Как заработать на сайте? Фейковый архив или веб-установщик с рекламой

Тема в разделе "Пойманы за руку", создана пользователем akok, 26 дек 2014.

  1. akok
    Оффлайн

    akok Команда форума Администратор

    Сообщения:
    12.456
    Симпатии:
    13.954
    Свобода одного человека ограничена свободой всех

    Сегодня поговорим о финансировании ресурсов, которые не предназначены по тематике своей для получения прибыли. Получить финансирование можно разными путями, честными и не очень. О последнем поговорим более подробно.

    Существует в сети форум (hттp://pcportal.org.ru) созданный на базе uweb, с интересной тематикой.

    Нашел проблему совершенно случайно, посетив тему (hттp://pcportal.org.ru/forum/60-6328-1) под гостем

    upload_2014-12-26_8-50-58.png

    с разрешенными скриптами (ну есть привычка разрешать многое на доверенных сайтах), при попытке скачать файл:
    upload_2014-12-26_8-52-0.png
    После нескольких редиректов по доменам, на которых нет собственных ресурсов я получил исполняемый файл, который маскируется под архив
    upload_2014-12-26_9-1-59.png

    и по сути своей является установщиком пакета программ, которые пользователь не просил.

    upload_2014-12-26_18-40-24.png

    После полной установки я получил целый пакет ненужного мне софта
    upload_2014-12-26_18-41-8.png

    И прошу обратить внимание: за исключением заявленного софта (только за webalta спасибо с кисточкой) было установлено:
    1. Интернет браузер Phoenix (еще один к Амиго)
    2. Дополнение для FF и к Opera поиск скидок Everysale.Net
    upload_2014-12-26_18-44-1.png
    everysale_opera.PNG

    3. Полный пакет приблуд от mail.ru

    Я уверен, что 80% пользователей даже не подумают нажать на кнопку "Расширенные опции". Фактически это распространение нежелательного ПО, без ведома пользователя. При первом приближении оказывается, что файл подписан просроченным сертификатом

    upload_2014-12-26_9-8-9.png

    Правда это не спасает от реакции подавляющего большинства антивирусов, думаю в скором времени список расширится :)


    Собственно, первой мыслью было что ресурс взломали и используют для распространения рекламного ПО при помощи редиректа гостей, да и код как-бы намекал:
    HTML:

    <a onclick="downl($(this).attr('hrf')); return false;" target="_blank" hrf="all.php?rid=157&name=YXJjaGl2ZV80NTAxMV9zZXR1cA==&url=aHR0cD…L0UvUHJlcGFyZVdpbjdGb3JXaW5kb3dzVGVjaG5pY2FsUHJldmlldy5leGU=" href="javascript://" title="Скачать файл">

        <img border="0" align="absmiddle" alt="Скачать файл" src="/css/downloads.gif"></img>

    </a>
    <a class="link outLink downLink" target="_blank" rel="nofollow" title="Скачать файл" href="javascript://" hrf="all.php?rid=157&name=YXJjaGl2ZV80NTAxMV9zZXR1cA==&url=aHR0cD…L0UvUHJlcGFyZVdpbjdGb3JXaW5kb3dzVGVjaG5pY2FsUHJldmlldy5leGU=" onclick="downl($(this).attr('hrf')); return false;"></a>
     
    Ибо запретив запросы от gmload.net в RequestPolicy или запретив скрипты от uweb.ru в NoScript
    upload_2014-12-26_10-48-11.png


    мы получим прямую ссылку на скачивание файла. При первом контакте с администратором сайта мы напоролись на чистку постов с упоминанием проблемы. При второй попытке донести проблему, к сожалению, инициатива вылилась в травлю пользователя (hттp://pcportal.org.ru/forum/14-6196-2)

    upload_2014-12-26_9-27-5.png


    Ну и появления "Политики загрузки" в лучших традициях...

    Я надеюсь данная публикация побудит администрацию прекратить насаждать пользователям подобным ПО.

