Laboratório de vírus Avira

TR/Samca.A.484

  • Nome
    TR/Samca.A.484
  • Data em que surgiu
    15/12/2015
  • Tipo
    Malware
  • Impacto
    Médio 
  • Infecções relatadas
    Baixo 
  • Sistema operacional
    Windows
  • Versão do VDF
    7.12.24.20 (2015-11-02 20:29)

O termo 'TR' refere-se a um cavalo de Troia que pode espionar dados para violar sua privacidade ou realizar modificações indesejadas no sistema.

  • VDF
    7.12.24.20 (2015-11-02 20:29)
  • Arquivos
    Os seguintes arquivos foram alterados:
    • %temporary internet files%\Content.IE5\index.dat
    • %USERPROFILE%\Cookies\index.dat
    • %USERPROFILE%\Local Settings\History\History.IE5\index.dat
    Os seguintes arquivos foram excluídos:
    • %temporary internet files%\Content.IE5\QH9ZEEV0\urg[1].htm
    • %temporary internet files%\Content.IE5\QH9ZEEV0\c[1].aspx
    • %TEMPDIR%\RsdSfxTmp\Rav.7z
    • %TEMPDIR%\RsdSfxTmp\rmv936\img\about-01.png
    • %TEMPDIR%\RsdSfxTmp\rmv936\img\about-02.png
    • %TEMPDIR%\RsdSfxTmp\rmv936\img\about-03.png
    • %TEMPDIR%\RsdSfxTmp\rmv936\img\about-04.png
    • %TEMPDIR%\RsdSfxTmp\rmv936\img\icon-mini.png
    • %TEMPDIR%\RsdSfxTmp\_rmv\rmv.ico
    • %TEMPDIR%\RsdSfxTmp\_rmv\rmvtray.ico
    • %TEMPDIR%\RsdSfxTmp\mscrt9\Microsoft.VC90.ATL.manifest
    • %TEMPDIR%\RsdSfxTmp\mscrt9\Microsoft.VC90.CRT.manifest
    • %TEMPDIR%\RsdSfxTmp\mscrt9\mscrt9.xml
    • %TEMPDIR%\RsdSfxTmp\os.xml
    • %TEMPDIR%\RsdSfxTmp\rmv936\rmv936.xml
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\rmvcloudv3.xml
    • %TEMPDIR%\RsdSfxTmp\trayfrm\rscom.xml
    • %TEMPDIR%\RsdSfxTmp\rsdk\rsdk.xml
    • %TEMPDIR%\RsdSfxTmp\RSSETUP.xml
    • %TEMPDIR%\RsdSfxTmp\_rmv\Setup.xml
    • %TEMPDIR%\RsdSfxTmp\trayfrm\tray.xml
    • %TEMPDIR%\RsdSfxTmp\trayfrm\trayfrm.xml
    • %TEMPDIR%\RsdSfxTmp\update.xml
    • %TEMPDIR%\RsdSfxTmp\_rmv\_rmv.xml
    • %TEMPDIR%\RsdSfxTmp\rmv936\about.htm
    • %TEMPDIR%\RsdSfxTmp\rmv936\ifpc.htm
    • %TEMPDIR%\RsdSfxTmp\ui\snin.htm
    • %TEMPDIR%\RsdSfxTmp\rmv936\snin.htm
    • %TEMPDIR%\RsdSfxTmp\rmv936\info.html
    • %TEMPDIR%\RsdSfxTmp\rmv936\lics936.txt
    • %TEMPDIR%\RsdSfxTmp\Auto.ini
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\url.ini
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\datastorage.db
    • %TEMPDIR%\RsdSfxTmp\_rmv\12345678.000
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\dataups.dat
    • %TEMPDIR%\RsdSfxTmp\label.dat
    • %TEMPDIR%\RsdSfxTmp\setup.dat
    • %TEMPDIR%\RsdSfxTmp\CompsVer.inf
    • %TEMPDIR%\RsdSfxTmp\RSD936\CHS.lag
    • %TEMPDIR%\RsdSfxTmp\RSD950\CHT.lag
    • %TEMPDIR%\RsdSfxTmp\RSD1252\Eng.lag
    • %TEMPDIR%\RsdSfxTmp\RSD932\Jpn.lag
    • %TEMPDIR%\RsdSfxTmp\rmv936\rmv936.lag
    • %TEMPDIR%\RsdSfxTmp\popwndexe.exe
    • %TEMPDIR%\RsdSfxTmp\RsBackup.exe
    • %TEMPDIR%\RsdSfxTmp\RsMgrSvc.exe
    • %TEMPDIR%\RsdSfxTmp\RsStub.exe
    • %TEMPDIR%\RsdSfxTmp\Setup.exe
    • %TEMPDIR%\RsdSfxTmp\trayfrm\tray.exe
    • %TEMPDIR%\RsdSfxTmp\updater.exe
    • %TEMPDIR%\RsdSfxTmp\mscrt9\atl90.dll
    • %TEMPDIR%\RsdSfxTmp\CfgDll.dll
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\cloudnotifier.dll
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\cloudstore.dll
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\Cloudv3.dll
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\cloudwork.dll
    • %TEMPDIR%\RsdSfxTmp\comx3.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\comx3.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\dfw.dll
    • %TEMPDIR%\RsdSfxTmp\localopt.dll
    • %TEMPDIR%\RsdSfxTmp\trayfrm\localopt.dll
