Avira ウイルスラボ

TR/AD.Cerber.qols

  • 名前
    TR/AD.Cerber.qols
  • 発見日
    2016/08/17
  • タイプ
    Malware
  • 影響を与える
     
  • レポートされている感染
     
  • オペレーティング システム
    Windows
  • VDF バージョン
    7.12.112.232 (2016-08-17 10:44)

「TR」という用語は、データの内容を密かに探ったり、プライバシーを侵害したり、システムに無用の変更を加えたりする機能を備えたトロイの木馬を指します。

  • VDF
    7.12.112.232 (2016-08-17 10:44)
  • ファイル
    次のファイルが削除されました:
    • %TEMPDIR%\nsk1.tmp
    • %TEMPDIR%\nst2.tmp
    • %TEMPDIR%\nsz3.tmp
    • %TEMPDIR%\nsw4.tmp
    次のファイルが作成されました:
    • %TEMPDIR%\nsk1.tmp
    • %APPDATA%\Chronobiology.x
    • %APPDATA%\blank.gif
    • %APPDATA%\CMYK neutral.ADO
    • %APPDATA%\5.png
    • %APPDATA%\bridgehead.in.toc.xml
    • %APPDATA%\Freetown
    • %APPDATA%\24ps.png
    • %APPDATA%\80-delicious.conf
    • %APPDATA%\AMT.zdct
    • %APPDATA%\Piglet.mh5
    • %TEMPDIR%\nst2.tmp
    • %TEMPDIR%\nst2.tmp\System.dll
    • %APPDATA%\DumpLog.dll
    • %APPDATA%\{B4403932-6D38-0A32-F7EC-AE4E9040E790}\Component_01
    • %APPDATA%\{B4403932-6D38-0A32-F7EC-AE4E9040E790}\Component_00
    • %USERPROFILE%\Start Menu\Programs\Startup\eventvwr.lnk
    • %TEMPDIR%\nsz3.tmp
    • %TEMPDIR%\nsw4.tmp
    • %TEMPDIR%\nsw4.tmp\System.dll
    • %temporary internet files%\Content.IE5\QH9ZEEV0\json[1]
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\# DECRYPT MY FILES #.html
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\# DECRYPT MY FILES #.txt
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\# DECRYPT MY FILES #.url
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\# DECRYPT MY FILES #.vbs
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\# DECRYPT MY FILES #.html
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\# DECRYPT MY FILES #.txt
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\# DECRYPT MY FILES #.url
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\# DECRYPT MY FILES #.vbs
    • %USERPROFILE%\Templates\# DECRYPT MY FILES #.html
    • %USERPROFILE%\Templates\# DECRYPT MY FILES #.txt
    • %USERPROFILE%\Templates\# DECRYPT MY FILES #.url
    • %USERPROFILE%\Templates\# DECRYPT MY FILES #.vbs
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\# DECRYPT MY FILES #.html
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\# DECRYPT MY FILES #.txt
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\# DECRYPT MY FILES #.url
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\# DECRYPT MY FILES #.vbs
    • %DISKDRIVE%\totalcmd\# DECRYPT MY FILES #.html
    • %DISKDRIVE%\totalcmd\# DECRYPT MY FILES #.txt
    • %DISKDRIVE%\totalcmd\# DECRYPT MY FILES #.url
    • %DISKDRIVE%\totalcmd\# DECRYPT MY FILES #.vbs
    • %USERPROFILE%\Cookies\# DECRYPT MY FILES #.html
    • %USERPROFILE%\Cookies\# DECRYPT MY FILES #.txt
    • %USERPROFILE%\Cookies\# DECRYPT MY FILES #.url
    • %USERPROFILE%\Cookies\# DECRYPT MY FILES #.vbs
    • %APPDATA%\# DECRYPT MY FILES #.html
    • %APPDATA%\# DECRYPT MY FILES #.txt
    • %APPDATA%\# DECRYPT MY FILES #.url
    • %APPDATA%\# DECRYPT MY FILES #.vbs
    • %APPDATA%\Adobe\Acrobat\9.0\JavaScripts\# DECRYPT MY FILES #.html
    • %APPDATA%\Adobe\Acrobat\9.0\JavaScripts\# DECRYPT MY FILES #.txt
    • %APPDATA%\Adobe\Acrobat\9.0\JavaScripts\# DECRYPT MY FILES #.url
    • %APPDATA%\Adobe\Acrobat\9.0\JavaScripts\# DECRYPT MY FILES #.vbs
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Music\Sample Music\# DECRYPT MY FILES #.html
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Music\Sample Music\# DECRYPT MY FILES #.txt
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Music\Sample Music\# DECRYPT MY FILES #.url
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Music\Sample Music\# DECRYPT MY FILES #.vbs
    • %APPDATA%\Adobe\Acrobat\9.0\# DECRYPT MY FILES #.html
    • %APPDATA%\Adobe\Acrobat\9.0\# DECRYPT MY FILES #.txt
    • %APPDATA%\Adobe\Acrobat\9.0\# DECRYPT MY FILES #.url
    • %APPDATA%\Adobe\Acrobat\9.0\# DECRYPT MY FILES #.vbs
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\bookmarkbackups\# DECRYPT MY FILES #.html
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\bookmarkbackups\# DECRYPT MY FILES #.txt
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\bookmarkbackups\# DECRYPT MY FILES #.url
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\bookmarkbackups\# DECRYPT MY FILES #.vbs
    • %APPDATA%\Mozilla\Firefox\# DECRYPT MY FILES #.html
    • %APPDATA%\Mozilla\Firefox\# DECRYPT MY FILES #.txt
    • %APPDATA%\Mozilla\Firefox\# DECRYPT MY FILES #.url
    • %APPDATA%\Mozilla\Firefox\# DECRYPT MY FILES #.vbs
    • %TEMPDIR%\tmp5.tmp
    • %TEMPDIR%\tmp5.bmp
    • %USERPROFILE%\Desktop\# DECRYPT MY FILES #.html
    • %USERPROFILE%\Desktop\# DECRYPT MY FILES #.txt
    • %USERPROFILE%\Desktop\# DECRYPT MY FILES #.url
    • %USERPROFILE%\Desktop\# DECRYPT MY FILES #.vbs
    次の自身のコピーが作成されました:
    • %APPDATA%\{B4403932-6D38-0A32-F7EC-AE4E9040E790}\eventvwr.exe
    次のファイルが変更されました:
    • %APPDATA%\Chronobiology.x
    • %APPDATA%\blank.gif
    • %APPDATA%\CMYK neutral.ADO
    • %APPDATA%\5.png
    • %APPDATA%\bridgehead.in.toc.xml
    • %APPDATA%\Freetown
    • %APPDATA%\24ps.png
    • %APPDATA%\80-delicious.conf
    • %APPDATA%\AMT.zdct
    • %APPDATA%\Piglet.mh5
    • %APPDATA%\DumpLog.dll
