Avira 病毒搜尋

TR/Samca.A.484

  • 名稱
    TR/Samca.A.484
  • 发现日期
    2015年12月15日
  • 類型
    Malware
  • 影響
     
  • 報告的感染
     
  • 作業系統
    Windows
  • VDF 版本
    7.12.24.20 (2015-11-02 20:29)

'TR' 一詞表示特洛伊木馬程式,它能夠偵察資料來侵害您的隱私,或是對系統執行有害的通知。

  • VDF
    7.12.24.20 (2015-11-02 20:29)
  • 檔案
    變更下列檔案:
    • %temporary internet files%\Content.IE5\index.dat
    • %USERPROFILE%\Cookies\index.dat
    • %USERPROFILE%\Local Settings\History\History.IE5\index.dat
    刪除下列檔案:
    • %temporary internet files%\Content.IE5\QH9ZEEV0\urg[1].htm
    • %temporary internet files%\Content.IE5\QH9ZEEV0\c[1].aspx
    • %TEMPDIR%\RsdSfxTmp\Rav.7z
    • %TEMPDIR%\RsdSfxTmp\rmv936\img\about-01.png
    • %TEMPDIR%\RsdSfxTmp\rmv936\img\about-02.png
    • %TEMPDIR%\RsdSfxTmp\rmv936\img\about-03.png
    • %TEMPDIR%\RsdSfxTmp\rmv936\img\about-04.png
    • %TEMPDIR%\RsdSfxTmp\rmv936\img\icon-mini.png
    • %TEMPDIR%\RsdSfxTmp\_rmv\rmv.ico
    • %TEMPDIR%\RsdSfxTmp\_rmv\rmvtray.ico
    • %TEMPDIR%\RsdSfxTmp\mscrt9\Microsoft.VC90.ATL.manifest
    • %TEMPDIR%\RsdSfxTmp\mscrt9\Microsoft.VC90.CRT.manifest
    • %TEMPDIR%\RsdSfxTmp\mscrt9\mscrt9.xml
    • %TEMPDIR%\RsdSfxTmp\os.xml
    • %TEMPDIR%\RsdSfxTmp\rmv936\rmv936.xml
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\rmvcloudv3.xml
    • %TEMPDIR%\RsdSfxTmp\trayfrm\rscom.xml
    • %TEMPDIR%\RsdSfxTmp\rsdk\rsdk.xml
    • %TEMPDIR%\RsdSfxTmp\RSSETUP.xml
    • %TEMPDIR%\RsdSfxTmp\_rmv\Setup.xml
    • %TEMPDIR%\RsdSfxTmp\trayfrm\tray.xml
    • %TEMPDIR%\RsdSfxTmp\trayfrm\trayfrm.xml
    • %TEMPDIR%\RsdSfxTmp\update.xml
    • %TEMPDIR%\RsdSfxTmp\_rmv\_rmv.xml
    • %TEMPDIR%\RsdSfxTmp\rmv936\about.htm
    • %TEMPDIR%\RsdSfxTmp\rmv936\ifpc.htm
    • %TEMPDIR%\RsdSfxTmp\ui\snin.htm
    • %TEMPDIR%\RsdSfxTmp\rmv936\snin.htm
    • %TEMPDIR%\RsdSfxTmp\rmv936\info.html
    • %TEMPDIR%\RsdSfxTmp\rmv936\lics936.txt
    • %TEMPDIR%\RsdSfxTmp\Auto.ini
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\url.ini
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\datastorage.db
    • %TEMPDIR%\RsdSfxTmp\_rmv\12345678.000
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\dataups.dat
    • %TEMPDIR%\RsdSfxTmp\label.dat
    • %TEMPDIR%\RsdSfxTmp\setup.dat
    • %TEMPDIR%\RsdSfxTmp\CompsVer.inf
    • %TEMPDIR%\RsdSfxTmp\RSD936\CHS.lag
    • %TEMPDIR%\RsdSfxTmp\RSD950\CHT.lag
    • %TEMPDIR%\RsdSfxTmp\RSD1252\Eng.lag
    • %TEMPDIR%\RsdSfxTmp\RSD932\Jpn.lag
    • %TEMPDIR%\RsdSfxTmp\rmv936\rmv936.lag
    • %TEMPDIR%\RsdSfxTmp\popwndexe.exe
    • %TEMPDIR%\RsdSfxTmp\RsBackup.exe
    • %TEMPDIR%\RsdSfxTmp\RsMgrSvc.exe
    • %TEMPDIR%\RsdSfxTmp\RsStub.exe
    • %TEMPDIR%\RsdSfxTmp\Setup.exe
    • %TEMPDIR%\RsdSfxTmp\trayfrm\tray.exe
    • %TEMPDIR%\RsdSfxTmp\updater.exe
    • %TEMPDIR%\RsdSfxTmp\mscrt9\atl90.dll
    • %TEMPDIR%\RsdSfxTmp\CfgDll.dll
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\cloudnotifier.dll
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\cloudstore.dll
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\Cloudv3.dll
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\cloudwork.dll
    • %TEMPDIR%\RsdSfxTmp\comx3.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\comx3.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\dfw.dll
    • %TEMPDIR%\RsdSfxTmp\localopt.dll
    • %TEMPDIR%\RsdSfxTmp\trayfrm\localopt.dll
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\localopt.dll
    • %TEMPDIR%\RsdSfxTmp\mscrt9\msvcp90.dll