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\localopt.dll
    • %TEMPDIR%\RsdSfxTmp\mscrt9\msvcp90.dll
    • %TEMPDIR%\RsdSfxTmp\mscrt9\msvcr90.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\procenv.dll
    • %TEMPDIR%\RsdSfxTmp\_rmv\rmvsetup.dll
    • %TEMPDIR%\RsdSfxTmp\RsAppMgr.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\rscom.dll
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\rscurl.dll
    • %TEMPDIR%\RsdSfxTmp\rsdinfo.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk.dll
    • %TEMPDIR%\RsdSfxTmp\rslang.dll
    • %TEMPDIR%\RsdSfxTmp\rsmginfo.dll
    • %TEMPDIR%\RsdSfxTmp\trayfrm\rsp2pclient.dll
    • %TEMPDIR%\RsdSfxTmp\trayfrm\rspopwnd.dll
    • %TEMPDIR%\RsdSfxTmp\RstoreDll.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\rsxml3a.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\rsxml3w.dll
    • %TEMPDIR%\RsdSfxTmp\syslay.dll
    • %TEMPDIR%\RsdSfxTmp\trayfrm\trayload.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\traywnd.dll
    • %TEMPDIR%\RsdSfxTmp\protreg.sys
    • %TEMPDIR%\RsdSfxTmp\setup.dll
    • %temporary internet files%\Content.IE5\QH9ZEEV0\ErrorNet[1].htm
    • %PROGRAM FILES%\RsTest.ini
    • %TEMPDIR%\RMV.cfg
    • %PROGRAM FILES%\Rising\RMV
    • %PROGRAM FILES%\Rising
    • %TEMPDIR%\RMV_DL
    • %TEMPDIR%\RsdSfxTmp\mscrt9
    • %TEMPDIR%\RsdSfxTmp\rmv936\img
    • %TEMPDIR%\RsdSfxTmp\rmv936
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3
    • %TEMPDIR%\RsdSfxTmp\RSD1252
    • %TEMPDIR%\RsdSfxTmp\RSD932
    • %TEMPDIR%\RsdSfxTmp\RSD936
    • %TEMPDIR%\RsdSfxTmp\RSD950
    • %TEMPDIR%\RsdSfxTmp\rsdk
    • %TEMPDIR%\RsdSfxTmp\trayfrm
    • %TEMPDIR%\RsdSfxTmp\ui
    • %TEMPDIR%\RsdSfxTmp\_rmv\12345678.000.bak
    • %TEMPDIR%\RsdSfxTmp\_rmv
    • %TEMPDIR%\RsdSfxTmp
    Os seguintes arquivos foram criados:
    • %temporary internet files%\Content.IE5\QH9ZEEV0\urg[1].htm
    • %temporary internet files%\Content.IE5\QH9ZEEV0\c[1].aspx
    • %TEMPDIR%\RsdSfxTmp\Rav.7z
    • %TEMPDIR%\RsdSfxTmp\rmv936\img\about-01.png
    • %TEMPDIR%\RsdSfxTmp\rmv936\img\about-02.png
    • %TEMPDIR%\RsdSfxTmp\rmv936\img\about-03.png
    • %TEMPDIR%\RsdSfxTmp\rmv936\img\about-04.png
    • %TEMPDIR%\RsdSfxTmp\rmv936\img\icon-mini.png
    • %TEMPDIR%\RsdSfxTmp\_rmv\rmv.ico
    • %TEMPDIR%\RsdSfxTmp\_rmv\rmvtray.ico
    • %TEMPDIR%\RsdSfxTmp\mscrt9\Microsoft.VC90.ATL.manifest
    • %TEMPDIR%\RsdSfxTmp\mscrt9\Microsoft.VC90.CRT.manifest
    • %TEMPDIR%\RsdSfxTmp\mscrt9\mscrt9.xml
    • %TEMPDIR%\RsdSfxTmp\os.xml
    • %TEMPDIR%\RsdSfxTmp\rmv936\rmv936.xml
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\rmvcloudv3.xml
    • %TEMPDIR%\RsdSfxTmp\trayfrm\rscom.xml
    • %TEMPDIR%\RsdSfxTmp\rsdk\rsdk.xml
    • %TEMPDIR%\RsdSfxTmp\RSSETUP.xml
    • %TEMPDIR%\RsdSfxTmp\_rmv\Setup.xml
    • %TEMPDIR%\RsdSfxTmp\trayfrm\tray.xml
    • %TEMPDIR%\RsdSfxTmp\trayfrm\trayfrm.xml
    • %TEMPDIR%\RsdSfxTmp\update.xml
    • %TEMPDIR%\RsdSfxTmp\_rmv\_rmv.xml
    • %TEMPDIR%\RsdSfxTmp\rmv936\about.htm
    • %TEMPDIR%\RsdSfxTmp\rmv936\ifpc.htm
    • %TEMPDIR%\RsdSfxTmp\ui\snin.htm
    • %TEMPDIR%\RsdSfxTmp\rmv936\snin.htm
    • %TEMPDIR%\RsdSfxTmp\rmv936\info.html
    • %TEMPDIR%\RsdSfxTmp\rmv936\lics936.txt
    • %TEMPDIR%\RsdSfxTmp\Auto.ini
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\url.ini
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\datastorage.db
    • %TEMPDIR%\RsdSfxTmp\_rmv\12345678.000
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\dataups.dat
    • %TEMPDIR%\RsdSfxTmp\label.dat
    • %TEMPDIR%\RsdSfxTmp\setup.dat
    • %TEMPDIR%\RsdSfxTmp\CompsVer.inf
    • %TEMPDIR%\RsdSfxTmp\RSD936\CHS.lag
