6N6AAAAAEzSIQBM0iEAAAAAAAAAAAAAAAAAJQAAJfHyAABQ1iEAgHUhAAAA AAAAAAAAAAAAAAoAAAAAAAAAqNAhAJDTIQAAAAAAAgAAAAAAAGAAAAAgHAMAAODRIQACAAAA 9AIAABwDAAA=")
    • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness
    • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{58BF48AF-81A4-472D-9931-7D3DA8432D34} ("WpadDecisionReason": "0x01000000") ("WpadDecisionTime": "8Pvcj+J11AE=") ("WpadDecision": "0x03000000") ("WpadNetworkName": "Network 2")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{58BF48AF-81A4-472D-9931-7D3DA8432D34}\00-23-7d-29-a4-a9
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-23-7d-29-a4-a9 ("WpadDecisionReason": "0x01000000") ("WpadDecisionTime": "8Pvcj+J11AE=") ("WpadDecision": "0x03000000")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad ("WpadLastNetwork": "{58BF48AF-81A4-472D-9931-7D3DA8432D34}")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ("ProxyBypass": "") ("IntranetName": "") ("UNCAsIntranet": "0x00000000") ("AutoDetect": "0x01000000")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ("ProxyBypass": "") ("IntranetName": "")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\image_RASAPI32
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\image_RASAPI32 ("EnableFileTracing": "0x00000000") ("EnableConsoleTracing": "0x00000000") ("FileTracingMask": "0x0000FFFF") ("ConsoleTracingMask": "0x0000FFFF") ("MaxFileSize": "0x00001000") ("FileDirectory": "%windir%\tracing")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\image_RASMANCS
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\image_RASMANCS ("EnableFileTracing": "0x00000000") ("EnableConsoleTracing": "0x00000000") ("FileTracingMask": "0x0000FFFF") ("ConsoleTracingMask": "0x0000FFFF") ("MaxFileSize": "0x00001000") ("FileDirectory": "%windir%\tracing")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections ("SavedLegacySettings": "RgAAACAAAAAJAAAAAAAAAAAAAAAAAAAABAAAAAAAAABAAr6P4nXUAQAAAAAAAAAAAAAAAAMA AAAXAAAAAAAAAP6AAAAAAAAAPI88tD9Xo3oNAAAAHAAAAAAAAAAAAAAAAAAAAAAgAAAAIAAA ABAAAAEAAADtAwAACQYCAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAD/////wLDq+dQm0BG7vwCqAGw05AIAAADAqFyFAAAAAAAAAAAY0iEAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwAAAAAAAAAgAQAA PorvLTyPPLQ/V6N6AAAAAEzSIQBM0iEAAAAAAAAAAAAAAAAAJQAAJfHyAABQ1iEAgHUhAAAA AAAAAAAAAAAAAAoAAAAAAAAAqNAhAJDTIQAAAAAAAgAAAAAAAGAAAAAgHAMAAODRIQACAAAA 9AIAABwDAAA=")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ("Coin": "%APPDATA%\Roaming\Images\image.exe")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecision": "3")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecisionTime": "Iº4TÔ")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7}
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad ("WpadExpirationDays": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecisionReason": "1")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecisionTime": "ò¦ûâuÔ")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecision": "0")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadNetworkName": "Network")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDetectedUrl": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDecisionReason": "1")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDecisionTime": "ò¦ûâuÔ")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDecision": "0")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDetectedUrl": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7}\0a-00-27-00-00-00
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDhcp": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDns": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
    Modifica las siguientes entradas del registro:
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\%executed_sample_name%_RASAPI32 ("EnableFileTracing": "0x00000000") ("EnableConsoleTracing": "0x00000000") ("FileTracingMask": "0x0000FFFF") ("ConsoleTracingMask": "0x0000FFFF") ("MaxFileSize": "0x00001000") ("FileDirectory": "%windir%\tracing")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\%executed_sample_name%_RASMANCS ("EnableFileTracing": "0x00000000") ("EnableConsoleTracing": "0x00000000") ("FileTracingMask": "0x0000FFFF") ("ConsoleTracingMask": "0x0000FFFF") ("MaxFileSize": "0x00001000") ("FileDirectory": "%windir%\tracing")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings ("ProxyEnable": "0x00000000") ("ProxyServer": "") ("ProxyOverride": "") ("AutoConfigURL": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections ("SavedLegacySettings": "RgAAAB8AAAAJAAAAAAAAAAAAAAAAAAAABAAAAAAAAADAs5VCEA3RAQAAAAAAAAAAAAAAAAIA AAAXAAAAAAAAAP6AAAAAAAAA5aw1NW8R55ELAAAAHAAAAAAAAAAAAAAAAAAAAAAgAAAAIAAA ABAAAAEAAADtAwAACQYCAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAD/////wLDq+dQm0BG7vwCqAGw05AIAAADAqHQEAAAAAAAAAAAADUgAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA") ("DefaultConnectionSettings": "RgAAAAQAAAAJAAAAAAAAAAAAAAAAAAAABAAAAAAAAABAAr6P4nXUAQAAAAAAAAAAAAAAAAMA AAAXAAAAAAAAAP6AAAAAAAAAPI88tD9Xo3oNAAAAHAAAAAAAAAAAAAAAAAAAAAAgAAAAIAAA ABAAAAEAAADtAwAACQYCAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAD/////wLDq+dQm0BG7vwCqAGw05AIAAADAqFyFAAAAAAAAAAAY0iEAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwAAAAAAAAAgAQAA PorvLTyPPLQ/V6N6AAAAAEzSIQBM0iEAAAAAAAAAAAAAAAAAJQAAJfHyAABQ1iEAgHUhAAAA AAAAAAAAAAAAAAoAAAAAAAAAqNAhAJDTIQAAAAAAAgAAAAAAAGAAAAAgHAMAAODRIQACAAAA 9AIAABwDAAA=")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{58BF48AF-81A4-472D-9931-7D3DA8432D34} ("WpadDecisionReason": "0x01000000") ("WpadDecisionTime": "8Pvcj+J11AE=") ("WpadDecision": "0x03000000") ("WpadNetworkName": "Network 2")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-23-7d-29-a4-a9 ("WpadDecisionReason": "0x01000000") ("WpadDecisionTime": "8Pvcj+J11AE=") ("WpadDecision": "0x03000000")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad ("WpadLastNetwork": "{58BF48AF-81A4-472D-9931-7D3DA8432D34}")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ("ProxyBypass": "") ("IntranetName": "") ("UNCAsIntranet": "0x00000000") ("AutoDetect": "0x01000000")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\image_RASAPI32 ("EnableFileTracing": "0x00000000") ("EnableConsoleTracing": "0x00000000") ("FileTracingMask": "0x0000FFFF") ("ConsoleTracingMask": "0x0000FFFF") ("MaxFileSize": "0x00001000") ("FileDirectory": "%windir%\tracing")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\image_RASMANCS ("EnableFileTracing": "0x00000000") ("EnableConsoleTracing": "0x00000000") ("FileTracingMask": "0x0000FFFF") ("ConsoleTracingMask": "0x0000FFFF") ("MaxFileSize": "0x00001000") ("FileDirectory": "%windir%\tracing")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections ("SavedLegacySettings": "RgAAACAAAAAJAAAAAAAAAAAAAAAAAAAABAAAAAAAAABAAr6P4nXUAQAAAAAAAAAAAAAAAAMA AAAXAAAAAAAAAP6AAAAAAAAAPI88tD9Xo3oNAAAAHAAAAAAAAAAAAAAAAAAAAAAgAAAAIAAA ABAAAAEAAADtAwAACQYCAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAD/////wLDq+dQm0BG7vwCqAGw05AIAAADAqFyFAAAAAAAAAAAY0iEAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwAAAAAAAAAgAQAA PorvLTyPPLQ/V6N6AAAAAEzSIQBM0iEAAAAAAAAAAAAAAAAAJQAAJfHyAABQ1iEAgHUhAAAA AAAAAAAAAAAAAAoAAAAAAAAAqNAhAJDTIQAAAAAAAgAAAAAAAGAAAAAgHAMAAODRIQACAAAA 9AIAABwDAAA=")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ("Coin": "%APPDATA%\Roaming\Images\image.exe")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecision": "3")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecisionTime": "Iº4TÔ")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7}
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad ("WpadExpirationDays": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecisionReason": "1")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecisionTime": "ò¦ûâuÔ")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecision": "0")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadNetworkName": "Network")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDetectedUrl": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDecisionReason": "1")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDecisionTime": "ò¦ûâuÔ")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDecision": "0")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDetectedUrl": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7}\0a-00-27-00-00-00
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDhcp": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDns": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
    Elimina del registro de Windows los valores de las siguientes claves:
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings ("ProxyEnable": "0x00000000") ("ProxyServer": "") ("ProxyOverride": "") ("AutoConfigURL": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ("ProxyBypass": "") ("IntranetName": "") ("UNCAsIntranet": "0x00000000") ("AutoDetect": "0x01000000")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ("ProxyBypass": "") ("IntranetName": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDetectedUrl": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDetectedUrl": "")
  • Alias
    Avast: Win32:Malware-gen
    Dr. Web: Trojan.BtcMine.688
    ESET: NSIS/CoinMiner.P trojan
    G Data: Trojan.AgentWDCR.ERF
    Kaspersky Lab: HEUR:Trojan.NSIS.BitMin.gen
    Microsoft: Trojan:Win32/CoinMiner!bit

Ayude a convertir la web en un lugar más seguro enviándonos archivos sospechosos o URL sospechosas para que los analicemos.

Enviar un archivo o una URL O Ir a Avira Answers

¿Por qué enviar un archivo sospechoso?

Si ha encontrado un archivo o un sitio web sospechoso que no está en nuestra base de datos, lo analizaremos y determinaremos si es dañino. Nuestros resultados se envían a continuación a millones de usuarios con la siguiente actualización de la base de datos de virus. Si tiene Avira, también recibirá esa actualización. ¿No tiene Avira? Obténgalo en nuestra página de inicio.

¿Qué es Avira Answers?

Es nuestra comunidad, activa y próspera, formada por profesionales técnicos y expertos independientes que trabajan juntos para resolver problemas técnicos. Es el lugar perfecto para plantear su pregunta a una comunidad de usuarios en su misma situación.