Avira Virus Lab

TR/Crypt.ZPACK.220725

  • Nome
    TR/Crypt.ZPACK.220725
  • Scoperto
    12/dic/2015
  • Tipo
    Malware
  • Impatto
    Livello medio 
  • Infezioni segnalate
    Livello basso 
  • Sistema operativo
    Windows
  • Versione VDF
    7.12.34.4 (2015-12-03 17:06)

Con la denominazione 'TR' si intende un trojan che è in grado di scoprire dati personali, violare la privacy dell’utente ed effettuare modifiche indesiderate al sistema.

  • VDF
    7.12.34.4 (2015-12-03 17:06)
  • Aliases
    Avast: Win32:Malware-gen
    AVG: Generic37.MY
    Dr. Web: Trojan.Encoder.3104
    McAfee: PWSZbot-FAOI!FBF1B81263B4
    Trend Micro: Ransom_.7C4A83A9
    Microsoft: Ransom:Win32/Tescrypt!rfn
    G Data: Trojan.GenericKD.2907449
    Kaspersky Lab: Trojan.Win32.Yakes.npyk
    Bitdefender: Trojan.GenericKD.2907449
    ESET: Win32/Filecoder.EM trojan
  • File
    Sono state create le seguenti copie dello stesso file:
    • %APPDATA%\mceyg-a.exe
    Sono stati creati i seguenti file:
    • %USERPROFILE%\My Documents\recover_file_uqdsdasyc.txt
    • %temporary internet files%\Content.IE5\QH9ZEEV0\CA0PS4IJ.htm
    • %temporary internet files%\Content.IE5\QH9ZEEV0\CAOLUVUF.htm
    • %temporary internet files%\Content.IE5\QH9ZEEV0\CA39NXCZ.htm
    Sono stati modificati i seguenti file:
    • %temporary internet files%\Content.IE5\index.dat
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1025.rtf
    • %USERPROFILE%\Cookies\index.dat
    • %USERPROFILE%\Local Settings\History\History.IE5\index.dat
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1028.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1029.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1030.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1031.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1032.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1033.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1035.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1036.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1037.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1038.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1040.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1041.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1042.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1043.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1044.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1045.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1046.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1049.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1053.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1055.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.2052.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.2070.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.3082.rtf
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg
    • %APPDATA%\Adobe\Acrobat\9.0\JavaScripts\glob.js
    • %APPDATA%\Adobe\Acrobat\9.0\JavaScripts\glob.settings.js
    • %APPDATA%\Microsoft\Internet Explorer\brndlog.txt
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\prefs.js
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\sessionstore.js
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\urlclassifierkey3.txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\biluta@download.mozilla[1].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][3].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected].2o7[1].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\biluta@www.bing[1].txt
    • %USERPROFILE%\Cookies\biluta@www.mozilla[1].txt
    • %USERPROFILE%\Cookies\biluta@www.msn[1].txt
    • %TEMPDIR%\AUCHECK_PARSER.txt
    • %TEMPDIR%\dd_clwireg.txt
    • %TEMPDIR%\dd_depcheckdotnetfx30.txt
    • %TEMPDIR%\dd_depcheck_NETFX20_EXP_35.txt
    • %TEMPDIR%\dd_depcheck_NETFX_EXP_35.txt
    • %TEMPDIR%\dd_dotnetfx20error.txt
    • %TEMPDIR%\dd_dotnetfx20install.txt
    • %TEMPDIR%\dd_dotnetfx35error.txt
    • %TEMPDIR%\dd_dotnetfx35install.txt
    • %TEMPDIR%\dd_dotnetfx3install.txt
