Bibliothèque
Ma bibliothèque

+ Ajouter à la bibliothèque

Contacter-nous !
Support 24/24 | Rules regarding submitting

Nous téléphoner

0 825 300 230

Forum

Vos requêtes

  • Toutes : -
  • Non clôturées : -
  • Dernière : le -

Nous téléphoner

0 825 300 230

Profil

Trojan.Crossrider.40151

Added to the Dr.Web virus database: 2014-11-16

Virus description added:

Technical Information

To ensure autorun and distribution:
Creates or modifies the following files:
  • %WINDIR%\Tasks\globalUpdateUpdateTaskMachineCore.job
  • %WINDIR%\Tasks\globalUpdateUpdateTaskMachineUA.job
  • %WINDIR%\Tasks\925edefc-dc81-49c6-b7c7-bc7f8afc6226-11.job
  • %WINDIR%\Tasks\925edefc-dc81-49c6-b7c7-bc7f8afc6226-4.job
Creates the following services:
  • [<HKLM>\SYSTEM\ControlSet001\Services\globalUpdate] 'Start' = '00000002'
Malicious functions:
Creates and executes the following:
  • '%PROGRAM_FILES%\Sense\925edefc-dc81-49c6-b7c7-bc7f8afc6226-4.exe' /lhmWTQtHR /QKznSGga='Sense' /GCypiblgD='%PROGRAM_FILES%\Sense\48292.xpi' /bVBjfdNQ=48292 /kQSbsKe='000805' /gzMygfn='0' /LKiWVdB='0' /LgRGCP=0E7B6AE736EA4D5398C9871EC5D99CCBIE /axcjFnQ=283442d1b00f8490b367ecf1f5a01572 /crxHkjy=1_34_07_01 /HgYue=1.34.7.1 /PymIVkWe=1424806263 /RnpoOm=http://st###.#emogensrv.com /nevRquvFu=http://er####.demogensrv.com /UOEXBoMoc=300 /Ogmvo=143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com /XhHWnQGUk=0.94 /WifGDThA=a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292 /RqQkQc=https://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/48292.rdf /kpdUhhFgO='Sense' /eyzOJ='.' /YZyHu='Object Browser' /mAHikT=ie /nzJPxyFiY='{"asw":[0, 0, 0]}' /ZmxvjFWYH /lQpUGoTHm /RUyzNYJ /LgXrNxBX='http://up####.demogensrv.com/ff_agent_updates/{CAMP_ID}/update.json' /yltLNZdJ /IZSOsP='installer' /EIAIMMIR='%TEMP%\SenseInstaller_1424806263.log'
  • '%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe' /regserver
  • '%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe' /regsvc
  • '%TEMP%\comh.6850\GoogleUpdate.exe' /silent /install "appguid={06f9c542-63ca-47a4-a81f-3b5e3594d3a6}&appname=5211b144-5a85-4e4c-a28f-b123c2b240b1&needsadmin=True&lang=en"
  • '%PROGRAM_FILES%\Sense\925edefc-dc81-49c6-b7c7-bc7f8afc6226-11.exe' /YFEwml=IpijinL/9euesXGLzm5gbsIRpTTwjdVjpUE6I6f9RmdXvzkzGbxHtN1l2fLDZq15G7Q9TjZHasI8jkESMhYwevFvWs2rzkSbTj2A9hjvqqMpxqF3wxFtNNWGgzcqP1F96XHQ/A3jAlIEUwtpCxCMbAHROsvNNhfOaeWOBKLi/RYN5a+TZkS/ezoxX2Xa3fBNxWepbk3phJEkE0WS2btzgftd3pnZgLkBMFIxubTYhQONqZz5oDjNd9oHa8gkxJqCtpuQC3Ts4T0X2Wa2pv5OIOmwtx2W7cjg/6pRCFjqgNXTnwwgpbovvDJqved/J5lUDtjUup+FcyhCh3hCHHL5D719Lrgp2jmFRRFjf3UW7feansIfh6v2xIv3WGQzjku+72Rdvw42y+fBsH0ROe2TYcTPCxBNSN5gjxY+fufLMSeJvSJmiyShJ7dBEDcp2s/viQrxIohgo8gRzr560sRKemNCFi7OefQ4sRcPv4emDYvpigNygDHC3Y//BtxKTUpTDWahVJbGkgZGmBu6sDzdPRW83ZjSLjPkqTVZD7FN30LidiwyHAvpjqA/8GhEvTtmg9gAB9q/Cod4n9AzqgnwNAyGL4iPl3A5k/aNQZEmUssHfhHQZs4oI9XMrLoFmYwWJfjTPte1bd9I1kk1k/0oJQ9uE6IylmY+J/SXDyMkXU01gkumQjDLCxOzlkyvuKN4LIfkDQ1mGofsgrul3KWNHxghOWvIt9l/SwxnE9HmMKGkuWJjdNrO/s3rkWHBbI6K31UL/SPhT/6b8YQtyYDy2pvHO8MDD62Q5XGxfMa2t4vdnq9bos74izi5PMZX54+KAO3KanMzVU1wNV9AME5iVTcgtGpdNriGmmG1Y6p4ru6xvWqObFlFtXuewv114/CSF4n2dwl8PPcPEOE0unsFpQb6CkTzG5708r3dM20W6fYHgzlAIQk38YbRYDUdsnjfQobJZUq62+raeWEuudHem4EIci9uq+k74fxb2GyCmjLducNsWZ9ml3gsR4ZIDtznDMg+tMLAm2AE7sSuUaJjXCgTslx1DUaPH78Dlnz91eQfl3MMGGzMRD8okKY/HjAd7owE7tX3hUgto2OV7fqDwdwIQz6oYD9KM5hbO/dsr3n3Tq8aJbwitKpszHJipKpTqnSQjcWMNvqQ1SE2ZndNGstZGC7RxeZsF1toIR4/eYI2Cw4t749ExqkQaB93YE4Vr42C8uTdq5NYt9D3OivP5PZjTSMBOmetnKMDWsO4IHRJ+WdfDgH5xDDuxbecn1JULyDWNG3VRc9jWAoWQug1EFIZmLvL4AlWmBygcES1SeU4t0BKaieAb0XvlceySabC3KFGuIFxBb85ry3ZN5aMpRm5jfcljuOkenpfycgGkY1uLjenBDwBvf+EI5NJuoscryf5ZF+38fo3j8z65w+DC5QgFi3+7+kut5WYfOf8FoR18HOgK5irixTLeswEr9XFsioWqUA0ZnpJL+R8xoFuil6y81lPBTjBs/lm4Yx7pNjHbbcH3iGtLSp/YasHoJTaC44/uAELC0Bj7jsMzu3xZCNTgJywKPyP4SOyMPxr5pg6sZfmZJK4gzowZrpOWJZMwy2o2ODWucoTKrXLzN3JvHltehuZjZXAyZf3ws8LYaIHleVkwxEi5jiOGzIQgIa8JmBmZPzD0kYmeXIgSG/1SlYgoUkcO2/Pyi5Tzl7S8a4=
Executes the following:
  • '<SYSTEM32>\msiexec.exe' /V
Terminates or attempts to terminate
the following user processes:
  • opera.exe
  • firefox.exe
  • iexplore.exe
Modifies file system :
Creates the following files:
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\69e4fb357c17d299d90a0064567e118e.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\a9de8a04110f030a3f4a1b90451b77a9.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\4b1a9c09acfab1479226224beac17ebd.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\a9f6810999ab8ca25f1cbdd06920bc01.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\e81bc92766e13295b322b32ea18cb2f6.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\browser.xul
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\ffCoreFilesIndex.txt
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\background.html
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\search_dialog.xul
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\options.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\1d2849c6a75c184dade8c4c8c38f5da4.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\d5e9f0d0a1cfa3a1921ad9c4d8a5b204.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\271b881d78a61a7c0f5e082b59614576.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\1a329a6a744ac0468547d9c6a7b017cf.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\68501e8e8b7534b8c16bafac9d3d6e28.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\998c55f1c0d2306acea3f4ac15ba2944.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\843b2f6201af1a83874a9cb50af85626.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\fe2bceb789d9ac470097717ff5aaac81.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\8e11e4db28889a380738c4d28faea765.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\f4a32d858fd867ed9583341d5a568608.