    • %TEMPDIR%\RsdSfxTmp\RSD950\CHT.lag
    • %TEMPDIR%\RsdSfxTmp\RSD1252\Eng.lag
    • %TEMPDIR%\RsdSfxTmp\RSD932\Jpn.lag
    • %TEMPDIR%\RsdSfxTmp\rmv936\rmv936.lag
    • %TEMPDIR%\RsdSfxTmp\popwndexe.exe
    • %TEMPDIR%\RsdSfxTmp\RsBackup.exe
    • %TEMPDIR%\RsdSfxTmp\RsMgrSvc.exe
    • %TEMPDIR%\RsdSfxTmp\RsStub.exe
    • %TEMPDIR%\RsdSfxTmp\Setup.exe
    • %TEMPDIR%\RsdSfxTmp\trayfrm\tray.exe
    • %TEMPDIR%\RsdSfxTmp\updater.exe
    • %TEMPDIR%\RsdSfxTmp\mscrt9\atl90.dll
    • %TEMPDIR%\RsdSfxTmp\CfgDll.dll
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\cloudnotifier.dll
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\cloudstore.dll
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\Cloudv3.dll
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\cloudwork.dll
    • %TEMPDIR%\RsdSfxTmp\comx3.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\comx3.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\dfw.dll
    • %TEMPDIR%\RsdSfxTmp\localopt.dll
    • %TEMPDIR%\RsdSfxTmp\trayfrm\localopt.dll
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\localopt.dll
    • %TEMPDIR%\RsdSfxTmp\mscrt9\msvcp90.dll
    • %TEMPDIR%\RsdSfxTmp\mscrt9\msvcr90.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\procenv.dll
    • %TEMPDIR%\RsdSfxTmp\_rmv\rmvsetup.dll
    • %TEMPDIR%\RsdSfxTmp\RsAppMgr.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\rscom.dll
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\rscurl.dll
    • %TEMPDIR%\RsdSfxTmp\rsdinfo.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk.dll
    • %TEMPDIR%\RsdSfxTmp\rslang.dll
    • %TEMPDIR%\RsdSfxTmp\rsmginfo.dll
    • %TEMPDIR%\RsdSfxTmp\trayfrm\rsp2pclient.dll
    • %TEMPDIR%\RsdSfxTmp\trayfrm\rspopwnd.dll
    • %TEMPDIR%\RsdSfxTmp\RstoreDll.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\rsxml3a.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\rsxml3w.dll
    • %TEMPDIR%\RsdSfxTmp\syslay.dll
    • %TEMPDIR%\RsdSfxTmp\trayfrm\trayload.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\traywnd.dll
    • %TEMPDIR%\RsdSfxTmp\protreg.sys
    • %TEMPDIR%\RsdSfxTmp\setup.dll
    • %TEMPDIR%\sample.exe.log
    • %temporary internet files%\Content.IE5\QH9ZEEV0\ErrorNet[1].htm
    • %PROGRAM FILES%\RsTest.ini
    • %TEMPDIR%\RMV.cfg
    • %TEMPDIR%\RMV.cfg.tmp
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\os.xml
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\rslang.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\RsAppMgr.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\CfgDll.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\Setup.exe
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\updater.exe
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\RsStub.exe
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\RsMgrSvc.exe
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\RsBackup.exe
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\setup.dat
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\comx3.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\syslay.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\protreg.sys
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\update.xml
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\rsdinfo.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\RSD936\CHS.lag
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\RSD950\CHT.lag
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\RSD1252\Eng.lag
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\RSD932\Jpn.lag
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\popwndexe.exe
