Avira 病毒搜尋

TR/Kazy.470528.2

  • 名稱
    TR/Kazy.470528.2
  • 发现日期
    2015年10月1日
  • 類型
    Malware
  • 影響
     
  • 報告的感染
     
  • 作業系統
    Windows
  • VDF 版本
    7.11.235.206 (2015-05-29 10:46)

'TR' 一詞表示特洛伊木馬程式,它能夠偵察資料來侵害您的隱私,或是對系統執行有害的通知。

  • VDF
    7.11.235.206 (2015-05-29 10:46)
  • 別名
    Dr. Web: Adware.Downware.11299
    ESET: MSIL/VKPentago.A application
  • 檔案
    建立下列檔案:
    • %TEMPDIR%\{84c6a4d0-c437-4695-8235-64fdfac1653c}\.ba1\mbahost.dll
    • %TEMPDIR%\{84c6a4d0-c437-4695-8235-64fdfac1653c}\.ba1\BootstrapperCore.dll
    • %TEMPDIR%\{84c6a4d0-c437-4695-8235-64fdfac1653c}\.ba1\BundleApplication.exe
    • %TEMPDIR%\{84c6a4d0-c437-4695-8235-64fdfac1653c}\.ba1\1031\mbapreq.wxl
    • %TEMPDIR%\{84c6a4d0-c437-4695-8235-64fdfac1653c}\.ba1\1032\mbapreq.wxl
    • %TEMPDIR%\{84c6a4d0-c437-4695-8235-64fdfac1653c}\.ba1\BF.dll
    • %TEMPDIR%\{84c6a4d0-c437-4695-8235-64fdfac1653c}\.ba1\msvcr110d.dll
    • %TEMPDIR%\{84c6a4d0-c437-4695-8235-64fdfac1653c}\.ba1\mbapreq.dll
    • %TEMPDIR%\{84c6a4d0-c437-4695-8235-64fdfac1653c}\.ba1\mbapreq.thm
    • %TEMPDIR%\{84c6a4d0-c437-4695-8235-64fdfac1653c}\.ba1\mbapreq.png
    • %TEMPDIR%\{84c6a4d0-c437-4695-8235-64fdfac1653c}\.ba1\mbapreq.wxl
    • %TEMPDIR%\{84c6a4d0-c437-4695-8235-64fdfac1653c}\.ba1\1028\mbapreq.wxl
    • %TEMPDIR%\{84c6a4d0-c437-4695-8235-64fdfac1653c}\.ba1\1029\mbapreq.wxl
    • %TEMPDIR%\{84c6a4d0-c437-4695-8235-64fdfac1653c}\.ba1\1030\mbapreq.wxl
    • %TEMPDIR%\{84c6a4d0-c437-4695-8235-64fdfac1653c}\.ba1\1035\mbapreq.wxl
    • %TEMPDIR%\{84c6a4d0-c437-4695-8235-64fdfac1653c}\.ba1\1036\mbapreq.wxl
    • %TEMPDIR%\{84c6a4d0-c437-4695-8235-64fdfac1653c}\.ba1\1038\mbapreq.wxl
    • %TEMPDIR%\{84c6a4d0-c437-4695-8235-64fdfac1653c}\.ba1\1040\mbapreq.wxl
    • %TEMPDIR%\{84c6a4d0-c437-4695-8235-64fdfac1653c}\.ba1\1041\mbapreq.wxl
    • %TEMPDIR%\{84c6a4d0-c437-4695-8235-64fdfac1653c}\.ba1\1042\mbapreq.wxl
    • %TEMPDIR%\{84c6a4d0-c437-4695-8235-64fdfac1653c}\.ba1\1043\mbapreq.wxl
    • %TEMPDIR%\{84c6a4d0-c437-4695-8235-64fdfac1653c}\.ba1\1044\mbapreq.wxl
    • %TEMPDIR%\{84c6a4d0-c437-4695-8235-64fdfac1653c}\.ba1\1045\mbapreq.wxl
    • %TEMPDIR%\{84c6a4d0-c437-4695-8235-64fdfac1653c}\.ba1\1046\mbapreq.wxl
