Родительский класс: TrojWare
Вредоносные программы, которые осуществляют несанкционированные пользователем действия: уничтожают, блокируют, модифицируют или копируют информацию, нарушают работу компьютеров или компьютерных сетей. В отличие от вирусов и червей, представители этой категории не умеют создавать свои копии, не способны к самовоспроизведению.Класс: Trojan-Clicker
Предназначены для обращения к интернет-ресурсам (обычно к веб-страницам). Достигается это либо передачей соответствующих команд браузеру, либо заменой системных файлов, в которых указаны «стандартные» адреса интернет-ресурсов (например, файл hosts в MS Windows). У злоумышленника могут быть следующие цели для таких действий: • увеличение посещаемости каких-либо сайтов с целью увеличения показов рекламы; • привлечение потенциальных жертв для заражения вирусами или троянскими программами. • искусственная накрутка кликов в рекламных сетях с целью обогащения злоумышленниковПодробнее
Платформа: Win32
Win32 - платформа, управляемая операционной системой на базе Windows NT (Windows XP, Windows 7 и т.д.), позволяющей исполнять 32-битные приложения. В настоящее время данная платформа является одной из наиболее распространенных.Описание
Technical Details
Троянская программа, которая открывает ссылки в интернете без ведома пользователя. Является приложением Windows (PE EXE-файл). Имеет размер 73728 байт. Написана на Visual Basic.Payload
Троянец открывает следующие ссылки без ведома пользователя:
http://www.amazon.com/exec/obidos/redirect-home/wwwgreedincco-20
http://service.bfast.com/bfast/click?bfmid=5647408&siteid=40628211&bfpage=name
http://service.bfast.com/bfast/click?bfmid=37920150&siteid=40628211&bfpage=homepage
http://service.bfast.com/bfast/click?bfmid=2181&sourceid=40628211&categoryid=bookhome
http://service.bfast.com/bfast/click?bfmid=30991737&siteid=40628211&bfpage=bb_generic
http://service.bfast.com/bfast/click?bfmid=20904140&siteid=40628211&bfpage=rock_free_music
http://service.bfast.com/bfast/click?bfmid=37922609&siteid=40628211&bfpage=home
http://service.bfast.com/bfast/click?bfmid=37919189&siteid=40628211&bfpage=home1_may01
http://service.bfast.com/bfast/click?bfmid=26864318&siteid=40628211&bfpage=new_release
http://service.bfast.com/bfast/click?bfmid=8929386&siteid=40628211&bfpage=equation
http://www.qksrv.net/click-1348887-2202639
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=31266.10000077&type=3&subid=0
http://service.bfast.com/bfast/click?bfmid=9439958&siteid=40628211&bfpage=166x44logo
http://service.bfast.com/bfast/click?bfmid=26917872&siteid=40628211&bfpage=big_island
http://service.bfast.com/bfast/click?bfmid=37919909&siteid=40628211&bfpage=homepage1
http://service.bfast.com/bfast/click?bfmid=223938&siteid=40628211&bfpage=homepage
http://www.qksrv.net/click-1348887-1495778
http://service.bfast.com/bfast/click?bfmid=1375281&siteid=40628211&bfpage=homepage
http://service.bfast.com/bfast/click?bfmid=37922429&siteid=40628211&bfpage=gotomypc
http://service.bfast.com/bfast/click?bfmid=37925129&siteid=40628211&bfpage=text2
http://www.qksrv.net/click-1348887-2202691
http://service.bfast.com/bfast/click?bfmid=37919329&siteid=40628211&bfpage=home_logos
http://service.bfast.com/bfast/click?bfmid=37923209&siteid=40628211&bfpage=free_shipping4
http://service.bfast.com/bfast/click?bfmid=5607334&siteid=40628211&bfpage=homepage_image
http://service.bfast.com/bfast/click?bfmid=37923429&siteid=40628211&bfpage=homepage
http://service.bfast.com/bfast/click?bfmid=27276611&siteid=40628211&bfpage=special
http://service.bfast.com/bfast/click?bfmid=5327311&siteid=40628211&bfpage=homepage
http://service.bfast.com/bfast/click?bfmid=37922269&siteid=40628211&bfpage=sbc_clanding
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=45613.10000010&type=3&subid=0
http://service.bfast.com/bfast/click?bfmid=26399296&siteid=40628211&bfpage=homepage
http://service.bfast.com/bfast/click?bfmid=18566&sourceid=40628211&categoryid=vacation_deals
http://service.bfast.com/bfast/click?bfmid=37922889&siteid=40628211&bfpage=logos
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=42865.8&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=46363.10000089&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=35492.10000002&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=48771.10000533&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=53111.10000038&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=53020.10000006&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=29195.11&type=4&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=29744.10000180&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=43440.10000097&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=43733.10000020&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=24017.10000122&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=11322.10000045&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