    • %TEMPDIR%\dd_dotNetFx40_Full_setup_decompression_log.txt
    • %TEMPDIR%\dd_msxml_retMSI4318.txt
    • %TEMPDIR%\dd_netfx20MSI205C.txt
    • %TEMPDIR%\dd_netfx20UI205C.txt
    • %TEMPDIR%\dd_NET_Framework20_Setup12EF.txt
    Sono stati rinominati i seguenti file:
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1025.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1028.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1029.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1030.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1031.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1032.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1033.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1035.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1036.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1037.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1038.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1040.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1041.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1042.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1043.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1044.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1045.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1046.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1049.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1053.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1055.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.2052.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.2070.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.3082.rtf
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg
    • %APPDATA%\Adobe\Acrobat\9.0\JavaScripts\glob.settings.js
    • %APPDATA%\Microsoft\Internet Explorer\brndlog.txt
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\prefs.js
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\sessionstore.js
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\urlclassifierkey3.txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\biluta@download.mozilla[1].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][3].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\biluta@www.bing[1].txt
    • %USERPROFILE%\Cookies\biluta@www.mozilla[1].txt
    • %USERPROFILE%\Cookies\biluta@www.msn[1].txt
    • %TEMPDIR%\AUCHECK_PARSER.txt
    • %TEMPDIR%\dd_clwireg.txt
    • %TEMPDIR%\dd_depcheckdotnetfx30.txt
    • %TEMPDIR%\dd_depcheck_NETFX20_EXP_35.txt
    • %TEMPDIR%\dd_depcheck_NETFX_EXP_35.txt
    • %TEMPDIR%\dd_dotnetfx20error.txt
    • %TEMPDIR%\dd_dotnetfx20install.txt
    • %TEMPDIR%\dd_dotnetfx35error.txt
    • %TEMPDIR%\dd_dotnetfx35install.txt
    • %TEMPDIR%\dd_dotnetfx3install.txt
    • %TEMPDIR%\dd_dotNetFx40_Full_setup_decompression_log.txt
    • %TEMPDIR%\dd_msxml_retMSI4318.txt
    • %TEMPDIR%\dd_netfx20MSI205C.txt
    • %TEMPDIR%\dd_netfx20UI205C.txt
    • %TEMPDIR%\dd_NET_Framework20_Setup12EF.txt
    Sono stati eliminati i seguenti file:
    • %temporary internet files%\Content.IE5\QH9ZEEV0\CA0PS4IJ.htm
    • %temporary internet files%\Content.IE5\QH9ZEEV0\CAOLUVUF.htm
    • %temporary internet files%\Content.IE5\QH9ZEEV0\CA39NXCZ.htm
  • Iniezioni
    • %APPDATA%\mceyg-a.exe
  • Registro
    Vengono aggiunte le seguenti entità di registro:
    • HKEY_CURRENT_USER\Software\zsys ("ID": %hex values%)
    • HKEY_CURRENT_USER\Software\A45825718410E168 ("data": %hex values%)
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ("Acronis": "%APPDATA%\mceyg-a.exe")
    • HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings ("ProxyEnable": dword:00000000)
  • Richieste HTTP
    • myexternalip.*****com/raw
    • regiefernando.*****ages/slideshow/sysmisc.php?D123FB3FDBE6D719F0F7EA27237BFCA4D7608843743A606142A0C1A2CC5BD00F67CFFC27044025B19732C2A3406AB5715A98D5C9E047AB6F13253AAE0344640DA7177B3605D14303A952208703A01F82CC6AC501BEFE4982046B85F0FD35B98C59AEBB15C5E67DEC122D093E0168C3DC9C686822324FDBF46EB482D0BCC1D4A37B4AC4FEE4F13A07FA50977E07EB6187EB0ECE1FE66F83257A897C4DD4B751D61AA713EA0196CB955DBBCCD53857027A14E97032B0E71D632443AC6F36643886B2B30A02B937B15B1F37E55B7516E6501BCD619D89E0F1B6A24CE42FD4C66AD850EB32DA42199954F741CDC210EA559C749455560A27B46B0B202D29B6742BCB3A7BE8812CACB4DBA7A1C0EFC98E6F214D90342855A56B8F57BDE6C1B140F2DC70D937382E75EA8265FB00E4F10D1AE48D46A5F6C4F3B99D3529422B5B2E0B029EF360D839A243CF07C02DDD9C1F43BD05431277189D9F13635B2062D3D22FB7