    Теперь немного о самом файле. На 26.12.14 мы не смогли обнаружить вредоносное ПО (только нежелательное и рекламное). Но в связи с активной пересборкой "установщика" на сторонних серверах и по поведению своему как загрузчика ситуация зависит от совести владельца сервиса/ресурса.

    В случае если снять все галочки и запустить, то ничего установлено не будет, только сетевая активность
    Код (INI):

    [ Network services ]
       * Looks for an Internet connection.
       * Queries DNS "forumvkgames.com".
       * C:\Documents and Settings\User\Desktop\archive_141_setup.exe Connects to "5.79.80.76" on port 80 (TCP - HTTP).
       * Downloads file from "forumvkgames.com/top_link.php?sdfedf=esrf&load=3320028&mg=soft157&q=0".
       * Opens next URLs:
         http://forumvkgames.com/top_link.php?sdfedf=esrf&load=3320028&mg=soft157&q=0

    Код (Text):

    Report generated with Buster Sandbox Analyzer 1.88 at 13:30:38 on 26/12/2014

    Detailed report of suspicious malware actions:

    Checked for debuggers
    Checked if user is admin
    Connected to WWW
    Created a mutex named: _!MSFTHISTORY!_
    Created a mutex named: c:!documents and settings!user!cookies!
    Created a mutex named: c:!documents and settings!user!local settings!history!history.ie5!
    Created a mutex named: c:!documents and settings!user!local settings!temporary internet files!content.ie5!
    Created a mutex named: CTF.Asm.MutexDefaultS-1-5-21-823518204-796845957-682003330-1003
    Created a mutex named: CTF.Compart.MutexDefaultS-1-5-21-823518204-796845957-682003330-1003
    Created a mutex named: CTF.Layouts.MutexDefaultS-1-5-21-823518204-796845957-682003330-1003
    Created a mutex named: CTF.LBES.MutexDefaultS-1-5-21-823518204-796845957-682003330-1003
    Created a mutex named: CTF.TimListCache.FMPDefaultS-1-5-21-823518204-796845957-682003330-1003MUTEX.DefaultS-1-5-21-823518204-796845957-682003330-1003
    Created a mutex named: CTF.TMD.MutexDefaultS-1-5-21-823518204-796845957-682003330-1003
    Created a mutex named: Global\C:/DOCUME~1/User/LOCALS~1/Temp/chrome_installer.log
    Created a mutex named: Global\C:/Documents and Settings/User/Local Settings/Application Data/Amigo/Application/debug.log
    Created a mutex named: Global\MAILRU_LOGGER
    Created a mutex named: MSCTF.Shared.MUTEX.ELG
    Created a mutex named: MSCTF.Shared.MUTEX.MAD
    Created a mutex named: oleacc-msaa-loaded
    Created a mutex named: RasPbFile
    Created a mutex named: SHIMLIB_LOG_MUTEX
    Created a mutex named: ZonesCacheCounterMutex
    Created a mutex named: ZonesCounterMutex
    Created a mutex named: ZonesLockedCacheCounterMutex
    Created file in defined folder: C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log
    Created file in defined folder: C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Amigo.lnk
    Created file in defined folder: C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Вконтакте.lnk
    Created file in defined folder: C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Одноклассники.lnk
    Created file in defined folder: C:\Documents and Settings\User\Desktop\Amigo.lnk
    Created file in defined folder: C:\Documents and Settings\User\Desktop\Вконтакте.lnk
    Created file in defined folder: C:\Documents and Settings\User\Desktop\Одноклассники.lnk
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\chrome_100_percent.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\chrome_touch_100_percent.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\extensions\external_extensions.json
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\extensions\kgkggmpkealihpbjpdmcblcplljamohl.json
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\extensions\mailru_checker_1.2.3.crx
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Installer\chrome.7z
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\am.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\ar.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\bg.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\bn.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\ca.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\cs.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\da.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\de.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\el.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\en-GB.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\en-US.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\es.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\es-419.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\et.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\fa.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\fi.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\fil.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\fr.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\gu.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\he.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\hi.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\hr.