Avira 病毒搜索

TR/AD.Crowti.Y.377

  • 名称
    TR/AD.Crowti.Y.377
  • 发现日期
    2016年2月27日
  • 类型
    Malware
  • 影响
     
  • 报告的感染
     
  • 操作系统
    Windows
  • VDF 版本
    7.12.20.104 (2015-10-22 19:32)

术语“TR”指的是能够窥探数据、侵犯您的隐私或对系统进行不需要的修改的特洛伊木马。

此文件可由恶意用户或恶意软件用来降低安全设置级别。

操作系统:Microsoft Windows。

  • VDF
    7.12.20.104 (2015-10-22 19:32)
  • 别名
    ESET: Win32/Filecoder.CryptoWall.F trojan
  • 文件
    重命名以下文件:
    • %USERPROFILE%\Start Menu\Programs\Startup
    • %USERPROFILE%\Start Menu\Programs\Startupx
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\qno8obed6.sgw7
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1025.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\wtnh242ji.e19f
    • %DISKDRIVE%\Documents and Settings\All Users\Application Data\VMware\Compatibility\native\sg39t4.ur3
    • %DISKDRIVE%\Documents and Settings\All Users\Application Data\VMware\Compatibility\native\wpa.bak
    创建以下自身的副本:
    • %USERPROFILE%\Start Menu\Programs\Startupx\system.pif
    • %APPDATA%\94b3288876\4b328887.exe
    创建以下文件:
    • %APPDATA%\32888769
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\qno8obed6.sgw7
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\wtnh242ji.e19f
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\ha1bwu9q.2py5
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\sgn6g.3j
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\892j29erb.8n
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\u410boo2cm.55zf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\qm7mft44b.t4z
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\ktikegf6.un2
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\h1ayvh.zk6
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\v000af3mw6.3gp3q
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\inasi4rx2.2kzki
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\aqo9v4kr.g3x5x
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\v034p.3e018
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\5zdza.7234
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\po62oc.5u
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\m9bfywit.4f4
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\e25uvusp6.9su
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\4j0lr.9h7
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\ujey5j7z.r88o
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\zr1xrgl.s5d9
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\gbuzdo45as.03qm
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\61m558.pn90q
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\63v7bylar5.9u
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\pc12to.1m
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\HELP_FILE_1CB1D94B328.png
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\HELP_FILE_2CB1D94B328.png
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\HELP_FILE_3CB1D94B328.png
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\HELP_FILE_4CB1D94B328.png
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\HELP_FILE_5CB1D94B328.png
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\HELP_FILE_6CB1D94B328.png
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\HELP_FILE_7CB1D94B328.png
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\HELP_FILE_8CB1D94B328.png
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\HELP_FILE_1CB1D94B328.html
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\HELP_FILE_2CB1D94B328.html
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\HELP_FILE_3CB1D94B328.html
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\HELP_FILE_4CB1D94B328.html
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\HELP_FILE_5CB1D94B328.html
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\HELP_FILE_6CB1D94B328.html
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\HELP_FILE_7CB1D94B328.html
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\HELP_FILE_8CB1D94B328.html
    更改以下文件:
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1025.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1028.rtf
    • %DISKDRIVE%\Documents and Settings\All Users\Application Data\VMware\Compatibility\native\wpa.bak
  • 注入
    • %SYSDIR%\svchost.exe
  • 注册表
    会添加以下注册表项目:
    • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "94b3288876" = "%APPDATA%\94b3288876\4b328887.exe"
  • HTTP 请求
    • u4enare5.*****andle-customer.com/gPxKa9.php?o=ie2dab0we0xt06
    • karlos.*****.ua/k7UWan.php?b=bqb4fh34jgml1iu
    • apeldoornconference.*****f6tTl.php?u=1j3pb1iw10jt
    • cachetkids.*****.uk/WMbHro.php?u=93otwh3xu7
    • www.*****tkids.co.uk/WMbHro.php?u=93otwh3xu7
    • leblogmalin.*****rrains.fr/dsUeJi.php?w=o5cnzla363rqfj
    • u4enare5.*****andle-customer.com/gPxKa9.php?l=0ex1wbi28sw3v

将可疑文件/URL 送予我们分析,帮助构建更加安全的网站。

提交您的文件/URL 或者 转到 Avira 疑难解答

为何提交可疑文件?

如果您遇到不在我们数据库中的可疑文件或网站,我们将对其进行分析,确定其是否有害。我们的分析结果将惠及数百万用户,并将纳入下一次病毒数据库更新。如果您已经拥有 Avira,则会获取此更新。尚未拥有 Avira? 请前往 获取

什么是 Avira 疑难解答?

这是我们大力发展的社区,由专业技术人员和兼职专家通力合作,为广大用户解决技术问题。这一 Avira 用户社群是提出问题的绝佳场所。