    • regiefernando.*****i-sys/suspendedpage.cgi?D123FB3FDBE6D719F0F7EA27237BFCA4D7608843743A606142A0C1A2CC5BD00F67CFFC27044025B19732C2A3406AB5715A98D5C9E047AB6F13253AAE0344640DA7177B3605D14303A952208703A01F82CC6AC501BEFE4982046B85F0FD35B98C59AEBB15C5E67DEC122D093E0168C3DC9C686822324FDBF46EB482D0BCC1D4A37B4AC4FEE4F13A07FA50977E07EB6187EB0ECE1FE66F83257A897C4DD4B751D61AA713EA0196CB955DBBCCD53857027A14E97032B0E71D632443AC6F36643886B2B30A02B937B15B1F37E55B7516E6501BCD619D89E0F1B6A24CE42FD4C66AD850EB32DA42199954F741CDC210EA559C749455560A27B46B0B202D29B6742BCB3A7BE8812CACB4DBA7A1C0EFC98E6F214D90342855A56B8F57BDE6C1B140F2DC70D937382E75EA8265FB00E4F10D1AE48D46A5F6C4F3B99D3529422B5B2E0B029EF360D839A243CF07C02DDD9C1F43BD05431277189D9F13635B2062D3D22FB7
    • schriebershof.*****p/misc.php?D123FB3FDBE6D719F0F7EA27237BFCA4D7608843743A606142A0C1A2CC5BD00F67CFFC27044025B19732C2A3406AB5715A98D5C9E047AB6F13253AAE0344640DA7177B3605D14303A952208703A01F82CC6AC501BEFE4982046B85F0FD35B98C59AEBB15C5E67DEC122D093E0168C3DC9C686822324FDBF46EB482D0BCC1D4A37B4AC4FEE4F13A07FA50977E07EB6187EB0ECE1FE66F83257A897C4DD4B751D61AA713EA0196CB955DBBCCD53857027A14E97032B0E71D632443AC6F36643886B2B30A02B937B15B1F37E55B7516E6501BCD619D89E0F1B6A24CE42FD4C66AD850EB32DA42199954F741CDC210EA559C749455560A27B46B0B202D29B6742BCB3A7BE8812CACB4DBA7A1C0EFC98E6F214D90342855A56B8F57BDE6C1B140F2DC159C88E88ED8E7E2924FBBEF27EF682CA548E4FC2BEABCE79E0E70F5399408587B83D023FB339824ABFE511F59BDD00E5E7A0D46BD00BB828F7B4439907FA571
    • apotheke-stiepel.*****mp/misc.php?D123FB3FDBE6D719F0F7EA27237BFCA4D7608843743A606142A0C1A2CC5BD00F67CFFC27044025B19732C2A3406AB5715A98D5C9E047AB6F13253AAE0344640DA7177B3605D14303A952208703A01F82CC6AC501BEFE4982046B85F0FD35B98C59AEBB15C5E67DEC122D093E0168C3DC9C686822324FDBF46EB482D0BCC1D4A37B4AC4FEE4F13A07FA50977E07EB6187EB0ECE1FE66F83257A897C4DD4B751D61AA713EA0196CB955DBBCCD53857027A14E97032B0E71D632443AC6F36643886B2B30A02B937B15B1F37E55B7516E6501BCD619D89E0F1B6A24CE42FD4C66AD850EB32DA42199954F741CDC210EA559C749455560A27B46B0B202D29B6742BCB3A7BE8812CACB4DBA7A1C0EFC98E6F214D90342855A56B8F57BDE6C1B140F2DC422A69912817C953C6E3B1BE0432DE149A7ACEEC479DBC11708A74F4E18B27A54B42C3F3634FE5505FC2ED1AA19599F58F16A0E227D17358032CD0CF168E0BED56910172155327C62737946611CC2A5B
    • woodenden.*****ysmisc.php?D123FB3FDBE6D719F0F7EA27237BFCA4D7608843743A606142A0C1A2CC5BD00F67CFFC27044025B19732C2A3406AB5715A98D5C9E047AB6F13253AAE0344640DA7177B3605D14303A952208703A01F82CC6AC501BEFE4982046B85F0FD35B98C59AEBB15C5E67DEC122D093E0168C3DC9C686822324FDBF46EB482D0BCC1D4A37B4AC4FEE4F13A07FA50977E07EB6187EB0ECE1FE66F83257A897C4DD4B751D61AA713EA0196CB955DBBCCD53857027A14E97032B0E71D632443AC6F36643886B2B30A02B937B15B1F37E55B7516E6501BCD619D89E0F1B6A24CE42FD4C66AD850EB32DA42199954F741CDC210EA559C749455560A27B46B0B202D29B6742BCB3A7BE8812CACB4DBA7A1C0EFC98E6F214D90342855A56B8F57BDE6C1B140F2DC070096C1A2C24EE39310497D9B1DED7B4D9A51D224F3AF594D9133FCF447DC3D8359573BEE7E6AAC02CAAC9F2C59D125BD8BF2D20027D0EBC38B8D2CFD58F1C2

Aiutaci a rendere il web più sicuro: inviaci i file/URL sospetti da analizzare.

Invia il tuo file/URL oppure Vai ad Avira Answers

Perché inviare un file sospetto?

Se ti imbatti in un file o sito Web sospetto che non è presente nel nostro database, lo analizzeremo per stabilire se è dannoso. I risultati saranno quindi distribuiti ai milioni di nostri utenti non appena eseguiranno l'aggiornamento del database dei virus. Se utilizzi Avira, anche tu riceverai l'aggiornamento. Non avete Avira? Scaricalo dalla nostra home page.

Che cos'è Avira Answers?

È la nostra fiorente comunità di tecnici professionisti ed esperti part-time che collaborano per risolvere i problemi tecnici. È il luogo ideale per porre le tue domande a una comunità di altri utenti Avira.