Trojan.DownLoader45.52893

Technical Information

Modifies file system

Creates the following files

%TEMP%\is-q551o.tmp\<File name>.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-g9en6.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-dl8tt.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-108t9.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-3h8q7.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-levg2.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-kbl1s.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-ttgts.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-m5hu4.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-uhllj.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-e4g4s.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-o8lfk.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-5ghrs.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-r9a9j.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-er386.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-0ineo.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-37din.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-bjmio.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-dv5p0.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-u86le.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-7kvci.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-75h6c.tmp
%ProgramFiles(x86)%\naluninstaller\is-jnkfq.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-4k0bm.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-vk133.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-2b6vr.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-1ej7r.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-rfsmm.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-dbisa.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-teofs.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-t1qq1.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-mvpta.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-asinq.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-5e7t6.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-7vrrm.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-qh03r.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-96jsu.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-loam0.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-feim2.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-ee6ih.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-tb66s.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-1tirg.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-e54bi.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-a52ls.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-affr6.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-7jhja.tmp
%ProgramFiles(x86)%\naluninstaller\is-gofpg.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-1q7fq.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-epiu4.tmp
%ProgramFiles(x86)%\naluninstaller\is-fct6k.tmp
%ProgramFiles(x86)%\naluninstaller\is-m15l0.tmp
%ProgramFiles(x86)%\naluninstaller\is-9n9in.tmp
%ProgramFiles(x86)%\naluninstaller\is-p5bot.tmp
%ProgramFiles(x86)%\naluninstaller\is-1esq6.tmp
%ProgramFiles(x86)%\naluninstaller\is-mnent.tmp
%ProgramFiles(x86)%\naluninstaller\is-cpuh8.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-2m1kb.tmp
%ProgramFiles(x86)%\naluninstaller\is-b47t8.tmp
%ProgramFiles(x86)%\naluninstaller\is-s8v7g.tmp
%ProgramFiles(x86)%\naluninstaller\is-g0jcd.tmp
%ProgramFiles(x86)%\naluninstaller\is-stl2e.tmp
%TEMP%\is-r2i23.tmp\_isetup\_iscrypt.dll
%TEMP%\is-r2i23.tmp\_isetup\_shfoldr.dll
%TEMP%\is-r2i23.tmp\_isetup\_setup64.tmp
%TEMP%\is-r2i23.tmp\_isetup\_regdll.tmp
%ProgramFiles(x86)%\naluninstaller\unins000.dat
%ProgramFiles(x86)%\naluninstaller\suc\is-k82cj.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-on6pm.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-8rsp2.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-n7tlh.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-1k0q6.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-vf1cj.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-v64h4.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-tg809.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-iapiv.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-4f6i5.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-3dv6r.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-35ft7.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-2qmi5.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-7illp.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-smoii.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-7avrc.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-p3k80.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-atiqo.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-d79ei.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-lc7vv.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-i8k8n.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-v3soa.tmp
%ProgramFiles(x86)%\naluninstaller\suc\is-h1s49.tmp
%ProgramFiles(x86)%\naluninstaller\fu118.exe