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\bbdcd128d3e95b85897120dd901105be.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\ade4e86d5af7aad0fda59d8221785a14.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\193.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\239.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\102.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\17.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\78.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\184.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\64.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\220.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\223.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\72.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\191.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\options.xul
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\6b779b7ccef3746ac8efa46d64f8be3c.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\bece3742e479838ace749c2861402eca.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\dialog.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\9f5c90fb558c21080e2cc91a4aa709d2.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\userCode\background.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\13.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\47.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\98.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\userCode\extension.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\207.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\icon24.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\skin.css
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\button3.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\icon16.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\button1.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\button5.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\icon48.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\9b8c49e4b6cc007afe7dff124b2f9868.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\popup.html
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\button2.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\update.css
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions.sqlite-journal
  • %WINDIR%\Installer\MSIA.tmp
  • C:\Config.Msi\4f6d3.rbs
  • %TEMP%\~DF7200.tmp
  • %TEMP%\MSI503a1.LOG
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\button4.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\icon128.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\panelarrow-up.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\crossrider_statusbar.png
  • %TEMP%\~DF5514.tmp
  • %WINDIR%\Installer\4f6d2.ipi
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\7fe0ef22a0240d7a18d74c8bf1cbbf38.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\ce3adcb89f3d6c803ce2ccf7b7fec680.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\655dcecc996aa586a78457d5b02250f6.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\5a2185ea422650cf70e49a2e0c6c91f9.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\5fabae9abebb7789961f8356d4b1a0a2.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\aa168cc47cac03c9fd11880075253b18.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\a8d84e79a9b3e9d7c99d42c19bf3f912.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\installer.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\3d6e46e3c5198e07da08a62221ed76bc.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\b64073db7f1cfb38f35f9ca6302d369a.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\7a86f685507877b18e34a58bf85652cb.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\8227664c47208569cf03de4f999daeba.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\ca7e8747998bbb502d477375f9e2e3b5.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\f9a6dfd36beee312099fc15159239924.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\52b8040af9770d75964fa21e029a6e9a.js
  • %WINDIR%\Installer\4f6d0.msi
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\35ac6fa514467eaf1c9579cbc46563b7.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\a4bd4733eb669b8fd393f5b7da5bd948.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\1c6602431a2b3be6f8ea7410b31c11ee.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\bd8bb3dd79f73f9e6f58b57b4e7c6741.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\f5dd90757932257b2b5d5e3b30857869.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\307e40115388ff98276351b17d3af41a.js
  • %PROGRAM_FILES%\Sense\360-48292.crx
  • %APPDATA%\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
  • %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
  • %TEMP%\Cab4.tmp
  • %APPDATA%\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
  • %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
  • %TEMP%\comh.6850\psuser.dll
  • %TEMP%\comh.6850\psmachine.dll
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe
  • %PROGRAM_FILES%\Sense\1293297481.mxaddon
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\goopdate.dll
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe
  • %APPDATA%\Microsoft\CryptnetUrlCache\Content\8BD11C4A2318EC8E5A82462092971DEA
  • %TEMP%\Cab6.tmp
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\goopdateres_en.dll
  • %TEMP%\Cab8.tmp
  • %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\8BD11C4A2318EC8E5A82462092971DEA
  • %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\C3E814D1CB223AFCD58214D14C3B7EAB
  • %PROGRAM_FILES%\Sense\925edefc-dc81-49c6-b7c7-bc7f8afc6226.crx
  • %APPDATA%\Microsoft\CryptnetUrlCache\Content\C3E814D1CB223AFCD58214D14C3B7EAB
  • %TEMP%\nsr3.tmp\ExecDos.dll
