Avira 病毒搜尋

TR/Agent.12345344

  • 名稱
    TR/Agent.12345344
  • 发现日期
    2015年7月11日
  • 類型
    Malware
  • 影響
     
  • 報告的感染
     
  • 作業系統
    Windows
  • VDF 版本
    7.11.247.84 (2015-07-11 15:16)

'TR' 一詞表示特洛伊木馬程式,它能夠偵察資料來侵害您的隱私,或是對系統執行有害的通知。

  • VDF
    7.11.247.84 (2015-07-11 15:16)
  • 別名
    ClamAV: Win.Trojan.Swrort-13999
    Dr. Web: Trojan.DownLoader1.51147
  • 檔案
    建立下列檔案:
    • %APPDATA%\VOS\HDDRegenerator\VirtApp.ini
    • %APPDATA%\VOS\HDDRegenerator\VirtApp.ini.20110102-102951.866.stamp
    • %APPDATA%\VOS\HDDRegenerator\AppVirtDll_HDDRegenerator.dll
    • %APPDATA%\VOS\HDDRegenerator\AppVirtDll_HDDRegenerator.dll.20110102-102951.866.stamp
    • %APPDATA%\VOS\HDDRegenerator\VirtFiles.db
    • %APPDATA%\VOS\HDDRegenerator\VirtFiles.db.20110102-102951.866.stamp
    • %APPDATA%\VOS\HDDRegenerator\VirtReg.export
    • %APPDATA%\VOS\HDDRegenerator\VirtReg.export.20110102-102951.866.stamp
    • %APPDATA%\VOS\HDDRegenerator\%Common DesktopDirectory%\HDD Regenerator.lnk
    • %APPDATA%\VOS\HDDRegenerator\%Common StartMenu%\Programmi\HDD Regenerator\HDD Regenerator.lnk
    • %APPDATA%\VOS\HDDRegenerator\%Common StartMenu%\Programmi\HDD Regenerator\Readme.lnk
    • %APPDATA%\VOS\HDDRegenerator\%Program Files%\HDD Regenerator\Microsoft.Windows.Common-Controls\Microsoft.Windows.Common-Controls.manifest
    • %APPDATA%\VOS\HDDRegenerator\%Program Files%\HDD Regenerator\Microsoft.Windows.Common-Controls\comctl32.dll
    • %APPDATA%\VOS\HDDRegenerator\%Program Files%\HDD Regenerator\hddreg.exe.manifest
    • %APPDATA%\VOS\HDDRegenerator\%Windows%\Installer\{97A39919-9FEA-48B7-AB2B-4F99212D1E98}\Microsoft.Windows.Common-Controls\Microsoft.Windows.Common-Controls.manifest
    • %APPDATA%\VOS\HDDRegenerator\%Windows%\Installer\{97A39919-9FEA-48B7-AB2B-4F99212D1E98}\Microsoft.Windows.Common-Controls\comctl32.dll
    • %APPDATA%\VOS\HDDRegenerator\%System%\borlndmm.dll
    • %APPDATA%\VOS\HDDRegenerator\%Program Files%\HDD Regenerator\SysDlls\borlndmm.dll
    • %APPDATA%\VOS\HDDRegenerator\%System%\cc32100mt.dll
    • %APPDATA%\VOS\HDDRegenerator\%Program Files%\HDD Regenerator\SysDlls\cc32100mt.dll
    • %APPDATA%\VOS\HDDRegenerator\%Program Files%\HDD Regenerator\SysDlls\SysDlls.manifest
    • %APPDATA%\VOS\HDDRegenerator\VirtReg.db
    • %APPDATA%\VOS\HDDRegenerator\ZipCache
    • %APPDATA%\VOS\HDDRegenerator\ZipCache.20110102-102951.679.stamp
    • %APPDATA%\VOS\HDDRegenerator\%Program Files%\HDD Regenerator\Shell.exe
    • %APPDATA%\VOS\HDDRegenerator\%Program Files%\HDD Regenerator\HDD Regenerator.exe
    變更下列檔案:
    • %APPDATA%\VOS\HDDRegenerator\VirtFiles.db
    刪除下列檔案:
    • %TEMPDIR%\~DF1538.tmp
  • 插入
    • %PROGRAM FILES%\HDD Regenerator\Shell.exe
    • %PROGRAM FILES%\HDD Regenerator\HDD Regenerator.exe
  • 登錄
    新增下列登錄授權碼:
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Classes\CLSID\{C915F573-4C11-4968-9080-29E611FDBE9F}] @ = "eSeller Class"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Classes\CLSID\{C915F573-4C11-4968-9080-29E611FDBE9F}\InprocServer32] @ = "%WINDIR%\eSellerateControl365.dll" "InprocServer32" = "lz[gX^8WG?9F8?Y(pctX>xhG9n9GeS9)_ijQX^R&8;" "ThreadingModel" = "Apartment"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Classes\CLSID\{C915F573-4C11-4968-9080-29E611FDBE9F}\ProgID] @ = "eSellerateControl.365.1"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Classes\CLSID\{C915F573-4C11-4968-9080-29E611FDBE9F}\VersionIndependentProgID] @ = "eSellerateControl.365"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Classes\eSellerateControl.365] @ = "eSeller Class"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Classes\eSellerateControl.365\CurVer] @ = "eSellerateControl.365.1"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Classes\eSellerateControl.365.1] @ = "eSeller Class"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Classes\Installer\Features\91993A79AEF97B84BAB2F49912D2E189] "AlwaysInstall" = ""
