24.04.2012, 11:50
Flash999 napisał(a):@tomatto007
Where is download link? Can you give me?
Sorry
Treść widoczna jedynie dla zarejestrowanych użytkowników
Dodano: 23 Apr 2012, 18:35
Malware info:
SHA256: 96132571ec62d2e724da6d1cf350621d06d59072f26a11e8088b5abe0244f914
SHA1: a172cc6c4946d1013b1f95d5be3f0df5c5e7d945
MD5: 2481f8d73c7941e991396accae4b0363
File size: 44.5 KB ( 45568 bytes )
VT info (39/43):
[Aby zobaczyć linki, zarejestruj się tutaj]
Changes in the system:- Files:
%Program Files%\ixurls\[/b] bkwktxxwq.dll - random filename VT Info (31/43):[Aby zobaczyć linki, zarejestruj się tutaj]
%SysDir%\noowjc1.dat
%SysDir%\noowjc2.dat
%SysDir%\noowjc3.dat
%SysDir%\noowjc4.dat
%SysDir%\noowjc5.dat
Treść widoczna jedynie dla zarejestrowanych użytkowników
Dodano: 23 Apr 2012, 19:10
Malware info:
SHA256: c5b081268efaaba91b06b46399f896c201f8a4c98bb9f6d392c15d2f7ef9e397
SHA1: 357aeab95e48604bfaedbbc6c5c5c5dc008c6d1c
MD5: b65224df5317e0ed7afcbabfe82028c9
File size: 260.0 KB ( 266240 bytes )
VT info (29/42):
[Aby zobaczyć linki, zarejestruj się tutaj]
Changes in the system:- Registry Key:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Windows Explorer: "%Appdata%\explorer.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Nxzqzd: "%Appdata%\Nxzqzd.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Windows Explorer: "%Appdata%\explorer.exe"
Files:
%Appdata%\ explorer.exe
%Appdata%\ Nxzqzd.exe
%Appdata%\ svchost64.exeVT info(1/42):[Aby zobaczyć linki, zarejestruj się tutaj]
Treść widoczna jedynie dla zarejestrowanych użytkowników
Dodano: 24 Apr 2012, 14:50
Malware info:
SHA256: 79bdb0a0045b4acc1572f7644e94e12bb1d6ebbd4f7247688a603c089af86f06
SHA1: 2066f07ea0910928bc8818ade1de13bd4a8d5503
MD5: b933dc5e2929ae5c1f44593cf486db36
File size: 865.5 KB ( 886288 bytes )
VT info (3/40)
[Aby zobaczyć linki, zarejestruj się tutaj]
Changes in the system:
- Registry Key:
HKLM\Software\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\InProcServer32\: "C:\Program Files\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll"
HKLM\Software\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\InprocServer32\: "C:\Program Files\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll"
HKLM\Software\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\InprocServer32\: "C:\Program Files\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll"
HKLM\Software\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\0\win32\: "C:\Program Files\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll"
HKLM\Software\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\HELPDIR\: "C:\Program Files\Yontoo Layers Runtime (Drop Down Deals)"
HKLM\Software\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc\path: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\YontooLayers.crx"
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\: "Yontoo Layer (Drop Down Deals)s"
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\UninstallString: "C:\DOCUME~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe /remove /q0"
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\QuietUninstallString: "C:\DOCUME~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe /remove /q"
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\ModifyPath: "C:\DOCUME~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe /q0"
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\TinFolder: "C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}"
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\InstallLocation: "C:\Program Files\Yontoo Layers Runtime (Drop Down Deals)"
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\DisplayIcon: "C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico"
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\DisplayName: "Yontoo Layers Runtime (Drop Down Deals) 1.10.01"
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Publisher: "Yontoo LLC"
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Contact: "[email protected]"
HKLM\Software\Tarma Installer\Products\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\: "Yontoo Layers Runtime (Drop Down Deals)"
HKLM\Software\Tarma Installer\Products\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\TizPath: "c:\sand-box\DropDownDealsSetup.exe"
Files:
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\[email protected]\build.sh
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\[email protected]\chrome.manifest
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\[email protected]\config_build.sh
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\[email protected]\content\about.xul
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\[email protected]\content\firefoxOverlay.xul
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\[email protected]\content\options.xul
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\[email protected]\content\overlay.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\[email protected]\content\y2layers.jpg
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\[email protected]\defaults\preferences\y2layers.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\[email protected]\install.rdf
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\[email protected]\locale\en-US\about.dtd
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\[email protected]\locale\en-US\prefwindow.dtd
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\[email protected]\locale\en-US\y2layers.dtd
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\[email protected]\locale\en-US\y2layers.properties
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\[email protected]\readme.txt
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\[email protected]\skin\overlay.css
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\[email protected]\skin\toolbar-button.png
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gi17c3pt.default\user.js
C:\Documents and Settings\Administrator\Local Settings\Temp\7za.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\YontooFFClient.xpi
C:\Documents and Settings\Administrator\Local Settings\Temp\YontooIEClient.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\YontooLayers\background.html
C:\Documents and Settings\Administrator\Local Settings\Temp\YontooLayers\manifest.json
C:\Documents and Settings\Administrator\Local Settings\Temp\YontooLayers\yl.js
C:\Documents and Settings\Administrator\Local Settings\Temp\YontooLayers.crxVT info(1/42)[Aby zobaczyć linki, zarejestruj się tutaj]
C:\Documents and Settings\Administrator\Local Settings\Temp\YontooLayers.pem
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
C:\Program Files\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll
Treść widoczna jedynie dla zarejestrowanych użytkowników