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\hu.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\id.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\it.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\ja.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\kn.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\ko.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\lt.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\lv.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\ml.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\mr.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\ms.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\nb.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\nl.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\pl.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\pt-BR.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\pt-PT.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\ro.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\ru.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\sk.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\sl.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\sr.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\sv.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\sw.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\ta.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\te.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\th.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\tr.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\uk.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\vi.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\zh-CN.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\zh-TW.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\nacl_irt_x86_32.nexe
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\nacl_irt_x86_64.nexe
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\resources.pak
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\secondarytile.png
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\VisualElements\logo.png
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\VisualElements\smalllogo.png
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\VisualElements\splash-620x300.png
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\debug.log
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\master_preferences
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\VisualElementsManifest.xml
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Temp\source404_23308\Chrome-bin\master_preferences
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\User Data\Local State
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\User Data\Local State~RF2c485d.TMP
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Opera\Opera\widgets\everysale\config.xml
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Opera\Opera\widgets\everysale\images\icon-18.png
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Opera\Opera\widgets\everysale\images\icon-64.png
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Temp\chrome_installer.log
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Temp\CR_2C472.tmp\CHROME.PACKED.7Z
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Temp\CR_2C472.tmp\SETUP.EX_
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Temp\nse5C.tmp
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Temp\nse63.tmp
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Temp\nsk5D.tmp
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Temp\nso6B.tmp
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Temp\nst6C.tmp
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Temp\nst6D.tmp
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Temp\nsu64.tmp
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Temp\nsv5E.tmp
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Temp\nsz62.tmp
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\07YDA7J8\155x155[1].gif
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\X11RR93W\50x50[1].gif
    Created file in defined folder: C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\XAI5MO1Z\120x120[1].gif
    Created file in defined folder: C:\Documents and Settings\User\Start Menu\Programs\Amigo.lnk
    Created file in defined folder: C:\Documents and Settings\User\Start Menu\Programs\Вконтакте.lnk
    Created file in defined folder: C:\Documents and Settings\User\Start Menu\Programs\Одноклассники.lnk
    Created process: C:\DOCUME~1\User\LOCALS~1\Temp\archive_141_setup_.exe, "C:\DOCUME~1\User\LOCALS~1\Temp\archive_141_setup_.exe" 157 11011, C:\Documents and Settings\User\Desktop
    Created process: C:\DOCUME~1\User\LOCALS~1\Temp\instl_tmp.exe, "C:\DOCUME~1\User\LOCALS~1\Temp\instl_tmp.exe" /S /SUB=ga157, C:\Documents and Settings\User\Desktop
    Created process: C:\DOCUME~1\User\LOCALS~1\Temp\int_tmp_n.exe, "C:\DOCUME~1\User\LOCALS~1\Temp\int_tmp_n.exe" --silent --rfr=profitraf3 --ua_rfr=CHANNEL_profitraf3 "--partner_new_url=http://horses.alllinkers.ru/v_install?sid=13306&guid=$__GUID&sig=$__SIG&ovr=$__OVR&amigo=1&aux=157", C:\Documents and Settings\User\Desktop