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\localopt.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\rsmginfo.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\rsdk.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\ui\snin.htm
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\RstoreDll.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\RSSetup.xml
    • %PROGRAM FILES%\Rising\RSD\os.xml
    • %PROGRAM FILES%\Rising\RSD\rslang.dll
    • %PROGRAM FILES%\Rising\RSD\RsAppMgr.dll
    • %PROGRAM FILES%\Rising\RSD\CfgDll.dll
    • %PROGRAM FILES%\Rising\RSD\Setup.exe
    • %PROGRAM FILES%\Rising\RSD\updater.exe
    • %PROGRAM FILES%\Rising\RSD\RsStub.exe
    • %PROGRAM FILES%\Rising\RSD\RsMgrSvc.exe
    • %PROGRAM FILES%\Rising\RSD\RsBackup.exe
    • %PROGRAM FILES%\Rising\RSD\setup.dat
    • %PROGRAM FILES%\Rising\RSD\comx3.dll
    • %PROGRAM FILES%\Rising\RSD\syslay.dll
    • %SYSDIR%\drivers\protreg.sys
    • %PROGRAM FILES%\Rising\RSD\update.xml
    • %PROGRAM FILES%\Rising\RSD\rsdinfo.dll
    • %PROGRAM FILES%\Rising\RSD\RSD936\CHS.lag
    • %PROGRAM FILES%\Rising\RSD\RSD950\CHT.lag
    • %PROGRAM FILES%\Rising\RSD\RSD1252\Eng.lag
    • %PROGRAM FILES%\Rising\RSD\RSD932\Jpn.lag
    • %PROGRAM FILES%\Rising\RSD\popwndexe.exe
    • %PROGRAM FILES%\Rising\RSD\localopt.dll
    • %PROGRAM FILES%\Rising\RSD\rsmginfo.dll
    • %PROGRAM FILES%\Rising\RSD\rsdk.dll
    • %PROGRAM FILES%\Rising\RSD\ui\snin.htm
    • %PROGRAM FILES%\Rising\RSD\RstoreDll.dll
    • %PROGRAM FILES%\Rising\RSD\XMLS\RSSetup.xml
    • %PROGRAM FILES%\Rising\RSD\RsMgrsvc.ini
    • %PROGRAM FILES%\Rising\RSD\Data\RMV\RMV.ini
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\_RMV\Setup.xml
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\_RMV\rmvtray.ico
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\_RMV\rmv.ico
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\_RMV\12345678.000
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\_RMV\rmvsetup.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\_RMV\_RMV.xml
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\TRAYFRM\tray.exe
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\TRAYFRM\trayload.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\TRAYFRM\localopt.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\TRAYFRM\rspopwnd.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\TRAYFRM\rscom.xml
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\TRAYFRM\tray.xml
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\TRAYFRM\rsp2pclient.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\TRAYFRM\TRAYFRM.xml
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\MSCRT9\atl90.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\MSCRT9\Microsoft.VC90.ATL.manifest
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\MSCRT9\Microsoft.VC90.CRT.manifest
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\MSCRT9\msvcp90.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\MSCRT9\msvcr90.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\MSCRT9\MSCRT9.xml
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RSDK\rscom.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RSDK\procenv.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RSDK\traywnd.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RSDK\dfw.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RSDK\comx3.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RSDK\rsxml3w.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RSDK\rsxml3a.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RSDK\RSDK.xml