Moves the following files

from %ProgramFiles(x86)%\naluninstaller\is-stl2e.tmp to %ProgramFiles(x86)%\naluninstaller\unins000.exe
from %ProgramFiles(x86)%\naluninstaller\suc\is-g9en6.tmp to %ProgramFiles(x86)%\naluninstaller\suc\norton.antivirus.2009_database_20090328231949.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-dl8tt.tmp to %ProgramFiles(x86)%\naluninstaller\suc\norton.360.2.0_20090325003910.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-108t9.tmp to %ProgramFiles(x86)%\naluninstaller\suc\nero.9_20090827232450.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-3h8q7.tmp to %ProgramFiles(x86)%\naluninstaller\suc\nero.8_20090827232247.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-levg2.tmp to %ProgramFiles(x86)%\naluninstaller\suc\n-ad-aware.7.1.0.0_20090917110416.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-kbl1s.tmp to %ProgramFiles(x86)%\naluninstaller\suc\microsoft.office.professional.2003_20091010131150.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-ttgts.tmp to %ProgramFiles(x86)%\naluninstaller\suc\microsoft.office.2007.professional_20090827231159.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-m5hu4.tmp to %ProgramFiles(x86)%\naluninstaller\suc\mcafee.security.center2008_20090813000258.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-u86le.tmp to %ProgramFiles(x86)%\naluninstaller\suc\macdrive.7_20090407234616.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-e54bi.tmp to %ProgramFiles(x86)%\naluninstaller\suc\kaspersky.internet.security.2010_20090802123206.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-o8lfk.tmp to %ProgramFiles(x86)%\naluninstaller\suc\kaspersky.internet.security.2009.8.0_20090302012337.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-5ghrs.tmp to %ProgramFiles(x86)%\naluninstaller\suc\kaspersky.anti-virus.2009(8.0)_20090302010943.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-r9a9j.tmp to %ProgramFiles(x86)%\naluninstaller\suc\k7totalsecurity.10.0_20090915202823.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-er386.tmp to %ProgramFiles(x86)%\naluninstaller\suc\juicyaccess.toolbar_20090930172324.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-0ineo.tmp to %ProgramFiles(x86)%\naluninstaller\suc\itunes.v.9.2_20100701212856.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-37din.tmp to %ProgramFiles(x86)%\naluninstaller\suc\itunes.ipod.quicktime[2009.08.04]_20090804114523.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-bjmio.tmp to %ProgramFiles(x86)%\naluninstaller\suc\internet.download.manager.5.0_20090424174655.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-e4g4s.tmp to %ProgramFiles(x86)%\naluninstaller\suc\palm.desktop.by.access_20090807183951.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-75h6c.tmp to %ProgramFiles(x86)%\naluninstaller\suc\panda.antivirus.pro.2009_20100126175728.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-4k0bm.tmp to %ProgramFiles(x86)%\naluninstaller\suc\zonealarm.extreme.security.9.0_20091126173124.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-k82cj.tmp to %ProgramFiles(x86)%\naluninstaller\suc\panda.internet.security.2010_20100220184406.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-vk133.tmp to %ProgramFiles(x86)%\naluninstaller\suc\zonealarm.extreme.security.8.0_20090624220250.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-2b6vr.tmp to %ProgramFiles(x86)%\naluninstaller\suc\yahoo.messenger.10_20100211180758.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-1ej7r.tmp to %ProgramFiles(x86)%\naluninstaller\suc\yahoo!.messenger 9.0_20090311234553.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-rfsmm.tmp to %ProgramFiles(x86)%\naluninstaller\suc\windows.media.player.11_20090311145705.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-dbisa.tmp to %ProgramFiles(x86)%\naluninstaller\suc\windows.live.onecare_20090315130821.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-teofs.tmp to %ProgramFiles(x86)%\naluninstaller\suc\windows.live.messenger_20090308021013.