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Classes\Installer\Products\91993A79AEF97B84BAB2F49912D2E189] "ProductName" = "HDD Regenerator" "PackageCode" = "C37A35154EEC1F142A22C8F973633FD8" "Language" = dword:00000409 "Version" = dword:140b000b "Assignment" = dword:00000001 "AdvertiseFlags" = dword:00000184 "ProductIcon" = "%WINDIR%\Installer\{97A39919-9FEA-48B7-AB2B-4F99212D1E98}\ARPPRODUCTICON.exe" "InstanceType" = dword:00000000 "AuthorizedLUAApp" = dword:00000000 "Clients" = ":;"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Classes\Installer\Products\91993A79AEF97B84BAB2F49912D2E189\SourceList\Media] "DiskPrompt" = "[1]" "1" = "DISK1;1"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\36EB8DED78653F64290EE86C78113865] "91993A79AEF97B84BAB2F49912D2E189" = ""
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Classes\Interface\{40A9417F-F41E-40A2-BAA5-FE0ACB1CF8F8}] @ = "IeSeller"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Classes\TypeLib\{169FBBF8-0478-42A4-B386-4F5B2CF9A98B}\1.0] @ = "eSellerateControl 3.6.5 Library"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Classes\TypeLib\{169FBBF8-0478-42A4-B386-4F5B2CF9A98B}\1.0\0\win32] @ = "%WINDIR%\eSellerateControl365.dll"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Classes\TypeLib\{169FBBF8-0478-42A4-B386-4F5B2CF9A98B}\1.0\FLAGS] @ = "0"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Classes\TypeLib\{169FBBF8-0478-42A4-B386-4F5B2CF9A98B}\1.0\HELPDIR] @ = "%WINDIR%\\"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG] "Seed" = %hex values%
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\36EB8DED78653F64290EE86C78113865] "91993A79AEF97B84BAB2F49912D2E189" = ""
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CD57F742E376B14AACEE4E7386A674E] "91993A79AEF97B84BAB2F49912D2E189" = "%PROGRAM FILES%\"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\16A0EEC0600AE1B4BAF991A4DBB166EA] "91993A79AEF97B84BAB2F49912D2E189" = "%PROGRAM FILES%\HDD Regenerator\Shell.exe"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\313E69A4EEB26534D84286E1FA14BB55] "91993A79AEF97B84BAB2F49912D2E189" = "%PROGRAM FILES%\HDD Regenerator\"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\476DBA7A72DBBAE418BCA5D19869FF5E] "91993A79AEF97B84BAB2F49912D2E189" = "%PROGRAM FILES%\HDD Regenerator\Purchase.exe"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\595E5B4BD41CD9242B94AFDA3268411F] "91993A79AEF97B84BAB2F49912D2E189" = "%SYSDIR%\"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\74D0877D01C70F24ABA79F18EBD2B5E3] "91993A79AEF97B84BAB2F49912D2E189" = "%WINDIR%\eSellerateControl365.dll"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\80C059A9A265C8946A4189E1A02D95DA] "91993A79AEF97B84BAB2F49912D2E189" = "C?\WINDOWS\system32\cc32100mt.dll"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\93794A6B7B77623489C6005F2AB2D95D] "91993A79AEF97B84BAB2F49912D2E189" = "%PROGRAM FILES%\HDD Regenerator\HDD Regenerator.exe"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\93D00ABDC873C134CABB14CEF92BD866] "91993A79AEF97B84BAB2F49912D2E189" = "%PROGRAM FILES%\HDD Regenerator\hddreg.exe"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AEAE8CB7E28330C449885392EC3126BE] "91993A79AEF97B84BAB2F49912D2E189" = "%WINDIR%\"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D91CAC9FB1154544687B0E2A030C1A59] "91993A79AEF97B84BAB2F49912D2E189" = "C?\WINDOWS\system32\borlndmm.dll"
  • HTTP 請求
    • www.*******.net/vers/hr2011/kshv2w110
    • www.*******.net/vers/hr2011/kshv2w110?5445414D20524553555252454354494F4E40323030342D30383031

將可疑的檔案/URL 送予我們分析,助力構建更安全的網站。

送出您的檔案/URL 或者 請前往 Avira 問答區

為何送出可疑的檔案?

如果您遇到不在我們資料庫中的可疑檔案或網站,我們會對其進行分析,確定其是否有害。我們的分析結果將向數百萬名用戶公開,並納入下一次病毒資料庫更新。如果您擁有 Avira,您也將取得此更新。尚未擁有 Avira?請前往 我們的首頁獲取。

何為 Avira 問答區?

Avira 問答區是我們大力發展的社區,由專業技術人員和兼職專家並肩合作,幫助解決技術問題。這一 Avira 用戶社區是您提出問題的絕佳場所。