    Created process: C:\DOCUME~1\User\LOCALS~1\Temp\phnx_tmp.exe, "C:\DOCUME~1\User\LOCALS~1\Temp\phnx_tmp.exe" /S, C:\Documents and Settings\User\Desktop
    Created process: C:\DOCUME~1\User\LOCALS~1\Temp\spt_tmp_n.exe, "C:\DOCUME~1\User\LOCALS~1\Temp\spt_tmp_n.exe" /silent /rfr=profitraf3 --mpcln=9516 /partner_homepage=http://horses.alllinkers.ru/v_install?sid=13306&start=1&guid=$__GUID&sig=$__SIG&ovr=$__OVR&browser=$__BROWSER&aux=157 /partner_dse=http://horses.alllinkers.ru/v_install?sid=13306&search=1&guid=$__GUID&sig=$__SIG&ovr=$__OVR&browser=$__BROWSER&aux=157, C:\Documents and Settings\User\Desktop
    Created process: C:\DOCUME~1\User\LOCALS~1\Temp\ZaxarSetup.4.001.29.exe, "C:\DOCUME~1\User\LOCALS~1\Temp\ZaxarSetup.4.001.29.exe" /S, C:\Documents and Settings\User\Desktop
    Created process: null, "C:\DOCUME~1\User\LOCALS~1\Temp\CR_2C472.tmp\setup.exe" --install-archive="C:\DOCUME~1\User\LOCALS~1\Temp\CR_2C472.tmp\CHROME.PACKED.7Z" --silent --rfr=profitraf3 --ua_rfr=CHANNEL_profitraf3 "--partner_new_url=http://horses.alllinkers.ru/v_install?sid=13306&guid=$__GUID&sig=$__SIG&ovr=$__OVR&amigo=1&aux=157", null
    Created process: null, "C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\amigo.exe" --make-default-browser, null
    Created process: null, "C:\Documents and Settings\User\Local Settings\Application Data\MailRu\MailRuUpdater.exe" --install, null
    Created process: null, C:\WINDOWS\system32\drwtsn32 -p 1636 -e 360 -g, null
    Created process: null, C:\WINDOWS\system32\drwtsn32 -p 1752 -e 308 -g, null
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\chrome.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\chrome.exe
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\chrome_child.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\chrome_frame_helper.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\chrome_frame_helper.exe
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\chrome_launcher.exe
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\d3dcompiler_43.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\d3dcompiler_46.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\delegate_execute.exe
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\ffmpegsumo.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\gcswf32.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\icudt.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Installer\setup.exe
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\libegl.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\libglesv2.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\am.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\ar.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\bg.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\bn.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\ca.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\cs.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\da.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\de.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\el.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\en-GB.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\en-US.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\es.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\es-419.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\et.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\fa.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\fi.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\fil.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\fr.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\gu.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\he.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\hi.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\hr.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\hu.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\id.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\it.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\ja.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\kn.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\ko.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\lt.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\lv.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\ml.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\mr.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\ms.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\nb.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\nl.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\pl.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\pt-BR.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\pt-PT.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\ro.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\ru.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\sk.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\sl.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\sr.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\sv.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\sw.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\ta.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\te.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\th.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\tr.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\uk.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\vi.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\zh-CN.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\zh-TW.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\metro_driver.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\nacl64.exe
