Как заработать на сайте? Фейковый архив или веб-установщик с рекламой

akok

akok

Команда форума
Администратор
Ассоциация VN
Сообщения
25,311
Решения
5
Реакции
13,844
Свобода одного человека ограничена свободой всех

Сегодня поговорим о финансировании ресурсов, которые не предназначены по тематике своей для получения прибыли. Получить финансирование можно разными путями, честными и не очень. О последнем поговорим более подробно.

Существует в сети форум (hттp://pcportal.org.ru) созданный на базе uweb, с интересной тематикой.

Нашел проблему совершенно случайно, посетив тему (hттp://pcportal.org.ru/forum/60-6328-1) под гостем

upload_2014-12-26_8-50-58.webp

с разрешенными скриптами (ну есть привычка разрешать многое на доверенных сайтах), при попытке скачать файл:
upload_2014-12-26_8-52-0.webp

После нескольких редиректов по доменам, на которых нет собственных ресурсов я получил исполняемый файл, который маскируется под архив
upload_2014-12-26_9-1-59.webp


и по сути своей является установщиком пакета программ, которые пользователь не просил.

upload_2014-12-26_18-40-24.webp


После полной установки я получил целый пакет ненужного мне софта
upload_2014-12-26_18-41-8.webp


И прошу обратить внимание: за исключением заявленного софта (только за webalta спасибо с кисточкой) было установлено:
1. Интернет браузер Phoenix (еще один к Амиго)
2. Дополнение для FF и к Opera поиск скидок Everysale.Net
upload_2014-12-26_18-44-1.webp

everysale_opera.webp


3. Полный пакет приблуд от mail.ru

Я уверен, что 80% пользователей даже не подумают нажать на кнопку "Расширенные опции". Фактически это распространение нежелательного ПО, без ведома пользователя. При первом приближении оказывается, что файл подписан просроченным сертификатом

upload_2014-12-26_9-8-9.webp


Правда это не спасает от реакции подавляющего большинства антивирусов, думаю в скором времени список расширится :)


Собственно, первой мыслью было что ресурс взломали и используют для распространения рекламного ПО при помощи редиректа гостей, да и код как-бы намекал:
HTML: 
<a onclick="downl($(this).attr('hrf')); return false;" target="_blank" hrf="all.php?rid=157&name=YXJjaGl2ZV80NTAxMV9zZXR1cA==&url=aHR0cD…L0UvUHJlcGFyZVdpbjdGb3JXaW5kb3dzVGVjaG5pY2FsUHJldmlldy5leGU=" href="javascript://" title="Скачать файл">

    <img border="0" align="absmiddle" alt="Скачать файл" src="/css/downloads.gif"></img>

</a>
<a class="link outLink downLink" target="_blank" rel="nofollow" title="Скачать файл" href="javascript://" hrf="all.php?rid=157&name=YXJjaGl2ZV80NTAxMV9zZXR1cA==&url=aHR0cD…L0UvUHJlcGFyZVdpbjdGb3JXaW5kb3dzVGVjaG5pY2FsUHJldmlldy5leGU=" onclick="downl($(this).attr('hrf')); return false;"></a>

Ибо запретив запросы от gmload.net в RequestPolicy или запретив скрипты от uweb.ru в NoScript
upload_2014-12-26_10-48-11.webp



мы получим прямую ссылку на скачивание файла. При первом контакте с администратором сайта мы напоролись на чистку постов с упоминанием проблемы. При второй попытке донести проблему, к сожалению, инициатива вылилась в травлю пользователя (hттp://pcportal.org.ru/forum/14-6196-2)

upload_2014-12-26_9-27-5.webp



Ну и появления "Политики загрузки" в лучших традициях...

Я надеюсь данная публикация побудит администрацию прекратить насаждать пользователям подобным ПО.

Теперь немного о самом файле. На 26.12.14 мы не смогли обнаружить вредоносное ПО (только нежелательное и рекламное). Но в связи с активной пересборкой "установщика" на сторонних серверах и по поведению своему как загрузчика ситуация зависит от совести владельца сервиса/ресурса.