    • %TEMPDIR%\{84c6a4d0-c437-4695-8235-64fdfac1653c}\.ba1\1049\mbapreq.wxl
    • %TEMPDIR%\{84c6a4d0-c437-4695-8235-64fdfac1653c}\.ba1\1051\mbapreq.wxl
    • %TEMPDIR%\{84c6a4d0-c437-4695-8235-64fdfac1653c}\.ba1\1053\mbapreq.wxl
    • %TEMPDIR%\{84c6a4d0-c437-4695-8235-64fdfac1653c}\.ba1\1055\mbapreq.wxl
    • %TEMPDIR%\{84c6a4d0-c437-4695-8235-64fdfac1653c}\.ba1\1060\mbapreq.wxl
    • %TEMPDIR%\{84c6a4d0-c437-4695-8235-64fdfac1653c}\.ba1\2052\mbapreq.wxl
    • %TEMPDIR%\{84c6a4d0-c437-4695-8235-64fdfac1653c}\.ba1\2070\mbapreq.wxl
    • %TEMPDIR%\{84c6a4d0-c437-4695-8235-64fdfac1653c}\.ba1\3082\mbapreq.wxl
    • %TEMPDIR%\{84c6a4d0-c437-4695-8235-64fdfac1653c}\.ba1\BootstrapperCore.config
    • %TEMPDIR%\{84c6a4d0-c437-4695-8235-64fdfac1653c}\.ba1\RamblerUtils.dll
    • %TEMPDIR%\{84c6a4d0-c437-4695-8235-64fdfac1653c}\.ba1\BootstrapperApplicationData.xml
    變更下列檔案:
    • %USERPROFILE%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
  • 登錄
    新增下列登錄授權碼:
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TAPISRV\0000\Control ("ActiveService": "TapiSrv")
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RASMAN\0000\Control ("ActiveService": "RasMan")
  • HTTP 請求
    • stat.*****.com/installer.html?param=71e1b219622236a28ecc6bbf1c7c0e773c6e75e9aac0953f0b7bc3e83b45b9149c466e309c1563339ac6b214c333127e77e435c9ae5a52a5726be07d0018fc5db6c36082bd68c1149f5171e4c335f8709a516765e07532d6cf35cc5f64e7402a8c5ed41b059c5bae31192b9b9e86d09cebe21faa33f2b0e613c5da4b6e6a0a5cd0099af96769715436d467219395a117d60b6f5dcaf9b681f6160a779d85b4d39ca5c186d1639ef8e996c3dad0f7e4d3b0e47b7e5c9511370d52a955a3b411d973f6ba531d836999230adf262784e9d6631d7452ed2cb406f29787c83786a9845edbcd519d91596bdc08b7aa0e81ec1b
    • api.*****odb.com/v3/ip-country/?key=3a34121728914100e1de6c1bb11efe1075195f57e05be99958416dd68bfc224d&format=xml
    • freegeoip.*****net/xml/
    • vkmusic.*****ru/Statistics/Home/Telemetry

將可疑的檔案/URL 送予我們分析,助力構建更安全的網站。

送出您的檔案/URL 或者 請前往 Avira 問答區

為何送出可疑的檔案?

如果您遇到不在我們資料庫中的可疑檔案或網站,我們會對其進行分析,確定其是否有害。我們的分析結果將向數百萬名用戶公開,並納入下一次病毒資料庫更新。如果您擁有 Avira,您也將取得此更新。尚未擁有 Avira?請前往 我們的首頁獲取。

何為 Avira 問答區?

Avira 問答區是我們大力發展的社區,由專業技術人員和兼職專家並肩合作,幫助解決技術問題。這一 Avira 用戶社區是您提出問題的絕佳場所。