Laboratório de vírus Avira

TR/Crypt.ZPACK.220725

  • Nome
    TR/Crypt.ZPACK.220725
  • Data em que surgiu
    12/12/2015
  • Tipo
    Malware
  • Impacto
    Médio 
  • Infecções relatadas
    Baixo 
  • Sistema operacional
    Windows
  • Versão do VDF
    7.12.34.4 (2015-12-03 17:06)

O termo 'TR' refere-se a um cavalo de Troia que pode espionar dados para violar sua privacidade ou realizar modificações indesejadas no sistema.

  • VDF
    7.12.34.4 (2015-12-03 17:06)
  • Alias
    Avast: Win32:Malware-gen
    AVG: Generic37.MY
    Dr. Web: Trojan.Encoder.3104
    McAfee: PWSZbot-FAOI!FBF1B81263B4
    Trend Micro: Ransom_.7C4A83A9
    Microsoft: Ransom:Win32/Tescrypt!rfn
    G Data: Trojan.GenericKD.2907449
    Kaspersky Lab: Trojan.Win32.Yakes.npyk
    Bitdefender: Trojan.GenericKD.2907449
    ESET: Win32/Filecoder.EM trojan
  • Arquivos
    As seguintes cópias foram criadas:
    • %APPDATA%\mceyg-a.exe
    Os seguintes arquivos foram criados:
    • %USERPROFILE%\My Documents\recover_file_uqdsdasyc.txt
    • %temporary internet files%\Content.IE5\QH9ZEEV0\CA0PS4IJ.htm
    • %temporary internet files%\Content.IE5\QH9ZEEV0\CAOLUVUF.htm
    • %temporary internet files%\Content.IE5\QH9ZEEV0\CA39NXCZ.htm
    Os seguintes arquivos foram alterados:
    • %temporary internet files%\Content.IE5\index.dat
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1025.rtf
    • %USERPROFILE%\Cookies\index.dat
    • %USERPROFILE%\Local Settings\History\History.IE5\index.dat
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1028.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1029.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1030.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1031.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1032.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1033.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1035.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1036.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1037.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1038.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1040.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1041.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1042.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1043.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1044.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1045.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1046.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1049.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1053.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1055.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.2052.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.2070.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.3082.rtf
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg
    • %APPDATA%\Adobe\Acrobat\9.0\JavaScripts\glob.js
    • %APPDATA%\Adobe\Acrobat\9.0\JavaScripts\glob.settings.js
    • %APPDATA%\Microsoft\Internet Explorer\brndlog.txt
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\prefs.js
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\sessionstore.js
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\urlclassifierkey3.txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\biluta@download.mozilla[1].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][3].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\biluta@www.bing[1].txt
    • %USERPROFILE%\Cookies\biluta@www.mozilla[1].txt
    • %USERPROFILE%\Cookies\biluta@www.msn[1].txt
    • %TEMPDIR%\AUCHECK_PARSER.txt
    • %TEMPDIR%\dd_clwireg.txt
    • %TEMPDIR%\dd_depcheckdotnetfx30.txt
    • %TEMPDIR%\dd_depcheck_NETFX20_EXP_35.txt
    • %TEMPDIR%\dd_depcheck_NETFX_EXP_35.txt
    • %TEMPDIR%\dd_dotnetfx20error.txt
    • %TEMPDIR%\dd_dotnetfx20install.txt
    • %TEMPDIR%\dd_dotnetfx35error.txt
    • %TEMPDIR%\dd_dotnetfx35install.txt
    • %TEMPDIR%\dd_dotnetfx3install.txt
    • %TEMPDIR%\dd_dotNetFx40_Full_setup_decompression_log.txt
    • %TEMPDIR%\dd_msxml_retMSI4318.txt
    • %TEMPDIR%\dd_netfx20MSI205C.txt