    • %TEMPDIR%\RsdSfxTmp\mscrt9\msvcr90.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\procenv.dll
    • %TEMPDIR%\RsdSfxTmp\_rmv\rmvsetup.dll
    • %TEMPDIR%\RsdSfxTmp\RsAppMgr.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\rscom.dll
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\rscurl.dll
    • %TEMPDIR%\RsdSfxTmp\rsdinfo.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk.dll
    • %TEMPDIR%\RsdSfxTmp\rslang.dll
    • %TEMPDIR%\RsdSfxTmp\rsmginfo.dll
    • %TEMPDIR%\RsdSfxTmp\trayfrm\rsp2pclient.dll
    • %TEMPDIR%\RsdSfxTmp\trayfrm\rspopwnd.dll
    • %TEMPDIR%\RsdSfxTmp\RstoreDll.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\rsxml3a.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\rsxml3w.dll
    • %TEMPDIR%\RsdSfxTmp\syslay.dll
    • %TEMPDIR%\RsdSfxTmp\trayfrm\trayload.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\traywnd.dll
    • %TEMPDIR%\RsdSfxTmp\protreg.sys
    • %TEMPDIR%\RsdSfxTmp\setup.dll
    • %temporary internet files%\Content.IE5\QH9ZEEV0\ErrorNet[1].htm
    • %PROGRAM FILES%\RsTest.ini
    • %TEMPDIR%\RMV.cfg
    • %PROGRAM FILES%\Rising\RMV
    • %PROGRAM FILES%\Rising
    • %TEMPDIR%\RMV_DL
    • %TEMPDIR%\RsdSfxTmp\mscrt9
    • %TEMPDIR%\RsdSfxTmp\rmv936\img
    • %TEMPDIR%\RsdSfxTmp\rmv936
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3
    • %TEMPDIR%\RsdSfxTmp\RSD1252
    • %TEMPDIR%\RsdSfxTmp\RSD932
    • %TEMPDIR%\RsdSfxTmp\RSD936
    • %TEMPDIR%\RsdSfxTmp\RSD950
    • %TEMPDIR%\RsdSfxTmp\rsdk
    • %TEMPDIR%\RsdSfxTmp\trayfrm
    • %TEMPDIR%\RsdSfxTmp\ui
    • %TEMPDIR%\RsdSfxTmp\_rmv\12345678.000.bak
    • %TEMPDIR%\RsdSfxTmp\_rmv
    • %TEMPDIR%\RsdSfxTmp
    建立下列檔案:
    • %temporary internet files%\Content.IE5\QH9ZEEV0\urg[1].htm
    • %temporary internet files%\Content.IE5\QH9ZEEV0\c[1].aspx
    • %TEMPDIR%\RsdSfxTmp\Rav.7z
    • %TEMPDIR%\RsdSfxTmp\rmv936\img\about-01.png
    • %TEMPDIR%\RsdSfxTmp\rmv936\img\about-02.png
    • %TEMPDIR%\RsdSfxTmp\rmv936\img\about-03.png
    • %TEMPDIR%\RsdSfxTmp\rmv936\img\about-04.png
    • %TEMPDIR%\RsdSfxTmp\rmv936\img\icon-mini.png
    • %TEMPDIR%\RsdSfxTmp\_rmv\rmv.ico
    • %TEMPDIR%\RsdSfxTmp\_rmv\rmvtray.ico
    • %TEMPDIR%\RsdSfxTmp\mscrt9\Microsoft.VC90.ATL.manifest
    • %TEMPDIR%\RsdSfxTmp\mscrt9\Microsoft.VC90.CRT.manifest
    • %TEMPDIR%\RsdSfxTmp\mscrt9\mscrt9.xml
    • %TEMPDIR%\RsdSfxTmp\os.xml
    • %TEMPDIR%\RsdSfxTmp\rmv936\rmv936.xml
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\rmvcloudv3.xml
    • %TEMPDIR%\RsdSfxTmp\trayfrm\rscom.xml
    • %TEMPDIR%\RsdSfxTmp\rsdk\rsdk.xml
    • %TEMPDIR%\RsdSfxTmp\RSSETUP.xml
    • %TEMPDIR%\RsdSfxTmp\_rmv\Setup.xml
    • %TEMPDIR%\RsdSfxTmp\trayfrm\tray.xml
    • %TEMPDIR%\RsdSfxTmp\trayfrm\trayfrm.xml
    • %TEMPDIR%\RsdSfxTmp\update.xml
    • %TEMPDIR%\RsdSfxTmp\_rmv\_rmv.xml
    • %TEMPDIR%\RsdSfxTmp\rmv936\about.htm
    • %TEMPDIR%\RsdSfxTmp\rmv936\ifpc.htm
    • %TEMPDIR%\RsdSfxTmp\ui\snin.htm
    • %TEMPDIR%\RsdSfxTmp\rmv936\snin.htm
    • %TEMPDIR%\RsdSfxTmp\rmv936\info.html
    • %TEMPDIR%\RsdSfxTmp\rmv936\lics936.txt
    • %TEMPDIR%\RsdSfxTmp\Auto.ini
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\url.ini
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\datastorage.db
    • %TEMPDIR%\RsdSfxTmp\_rmv\12345678.000
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\dataups.dat
    • %TEMPDIR%\RsdSfxTmp\label.dat
    • %TEMPDIR%\RsdSfxTmp\setup.dat