  • %PROGRAM_FILES%\Sense\925edefc-dc81-49c6-b7c7-bc7f8afc6226-11.exe
  • %TEMP%\nsr3.tmp\UserInfo.dll
  • %TEMP%\nsr3.tmp\md5dll.dll
  • %TEMP%\nsr3.tmp\inetc.dll
  • %PROGRAM_FILES%\Sense\utils.exe
  • %TEMP%\nsr3.tmp\update.json
  • %TEMP%\nsr3.tmp\nsisos.dll
  • %TEMP%\nsr3.tmp\StdUtils.dll
  • %TEMP%\nsb2.tmp
  • %TEMP%\nsr3.tmp\System.dll
  • %TEMP%\nsr3.tmp\InstallerUtils2.dll
  • %TEMP%\nsr3.tmp\InstallerUtils.dll
  • %TEMP%\comh.6850\GoogleUpdateOnDemand.exe
  • %TEMP%\comh.6850\GoogleUpdateHelper.msi
  • %TEMP%\comh.6850\goopdate.dll
  • %TEMP%\comh.6850\npGoogleUpdate4.dll
  • %TEMP%\comh.6850\goopdateres_en.dll
  • %TEMP%\comh.6850\GoogleUpdateBroker.exe
  • %TEMP%\nsr3.tmp\487793
  • %TEMP%\nsr3.tmp\15744
  • %PROGRAM_FILES%\Sense\Uninstall.exe
  • %TEMP%\comh.6850\GoogleUpdate.exe
  • %TEMP%\comh.6850\GoogleCrashHandler.exe
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\242.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\91.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\4.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\7.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\21.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\16.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\123.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\211.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\244.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\93.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\230.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\233.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\177.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\263.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\246.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\22.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\14.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\195.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\1.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\182.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\104.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\9.js
  • %PROGRAM_FILES%\Sense\48292.xpi
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe
  • %PROGRAM_FILES%\Sense\925edefc-dc81-49c6-b7c7-bc7f8afc6226-4.exe
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\locale\en-US\translations.dtd
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\install.rdf
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\psuser.dll
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\psmachine.dll
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll
  • %PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\268.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\28.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\226.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\155.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\192.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\180.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome.manifest
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\defaults\preferences\prefs.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins.json
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\183.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\manifest.xml
Deletes the following files:
  • C:\Config.Msi\4f6d3.rbs
  • %WINDIR%\Installer\MSIA.tmp
  • %WINDIR%\Installer\4f6d2.ipi
  • %WINDIR%\Installer\4f6d0.msi
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions.sqlite-journal
  • %TEMP%\Cab4.tmp
  • %TEMP%\nsr3.tmp\487793
  • %TEMP%\Cab8.tmp
  • %TEMP%\Cab6.tmp
Network activity:
Connects to:
  • 'www.download.windowsupdate.com':80
  • 'cr#.#hawte.com':80
  • 'ts####.ws.symantec.com':80
  • 'lo##.#emogensrv.com':80
  • 'up####.demogensrv.com':80
  • 'er####.demogensrv.com':80
  • 'st###.#emogensrv.com':80
TCP:
HTTP GET requests:
  • www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
  • www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
  • ts####.ws.symantec.com/tss-ca-g2.crl
  • cr#.#hawte.com/ThawteTimestampingCA.crl
  • er####.demogensrv.com/installer-error.gif?ac########################################################################################################################################################################################################################################################################################################################################################################################################
  • up####.demogensrv.com/installer_updates/000805/update.json
  • lo##.#emogensrv.com/monetization.gif?ev#############################################################################################################################################################################################################################################################################################################################################################################
  • st###.#emogensrv.com/installer.gif?ac####################################################################################################################################################################################################################################################################################################################################################################################################################################
UDP:
  • DNS ASK www.download.windowsupdate.com
  • DNS ASK cr#.#hawte.com
  • DNS ASK ts####.ws.symantec.com
  • DNS ASK lo##.#emogensrv.com
  • DNS ASK up####.demogensrv.com
  • DNS ASK er####.demogensrv.com
  • DNS ASK st###.#emogensrv.com
Miscellaneous:
Searches for the following windows:
  • ClassName: 'Shell_TrayWnd' WindowName: ''