    • %TEMPDIR%\dd_netfx20UI205C.txt
    • %TEMPDIR%\dd_NET_Framework20_Setup12EF.txt
    Os seguintes arquivos foram renomeados:
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1025.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1028.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1029.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1030.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1031.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1032.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1033.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1035.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1036.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1037.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1038.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1040.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1041.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1042.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1043.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1044.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1045.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1046.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1049.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1053.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1055.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.2052.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.2070.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.3082.rtf
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg
    • %APPDATA%\Adobe\Acrobat\9.0\JavaScripts\glob.settings.js
    • %APPDATA%\Microsoft\Internet Explorer\brndlog.txt
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\prefs.js
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\sessionstore.js
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\urlclassifierkey3.txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\biluta@download.mozilla[1].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][3].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\biluta@www.bing[1].txt
    • %USERPROFILE%\Cookies\biluta@www.mozilla[1].txt
    • %USERPROFILE%\Cookies\biluta@www.msn[1].txt
    • %TEMPDIR%\AUCHECK_PARSER.txt
    • %TEMPDIR%\dd_clwireg.txt
    • %TEMPDIR%\dd_depcheckdotnetfx30.txt
    • %TEMPDIR%\dd_depcheck_NETFX20_EXP_35.txt
    • %TEMPDIR%\dd_depcheck_NETFX_EXP_35.txt
    • %TEMPDIR%\dd_dotnetfx20error.txt
    • %TEMPDIR%\dd_dotnetfx20install.txt
    • %TEMPDIR%\dd_dotnetfx35error.txt
    • %TEMPDIR%\dd_dotnetfx35install.txt
    • %TEMPDIR%\dd_dotnetfx3install.txt
    • %TEMPDIR%\dd_dotNetFx40_Full_setup_decompression_log.txt
    • %TEMPDIR%\dd_msxml_retMSI4318.txt
    • %TEMPDIR%\dd_netfx20MSI205C.txt
    • %TEMPDIR%\dd_netfx20UI205C.txt
    • %TEMPDIR%\dd_NET_Framework20_Setup12EF.txt
    Os seguintes arquivos foram excluídos:
    • %temporary internet files%\Content.IE5\QH9ZEEV0\CA0PS4IJ.htm
    • %temporary internet files%\Content.IE5\QH9ZEEV0\CAOLUVUF.htm
    • %temporary internet files%\Content.IE5\QH9ZEEV0\CA39NXCZ.htm
  • Injeções
    • %APPDATA%\mceyg-a.exe
  • Registro
    São adicionadas as seguintes entidades de registro:
    • HKEY_CURRENT_USER\Software\zsys ("ID": %hex values%)
    • HKEY_CURRENT_USER\Software\A45825718410E168 ("data": %hex values%)
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ("Acronis": "%APPDATA%\mceyg-a.exe")
    • HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings ("ProxyEnable": dword:00000000)
  • Pedidos HTTP
    • myexternalip.*****com/raw
    • regiefernando.*****ages/slideshow/sysmisc.php?D123FB3FDBE6D719F0F7EA27237BFCA4D7608843743A606142A0C1A2CC5BD00F67CFFC27044025B19732C2A3406AB5715A98D5C9E047AB6F13253AAE0344640DA7177B3605D14303A952208703A01F82CC6AC501BEFE4982046B85F0FD35B98C59AEBB15C5E67DEC122D093E0168C3DC9C686822324FDBF46EB482D0BCC1D4A37B4AC4FEE4F13A07FA50977E07EB6187EB0ECE1FE66F83257A897C4DD4B751D61AA713EA0196CB955DBBCCD53857027A14E97032B0E71D632443AC6F36643886B2B30A02B937B15B1F37E55B7516E6501BCD619D89E0F1B6A24CE42FD4C66AD850EB32DA42199954F741CDC210EA559C749455560A27B46B0B202D29B6742BCB3A7BE8812CACB4DBA7A1C0EFC98E6F214D90342855A56B8F57BDE6C1B140F2DC70D937382E75EA8265FB00E4F10D1AE48D46A5F6C4F3B99D3529422B5B2E0B029EF360D839A243CF07C02DDD9C1F43BD05431277189D9F13635B2062D3D22FB7