    • %TEMPDIR%\RsdSfxTmp\CompsVer.inf
    • %TEMPDIR%\RsdSfxTmp\RSD936\CHS.lag
    • %TEMPDIR%\RsdSfxTmp\RSD950\CHT.lag
    • %TEMPDIR%\RsdSfxTmp\RSD1252\Eng.lag
    • %TEMPDIR%\RsdSfxTmp\RSD932\Jpn.lag
    • %TEMPDIR%\RsdSfxTmp\rmv936\rmv936.lag
    • %TEMPDIR%\RsdSfxTmp\popwndexe.exe
    • %TEMPDIR%\RsdSfxTmp\RsBackup.exe
    • %TEMPDIR%\RsdSfxTmp\RsMgrSvc.exe
    • %TEMPDIR%\RsdSfxTmp\RsStub.exe
    • %TEMPDIR%\RsdSfxTmp\Setup.exe
    • %TEMPDIR%\RsdSfxTmp\trayfrm\tray.exe
    • %TEMPDIR%\RsdSfxTmp\updater.exe
    • %TEMPDIR%\RsdSfxTmp\mscrt9\atl90.dll
    • %TEMPDIR%\RsdSfxTmp\CfgDll.dll
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\cloudnotifier.dll
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\cloudstore.dll
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\Cloudv3.dll
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\cloudwork.dll
    • %TEMPDIR%\RsdSfxTmp\comx3.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\comx3.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\dfw.dll
    • %TEMPDIR%\RsdSfxTmp\localopt.dll
    • %TEMPDIR%\RsdSfxTmp\trayfrm\localopt.dll
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\localopt.dll
    • %TEMPDIR%\RsdSfxTmp\mscrt9\msvcp90.dll
    • %TEMPDIR%\RsdSfxTmp\mscrt9\msvcr90.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\procenv.dll
    • %TEMPDIR%\RsdSfxTmp\_rmv\rmvsetup.dll
    • %TEMPDIR%\RsdSfxTmp\RsAppMgr.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\rscom.dll
    • %TEMPDIR%\RsdSfxTmp\rmvcloudv3\rscurl.dll
    • %TEMPDIR%\RsdSfxTmp\rsdinfo.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk.dll
    • %TEMPDIR%\RsdSfxTmp\rslang.dll
    • %TEMPDIR%\RsdSfxTmp\rsmginfo.dll
    • %TEMPDIR%\RsdSfxTmp\trayfrm\rsp2pclient.dll
    • %TEMPDIR%\RsdSfxTmp\trayfrm\rspopwnd.dll
    • %TEMPDIR%\RsdSfxTmp\RstoreDll.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\rsxml3a.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\rsxml3w.dll
    • %TEMPDIR%\RsdSfxTmp\syslay.dll
    • %TEMPDIR%\RsdSfxTmp\trayfrm\trayload.dll
    • %TEMPDIR%\RsdSfxTmp\rsdk\traywnd.dll
    • %TEMPDIR%\RsdSfxTmp\protreg.sys
    • %TEMPDIR%\RsdSfxTmp\setup.dll
    • %TEMPDIR%\sample.exe.log
    • %temporary internet files%\Content.IE5\QH9ZEEV0\ErrorNet[1].htm
    • %PROGRAM FILES%\RsTest.ini
    • %TEMPDIR%\RMV.cfg
    • %TEMPDIR%\RMV.cfg.tmp
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\os.xml
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\rslang.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\RsAppMgr.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\CfgDll.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\Setup.exe
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\updater.exe
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\RsStub.exe
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\RsMgrSvc.exe
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\RsBackup.exe
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\setup.dat
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\comx3.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\syslay.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\protreg.sys
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\update.xml
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\rsdinfo.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\RSD936\CHS.lag
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\RSD950\CHT.lag