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\npchrome_frame.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\ppgooglenaclpluginchrome.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\xinput1_3.dll
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\amigo.exe
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\ok.exe
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\vk.exe
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Temp\source404_23308\Chrome-bin\agentloader.exe
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Temp\source404_23308\Chrome-bin\amigo.exe
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Temp\source404_23308\Chrome-bin\mailruupdater.exe
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Temp\source404_23308\Chrome-bin\ok.exe
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Temp\source404_23308\Chrome-bin\vk.exe
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Temp\source404_23308\Chrome-bin\wow_helper.exe
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Mail.Ru\MailRuUpdater.exe
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\MailRu\MailRuUpdater.exe
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Opera\Opera\widgets\everysale\includes\a_library.js
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Opera\Opera\widgets\everysale\includes\content.js
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Opera\Opera\widgets\everysale\index.html
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Opera\Opera\widgets\everysale\js\background.js
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Opera\Opera\widgets\everysale\js\config.js
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Opera\Opera\widgets\everysale\js\library.js
    Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Opera\Opera\widgets\everysale\js\utils.js
    Defined file type created: C:\Documents and Settings\User\Local Settings\Temp\1B599C2813264BF99AC2655A2C538BE6.html
    Defined file type created: C:\Documents and Settings\User\Local Settings\Temp\9E4E6FE48BB6492B8D5834AFB809AC2D.html
    Defined file type created: C:\Documents and Settings\User\Local Settings\Temp\A3B586E25BD14DE595D627B549F7D55D.html
    Defined file type created: C:\Documents and Settings\User\Local Settings\Temp\archive_141_setup_.exe
    Defined file type created: C:\Documents and Settings\User\Local Settings\Temp\CR_2C472.tmp\setup.exe
    Defined file type created: C:\Documents and Settings\User\Local Settings\Temp\instl_tmp.exe
    Defined file type created: C:\Documents and Settings\User\Local Settings\Temp\int_tmp_n.exe
    Defined file type created: C:\Documents and Settings\User\Local Settings\Temp\MailRuUpdater.exe
    Defined file type created: C:\Documents and Settings\User\Local Settings\Temp\phnx_tmp.exe
    Defined file type created: C:\Documents and Settings\User\Local Settings\Temp\spt_tmp_n.exe
    Defined file type created: C:\Documents and Settings\User\Local Settings\Temp\ZaxarSetup.4.001.29.exe
    Defined file type created: C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\07YDA7J8\top_link[1].htm
    Defined file type created: C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\JIB66FDL\mailruhomesearch[1].exe
    Defined file type created: C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\XAI5MO1Z\AmigoDistrib[1].exe
    Defined registry AutoStart location created or modified: machine\software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings = created registry key
    Defined registry AutoStart location created or modified: user\current\software\Microsoft\Windows\CurrentVersion\Run\amigo = C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\amigo.exe --no-startup-window
    Defined registry AutoStart location created or modified: user\Software\Microsoft\Windows\CurrentVersion\Run\MailRuUpdater = C:\Documents and Settings\User\Local Settings\Application Data\Mail.Ru\MailRuUpdater.exe
    Deleted activity traces
    Detected keylogger functionality
    File handling change: machine\software\classes\amigohtml.sc6qbjt2rblixcxiauhqjlu27m\shell\open\command  = "c:\documents and settings\user\local settings\application data\amigo\application\amigo.exe" -- "%1"
    Got computer name
    Got input locale identifiers
    Got user name information
    Got volume information