В случае если снять все галочки и запустить, то ничего установлено не будет, только сетевая активность
INI: 
[ Network services ]
   * Looks for an Internet connection.
   * Queries DNS "forumvkgames.com".
   * C:\Documents and Settings\User\Desktop\archive_141_setup.exe Connects to "5.79.80.76" on port 80 (TCP - HTTP).
   * Downloads file from "forumvkgames.com/top_link.php?sdfedf=esrf&load=3320028&mg=soft157&q=0".
   * Opens next URLs:
     http://forumvkgames.com/top_link.php?sdfedf=esrf&load=3320028&mg=soft157&q=0
IP 5.79.80.76
Хост: 5.79.80.76
Город: Amsterdam
Страна: Netherlands
Нажмите для раскрытия...


Код: 
Report generated with Buster Sandbox Analyzer 1.88 at 13:30:38 on 26/12/2014

Detailed report of suspicious malware actions:

Checked for debuggers
Checked if user is admin
Connected to WWW
Created a mutex named: _!MSFTHISTORY!_
Created a mutex named: c:!documents and settings!user!cookies!
Created a mutex named: c:!documents and settings!user!local settings!history!history.ie5!
Created a mutex named: c:!documents and settings!user!local settings!temporary internet files!content.ie5!
Created a mutex named: CTF.Asm.MutexDefaultS-1-5-21-823518204-796845957-682003330-1003
Created a mutex named: CTF.Compart.MutexDefaultS-1-5-21-823518204-796845957-682003330-1003
Created a mutex named: CTF.Layouts.MutexDefaultS-1-5-21-823518204-796845957-682003330-1003
Created a mutex named: CTF.LBES.MutexDefaultS-1-5-21-823518204-796845957-682003330-1003
Created a mutex named: CTF.TimListCache.FMPDefaultS-1-5-21-823518204-796845957-682003330-1003MUTEX.DefaultS-1-5-21-823518204-796845957-682003330-1003
Created a mutex named: CTF.TMD.MutexDefaultS-1-5-21-823518204-796845957-682003330-1003
Created a mutex named: Global\C:/DOCUME~1/User/LOCALS~1/Temp/chrome_installer.log
Created a mutex named: Global\C:/Documents and Settings/User/Local Settings/Application Data/Amigo/Application/debug.log
Created a mutex named: Global\MAILRU_LOGGER
Created a mutex named: MSCTF.Shared.MUTEX.ELG
Created a mutex named: MSCTF.Shared.MUTEX.MAD
Created a mutex named: oleacc-msaa-loaded
Created a mutex named: RasPbFile
Created a mutex named: SHIMLIB_LOG_MUTEX
Created a mutex named: ZonesCacheCounterMutex
Created a mutex named: ZonesCounterMutex
Created a mutex named: ZonesLockedCacheCounterMutex
Created file in defined folder: C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log
Created file in defined folder: C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Amigo.lnk
Created file in defined folder: C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Вконтакте.lnk
Created file in defined folder: C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Одноклассники.lnk
Created file in defined folder: C:\Documents and Settings\User\Desktop\Amigo.lnk
Created file in defined folder: C:\Documents and Settings\User\Desktop\Вконтакте.lnk
Created file in defined folder: C:\Documents and Settings\User\Desktop\Одноклассники.lnk
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\chrome_100_percent.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\chrome_touch_100_percent.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\extensions\external_extensions.json
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\extensions\kgkggmpkealihpbjpdmcblcplljamohl.json
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\extensions\mailru_checker_1.2.3.crx
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Installer\chrome.7z
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\am.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\ar.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\bg.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\bn.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\ca.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\cs.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\da.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\de.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\el.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\en-GB.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\en-US.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\es.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\es-419.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\et.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\fa.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\fi.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\fil.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\fr.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\gu.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\he.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\hi.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\hr.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\hu.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\id.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\it.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\ja.