=48173.10000007&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=51844.10000001&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=43523.10000017&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=50602.10000070&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=26018.10000041&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=46009.10000022&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=50252.10000008&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=48290.10000033&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=27778.10000072&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=44304.10000039&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=41877.10003984&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=14941.10000066&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=41019.10000039&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=20738.10000010&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=40579.10000001&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=47355.10000029&type=3&subid=0
http://www.topshelfpussy.com/main.htm?id=default205
http://www.bignaturals.com/main.htm?id=default205
http://www.8thstreetlatinas.com/main.htm?id=default205
http://www.streetblowjobs.com/main.htm?id=default205
http://signups.triplexcash.com/hit.php?w=101297&s=6&p=2
http://signups.triplexcash.com/hit.php?w=101297&s=4&p=2
http://www.bigblackknockers.com
http://signups.triplexcash.com/hit.php?w=101297&s=2&p=2
http://www.inthevip.com/main.htm?id=default205
http://www.inthevip.com/main.htm?id=default205
http://www.cumfiesta.com/main.htm?id=default205
http://www.milfhunter.com/main.htm?id=default205
http://www.captainstabbin.com/main.htm?id=default205
http://track.oxcash.com/?Site=realbutts.com&Webmaster=default7
http://track.oxcash.com/?Site=boobsquad.com&Webmaster=default7
http://track.oxcash.com/?Site=backroomfacials.com&Webmaster=default7
http://track.oxcash.com/?Site=bangbus.com&Webmaster=default7
http://track.oxcash.com/?Site=thebaitbus.com&Webmaster=default7
http://track.oxcash.com/?Site=bigmovieland.com&Webmaster=default7
http://track.oxcash.com/?Site=kingchile.com&Webmaster=default7
http://track.oxcash.com/?Site=olderladies.com&Webmaster=default7
http://track.oxcash.com/?Site=publicamateurs.com&Webmaster=default7
http://track.oxcash.com/?Site=trannytrick.com&Webmaster=default7
http://www.interneteraser.com/enter.html?ID=4145133
http://signups.triplexcash.com/hit.php?w=101297&s=3&p=2
http://signups.triplexcash.com/hit.php?w=101297&s=5&p=2
http://www.ucbill.com/click.php?uid=default205&product=1
http://www.allamateurmovies.com/main.htm?id=default205
http://www.nastyfetish.org/main.htm?id=default205
http://www.wivesinpantyhose.com/main.htm?id=default205
http://www.megacockcravers.com/main.htm?id=default205
http://www.boysfirsttime.com/main.htm?id=default205
http://www.trannysurprise.com/main.htm?id=default205
http://service.bfast.com/bfast/click?bfmid=5647408&siteid=40628211&bfpage=name
http://service.bfast.com/bfast/click?bfmid=37920150&siteid=40628211&bfpage=homepage
http://service.bfast.com/bfast/click?bfmid=2181&sourceid=40628211&categoryid=bookhome
http://service.bfast.com/bfast/click?bfmid=30991737&siteid=40628211&bfpage=bb_generic
http://service.bfast.com/bfast/click?bfmid=20904140&siteid=40628211&bfpage=rock_free_music
http://service.bfast.com/bfast/click?bfmid=37922609&siteid=40628211&bfpage=home
http://service.bfast.com/bfast/click?bfmid=37919189&siteid=40628211&bfpage=home1_may01
http://service.bfast.com/bfast/click?bfmid=26864318&siteid=40628211&bfpage=new_release
http://service.bfast.com/bfast/click?bfmid=8929386&siteid=40628211&bfpage=equation
http://www.qksrv.net/click-1348887-2202639
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=31266.10000077&type=3&subid=0
http://service.bfast.com/bfast/click?bfmid=9439958&siteid=40628211&bfpage=166x44logo
http://service.bfast.com/bfast/click?bfmid=26917872&siteid=40628211&bfpage=big_island
http://service.bfast.com/bfast/click?bfmid=37919909&siteid=40628211&bfpage=homepage1
http://service.bfast.com/bfast/click?bfmid=223938&siteid=40628211&bfpage=homepage
http://www.qksrv.net/click-1348887-1495778
http://service.bfast.com/bfast/click?bfmid=1375281&siteid=40628211&bfpage=homepage
http://service.bfast.com/bfast/click?bfmid=37922429&siteid=40628211&bfpage=gotomypc
http://service.bfast.com/bfast/click?bfmid=37925129&siteid=40628211&bfpage=text2
http://www.qksrv.net/click-1348887-2202691
http://service.bfast.com/bfast/click?bfmid=37919329&siteid=40628211&bfpage=home_logos
http://service.bfast.com/bfast/click?bfmid=37923209&siteid=40628211&bfpage=free_shipping4
http://service.bfast.com/bfast/click?bfmid=5607334&siteid=40628211&bfpage=homepage_image
http://service.bfast.com/bfast/click?bfmid=37923429&siteid=40628211&bfpage=homepage
http://service.bfast.com/bfast/click?bfmid=27276611&siteid=40628211&bfpage=special