    Hid file from user: C:\Documents and Settings\User\Local Settings\Temp\MailRuUpdater.exe
    Internet connection: C:\Documents and Settings\User\Desktop\archive_141_setup.exe Connects to "5.79.80.76" on port 80 (TCP - HTTP)
    Internet connection: C:\Documents and Settings\User\Local Settings\Application Data\Mail.Ru\MailRuUpdater.exe Connects to "217.69.134.55" on port 80 (TCP - HTTP)
    Internet connection: C:\Documents and Settings\User\Local Settings\Temp\archive_141_setup_.exe Connects to "92.51.65.20" on port 80 (TCP - HTTP)
    Internet connection: C:\Documents and Settings\User\Local Settings\Temp\archive_141_setup_.exe Connects to "95.211.217.15" on port 80 (TCP - HTTP)
    Internet connection: C:\Documents and Settings\User\Local Settings\Temp\CR_2C472.tmp\setup.exe Connects to "94.100.180.127" on port 80 (TCP - HTTP)
    Internet connection: C:\Documents and Settings\User\Local Settings\Temp\CR_2C472.tmp\setup.exe Connects to "94.242.246.242" on port 80 (TCP - HTTP)
    Listed all entry names in a remote access phone book
    Malicious category given by Adobe Malware Classifier
    Modified access control lists (ACLs) of files
    Modified file in defined folder: C:\Documents and Settings\User\Local Settings\History\History.IE5\index.dat
    Modified file in defined folder: C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    Queried DNS: ab-nb.marketgid.com
    Queried DNS: ad.dumedia.ru
    Queried DNS: ad.propellerads.com
    Queried DNS: ads.betweendigital.com
    Queried DNS: advombat.ru
    Queried DNS: ae-gb.marketgid.com
    Queried DNS: aj-gb.marketgid.com
    Queried DNS: amigobin.cdnmail.ru
    Queried DNS: api.retailrocket.ru
    Queried DNS: autoupdate.opera.com
    Queried DNS: b.kavanga.ru
    Queried DNS: bcp.crwdcntrl.net
    Queried DNS: binupdate.mail.ru
    Queried DNS: cache.betweendigital.com
    Queried DNS: cdn.api.twitter.com
    Queried DNS: cdn2.cpmstar.com
    Queried DNS: certs.opera.com
    Queried DNS: clients1.google.com
    Queried DNS: cm.g.doubleclick.net
    Queried DNS: counter.marketgid.com
    Queried DNS: counter.rambler.ru
    Queried DNS: counter.tovarro.com
    Queried DNS: counter.yadro.ru
    Queried DNS: crl3.digicert.com
    Queried DNS: crl4.digicert.com
    Queried DNS: d.turn.com
    Queried DNS: ddnk.advertur.ru
    Queried DNS: ddpnt.advertur.ru
    Queried DNS: df.c0.b8.a1.top.mail.ru
    Queried DNS: display.intencysrv.com
    Queried DNS: dmg.digitaltarget.ru
    Queried DNS: drinko.ucoz.ru
    Queried DNS: forumvkgames.com
    Queried DNS: front.facetz.net
    Queried DNS: get.geo.opera.com
    Queried DNS: gmload.net
    Queried DNS: go.padsdel.com
    Queried DNS: graph.facebook.com
    Queried DNS: horses.alllinkers.ru
    Queried DNS: ib.adnxs.com
    Queried DNS: imgg.marketgid.com
    Queried DNS: imgn.marketgid.com
    Queried DNS: imrk.net
    Queried DNS: jsc.dt00.net
    Queried DNS: jsc.marketgid.com
    Queried DNS: kaon.rghost.ru
    Queried DNS: mailruupdater.cdnmail.ru
    Queried DNS: mg.yadro.ru
    Queried DNS: mrb.mail.ru
    Queried DNS: ocsp.digicert.com
    Queried DNS: padsdel.cdnads.com
    Queried DNS: pcportal.org.ru
    Queried DNS: pin2me.com
    Queried DNS: pix04.revsci.net
    Queried DNS: px.adhigh.net
    Queried DNS: recreativ.ru
    Queried DNS: republer.sync.kavanga.ru
    Queried DNS: rghost.ru
    Queried DNS: s22.ucoz.net
    Queried DNS: s700.uweb.ru
    Queried DNS: server.cpmstar.com
    Queried DNS: share.yandex.ru
    Queried DNS: sitecheck2.opera.com
    Queried DNS: sputnikmailru.cdnmail.ru
    Queried DNS: ssp.adriver.ru
    Queried DNS: st1.recreativ.ru
    Queried DNS: st2.recreativ.ru
    Queried DNS: st3.recreativ.ru
    Queried DNS: st4.recreativ.ru
    Queried DNS: sync.republer.com
    Queried DNS: syncsw.pool.datamind.ru
    Queried DNS: top-fwz1.mail.ru
    Queried DNS: vitpc.yadro.ru
    Queried DNS: vk.com
    Queried DNS: w.uptolike.com
    Queried DNS: web.esd.microsoft.com
    Queried DNS: www.facebook.com
    Queried DNS: www.google-analytics.com
    Queried DNS: www.odnoklassniki.ru
    Queried DNS: www.tns-counter.ru
    Queried DNS: x.bidswitch.net
    Queried DNS: x.ulogix.ru
    Queried DNS: xml.opera.com
    Transfered files from and/or to internet

    Risk evaluation result: High
     
     
    Последнее редактирование: 27 апр 2016
    tzrb, iskander-k, orderman и 4 другим нравится это.
  2. petr-ru
    Оффлайн

    petr-ru Пользователь

    Сообщения:
    62
    Симпатии:
    31
    кому как совесть позволяет - тот так и зарабатывает. Если что-то распаковывается из нужного контента - еще ладно ведь, а то "архиватор" в конце мог денег запросить за файлы (подобных партнерок по оберткам для файлов сейчас много) :Acute:
     
  3. regist
    Оффлайн

    regist гоняюсь за туманом Ассоциация VN/VIP VIP Разработчик

    Сообщения:
    11.382
    Симпатии:
    5.268
    если бы распаковывалось бы, то ладно, а ведь надо опять выкачивать из инета. В итоге скачал перенёс на флешке на другой комп без сети, а в итоге нужного файла тебе нет. Опять надо качать.
     

Поделиться этой страницей