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-t1qq1.tmp to %ProgramFiles(x86)%\naluninstaller\suc\windows.live.messenger.vista_20090411160834.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-mvpta.tmp to %ProgramFiles(x86)%\naluninstaller\suc\windows.live.mail_20100721135951.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-asinq.tmp to %ProgramFiles(x86)%\naluninstaller\suc\tuneup.utilities.2010_20100205174337.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-5e7t6.tmp to %ProgramFiles(x86)%\naluninstaller\suc\tu2009_20090413111559.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-7vrrm.tmp to %ProgramFiles(x86)%\naluninstaller\suc\trend.micro.is.pro.2009.64bit20090520215017.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-qh03r.tmp to %ProgramFiles(x86)%\naluninstaller\suc\synaptics.pointing.device.driver_20090915200401.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-96jsu.tmp to %ProgramFiles(x86)%\naluninstaller\suc\stumbleupon.ie_20090401153004.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-loam0.tmp to %ProgramFiles(x86)%\naluninstaller\suc\run.pc.mightymax!_20090608155839.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-feim2.tmp to %ProgramFiles(x86)%\naluninstaller\suc\rapport_20091223160203.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-ee6ih.tmp to %ProgramFiles(x86)%\naluninstaller\suc\power.keylogger_20090707131738.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-tb66s.tmp to %ProgramFiles(x86)%\naluninstaller\suc\playreadypc.x86_20091204181408.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-dv5p0.tmp to %ProgramFiles(x86)%\naluninstaller\suc\innovative.syspack.for.vista.xp_20090608163215.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-uhllj.tmp to %ProgramFiles(x86)%\naluninstaller\suc\panad.cloudantivirus.0.08_20091023164310.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-1tirg.tmp to %ProgramFiles(x86)%\naluninstaller\suc\hide.my.ip.2009_20090819113620.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-8rsp2.tmp to %ProgramFiles(x86)%\naluninstaller\suc\altavista.toolbar_20090407230435.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-7kvci.tmp to %ProgramFiles(x86)%\naluninstaller\suc\adobe.reader.7.0.20090319005702.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-on6pm.tmp to %ProgramFiles(x86)%\naluninstaller\suc\adobe.photoshop.lightroom.2.6_20100302162916.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-2m1kb.tmp to %ProgramFiles(x86)%\naluninstaller\suc\adobe.photoshop.cs_20090409214411.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-n7tlh.tmp to %ProgramFiles(x86)%\naluninstaller\suc\adobe.acrobat.6.0.standard_20090306001127.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-1q7fq.tmp to %ProgramFiles(x86)%\naluninstaller\suc\adobe.acrobat.5.0_20090806144958.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-epiu4.tmp to %ProgramFiles(x86)%\naluninstaller\suc\acrobat.8.pro_20100221215753.fusuc
from %ProgramFiles(x86)%\naluninstaller\is-fct6k.tmp to %ProgramFiles(x86)%\naluninstaller\turbosearch.exe
from %ProgramFiles(x86)%\naluninstaller\is-m15l0.tmp to %ProgramFiles(x86)%\naluninstaller\fuiu.dll
from %ProgramFiles(x86)%\naluninstaller\is-9n9in.tmp to %ProgramFiles(x86)%\naluninstaller\cjf.dll
from %ProgramFiles(x86)%\naluninstaller\is-p5bot.tmp to %ProgramFiles(x86)%\naluninstaller\cr.dll
from %ProgramFiles(x86)%\naluninstaller\is-1esq6.tmp to %ProgramFiles(x86)%\naluninstaller\rce.exe
from %ProgramFiles(x86)%\naluninstaller\is-mnent.tmp to %ProgramFiles(x86)%\naluninstaller\jfs.exe
from %ProgramFiles(x86)%\naluninstaller\is-gofpg.tmp to %ProgramFiles(x86)%\naluninstaller\su.exe
from %ProgramFiles(x86)%\naluninstaller\is-cpuh8.tmp to %ProgramFiles(x86)%\naluninstaller\fu.dat
from %ProgramFiles(x86)%\naluninstaller\is-b47t8.tmp to %ProgramFiles(x86)%\naluninstaller\soft.dat
from %ProgramFiles(x86)%\naluninstaller\is-s8v7g.tmp to %ProgramFiles(x86)%\naluninstaller\update.exe
from %ProgramFiles(x86)%\naluninstaller\is-g0jcd.tmp to %ProgramFiles(x86)%\naluninstaller\fu118.exe
from %ProgramFiles(x86)%\naluninstaller\suc\is-h1s49.tmp to %ProgramFiles(x86)%\naluninstaller\suc\adobe.reader.8.20090318004619.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-v3soa.tmp to %ProgramFiles(x86)%\naluninstaller\suc\avast!.4.8 professional_20090301125510.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-affr6.tmp to %ProgramFiles(x86)%\naluninstaller\suc\eset.nod32.antivirus.3.0_20090301112349.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-i8k8n.tmp to %ProgramFiles(x86)%\naluninstaller\suc\avast!.home.edition_4.8_20090301130257.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-7jhja.tmp to %ProgramFiles(x86)%\naluninstaller\suc\dazstudio_3_20100514131937.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-1k0q6.tmp to %ProgramFiles(x86)%\naluninstaller\suc\cyberlink.powerdirector8.0_20101015163513.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-vf1cj.tmp to %ProgramFiles(x86)%\naluninstaller\suc\comodo.internet.security_20090331150446.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-v64h4.tmp to %ProgramFiles(x86)%\naluninstaller\suc\codec.pack.all.in.1.v6.03.20100118175933.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-tg809.tmp to %ProgramFiles(x86)%\naluninstaller\suc\blackberry.desktop.software.5.0_20100401221535.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-iapiv.tmp to %ProgramFiles(x86)%\naluninstaller\suc\bitdefender.total.security.v2010.20100520000136.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-4f6i5.tmp to %ProgramFiles(x86)%\naluninstaller\suc\bitdefender.internet.security.v2010.20100519235703.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-3dv6r.tmp to %ProgramFiles(x86)%\naluninstaller\suc\bitdefender.internet.security.2009_20090513220903.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-35ft7.tmp to %ProgramFiles(x86)%\naluninstaller\suc\bitdefender.antivirus.2009_20090302022121.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-2qmi5.tmp to %ProgramFiles(x86)%\naluninstaller\suc\bearshare.v.8.1_20100409000417.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-7illp.tmp to %ProgramFiles(x86)%\naluninstaller\suc\avira.premium.security.suite.9.0_20090804234210.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-smoii.tmp to %ProgramFiles(x86)%\naluninstaller\suc\avg8.5_20090414164416.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-7avrc.tmp to %ProgramFiles(x86)%\naluninstaller\suc\avg7.5_20090615160646.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-p3k80.tmp to %ProgramFiles(x86)%\naluninstaller\suc\avg.internet.security.v9.0_20091027173449.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-atiqo.tmp to %ProgramFiles(x86)%\naluninstaller\suc\avg.free.8.0_20090302005831.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-d79ei.tmp to %ProgramFiles(x86)%\naluninstaller\suc\avg.anti-spyware.7.5_20090311210444.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-lc7vv.tmp to %ProgramFiles(x86)%\naluninstaller\suc\avg.8.0_20090301131431.fusuc
from %ProgramFiles(x86)%\naluninstaller\suc\is-a52ls.tmp to %ProgramFiles(x86)%\naluninstaller\suc\eset.smart.security.4.0_20090316192441.fusuc
from %ProgramFiles(x86)%\naluninstaller\is-jnkfq.tmp to %ProgramFiles(x86)%\naluninstaller\dff.dll

Network activity

Connects to

'tr####tolisames.ml':80

TCP

HTTP POST requests

http://tr####tolisames.ml/new/net_api

UDP

DNS ASK tr####tolisames.ml

Miscellaneous

Searches for the following windows

ClassName: '{72FFCA331245497ADAD3D4B21056FC8E}' WindowName: ''

Creates and executes the following

'%TEMP%\is-q551o.tmp\<File name>.tmp' /SL5="$B0236,7423760,54272,<Full path to file>"
'%ProgramFiles(x86)%\naluninstaller\fu118.exe'
'%ProgramFiles(x86)%\naluninstaller\fu118.exe' aae381b53f18b2a102ee22a1e1b8dfcb

Executes the following

'%WINDIR%\syswow64\schtasks.exe' /Delete /F /TN "Final118"

Технологии

Термины

Обучение и просвещение

Мифы

Technical Information

Рекомендации по лечению

Демо бесплатно на 14 дней