Trojan.Inject1.52620

Добавлен в вирусную базу Dr.Web: 2015-02-18

Описание добавлено: 2015-02-18

Техническая информация

Для обеспечения автозапуска и распространения:

Модифицирует следующие ключи реестра:

[<HKCU>\Software\VOS\The KMPlayer<HKLM>\SOFTWARE\Classes\KMPlayer.srt\shell\open\command] '' = '[#CAMEYO-VAR#]"%Program Files (x86)%\The KMPlayer\KMPlayer.exe" "%1"'
[<HKCU>\Software\VOS\The KMPlayer<HKLM>\SOFTWARE\Classes\KMPlayer.swf\shell\open\command] '' = '[#CAMEYO-VAR#]"%Program Files (x86)%\The KMPlayer\KMPlayer.exe" "%1"'
[<HKCU>\Software\VOS\The KMPlayer<HKLM>\SOFTWARE\Classes\KMPlayer.smi\shell\open\command] '' = '[#CAMEYO-VAR#]"%Program Files (x86)%\The KMPlayer\KMPlayer.exe" "%1"'
[<HKCU>\Software\VOS\The KMPlayer<HKLM>\SOFTWARE\Classes\KMPlayer.mpg\shell\open\command] '' = '[#CAMEYO-VAR#]"%Program Files (x86)%\The KMPlayer\KMPlayer.exe" "%1"'
[<HKCU>\Software\VOS\The KMPlayer<HKLM>\SOFTWARE\Classes\KMPlayer.ogm\shell\open\command] '' = '[#CAMEYO-VAR#]"%Program Files (x86)%\The KMPlayer\KMPlayer.exe" "%1"'
[<HKCU>\Software\VOS\The KMPlayer<HKLM>\SOFTWARE\Classes\KMPlayer.tp\shell\open\command] '' = '[#CAMEYO-VAR#]"%Program Files (x86)%\The KMPlayer\KMPlayer.exe" "%1"'
[<HKLM>\SOFTWARE\Classes\KMPlayer.ksf\shell\open\command] '' = '"%PROGRAM_FILES% (x86)\The KMPlayer\KMPlayer.exe" "%1"'
[<HKCU>\Software\VOS\The KMPlayer<HKLM>\SOFTWARE\Classes\KMPlayer.kpl\shell\open\command] '' = '"%PROGRAM_FILES% (x86)\The KMPlayer\KMPlayer.exe" "%1"'
[<HKCU>\Software\VOS\The KMPlayer<HKLM>\SOFTWARE\Classes\KMPlayer.wmv\shell\open\command] '' = '[#CAMEYO-VAR#]"%Program Files (x86)%\The KMPlayer\KMPlayer.exe" "%1"'
[<HKCU>\Software\VOS\The KMPlayer<HKLM>\SOFTWARE\Classes\KMPlayer.ts\shell\open\command] '' = '[#CAMEYO-VAR#]"%Program Files (x86)%\The KMPlayer\KMPlayer.exe" "%1"'
[<HKCU>\Software\VOS\The KMPlayer<HKLM>\SOFTWARE\Classes\KMPlayer.vob\shell\open\command] '' = '[#CAMEYO-VAR#]"%Program Files (x86)%\The KMPlayer\KMPlayer.exe" "%1"'