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\kn.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\ko.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\lt.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\lv.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\ml.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\mr.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\ms.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\nb.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\nl.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\pl.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\pt-BR.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\pt-PT.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\ro.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\ru.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\sk.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\sl.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\sr.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\sv.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\sw.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\ta.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\te.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\th.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\tr.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\uk.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\vi.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\zh-CN.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\zh-TW.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\nacl_irt_x86_32.nexe
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\nacl_irt_x86_64.nexe
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\resources.pak
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\secondarytile.png
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\VisualElements\logo.png
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\VisualElements\smalllogo.png
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\VisualElements\splash-620x300.png
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\debug.log
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\master_preferences
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\VisualElementsManifest.xml
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Temp\source404_23308\Chrome-bin\master_preferences
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\User Data\Local State
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\User Data\Local State~RF2c485d.TMP
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Opera\Opera\widgets\everysale\config.xml
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Opera\Opera\widgets\everysale\images\icon-18.png
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Application Data\Opera\Opera\widgets\everysale\images\icon-64.png
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Temp\chrome_installer.log
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Temp\CR_2C472.tmp\CHROME.PACKED.7Z
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Temp\CR_2C472.tmp\SETUP.EX_
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Temp\nse5C.tmp
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Temp\nse63.tmp
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Temp\nsk5D.tmp
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Temp\nso6B.tmp
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Temp\nst6C.tmp
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Temp\nst6D.tmp
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Temp\nsu64.tmp
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Temp\nsv5E.tmp
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Temp\nsz62.tmp
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\07YDA7J8\155x155[1].gif
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\X11RR93W\50x50[1].gif
Created file in defined folder: C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\XAI5MO1Z\120x120[1].gif
Created file in defined folder: C:\Documents and Settings\User\Start Menu\Programs\Amigo.lnk
Created file in defined folder: C:\Documents and Settings\User\Start Menu\Programs\Вконтакте.lnk
Created file in defined folder: C:\Documents and Settings\User\Start Menu\Programs\Одноклассники.lnk
Created process: C:\DOCUME~1\User\LOCALS~1\Temp\archive_141_setup_.exe, "C:\DOCUME~1\User\LOCALS~1\Temp\archive_141_setup_.exe" 157 11011, C:\Documents and Settings\User\Desktop
Created process: C:\DOCUME~1\User\LOCALS~1\Temp\instl_tmp.exe, "C:\DOCUME~1\User\LOCALS~1\Temp\instl_tmp.exe" /S /SUB=ga157, C:\Documents and Settings\User\Desktop
Created process: C:\DOCUME~1\User\LOCALS~1\Temp\int_tmp_n.exe, "C:\DOCUME~1\User\LOCALS~1\Temp\int_tmp_n.exe" --silent --rfr=profitraf3 --ua_rfr=CHANNEL_profitraf3 "--partner_new_url=http://horses.alllinkers.ru/v_install?sid=13306&guid=$__GUID&sig=$__SIG&ovr=$__OVR&amigo=1&aux=157", C:\Documents and Settings\User\Desktop