    • %temporary internet files%\Content.IE5\index.dat
    • %USERPROFILE%\Cookies\index.dat
    • %USERPROFILE%\Local Settings\History\History.IE5\index.dat
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\cert8.db
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\key3.db
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\secmod.db
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\permissions.sqlite
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\cookies.sqlite
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\places.sqlite
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\downloads.sqlite
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\chromeappsstore.sqlite
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\signons.sqlite
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\content-prefs.sqlite
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\formhistory.sqlite
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\webappsstore.sqlite
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\search.sqlite
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\extensions.sqlite
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\setup.sdb
    • %USERPROFILE%\Templates\winword.doc
    • %USERPROFILE%\Templates\winword2.doc
    • %USERPROFILE%\Templates\excel.xls
    • %USERPROFILE%\Templates\excel4.xls
    • %USERPROFILE%\Templates\powerpnt.ppt
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg
    • %DISKDRIVE%\totalcmd\REGISTER.RTF
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1028.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1029.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1030.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1031.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1032.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1049.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1035.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1036.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1037.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1038.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1040.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1041.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1042.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1043.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1044.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1045.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1046.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1025.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1053.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1055.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.2052.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.2070.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.3082.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1033.rtf
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\urlclassifierkey3.txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\biluta@www.mozilla[1].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\biluta@download.mozilla[1].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][3].txt
    • %USERPROFILE%\Cookies\biluta@www.msn[1].txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\biluta@www.bing[1].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %DISKDRIVE%\totalcmd\HISTORY.TXT
    • %DISKDRIVE%\totalcmd\KEYBOARD.TXT
    • %DISKDRIVE%\totalcmd\SIZE!.TXT
    • %APPDATA%\bridgehead.in.toc.xml
    • %APPDATA%\Adobe\Acrobat\9.0\JavaScripts\glob.settings.js
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\prefs.js
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\sessionstore.js
    • %DISKDRIVE%\totalcmd\wincmd.key
    • %USERPROFILE%\Templates\sndrec.wav
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma
    • %APPDATA%\Adobe\Acrobat\9.0\UserCache.bin
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\logo.bmp
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\pluginreg.dat
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\deffactory.dat
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\baseline.dat
    • %APPDATA%\blank.gif
    • %APPDATA%\24ps.png
    • %APPDATA%\5.png
    • %USERPROFILE%\Templates\quattro.wb2
    • %USERPROFILE%\Templates\wordpfct.wpd
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\bookmarkbackups\bookmarks-2012-01-13.json
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\search.json
    • %DISKDRIVE%\totalcmd\wincmd.ini
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\extensions.ini
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\compatibility.ini