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\RSD1252\Eng.lag
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\RSD932\Jpn.lag
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\popwndexe.exe
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\localopt.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\rsmginfo.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\rsdk.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\ui\snin.htm
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\RstoreDll.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RSD\RSSetup\RSSetup.xml
    • %PROGRAM FILES%\Rising\RSD\os.xml
    • %PROGRAM FILES%\Rising\RSD\rslang.dll
    • %PROGRAM FILES%\Rising\RSD\RsAppMgr.dll
    • %PROGRAM FILES%\Rising\RSD\CfgDll.dll
    • %PROGRAM FILES%\Rising\RSD\Setup.exe
    • %PROGRAM FILES%\Rising\RSD\updater.exe
    • %PROGRAM FILES%\Rising\RSD\RsStub.exe
    • %PROGRAM FILES%\Rising\RSD\RsMgrSvc.exe
    • %PROGRAM FILES%\Rising\RSD\RsBackup.exe
    • %PROGRAM FILES%\Rising\RSD\setup.dat
    • %PROGRAM FILES%\Rising\RSD\comx3.dll
    • %PROGRAM FILES%\Rising\RSD\syslay.dll
    • %SYSDIR%\drivers\protreg.sys
    • %PROGRAM FILES%\Rising\RSD\update.xml
    • %PROGRAM FILES%\Rising\RSD\rsdinfo.dll
    • %PROGRAM FILES%\Rising\RSD\RSD936\CHS.lag
    • %PROGRAM FILES%\Rising\RSD\RSD950\CHT.lag
    • %PROGRAM FILES%\Rising\RSD\RSD1252\Eng.lag
    • %PROGRAM FILES%\Rising\RSD\RSD932\Jpn.lag
    • %PROGRAM FILES%\Rising\RSD\popwndexe.exe
    • %PROGRAM FILES%\Rising\RSD\localopt.dll
    • %PROGRAM FILES%\Rising\RSD\rsmginfo.dll
    • %PROGRAM FILES%\Rising\RSD\rsdk.dll
    • %PROGRAM FILES%\Rising\RSD\ui\snin.htm
    • %PROGRAM FILES%\Rising\RSD\RstoreDll.dll
    • %PROGRAM FILES%\Rising\RSD\XMLS\RSSetup.xml
    • %PROGRAM FILES%\Rising\RSD\RsMgrsvc.ini
    • %PROGRAM FILES%\Rising\RSD\Data\RMV\RMV.ini
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\_RMV\Setup.xml
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\_RMV\rmvtray.ico
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\_RMV\rmv.ico
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\_RMV\12345678.000
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\_RMV\rmvsetup.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\_RMV\_RMV.xml
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\TRAYFRM\tray.exe
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\TRAYFRM\trayload.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\TRAYFRM\localopt.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\TRAYFRM\rspopwnd.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\TRAYFRM\rscom.xml
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\TRAYFRM\tray.xml
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\TRAYFRM\rsp2pclient.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\TRAYFRM\TRAYFRM.xml
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\MSCRT9\atl90.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\MSCRT9\Microsoft.VC90.ATL.manifest
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\MSCRT9\Microsoft.VC90.CRT.manifest
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\MSCRT9\msvcp90.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\MSCRT9\msvcr90.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\MSCRT9\MSCRT9.xml