Created process: C:\DOCUME~1\User\LOCALS~1\Temp\phnx_tmp.exe, "C:\DOCUME~1\User\LOCALS~1\Temp\phnx_tmp.exe" /S, C:\Documents and Settings\User\Desktop
Created process: C:\DOCUME~1\User\LOCALS~1\Temp\spt_tmp_n.exe, "C:\DOCUME~1\User\LOCALS~1\Temp\spt_tmp_n.exe" /silent /rfr=profitraf3 --mpcln=9516 /partner_homepage=http://horses.alllinkers.ru/v_install?sid=13306&start=1&guid=$__GUID&sig=$__SIG&ovr=$__OVR&browser=$__BROWSER&aux=157 /partner_dse=http://horses.alllinkers.ru/v_install?sid=13306&search=1&guid=$__GUID&sig=$__SIG&ovr=$__OVR&browser=$__BROWSER&aux=157, C:\Documents and Settings\User\Desktop
Created process: C:\DOCUME~1\User\LOCALS~1\Temp\ZaxarSetup.4.001.29.exe, "C:\DOCUME~1\User\LOCALS~1\Temp\ZaxarSetup.4.001.29.exe" /S, C:\Documents and Settings\User\Desktop
Created process: null, "C:\DOCUME~1\User\LOCALS~1\Temp\CR_2C472.tmp\setup.exe" --install-archive="C:\DOCUME~1\User\LOCALS~1\Temp\CR_2C472.tmp\CHROME.PACKED.7Z" --silent --rfr=profitraf3 --ua_rfr=CHANNEL_profitraf3 "--partner_new_url=http://horses.alllinkers.ru/v_install?sid=13306&guid=$__GUID&sig=$__SIG&ovr=$__OVR&amigo=1&aux=157", null
Created process: null, "C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\amigo.exe" --make-default-browser, null
Created process: null, "C:\Documents and Settings\User\Local Settings\Application Data\MailRu\MailRuUpdater.exe" --install, null
Created process: null, C:\WINDOWS\system32\drwtsn32 -p 1636 -e 360 -g, null
Created process: null, C:\WINDOWS\system32\drwtsn32 -p 1752 -e 308 -g, null
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\chrome.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\chrome.exe
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\chrome_child.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\chrome_frame_helper.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\chrome_frame_helper.exe
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\chrome_launcher.exe
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\d3dcompiler_43.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\d3dcompiler_46.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\delegate_execute.exe
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\ffmpegsumo.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\gcswf32.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\icudt.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Installer\setup.exe
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\libegl.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\libglesv2.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\am.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\ar.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\bg.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\bn.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\ca.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\cs.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\da.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\de.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\el.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\en-GB.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\en-US.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\es.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\es-419.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\et.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\fa.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\fi.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\fil.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\fr.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\gu.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\he.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\hi.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\hr.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\hu.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\id.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\it.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\ja.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\kn.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\ko.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\lt.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\lv.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\ml.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\mr.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\ms.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\nb.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\nl.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\pl.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\pt-BR.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\pt-PT.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\ro.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\ru.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\sk.