    • %APPDATA%\Mozilla\Firefox\profiles.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.1031.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.1032.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.1035.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.1036.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.1037.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.1038.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.1040.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.1041.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.1042.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.1043.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.1044.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.1045.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.1046.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.1049.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.1053.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.1055.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.2052.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.2070.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.1030.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.1025.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.1028.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.1029.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.3082.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.ini
    次のファイル名が変更されました:
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\cert8.db
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\key3.db
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\secmod.db
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\permissions.sqlite
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\cookies.sqlite
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\places.sqlite
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\downloads.sqlite
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\chromeappsstore.sqlite
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\signons.sqlite
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\content-prefs.sqlite
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\formhistory.sqlite
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\webappsstore.sqlite
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\search.sqlite
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\extensions.sqlite
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\setup.sdb
    • %USERPROFILE%\Templates\winword.doc
    • %USERPROFILE%\Templates\winword2.doc
    • %USERPROFILE%\Templates\excel.xls
    • %USERPROFILE%\Templates\excel4.xls
    • %USERPROFILE%\Templates\powerpnt.ppt
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg
    • %DISKDRIVE%\totalcmd\REGISTER.RTF
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1028.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1029.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1030.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1031.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1032.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1049.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1035.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1036.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1037.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1038.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1040.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1041.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1042.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1043.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1044.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1045.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1046.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1025.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1053.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1055.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.2052.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.2070.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.3082.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1033.rtf
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\urlclassifierkey3.txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\biluta@www.mozilla[1].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\biluta@download.mozilla[1].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][3].txt
    • %USERPROFILE%\Cookies\biluta@www.msn[1].txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\biluta@www.bing[1].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %DISKDRIVE%\totalcmd\HISTORY.TXT
    • %DISKDRIVE%\totalcmd\KEYBOARD.TXT
    • %DISKDRIVE%\totalcmd\SIZE!.TXT
    • %APPDATA%\bridgehead.in.toc.xml
    • %APPDATA%\Adobe\Acrobat\9.0\JavaScripts\glob.settings.js
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\prefs.js
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\sessionstore.js
    • %DISKDRIVE%\totalcmd\wincmd.key
    • %USERPROFILE%\Templates\sndrec.wav
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma
    • %APPDATA%\Adobe\Acrobat\9.0\UserCache.bin
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\logo.bmp
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\pluginreg.dat
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\deffactory.dat
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\baseline.dat
    • %APPDATA%\blank.gif
    • %APPDATA%\24ps.png
    • %APPDATA%\5.png
    • %USERPROFILE%\Templates\quattro.wb2
    • %USERPROFILE%\Templates\wordpfct.wpd
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\bookmarkbackups\bookmarks-2012-01-13.json
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\search.json