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RSDK\rscom.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RSDK\procenv.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RSDK\traywnd.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RSDK\dfw.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RSDK\comx3.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RSDK\rsxml3w.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RSDK\rsxml3a.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RSDK\RSDK.xml
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMV936\rmv936.lag
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMV936\lics936.txt
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMV936\about.htm
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMV936\info.html
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMV936\snin.htm
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMV936\ifpc.htm
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMV936\img\about-01.png
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMV936\img\about-02.png
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMV936\img\about-03.png
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMV936\img\about-04.png
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMV936\img\icon-mini.png
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMV936\RMV936.xml
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMVCLOUDV3\Cloudv3.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMVCLOUDV3\localopt.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMVCLOUDV3\cloudstore.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMVCLOUDV3\cloudwork.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMVCLOUDV3\dataups.dat
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMVCLOUDV3\cloudnotifier.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMVCLOUDV3\rscurl.dll
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMVCLOUDV3\datastorage.db
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMVCLOUDV3\url.ini
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\RMVCLOUDV3\RMVCLOUDV3.xml
    • %DISKDRIVE%\Documents and Settings\All Users\Application Data\Rising\RMV\Update.log
    • %PROGRAM FILES%\Rising\RMV\CompsVer.inf
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\CompsVer.inf
    • %PROGRAM FILES%\Rising\RMV\Label.dat
    • %PROGRAM FILES%\Rising\RSD\Backup\RMV\Label.dat
    • %PROGRAM FILES%\Rising\RMV\XMLS\Setup.xml
    • %PROGRAM FILES%\Rising\RMV\rmvtray.ico
    • %PROGRAM FILES%\Rising\RMV\rmv.ico
    • %PROGRAM FILES%\Rising\RMV\12345678.000
    • %PROGRAM FILES%\Rising\RMV\rmvsetup.dll
    • %PROGRAM FILES%\Rising\RMV\XMLS\_RMV.xml
    • %PROGRAM FILES%\Rising\RMV\tray.exe
    • %PROGRAM FILES%\Rising\RMV\trayload.dll
    • %PROGRAM FILES%\Rising\RMV\localopt.dll
    • %PROGRAM FILES%\Rising\RMV\rspopwnd.dll
    • %PROGRAM FILES%\Rising\RMV\rscom.xml
    • %PROGRAM FILES%\Rising\RMV\tray.xml
    • %PROGRAM FILES%\Rising\RMV\rsp2pclient.dll
    • %PROGRAM FILES%\Rising\RMV\XMLS\TRAYFRM.xml
    • %PROGRAM FILES%\Rising\RMV\atl90.dll
    • %PROGRAM FILES%\Rising\RMV\Microsoft.VC90.ATL.manifest
    • %PROGRAM FILES%\Rising\RMV\Microsoft.VC90.CRT.manifest
    • %PROGRAM FILES%\Rising\RMV\msvcp90.dll
    • %PROGRAM FILES%\Rising\RMV\msvcr90.dll
    • %PROGRAM FILES%\Rising\RMV\XMLS\MSCRT9.xml
    • %PROGRAM FILES%\Rising\RMV\rscom.dll
    • %PROGRAM FILES%\Rising\RMV\procenv.dll
    • %PROGRAM FILES%\Rising\RMV\traywnd.dll
    • %PROGRAM FILES%\Rising\RMV\dfw.dll
    • %PROGRAM FILES%\Rising\RMV\comx3.dll