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\sl.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\sr.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\sv.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\sw.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\ta.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\te.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\th.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\tr.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\uk.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\vi.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\zh-CN.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\Locales\zh-TW.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\metro_driver.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\nacl64.exe
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\npchrome_frame.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\ppgooglenaclpluginchrome.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\32.0.1709.113\xinput1_3.dll
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\amigo.exe
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\ok.exe
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\vk.exe
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Temp\source404_23308\Chrome-bin\agentloader.exe
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Temp\source404_23308\Chrome-bin\amigo.exe
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Temp\source404_23308\Chrome-bin\mailruupdater.exe
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Temp\source404_23308\Chrome-bin\ok.exe
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Temp\source404_23308\Chrome-bin\vk.exe
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Temp\source404_23308\Chrome-bin\wow_helper.exe
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Mail.Ru\MailRuUpdater.exe
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\MailRu\MailRuUpdater.exe
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Opera\Opera\widgets\everysale\includes\a_library.js
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Opera\Opera\widgets\everysale\includes\content.js
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Opera\Opera\widgets\everysale\index.html
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Opera\Opera\widgets\everysale\js\background.js
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Opera\Opera\widgets\everysale\js\config.js
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Opera\Opera\widgets\everysale\js\library.js
Defined file type created: C:\Documents and Settings\User\Local Settings\Application Data\Opera\Opera\widgets\everysale\js\utils.js
Defined file type created: C:\Documents and Settings\User\Local Settings\Temp\1B599C2813264BF99AC2655A2C538BE6.html
Defined file type created: C:\Documents and Settings\User\Local Settings\Temp\9E4E6FE48BB6492B8D5834AFB809AC2D.html
Defined file type created: C:\Documents and Settings\User\Local Settings\Temp\A3B586E25BD14DE595D627B549F7D55D.html
Defined file type created: C:\Documents and Settings\User\Local Settings\Temp\archive_141_setup_.exe
Defined file type created: C:\Documents and Settings\User\Local Settings\Temp\CR_2C472.tmp\setup.exe
Defined file type created: C:\Documents and Settings\User\Local Settings\Temp\instl_tmp.exe
Defined file type created: C:\Documents and Settings\User\Local Settings\Temp\int_tmp_n.exe
Defined file type created: C:\Documents and Settings\User\Local Settings\Temp\MailRuUpdater.exe
Defined file type created: C:\Documents and Settings\User\Local Settings\Temp\phnx_tmp.exe
Defined file type created: C:\Documents and Settings\User\Local Settings\Temp\spt_tmp_n.exe
Defined file type created: C:\Documents and Settings\User\Local Settings\Temp\ZaxarSetup.4.001.29.exe
Defined file type created: C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\07YDA7J8\top_link[1].htm
Defined file type created: C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\JIB66FDL\mailruhomesearch[1].exe
Defined file type created: C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\XAI5MO1Z\AmigoDistrib[1].exe
Defined registry AutoStart location created or modified: machine\software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings = created registry key
Defined registry AutoStart location created or modified: user\current\software\Microsoft\Windows\CurrentVersion\Run\amigo = C:\Documents and Settings\User\Local Settings\Application Data\Amigo\Application\amigo.exe --no-startup-window
Defined registry AutoStart location created or modified: user\Software\Microsoft\Windows\CurrentVersion\Run\MailRuUpdater = C:\Documents and Settings\User\Local Settings\Application Data\Mail.Ru\MailRuUpdater.exe
Deleted activity traces
Detected keylogger functionality
File handling change: machine\software\classes\amigohtml.sc6qbjt2rblixcxiauhqjlu27m\shell\open\command  = "c:\documents and settings\user\local settings\application data\amigo\application\amigo.exe" -- "%1"
Got computer name
Got input locale identifiers
Got user name information
Got volume information
Hid file from user: C:\Documents and Settings\User\Local Settings\Temp\MailRuUpdater.exe
Internet connection: C:\Documents and Settings\User\Desktop\archive_141_setup.exe Connects to "5.79.80.76" on port 80 (TCP - HTTP)
Internet connection: C:\Documents and Settings\User\Local Settings\Application Data\Mail.Ru\MailRuUpdater.exe Connects to "217.69.134.55" on port 80 (TCP - HTTP)
Internet connection: C:\Documents and Settings\User\Local Settings\Temp\archive_141_setup_.exe Connects to "92.51.65.20" on port 80 (TCP - HTTP)
Internet connection: C:\Documents and Settings\User\Local Settings\Temp\archive_141_setup_.exe Connects to "95.211.217.15" on port 80 (TCP - HTTP)
Internet connection: C:\Documents and Settings\User\Local Settings\Temp\CR_2C472.tmp\setup.exe Connects to "94.100.180.127" on port 80 (TCP - HTTP)
Internet connection: C:\Documents and Settings\User\Local Settings\Temp\CR_2C472.tmp\setup.exe Connects to "94.242.246.242" on port 80 (TCP - HTTP)
Listed all entry names in a remote access phone book
Malicious category given by Adobe Malware Classifier
Modified access control lists (ACLs) of files
Modified file in defined folder: C:\Documents and Settings\User\Local Settings\History\History.IE5\index.dat
Modified file in defined folder: C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Queried DNS: ab-nb.marketgid.com
Queried DNS: ad.dumedia.ru
Queried DNS: ad.propellerads.com
Queried DNS: ads.betweendigital.com
Queried DNS: advombat.ru
Queried DNS: ae-gb.marketgid.com
Queried DNS: aj-gb.marketgid.com
Queried DNS: amigobin.cdnmail.ru
Queried DNS: api.retailrocket.ru
Queried DNS: autoupdate.opera.com
Queried DNS: b.kavanga.ru
Queried DNS: bcp.crwdcntrl.net
Queried DNS: binupdate.mail.ru
Queried DNS: cache.betweendigital.com
Queried DNS: cdn.api.twitter.com
Queried DNS: cdn2.cpmstar.com
Queried DNS: certs.opera.com
Queried DNS: clients1.google.com
Queried DNS: cm.g.doubleclick.net
Queried DNS: counter.marketgid.com
Queried DNS: counter.rambler.ru
Queried DNS: counter.tovarro.com
Queried DNS: counter.yadro.ru
Queried DNS: crl3.digicert.com
Queried DNS: crl4.digicert.com
Queried DNS: d.turn.com
Queried DNS: ddnk.advertur.ru
Queried DNS: ddpnt.advertur.ru
Queried DNS: df.c0.b8.a1.top.mail.ru
Queried DNS: display.intencysrv.com
Queried DNS: dmg.digitaltarget.ru
Queried DNS: drinko.ucoz.ru
Queried DNS: forumvkgames.com
Queried DNS: front.facetz.net
Queried DNS: get.geo.opera.com
Queried DNS: gmload.net
Queried DNS: go.padsdel.com
Queried DNS: graph.facebook.com
Queried DNS: horses.alllinkers.ru
Queried DNS: ib.adnxs.com
Queried DNS: imgg.marketgid.com
Queried DNS: imgn.marketgid.com
Queried DNS: imrk.net
Queried DNS: jsc.dt00.net
Queried DNS: jsc.marketgid.com
Queried DNS: kaon.rghost.ru
Queried DNS: mailruupdater.cdnmail.ru
Queried DNS: mg.yadro.ru
Queried DNS: mrb.mail.ru
Queried DNS: ocsp.digicert.com
Queried DNS: padsdel.cdnads.com
Queried DNS: pcportal.org.ru
Queried DNS: pin2me.com
Queried DNS: pix04.revsci.net
Queried DNS: px.adhigh.net
Queried DNS: recreativ.ru
Queried DNS: republer.sync.kavanga.ru
Queried DNS: rghost.ru
Queried DNS: s22.ucoz.net
Queried DNS: s700.uweb.ru
Queried DNS: server.cpmstar.com
Queried DNS: share.yandex.ru
Queried DNS: sitecheck2.opera.com
Queried DNS: sputnikmailru.cdnmail.ru
Queried DNS: ssp.adriver.ru
Queried DNS: st1.recreativ.ru
Queried DNS: st2.recreativ.ru
Queried DNS: st3.recreativ.ru
Queried DNS: st4.recreativ.ru
Queried DNS: sync.republer.com
Queried DNS: syncsw.pool.datamind.ru
Queried DNS: top-fwz1.mail.ru
Queried DNS: vitpc.yadro.ru
Queried DNS: vk.com
Queried DNS: w.uptolike.com
Queried DNS: web.esd.microsoft.com
Queried DNS: www.facebook.com
Queried DNS: www.google-analytics.com
Queried DNS: www.odnoklassniki.ru
Queried DNS: www.tns-counter.ru
Queried DNS: x.bidswitch.net
Queried DNS: x.ulogix.ru
Queried DNS: xml.opera.com
Transfered files from and/or to internet

Risk evaluation result: High
 
Последнее редактирование:
кому как совесть позволяет - тот так и зарабатывает. Если что-то распаковывается из нужного контента - еще ладно ведь, а то "архиватор" в конце мог денег запросить за файлы (подобных партнерок по оберткам для файлов сейчас много) :Acute:
 
petr-ru написал(а):
Если что-то распаковывается из нужного контента - еще ладно ведь
Нажмите для раскрытия...
если бы распаковывалось бы, то ладно, а ведь надо опять выкачивать из инета. В итоге скачал перенёс на флешке на другой комп без сети, а в итоге нужного файла тебе нет. Опять надо качать.
 

Похожие темы

akok
Как заработать на сайте? Бизнес с mail.ru или cureit! с сюрпризом
Ответы
18
Просмотры
13K
aa_rudenko
A
Mila
Большие деньги, как их заработать?
Ответы
2
Просмотры
3K
Arbitr
Arbitr
IamNotTony
В работе Как удалить NET:MALWARE.URL вирус?
Ответы
4
Просмотры
84
akok
akok
Назад
Сверху Снизу