    • %DISKDRIVE%\totalcmd\wincmd.ini
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\extensions.ini
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\compatibility.ini
    • %APPDATA%\Mozilla\Firefox\profiles.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.1031.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.1032.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.1035.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.1036.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.1037.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.1038.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.1040.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.1041.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.1042.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.1043.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.1044.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.1045.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.1046.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.1049.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.1053.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.1055.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.2052.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.2070.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.1030.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.1025.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.1028.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.1029.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.3082.ini
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\locdata.ini
  • 注入
    • %SYSDIR%\services.exe{<-\RPC Control\ntsvcs}
    • %DISKDRIVE%\run\sample.exe
    • %SYSDIR%\svchost.exe{<-\RPC Control\epmapper}
    • %SYSDIR%\taskkill.exe{<-\RPC Control\OLEDC8B4B56385C42E790BCF5E12ADC}
    • %SYSDIR%\wbem\wmiprvse.exe{<-\RPC Control\OLE43E2659FDACF418EAEF23360B91E}
    • %APPDATA%\{B4403932-6D38-0A32-F7EC-AE4E9040E790}\eventvwr.exe
    • %SYSDIR%\lsass.exe{<-\LsaAuthenticationPort}
    • %SYSDIR%\svchost.exe{<-\RPC Control\DNSResolver}
  • レジストリ
    以下のレジストリ・キーが追加されました:
    • [HKEY_CURRENT_USER\Printers\Defaults\{6B0DA0A5-A948-F32E-77AA-6853A6B95C7F}] "Component_01" = hex:6f,66,43,73,4f,32,46,35,66,7a,6e,76,51,50,6f,41,71,74,6d,78, 35,71,65,6b,63,34,6c,69,67,68,7a,41,64,79,6c,46,65,6a,54,6f,7a,47,62,71,6f, 46,77,49,6e,2f,42,53,55,4a,32,74,59,70,7a,43,64,70,74,67,7a,6c,44,68,53,55, 69,39,52,55,53,79,4c,48,53,71,72,76,2b,7a,4f,4a,68,62,62,4e,39,56,63,32,43, 66,6c,4e,31,4a,...[344 bytes] "Component_00" = hex:9a,04,01,02,71,73,21,06,70,03,00,00,01,00,00,00,00,01,00,01, b1,72,36,d2,ad,6b,af,c6,c6,ce,15,16,65,b6,24,68,bb,e1,62,83,7d,bc,16,5a,c8, 24,03,a5,47,e9,06,ad,0c,10,c0,86,77,6d,67,56,ae,49,16,8b,02,51,5a,09,e2,c2, ae,b3,3e,45,bd,2f,71,ce,44,f4,d7,9f,6b,ef,a2,89,7c,20,d5,12,ad,b7,8e,17,4b, f4,22,e0,61,79,...[134 bytes]
    • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "eventvwr" = ""%APPDATA%\{B4403932-6D38-0A32-F7EC-AE4E9040E790}\eventvwr.exe""
    • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "eventvwr" = ""%APPDATA%\{B4403932-6D38-0A32-F7EC-AE4E9040E790}\eventvwr.exe""
    • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "Run" = ""%APPDATA%\{B4403932-6D38-0A32-F7EC-AE4E9040E790}\eventvwr.exe""
    • [HKEY_CURRENT_USER\Software\Microsoft\Command Processor] "AutoRun" = ""%APPDATA%\{B4403932-6D38-0A32-F7EC-AE4E9040E790}\eventvwr.exe""
    • [HKEY_CURRENT_USER\Printers\Defaults\{6B0DA0A5-A948-F32E-77AA-6853A6B95C7F}] "Installed" = dword:00000001
    • [HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings] "ProxyEnable" = dword:00000000
    • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "eventvwr" = ""%APPDATA%\{B4403932-6D38-0A32-F7EC-AE4E9040E790}\eventvwr.exe""
    • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "eventvwr" = ""%APPDATA%\{B4403932-6D38-0A32-F7EC-AE4E9040E790}\eventvwr.exe""
    • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "Run" = ""%APPDATA%\{B4403932-6D38-0A32-F7EC-AE4E9040E790}\eventvwr.exe""
    • [HKEY_CURRENT_USER\Software\Microsoft\Command Processor] "AutoRun" = ""%APPDATA%\{B4403932-6D38-0A32-F7EC-AE4E9040E790}\eventvwr.exe""
    以下のレジストリ・キーが変更されました:
    • [HKEY_CURRENT_USER\Control Panel\Desktop] "SCRNSAVE.EXE" = ""%APPDATA%\{B4403932-6D38-0A32-F7EC-AE4E9040E790}\eventvwr.exe""
    • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "MigrateProxy" = dword:00000001 "ProxyEnable" = dword:00000000 ProxyServer = - ProxyOverride = - AutoConfigURL = -
    • [HKEY_CURRENT_USER\Control Panel\Desktop] "SCRNSAVE.EXE" = ""%APPDATA%\{B4403932-6D38-0A32-F7EC-AE4E9040E790}\eventvwr.exe"" "Wallpaper" = "%TEMPDIR%\tmp5.bmp"
  • HTTP 要求
    • ip-api.*****com/json
  • 別名
    Avast: Win32:Evo-gen
    Kaspersky Lab: HEUR:Packed.NSIS.MyxaH.gen

不審なファイル、またはURLを当社に送信することによって、当社はそれらを分析し、ウェブの操作を更に安全にします。

ファイル、またはURLの送信 または Avira Answers に進む

不審なファイルを送信する理由

当社のデータベースにない疑わしいファイルまたはウェブサイトに遭遇した場合、当社はそれを分析し、有害かどうかを判断します。次回のウイルスデータベースの更新時に、当社の調査結果は何百万人ものユーザーに通知されます。Avira をお使いの場合は、あなたにもその最新のデータベースを提供します。Avira をまだお使いでないですか?当社のホームページ.から入手できます。

Avira Answers とは?

当社の技術専門家やパートタイムの専門家による大規模なコミュニティは、ハイテク問題を解決するために取り組んでいます。Avira のユーザーコミュニティに質問を提起するのに最適な場所です。