http://service.bfast.com/bfast/click?bfmid=5327311&siteid=40628211&bfpage=homepage
http://service.bfast.com/bfast/click?bfmid=37922269&siteid=40628211&bfpage=sbc_clanding
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=45613.10000010&type=3&subid=0
http://service.bfast.com/bfast/click?bfmid=26399296&siteid=40628211&bfpage=homepage
http://service.bfast.com/bfast/click?bfmid=18566&sourceid=40628211&categoryid=vacation_deals
http://service.bfast.com/bfast/click?bfmid=37922889&siteid=40628211&bfpage=logos
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=42865.8&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=46363.10000089&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=35492.10000002&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=48771.10000533&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=53111.10000038&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=53020.10000006&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=29195.11&type=4&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=29744.10000180&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=43440.10000097&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=43733.10000020&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=24017.10000122&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=11322.10000045&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=48173.10000007&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=51844.10000001&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=43523.10000017&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=50602.10000070&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=26018.10000041&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=46009.10000022&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=50252.10000008&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=48290.10000033&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=27778.10000072&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=44304.10000039&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=41877.10003984&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=14941.10000066&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=41019.10000039&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=20738.10000010&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=40579.10000001&type=3&subid=0
http://click.linksynergy.com/fs-bin/click?id=RuI8k2bphaE&offerid=47355.10000029&type=3&subid=0
http://www.topshelfpussy.com/main.htm?id=default205
http://www.bignaturals.com/main.htm?id=default205
http://www.8thstreetlatinas.com/main.htm?id=default205
http://www.streetblowjobs.com/main.htm?id=default205
http://signups.triplexcash.com/hit.php?w=101297&s=6&p=2
http://signups.triplexcash.com/hit.php?w=101297&s=4&p=2
http://www.bigblackknockers.com
http://signups.triplexcash.com/hit.php?w=101297&s=2&p=2
http://www.inthevip.com/main.htm?id=default205
http://www.inthevip.com/main.htm?id=default205
http://www.cumfiesta.com/main.htm?id=default205
http://www.milfhunter.com/main.htm?id=default205
http://www.captainstabbin.com/main.htm?id=default205
http://track.oxcash.com/?Site=realbutts.com&Webmaster=default7
http://track.oxcash.com/?Site=boobsquad.com&Webmaster=default7
http://track.oxcash.com/?Site=backroomfacials.com&Webmaster=default7
http://track.oxcash.com/?Site=bangbus.com&Webmaster=default7
http://track.oxcash.com/?Site=thebaitbus.com&Webmaster=default7
http://track.oxcash.com/?Site=bigmovieland.com&Webmaster=default7
http://track.oxcash.com/?Site=kingchile.com&Webmaster=default7
http://track.oxcash.com/?Site=olderladies.com&Webmaster=default7
http://track.oxcash.com/?Site=publicamateurs.com&Webmaster=default7
http://track.oxcash.com/?Site=trannytrick.com&Webmaster=default7
http://www.interneteraser.com/enter.html?ID=4145133
http://signups.triplexcash.com/hit.php?w=101297&s=3&p=2
http://signups.triplexcash.com/hit.php?w=101297&s=5&p=2
http://www.ucbill.com/click.php?uid=default205&product=1
http://www.allamateurmovies.com/main.htm?id=default205
http://www.nastyfetish.org/main.htm?id=default205
http://www.wivesinpantyhose.com/main.htm?id=default205
http://www.megacockcravers.com/main.htm?id=default205
http://www.boysfirsttime.com/main.htm?id=default205
http://www.trannysurprise.com/main.htm?id=default205
Троянец имеет функции, с помощью которых может изменять стартовую страницу Microsoft Internet Explorer, а также скачивать и запускать файлы из интернета.
Removal instructions
- При помощи «Диспетчера задач» завершить троянский процесс.
- Удалить оригинальный файл троянца (его расположение на зараженном компьютере зависит от способа, которым программа попала на компьютер).
- Произвести полную проверку компьютера Антивирусом Касперского с обновленными антивирусными базами (скачать пробную версию).
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!