Recommandations pour le traitement

  1. Si le système d'exploitation peut être démarré (en mode normal ou en mode sans échec), téléchargez Dr.Web Security Space et lancez un scan complet de votre ordinateur et de tous les supports amovibles que vous utilisez. En savoir plus sur Dr.Web Security Space.
  2. Si le démarrage du système d'exploitation est impossible, veuillez modifier les paramètres du BIOS de votre ordinateur pour démarrer votre ordinateur via CD/DVD ou clé USB. Téléchargez l'image du disque de secours de restauration du système Dr.Web® LiveDisk ou l'utilitaire pour enregistrer Dr.Web® LiveDisk sur une clé USB, puis préparez la clé USB appropriée. Démarrez l'ordinateur à l'aide de cette clé et lancez le scan complet et le traitement des menaces détectées.

Veuillez lancer le scan complet du système à l'aide de Dr.Web Antivirus pour Mac OS.

Veuillez lancer le scan complet de toutes les partitions du disque à l'aide de Dr.Web Antivirus pour Linux.

  1. Si votre appareil mobile fonctionne correctement, veuillez télécharger et installer sur votre appareil mobile Dr.Web pour Android. Lancez un scan complet et suivez les recommandations sur la neutralisation des menaces détectées.
  2. Si l'appareil mobile est bloqué par le Trojan de la famille Android.Locker (un message sur la violation grave de la loi ou la demande d'une rançon est affiché sur l'écran de l'appareil mobile), procédez comme suit:
    • démarrez votre Smartphone ou votre tablette en mode sans échec (si vous ne savez pas comment faire, consultez la documentation de l'appareil mobile ou contactez le fabricant) ;
    • puis téléchargez et installez sur votre appareil mobile Dr.Web pour Android et lancez un scan complet puis suivez les recommandations sur la neutralisation des menaces détectées ;
    • Débranchez votre appareil et rebranchez-le.

En savoir plus sur Dr.Web pour Android