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMV936\rmv936.lag
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMV936\lics936.txt
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMV936\about.htm
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMV936\info.html
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMV936\snin.htm
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMV936\ifpc.htm
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMV936\img\about-01.png
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMV936\img\about-02.png
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMV936\img\about-03.png
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMV936\img\about-04.png
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMV936\img\icon-mini.png
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMV936\RMV936.xml
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMVCLOUDV3\Cloudv3.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMVCLOUDV3\localopt.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMVCLOUDV3\cloudstore.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMVCLOUDV3\cloudwork.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMVCLOUDV3\dataups.dat
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMVCLOUDV3\cloudnotifier.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMVCLOUDV3\rscurl.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMVCLOUDV3\datastorage.db
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMVCLOUDV3\url.ini
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMVCLOUDV3\RMVCLOUDV3.xml
    • %DISKDRIVE%\Documents and Settings\All Users\Application Data\Rising\RMV\Update.log
    • %PROGRAM FILES%\Rising\RMV\CompsVer.inf
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\CompsVer.inf
    • %PROGRAM FILES%\Rising\RMV\Label.dat
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\Label.dat
    • %PROGRAM FILES%\Rising\RMV\XMLS\Setup.xml
    • %PROGRAM FILES%\Rising\RMV\rmvtray.ico
    • %PROGRAM FILES%\Rising\RMV\rmv.ico
    • %PROGRAM FILES%\Rising\RMV\12345678.000
    • %PROGRAM FILES%\Rising\RMV\rmvsetup.dll
    • %PROGRAM FILES%\Rising\RMV\XMLS\_RMV.xml
    • %PROGRAM FILES%\Rising\RMV\tray.exe
    • %PROGRAM FILES%\Rising\RMV\trayload.dll
    • %PROGRAM FILES%\Rising\RMV\localopt.dll
    • %PROGRAM FILES%\Rising\RMV\rspopwnd.dll
    • %PROGRAM FILES%\Rising\RMV\rscom.xml
    • %PROGRAM FILES%\Rising\RMV\tray.xml
    • %PROGRAM FILES%\Rising\RMV\rsp2pclient.dll
    • %PROGRAM FILES%\Rising\RMV\XMLS\TRAYFRM.xml
    • %PROGRAM FILES%\Rising\RMV\atl90.dll
    • %PROGRAM FILES%\Rising\RMV\Microsoft.VC90.ATL.manifest
    • %PROGRAM FILES%\Rising\RMV\Microsoft.VC90.CRT.manifest
    • %PROGRAM FILES%\Rising\RMV\msvcp90.dll
    • %PROGRAM FILES%\Rising\RMV\msvcr90.dll
    • %PROGRAM FILES%\Rising\RMV\XMLS\MSCRT9.xml
    • %PROGRAM FILES%\Rising\RMV\rscom.dll
    • %PROGRAM FILES%\Rising\RMV\procenv.dll
    • %PROGRAM FILES%\Rising\RMV\traywnd.dll
    • %PROGRAM FILES%\Rising\RMV\dfw.dll
    • %PROGRAM FILES%\Rising\RMV\comx3.dll
    • %PROGRAM FILES%\Rising\RMV\rsxml3w.dll
    • %PROGRAM FILES%\Rising\RMV\rsxml3a.dll
    • %PROGRAM FILES%\Rising\RMV\XMLS\RSDK.xml
    • %PROGRAM FILES%\Rising\RMV\rmv936.lag
    • %PROGRAM FILES%\Rising\RMV\lics936.txt
    • %PROGRAM FILES%\Rising\RMV\ui\about.htm
    • %PROGRAM FILES%\Rising\RMV\ui\info.html
    • %PROGRAM FILES%\Rising\RMV\ui\snin.htm
    • %PROGRAM FILES%\Rising\RMV\ui\ifpc.htm
    • %PROGRAM FILES%\Rising\RMV\ui\img\about-01.png
    • %PROGRAM FILES%\Rising\RMV\ui\img\about-02.png