    • regiefernando.*****i-sys/suspendedpage.cgi?D123FB3FDBE6D719F0F7EA27237BFCA4D7608843743A606142A0C1A2CC5BD00F67CFFC27044025B19732C2A3406AB5715A98D5C9E047AB6F13253AAE0344640DA7177B3605D14303A952208703A01F82CC6AC501BEFE4982046B85F0FD35B98C59AEBB15C5E67DEC122D093E0168C3DC9C686822324FDBF46EB482D0BCC1D4A37B4AC4FEE4F13A07FA50977E07EB6187EB0ECE1FE66F83257A897C4DD4B751D61AA713EA0196CB955DBBCCD53857027A14E97032B0E71D632443AC6F36643886B2B30A02B937B15B1F37E55B7516E6501BCD619D89E0F1B6A24CE42FD4C66AD850EB32DA42199954F741CDC210EA559C749455560A27B46B0B202D29B6742BCB3A7BE8812CACB4DBA7A1C0EFC98E6F214D90342855A56B8F57BDE6C1B140F2DC70D937382E75EA8265FB00E4F10D1AE48D46A5F6C4F3B99D3529422B5B2E0B029EF360D839A243CF07C02DDD9C1F43BD05431277189D9F13635B2062D3D22FB7
    • schriebershof.*****p/misc.php?D123FB3FDBE6D719F0F7EA27237BFCA4D7608843743A606142A0C1A2CC5BD00F67CFFC27044025B19732C2A3406AB5715A98D5C9E047AB6F13253AAE0344640DA7177B3605D14303A952208703A01F82CC6AC501BEFE4982046B85F0FD35B98C59AEBB15C5E67DEC122D093E0168C3DC9C686822324FDBF46EB482D0BCC1D4A37B4AC4FEE4F13A07FA50977E07EB6187EB0ECE1FE66F83257A897C4DD4B751D61AA713EA0196CB955DBBCCD53857027A14E97032B0E71D632443AC6F36643886B2B30A02B937B15B1F37E55B7516E6501BCD619D89E0F1B6A24CE42FD4C66AD850EB32DA42199954F741CDC210EA559C749455560A27B46B0B202D29B6742BCB3A7BE8812CACB4DBA7A1C0EFC98E6F214D90342855A56B8F57BDE6C1B140F2DC159C88E88ED8E7E2924FBBEF27EF682CA548E4FC2BEABCE79E0E70F5399408587B83D023FB339824ABFE511F59BDD00E5E7A0D46BD00BB828F7B4439907FA571
    • apotheke-stiepel.*****mp/misc.php?D123FB3FDBE6D719F0F7EA27237BFCA4D7608843743A606142A0C1A2CC5BD00F67CFFC27044025B19732C2A3406AB5715A98D5C9E047AB6F13253AAE0344640DA7177B3605D14303A952208703A01F82CC6AC501BEFE4982046B85F0FD35B98C59AEBB15C5E67DEC122D093E0168C3DC9C686822324FDBF46EB482D0BCC1D4A37B4AC4FEE4F13A07FA50977E07EB6187EB0ECE1FE66F83257A897C4DD4B751D61AA713EA0196CB955DBBCCD53857027A14E97032B0E71D632443AC6F36643886B2B30A02B937B15B1F37E55B7516E6501BCD619D89E0F1B6A24CE42FD4C66AD850EB32DA42199954F741CDC210EA559C749455560A27B46B0B202D29B6742BCB3A7BE8812CACB4DBA7A1C0EFC98E6F214D90342855A56B8F57BDE6C1B140F2DC422A69912817C953C6E3B1BE0432DE149A7ACEEC479DBC11708A74F4E18B27A54B42C3F3634FE5505FC2ED1AA19599F58F16A0E227D17358032CD0CF168E0BED56910172155327C62737946611CC2A5B
    • woodenden.*****ysmisc.php?D123FB3FDBE6D719F0F7EA27237BFCA4D7608843743A606142A0C1A2CC5BD00F67CFFC27044025B19732C2A3406AB5715A98D5C9E047AB6F13253AAE0344640DA7177B3605D14303A952208703A01F82CC6AC501BEFE4982046B85F0FD35B98C59AEBB15C5E67DEC122D093E0168C3DC9C686822324FDBF46EB482D0BCC1D4A37B4AC4FEE4F13A07FA50977E07EB6187EB0ECE1FE66F83257A897C4DD4B751D61AA713EA0196CB955DBBCCD53857027A14E97032B0E71D632443AC6F36643886B2B30A02B937B15B1F37E55B7516E6501BCD619D89E0F1B6A24CE42FD4C66AD850EB32DA42199954F741CDC210EA559C749455560A27B46B0B202D29B6742BCB3A7BE8812CACB4DBA7A1C0EFC98E6F214D90342855A56B8F57BDE6C1B140F2DC070096C1A2C24EE39310497D9B1DED7B4D9A51D224F3AF594D9133FCF447DC3D8359573BEE7E6AAC02CAAC9F2C59D125BD8BF2D20027D0EBC38B8D2CFD58F1C2

Ajude a tornar a rede mais segura enviando-nos arquivos/URLs suspeitos para análise.

Envie o seu arquivo/URL Ou Acesse o Avira Answers

Porque enviar um arquivo suspeito?

Se você encontrou um arquivo ou um website suspeito que não está na nossa base de dados, nós analisaremos e determinaremos se ele é nocivo. As nossas descobertas são, então, enviadas aos nossos milhões de usuários através da próxima atualização da base de dados de vírus. Se você possui o Avira, você obterá essa atualização também. Não possui o Avira? Obtenha-o através do nossa página inicial.

O que é o Avira Answers?

Esta é a nossa próspera comunidade de profissionais técnicos e especialistas a meio período, trabalhando em conjunto para ajudar a resolver os problemas da tecnologia. É o lugar perfeito onde fazer as suas perguntas, em uma comunidade de colegas usuários do Avira.