Avira 病毒搜尋

TR/Dropper.Gen

  • 名稱
    TR/Dropper.Gen
  • 发现日期
    2016年7月21日
  • 類型
    Malware
  • 影響
     
  • 報告的感染
     
  • 作業系統
    Windows

'TR' 一詞表示特洛伊木馬程式,它能夠偵察資料來侵害您的隱私,或是對系統執行有害的通知。

常规检测例程用于检测多种病毒变种共有的特征。特殊检测例程开发用来检测未知变种, 检测能力会持续增强。

  • 處理序
    • %APPDATA%\Roaming\Images\image.exe
    • %APPDATA%\Roaming\Images\NsCpuCNMiner32.exe
    • %executed_sample_name%.exe
  • 檔案
    建立下列檔案:
    • %TEMPDIR%\nsr7619.tmp
    • %TEMPDIR%\nsg7629.tmp
    • %TEMPDIR%\nsg7629.tmp\inetc.dll
    • C:\xrdmnsxx\temp.txt
    • %TEMPDIR%\nsrB9BD.tmp
    • %TEMPDIR%\nsgB9CD.tmp
    • %TEMPDIR%\nsgB9CD.tmp\inetc.dll
    • %APPDATA%\Roaming\Images\NsCpuCNMiner32.exe
    • %APPDATA%\Roaming\Images\NsCpuCNMiner64.exe
    • %APPDATA%\Roaming\Images\NsGpuCNMiner.exe
    • %APPDATA%\Roaming\Images\Data.bin
    • %APPDATA%\Roaming\Images\pools.txt
    • %APPDATA%\Roaming\Images\tmp.ini
    • %APPDATA%\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\image.lnk
    • %APPDATA%\Roaming\Images\temp.txt
    • %TEMPDIR%\nseCC11.tmp\inetc.dll
    • %APPDATA%\Roaming\Images\image.exe
    變更下列檔案:
    • %temporary_internet_files%\Content.IE5\index.dat
    • %APPDATA%\Roaming\Microsoft\Windows\Cookies\index.dat
    • %APPDATA%\Local\Microsoft\Windows\History\History.IE5\index.dat
    • %APPDATA%\Roaming\Microsoft\Windows\IETldCache\index.dat
    • %TEMPDIR%\nseCC11.tmp\inetc.dll
    • %APPDATA%\Roaming\Images\image.exe
    刪除下列檔案:
    • %TEMPDIR%\nsr7619.tmp
    • %TEMPDIR%\nsg7629.tmp
    • %TEMPDIR%\nsg7629.tmp\inetc.dll
    • C:\xrdmnsxx\temp.txt
    • %TEMPDIR%\nsrB9BD.tmp
    • %TEMPDIR%\nsgB9CD.tmp
    • %APPDATA%\Roaming\Images\tmp.ini
    • %APPDATA%\Roaming\Images\temp.txt
    • %APPDATA%\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
    • %TEMPDIR%\nse7380.tmp
    • %TEMPDIR%\nseCC11.tmp
    • %TEMPDIR%\temp.txt
    建立下列自身複本:
    • %APPDATA%\Roaming\Images\image.exe
    • C:\images.scr
    • E:\images.scr
    載入下列驅動程式:
    • %SYSDIR%\shdocvw.dll
    • %WINDIR%\Globalization\Sorting\sortdefault.nls
    • %APPDATA%\Local\Microsoft\Windows\Caches\cversions.1.db
    • %ALLUSERSPATH%\desktop.ini
    • %USERPATH%\Desktop\desktop.ini
    • %USERPATH%\Searches\desktop.ini
    • %USERPATH%\Videos\desktop.ini
    • %USERPATH%\Pictures\desktop.ini
    • %USERPATH%\Contacts\desktop.ini
    • %USERPATH%\Favorites\desktop.ini
    • %USERPATH%\Music\desktop.ini
    • %USERPATH%\Downloads\desktop.ini
    • %USERPATH%\Documents\desktop.ini
    • %USERPATH%\Links\desktop.ini
    • %USERPATH%\Saved Games\desktop.ini
    • %WINDIR%\AppPatch\sysmain.sdb
    • %SYSDIR%\en-US\shdocvw.dll.mui
    • %TEMPDIR%\nse7380.tmp
    • %TEMPDIR%\%executed_sample%
    • %TEMPDIR%\nseCC11.tmp
    • %TEMPDIR%\temp.txt
    • C:\
    • %WINDIR%\SysWOW64\en-US\SHELL32.dll.mui
    • %APPDATA%\Roaming\Images\image.exe
    執行下列檔案:
    • %SYSDIR%\shdocvw.dll
    • %WINDIR%\Globalization\Sorting\sortdefault.nls
    • %APPDATA%\Local\Microsoft\Windows\Caches\cversions.1.db
    • %ALLUSERSPATH%\desktop.ini
    • %USERPATH%\Desktop\desktop.ini
    • %USERPATH%\Searches\desktop.ini
    • %USERPATH%\Videos\desktop.ini
    • %USERPATH%\Pictures\desktop.ini
    • %USERPATH%\Contacts\desktop.ini
    • %USERPATH%\Favorites\desktop.ini
    • %USERPATH%\Music\desktop.ini
    • %USERPATH%\Downloads\desktop.ini
    • %USERPATH%\Documents\desktop.ini
    • %USERPATH%\Links\desktop.ini
    • %USERPATH%\Saved Games\desktop.ini
    • %WINDIR%\AppPatch\sysmain.sdb
    • %SYSDIR%\en-US\shdocvw.dll.mui
    • %TEMPDIR%\nse7380.tmp
    • %TEMPDIR%\%executed_sample%
    • %TEMPDIR%\nseCC11.tmp
    • %TEMPDIR%\temp.txt
    • C:\
    • %WINDIR%\SysWOW64\en-US\SHELL32.dll.mui
    • %APPDATA%\Roaming\Images\image.exe
  • 登錄
    新增下列登錄授權碼:
    • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\%executed_sample_name%_RASAPI32
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\%executed_sample_name%_RASAPI32 ("EnableFileTracing": "0x00000000") ("EnableConsoleTracing": "0x00000000") ("FileTracingMask": "0x0000FFFF") ("ConsoleTracingMask": "0x0000FFFF") ("MaxFileSize": "0x00001000") ("FileDirectory": "%windir%\tracing")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\%executed_sample_name%_RASMANCS
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\%executed_sample_name%_RASMANCS ("EnableFileTracing": "0x00000000") ("EnableConsoleTracing": "0x00000000") ("FileTracingMask": "0x0000FFFF") ("ConsoleTracingMask": "0x0000FFFF") ("MaxFileSize": "0x00001000") ("FileDirectory": "%windir%\tracing")
    • HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
    • HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings ("ProxyEnable": "0x00000000") ("ProxyServer": "") ("ProxyOverride": "") ("AutoConfigURL": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections ("SavedLegacySettings": "RgAAAB8AAAAJAAAAAAAAAAAAAAAAAAAABAAAAAAAAADAs5VCEA3RAQAAAAAAAAAAAAAAAAIA AAAXAAAAAAAAAP6AAAAAAAAA5aw1NW8R55ELAAAAHAAAAAAAAAAAAAAAAAAAAAAgAAAAIAAA ABAAAAEAAADtAwAACQYCAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAD/////wLDq+dQm0BG7vwCqAGw05AIAAADAqHQEAAAAAAAAAAAADUgAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA") ("DefaultConnectionSettings": "RgAAAAQAAAAJAAAAAAAAAAAAAAAAAAAABAAAAAAAAABAAr6P4nXUAQAAAAAAAAAAAAAAAAMA AAAXAAAAAAAAAP6AAAAAAAAAPI88tD9Xo3oNAAAAHAAAAAAAAAAAAAAAAAAAAAAgAAAAIAAA ABAAAAEAAADtAwAACQYCAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAD/////wLDq+dQm0BG7vwCqAGw05AIAAADAqFyFAAAAAAAAAAAY0iEAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwAAAAAAAAAgAQAA PorvLTyPPLQ/V6N6AAAAAEzSIQBM0iEAAAAAAAAAAAAAAAAAJQAAJfHyAABQ1iEAgHUhAAAA AAAAAAAAAAAAAAoAAAAAAAAAqNAhAJDTIQAAAAAAAgAAAAAAAGAAAAAgHAMAAODRIQACAAAA 9AIAABwDAAA=")
    • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness
    • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{58BF48AF-81A4-472D-9931-7D3DA8432D34} ("WpadDecisionReason": "0x01000000") ("WpadDecisionTime": "8Pvcj+J11AE=") ("WpadDecision": "0x03000000") ("WpadNetworkName": "Network 2")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{58BF48AF-81A4-472D-9931-7D3DA8432D34}\00-23-7d-29-a4-a9
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-23-7d-29-a4-a9 ("WpadDecisionReason": "0x01000000") ("WpadDecisionTime": "8Pvcj+J11AE=") ("WpadDecision": "0x03000000")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad ("WpadLastNetwork": "{58BF48AF-81A4-472D-9931-7D3DA8432D34}")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ("ProxyBypass": "") ("IntranetName": "") ("UNCAsIntranet": "0x00000000") ("AutoDetect": "0x01000000")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ("ProxyBypass": "") ("IntranetName": "")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\image_RASAPI32
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\image_RASAPI32 ("EnableFileTracing": "0x00000000") ("EnableConsoleTracing": "0x00000000") ("FileTracingMask": "0x0000FFFF") ("ConsoleTracingMask": "0x0000FFFF") ("MaxFileSize": "0x00001000") ("FileDirectory": "%windir%\tracing")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\image_RASMANCS