    • %PROGRAM FILES%\Rising\RMV\ui\img\about-03.png
    • %PROGRAM FILES%\Rising\RMV\ui\img\about-04.png
    • %PROGRAM FILES%\Rising\RMV\ui\img\icon-mini.png
    • %PROGRAM FILES%\Rising\RMV\XMLS\RMV936.xml
    • %PROGRAM FILES%\Rising\RMV\Cloudv3.dll
    • %PROGRAM FILES%\Rising\RMV\cloudstore.dll
    • %PROGRAM FILES%\Rising\RMV\cloudwork.dll
    • %PROGRAM FILES%\Rising\RMV\dataups.dat
    • %PROGRAM FILES%\Rising\RMV\cloudnotifier.dll
    • %PROGRAM FILES%\Rising\RMV\rscurl.dll
    • %DISKDRIVE%\Documents and Settings\All Users\Application Data\Rising\RMV\datastorage.db
    • %PROGRAM FILES%\Rising\RMV\url.ini
    • %PROGRAM FILES%\Rising\RMV\XMLS\RMVCLOUDV3.xml
    • %PROGRAM FILES%\Rising\RMV\NetConfig.ini
    • %DISKDRIVE%\Documents and Settings\All Users\Start Menu\Programs\Rising Software Deployment System\Restore.lnk
    • %DISKDRIVE%\Documents and Settings\All Users\Start Menu\Programs\Rising Software Deployment System\Rising Software Deployment System.lnk
    Os seguintes arquivos foram renomeados:
    • %TEMPDIR%\RsdSfxTmp\_rmv\12345678.000
    • %TEMPDIR%\RMV.cfg
    • %TEMPDIR%\RMV.cfg.tmp
  • Registro
    São adicionadas as seguintes entidades de registro:
    • HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings ("ProxyEnable": dword:00000000)
    • HKEY_CLASSES_ROOT\CLSID\{CAA2D3B1-4BB5-4a45-A17A-122773379D99} ("ProcID": "{EA565346-D40F-6648-3030-303030303030}")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ("RSDTRAY": ""%PROGRAM FILES%\Rising\RSD\popwndexe.exe""; "RMVTRAY": ""%PROGRAM FILES%\Rising\RMV\TRAY.EXE" -system")
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RsMgrSvc ("Type": dword:00000110; "Start": dword:00000002; "ErrorControl": dword:00000001; "ImagePath": ""%PROGRAM FILES%\Rising\RSD\RsMgrSvc.exe""; "DisplayName": "Rsd Service"; "Group": "COM Infrastructure"; "DependOnService": "RpcSs;"; "DependOnGroup": ""; "ObjectName": "LocalSystem"; "FailureActions": %hex values%)
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RsMgrSvc\Security ("Security": %hex values%)
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rsdsys ("Type": dword:00000001; "Start": dword:00000002; "ErrorControl": dword:00000001; "ImagePath": "\??\%SYSDIR%\drivers\protreg.sys"; "DisplayName": "rsd protect")
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rsdsys\Security ("Security": %hex values%)
    Altera as seguintes entidades de registo:
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services (Rising: -)
  • Pedidos HTTP
    • info.*****g.cn/pc/rsmsgreq.xml
    • info.*****g.cn/pc/getmsgurl.aspx?info=LWJol7QSBj9sfnU0GigUaXNUZVkaGAQlZ1xvGgRVa18ZHwJSY18ZHwJSY18ZHwJHADlrZ3c4bj5kehQgEDhgY3woF1EYGAFZZFQbCmcyFj5gYnQubl2m
    • dl.*****.cn/dl/qdtg/st1855810.exe

Ajude a tornar a rede mais segura enviando-nos arquivos/URLs suspeitos para análise.

Envie o seu arquivo/URL Ou Acesse o Avira Answers

Porque enviar um arquivo suspeito?

Se você encontrou um arquivo ou um website suspeito que não está na nossa base de dados, nós analisaremos e determinaremos se ele é nocivo. As nossas descobertas são, então, enviadas aos nossos milhões de usuários através da próxima atualização da base de dados de vírus. Se você possui o Avira, você obterá essa atualização também. Não possui o Avira? Obtenha-o através do nossa página inicial.

O que é o Avira Answers?

Esta é a nossa próspera comunidade de profissionais técnicos e especialistas a meio período, trabalhando em conjunto para ajudar a resolver os problemas da tecnologia. É o lugar perfeito onde fazer as suas perguntas, em uma comunidade de colegas usuários do Avira.