[<HKCU>\Software\VOS\The KMPlayer<HKLM>\SOFTWARE\Classes\KMPlayer.avi\shell\open\command] '' = '[#CAMEYO-VAR#]"%Program Files (x86)%\The KMPlayer\KMPlayer.exe" "%1"'
[<HKCU>\Software\VOS\The KMPlayer<HKLM>\SOFTWARE\Classes\KMPlayer.dat\shell\open\command] '' = '[#CAMEYO-VAR#]"%Program Files (x86)%\The KMPlayer\KMPlayer.exe" "%1"'
[<HKCU>\Software\VOS\The KMPlayer<HKLM>\SOFTWARE\Classes\KMPlayer.ass\shell\open\command] '' = '[#CAMEYO-VAR#]"%Program Files (x86)%\The KMPlayer\KMPlayer.exe" "%1"'
[<HKCU>\Software\VOS\The KMPlayer<HKLM>\SOFTWARE\Classes\KMPlayer.3gp\shell\open\command] '' = '[#CAMEYO-VAR#]"%Program Files (x86)%\The KMPlayer\KMPlayer.exe" "%1"'
[<HKCU>\Software\VOS\The KMPlayer<HKLM>\SOFTWARE\Classes\KMPlayer.asf\shell\open\command] '' = '[#CAMEYO-VAR#]"%Program Files (x86)%\The KMPlayer\KMPlayer.exe" "%1"'
[<HKCU>\Software\VOS\The KMPlayer<HKLM>\SOFTWARE\Classes\KMPlayer.flv\shell\open\command] '' = '[#CAMEYO-VAR#]"%Program Files (x86)%\The KMPlayer\KMPlayer.exe" "%1"'
[<HKCU>\Software\VOS\The KMPlayer<HKLM>\SOFTWARE\Classes\KMPlayer.mp4\shell\open\command] '' = '[#CAMEYO-VAR#]"%Program Files (x86)%\The KMPlayer\KMPlayer.exe" "%1"'
[<HKCU>\Software\VOS\The KMPlayer<HKLM>\SOFTWARE\Classes\KMPlayer.mpeg\shell\open\command] '' = '[#CAMEYO-VAR#]"%Program Files (x86)%\The KMPlayer\KMPlayer.exe" "%1"'
[<HKCU>\Software\VOS\The KMPlayer<HKLM>\SOFTWARE\Classes\KMPlayer.mov\shell\open\command] '' = '[#CAMEYO-VAR#]"%Program Files (x86)%\The KMPlayer\KMPlayer.exe" "%1"'
[<HKCU>\Software\VOS\The KMPlayer<HKLM>\SOFTWARE\Classes\KMPlayer.kpl\shell\open\command] '' = '[#CAMEYO-VAR#]"%Program Files (x86)%\The KMPlayer\KMPlayer.exe" "%1"'
[<HKCU>\Software\VOS\The KMPlayer<HKLM>\SOFTWARE\Classes\KMPlayer.mkv\shell\open\command] '' = '[#CAMEYO-VAR#]"%Program Files (x86)%\The KMPlayer\KMPlayer.exe" "%1"'