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\image_RASMANCS ("EnableFileTracing": "0x00000000") ("EnableConsoleTracing": "0x00000000") ("FileTracingMask": "0x0000FFFF") ("ConsoleTracingMask": "0x0000FFFF") ("MaxFileSize": "0x00001000") ("FileDirectory": "%windir%\tracing")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections ("SavedLegacySettings": "RgAAACAAAAAJAAAAAAAAAAAAAAAAAAAABAAAAAAAAABAAr6P4nXUAQAAAAAAAAAAAAAAAAMA AAAXAAAAAAAAAP6AAAAAAAAAPI88tD9Xo3oNAAAAHAAAAAAAAAAAAAAAAAAAAAAgAAAAIAAA ABAAAAEAAADtAwAACQYCAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAD/////wLDq+dQm0BG7vwCqAGw05AIAAADAqFyFAAAAAAAAAAAY0iEAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwAAAAAAAAAgAQAA PorvLTyPPLQ/V6N6AAAAAEzSIQBM0iEAAAAAAAAAAAAAAAAAJQAAJfHyAABQ1iEAgHUhAAAA AAAAAAAAAAAAAAoAAAAAAAAAqNAhAJDTIQAAAAAAAgAAAAAAAGAAAAAgHAMAAODRIQACAAAA 9AIAABwDAAA=")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ("Coin": "%APPDATA%\Roaming\Images\image.exe")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecision": "3")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecisionTime": "Iº4TÔ")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7}
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad ("WpadExpirationDays": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecisionReason": "1")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecisionTime": "ò¦ûâuÔ")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecision": "0")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadNetworkName": "Network")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDetectedUrl": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDecisionReason": "1")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDecisionTime": "ò¦ûâuÔ")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDecision": "0")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDetectedUrl": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7}\0a-00-27-00-00-00
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDhcp": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDns": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
    變更下列登錄授權碼:
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\%executed_sample_name%_RASAPI32 ("EnableFileTracing": "0x00000000") ("EnableConsoleTracing": "0x00000000") ("FileTracingMask": "0x0000FFFF") ("ConsoleTracingMask": "0x0000FFFF") ("MaxFileSize": "0x00001000") ("FileDirectory": "%windir%\tracing")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\%executed_sample_name%_RASMANCS ("EnableFileTracing": "0x00000000") ("EnableConsoleTracing": "0x00000000") ("FileTracingMask": "0x0000FFFF") ("ConsoleTracingMask": "0x0000FFFF") ("MaxFileSize": "0x00001000") ("FileDirectory": "%windir%\tracing")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings ("ProxyEnable": "0x00000000") ("ProxyServer": "") ("ProxyOverride": "") ("AutoConfigURL": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections ("SavedLegacySettings": "RgAAAB8AAAAJAAAAAAAAAAAAAAAAAAAABAAAAAAAAADAs5VCEA3RAQAAAAAAAAAAAAAAAAIA AAAXAAAAAAAAAP6AAAAAAAAA5aw1NW8R55ELAAAAHAAAAAAAAAAAAAAAAAAAAAAgAAAAIAAA ABAAAAEAAADtAwAACQYCAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAD/////wLDq+dQm0BG7vwCqAGw05AIAAADAqHQEAAAAAAAAAAAADUgAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA") ("DefaultConnectionSettings": "RgAAAAQAAAAJAAAAAAAAAAAAAAAAAAAABAAAAAAAAABAAr6P4nXUAQAAAAAAAAAAAAAAAAMA AAAXAAAAAAAAAP6AAAAAAAAAPI88tD9Xo3oNAAAAHAAAAAAAAAAAAAAAAAAAAAAgAAAAIAAA ABAAAAEAAADtAwAACQYCAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAD/////wLDq+dQm0BG7vwCqAGw05AIAAADAqFyFAAAAAAAAAAAY0iEAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwAAAAAAAAAgAQAA PorvLTyPPLQ/V6N6AAAAAEzSIQBM0iEAAAAAAAAAAAAAAAAAJQAAJfHyAABQ1iEAgHUhAAAA AAAAAAAAAAAAAAoAAAAAAAAAqNAhAJDTIQAAAAAAAgAAAAAAAGAAAAAgHAMAAODRIQACAAAA 9AIAABwDAAA=")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{58BF48AF-81A4-472D-9931-7D3DA8432D34} ("WpadDecisionReason": "0x01000000") ("WpadDecisionTime": "8Pvcj+J11AE=") ("WpadDecision": "0x03000000") ("WpadNetworkName": "Network 2")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-23-7d-29-a4-a9 ("WpadDecisionReason": "0x01000000") ("WpadDecisionTime": "8Pvcj+J11AE=") ("WpadDecision": "0x03000000")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad ("WpadLastNetwork": "{58BF48AF-81A4-472D-9931-7D3DA8432D34}")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ("ProxyBypass": "") ("IntranetName": "") ("UNCAsIntranet": "0x00000000") ("AutoDetect": "0x01000000")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\image_RASAPI32 ("EnableFileTracing": "0x00000000") ("EnableConsoleTracing": "0x00000000") ("FileTracingMask": "0x0000FFFF") ("ConsoleTracingMask": "0x0000FFFF") ("MaxFileSize": "0x00001000") ("FileDirectory": "%windir%\tracing")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\image_RASMANCS ("EnableFileTracing": "0x00000000") ("EnableConsoleTracing": "0x00000000") ("FileTracingMask": "0x0000FFFF") ("ConsoleTracingMask": "0x0000FFFF") ("MaxFileSize": "0x00001000") ("FileDirectory": "%windir%\tracing")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections ("SavedLegacySettings": "RgAAACAAAAAJAAAAAAAAAAAAAAAAAAAABAAAAAAAAABAAr6P4nXUAQAAAAAAAAAAAAAAAAMA AAAXAAAAAAAAAP6AAAAAAAAAPI88tD9Xo3oNAAAAHAAAAAAAAAAAAAAAAAAAAAAgAAAAIAAA ABAAAAEAAADtAwAACQYCAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAD/////wLDq+dQm0BG7vwCqAGw05AIAAADAqFyFAAAAAAAAAAAY0iEAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwAAAAAAAAAgAQAA PorvLTyPPLQ/V6N6AAAAAEzSIQBM0iEAAAAAAAAAAAAAAAAAJQAAJfHyAABQ1iEAgHUhAAAA AAAAAAAAAAAAAAoAAAAAAAAAqNAhAJDTIQAAAAAAAgAAAAAAAGAAAAAgHAMAAODRIQACAAAA 9AIAABwDAAA=")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ("Coin": "%APPDATA%\Roaming\Images\image.exe")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecision": "3")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecisionTime": "Iº4TÔ")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7}
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad ("WpadExpirationDays": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecisionReason": "1")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecisionTime": "ò¦ûâuÔ")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecision": "0")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadNetworkName": "Network")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDetectedUrl": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDecisionReason": "1")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDecisionTime": "ò¦ûâuÔ")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDecision": "0")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDetectedUrl": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7}\0a-00-27-00-00-00
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDhcp": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDns": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
    移除下列登錄授權碼的值:
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings ("ProxyEnable": "0x00000000") ("ProxyServer": "") ("ProxyOverride": "") ("AutoConfigURL": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ("ProxyBypass": "") ("IntranetName": "") ("UNCAsIntranet": "0x00000000") ("AutoDetect": "0x01000000")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ("ProxyBypass": "") ("IntranetName": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDetectedUrl": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDetectedUrl": "")
  • 別名
    Avast: Win32:Malware-gen
    Dr. Web: Trojan.BtcMine.688
    ESET: NSIS/CoinMiner.P trojan
    G Data: Trojan.AgentWDCR.ERF
    Kaspersky Lab: HEUR:Trojan.NSIS.BitMin.gen
    Microsoft: Trojan:Win32/CoinMiner!bit

將可疑的檔案/URL 送予我們分析,助力構建更安全的網站。

送出您的檔案/URL 或者 請前往 Avira 問答區

為何送出可疑的檔案?

如果您遇到不在我們資料庫中的可疑檔案或網站,我們會對其進行分析,確定其是否有害。我們的分析結果將向數百萬名用戶公開,並納入下一次病毒資料庫更新。如果您擁有 Avira,您也將取得此更新。尚未擁有 Avira?請前往 我們的首頁獲取。

何為 Avira 問答區?

Avira 問答區是我們大力發展的社區,由專業技術人員和兼職專家並肩合作,幫助解決技術問題。這一 Avira 用戶社區是您提出問題的絕佳場所。