    • %PROGRAM FILES%\Rising\RMV\rsxml3w.dll
    • %PROGRAM FILES%\Rising\RMV\rsxml3a.dll
    • %PROGRAM FILES%\Rising\RMV\XMLS\RSDK.xml
    • %PROGRAM FILES%\Rising\RMV\rmv936.lag
    • %PROGRAM FILES%\Rising\RMV\lics936.txt
    • %PROGRAM FILES%\Rising\RMV\ui\about.htm
    • %PROGRAM FILES%\Rising\RMV\ui\info.html
    • %PROGRAM FILES%\Rising\RMV\ui\snin.htm
    • %PROGRAM FILES%\Rising\RMV\ui\ifpc.htm
    • %PROGRAM FILES%\Rising\RMV\ui\img\about-01.png
    • %PROGRAM FILES%\Rising\RMV\ui\img\about-02.png
    • %PROGRAM FILES%\Rising\RMV\ui\img\about-03.png
    • %PROGRAM FILES%\Rising\RMV\ui\img\about-04.png
    • %PROGRAM FILES%\Rising\RMV\ui\img\icon-mini.png
    • %PROGRAM FILES%\Rising\RMV\XMLS\RMV936.xml
    • %PROGRAM FILES%\Rising\RMV\Cloudv3.dll
    • %PROGRAM FILES%\Rising\RMV\cloudstore.dll
    • %PROGRAM FILES%\Rising\RMV\cloudwork.dll
    • %PROGRAM FILES%\Rising\RMV\dataups.dat
    • %PROGRAM FILES%\Rising\RMV\cloudnotifier.dll
    • %PROGRAM FILES%\Rising\RMV\rscurl.dll
    • %DISKDRIVE%\Documents and Settings\All Users\Application Data\Rising\RMV\datastorage.db
    • %PROGRAM FILES%\Rising\RMV\url.ini
    • %PROGRAM FILES%\Rising\RMV\XMLS\RMVCLOUDV3.xml
    • %PROGRAM FILES%\Rising\RMV\NetConfig.ini
    • %DISKDRIVE%\Documents and Settings\All Users\Start Menu\Programs\Rising Software Deployment System\Restore.lnk
    • %DISKDRIVE%\Documents and Settings\All Users\Start Menu\Programs\Rising Software Deployment System\Rising Software Deployment System.lnk
    重新命名下列檔案:
    • %TEMPDIR%\RsdSfxTmp\_rmv\12345678.000
    • %TEMPDIR%\RMV.cfg
    • %TEMPDIR%\RMV.cfg.tmp
  • 登錄
    新增下列登錄授權碼:
    • HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings ("ProxyEnable": dword:00000000)
    • HKEY_CLASSES_ROOT\CLSID\{CAA2D3B1-4BB5-4a45-A17A-122773379D99} ("ProcID": "{EA565346-D40F-6648-3030-303030303030}")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ("RSDTRAY": ""%PROGRAM FILES%\Rising\RSD\popwndexe.exe""; "RMVTRAY": ""%PROGRAM FILES%\Rising\RMV\TRAY.EXE" -system")
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RsMgrSvc ("Type": dword:00000110; "Start": dword:00000002; "ErrorControl": dword:00000001; "ImagePath": ""%PROGRAM FILES%\Rising\RSD\RsMgrSvc.exe""; "DisplayName": "Rsd Service"; "Group": "COM Infrastructure"; "DependOnService": "RpcSs;"; "DependOnGroup": ""; "ObjectName": "LocalSystem"; "FailureActions": %hex values%)
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RsMgrSvc\Security ("Security": %hex values%)
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rsdsys ("Type": dword:00000001; "Start": dword:00000002; "ErrorControl": dword:00000001; "ImagePath": "\??\%SYSDIR%\drivers\protreg.sys"; "DisplayName": "rsd protect")
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rsdsys\Security ("Security": %hex values%)
    變更下列登錄授權碼:
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services (Rising: -)
  • HTTP 請求
    • info.*****g.cn/pc/rsmsgreq.xml
    • info.*****g.cn/pc/getmsgurl.aspx?info=LWJol7QSBj9sfnU0GigUaXNUZVkaGAQlZ1xvGgRVa18ZHwJSY18ZHwJSY18ZHwJHADlrZ3c4bj5kehQgEDhgY3woF1EYGAFZZFQbCmcyFj5gYnQubl2m
    • dl.*****.cn/dl/qdtg/st1855810.exe

將可疑的檔案/URL 送予我們分析,助力構建更安全的網站。

送出您的檔案/URL 或者 請前往 Avira 問答區

為何送出可疑的檔案?

如果您遇到不在我們資料庫中的可疑檔案或網站,我們會對其進行分析,確定其是否有害。我們的分析結果將向數百萬名用戶公開,並納入下一次病毒資料庫更新。如果您擁有 Avira,您也將取得此更新。尚未擁有 Avira?請前往 我們的首頁獲取。

何為 Avira 問答區?

Avira 問答區是我們大力發展的社區,由專業技術人員和兼職專家並肩合作,幫助解決技術問題。這一 Avira 用戶社區是您提出問題的絕佳場所。