Вредоносные функции:

Создает и запускает на исполнение:

'%APPDATA%\VOS\The KMPlayer\The KMPlayer.exe'

Изменения в файловой системе:

Создает следующие файлы:

%APPDATA%\VOS\The KMPlayer\SandboxCfg.db.2880.tmp
%APPDATA%\VOS\The KMPlayer\CHANGES\VirtFiles.db.2880.tmp
%APPDATA%\VOS\The KMPlayer\PROG\%Program Files (x86)%\The KMPlayer\PProcDLL.dll
%TEMP%\_2.tmp
%TEMP%\_1.tmp
%APPDATA%\VOS\The KMPlayer\Manif.2876.org.xml
%APPDATA%\VOS\The KMPlayer\ZipCache
%APPDATA%\VOS\The KMPlayer\PROG\Icons\uninstall.exe.ico
%APPDATA%\VOS\The KMPlayer\EngineStamps\ZipCache.20150130-205511.407.stamp
%APPDATA%\VOS\The KMPlayer\Manif.2876.new.xml
%APPDATA%\VOS\The KMPlayer\CHANGES\CryptCheck.dat
%TEMP%\_3.tmp
%TEMP%\_B.tmp
%TEMP%\_A.tmp
%TEMP%\_C.tmp
%TEMP%\_E.tmp
%TEMP%\_D.tmp
%TEMP%\_9.tmp
%TEMP%\_5.tmp
%TEMP%\_4.tmp
%TEMP%\_6.tmp
%TEMP%\_8.tmp
%TEMP%\_7.tmp
%APPDATA%\VOS\The KMPlayer\EngineStamps\The KMPlayer.exe.20150130-205511.376.stamp
%APPDATA%\VOS\The KMPlayer\The KMPlayer.exe
%APPDATA%\VOS\The KMPlayer\The KMPlayer64.exe
%APPDATA%\VOS\The KMPlayer\VirtFiles.Prog.db
%APPDATA%\VOS\The KMPlayer\EngineStamps\The KMPlayer64.exe.20150130-205511.407.stamp
%APPDATA%\VOS\The KMPlayer\EngineStamps\AppVirtDll64_The KMPlayer.dll.20150130-205511.345.stamp
%APPDATA%\VOS\The KMPlayer\VirtApp.ini
%TEMP%\~DF6BAC.tmp
%APPDATA%\VOS\The KMPlayer\AppVirtDll_The KMPlayer.dll
%APPDATA%\VOS\The KMPlayer\AppVirtDll64_The KMPlayer.dll
%APPDATA%\VOS\The KMPlayer\EngineStamps\AppVirtDll_The KMPlayer.dll.20150130-205511.329.stamp
%APPDATA%\VOS\The KMPlayer\EngineStamps\VirtFiles.Prog.db.20150202-211515.265.stamp
%APPDATA%\VOS\The KMPlayer\CHANGES\VirtFiles.db.2864.tmp
%APPDATA%\VOS\The KMPlayer\CHANGES\VirtReg.Base.dat
%APPDATA%\VOS\The KMPlayer\SandboxCfg.db.2864.tmp
%APPDATA%\VOS\The KMPlayer\PROG\Icons\KMPSetup.exe.ico
%APPDATA%\VOS\The KMPlayer\PROG\Icons\KMPlayer.exe.ico
%APPDATA%\VOS\The KMPlayer\CHANGES\VirtReg.dat
%APPDATA%\VOS\The KMPlayer\EngineStamps\SandboxCfg.db.20150130-205511.407.stamp
%APPDATA%\VOS\The KMPlayer\SandboxCfg.db
%APPDATA%\VOS\The KMPlayer\VirtReg.Prog.dat
%APPDATA%\VOS\The KMPlayer\CHANGES\VirtFiles.db
%APPDATA%\VOS\The KMPlayer\EngineStamps\VirtReg.Prog.dat.20150202-211514.517.stamp

Удаляет следующие файлы:

%TEMP%\_8.tmp
%TEMP%\_9.tmp
%TEMP%\_6.tmp
%TEMP%\_7.tmp
%TEMP%\_A.tmp
%TEMP%\_D.tmp
%TEMP%\_E.tmp
%TEMP%\_B.tmp
%TEMP%\_C.tmp
%TEMP%\_5.tmp
%TEMP%\~DF6BAC.tmp
%APPDATA%\VOS\The KMPlayer\Manif.2876.org.xml
%APPDATA%\VOS\The KMPlayer\CHANGES\VirtFiles.db
%APPDATA%\VOS\The KMPlayer\SandboxCfg.db
%APPDATA%\VOS\The KMPlayer\Manif.2876.new.xml
%TEMP%\_3.tmp
%TEMP%\_4.tmp
%TEMP%\_1.tmp
%TEMP%\_2.tmp

Перемещает следующие файлы:

%APPDATA%\VOS\The KMPlayer\CHANGES\VirtFiles.db.2880.tmp в %APPDATA%\VOS\The KMPlayer\CHANGES\VirtFiles.db
%APPDATA%\VOS\The KMPlayer\SandboxCfg.db.2880.tmp в %APPDATA%\VOS\The KMPlayer\SandboxCfg.db
%APPDATA%\VOS\The KMPlayer\CHANGES\VirtFiles.db.2864.tmp в %APPDATA%\VOS\The KMPlayer\CHANGES\VirtFiles.db
%APPDATA%\VOS\The KMPlayer\SandboxCfg.db.2864.tmp в %APPDATA%\VOS\The KMPlayer\SandboxCfg.db

Другое:

Ищет следующие окна:

ClassName: 'TKMPMSNPopUp' WindowName: ''
ClassName: 'Shell_TrayWnd' WindowName: ''
ClassName: '' WindowName: 'GFXSVR'

Технології

Терміни

Навчання

Міфи

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней