Підтримка
Цілодобова підтримка | Правила звернення

Зателефонуйте

Глобальна підтримка:
+7 (495) 789-45-86

Поширені запитання |  Форум |  Бот самопідтримки Telegram

Ваші запити

  • Всі: -
  • Незакриті: -
  • Останій: -

Зателефонуйте

Глобальна підтримка:
+7 (495) 789-45-86

Зв'яжіться з нами Незакриті запити: 

Профіль

Профіль

Android.DownLoader.2330

Добавлен в вирусную базу Dr.Web: 2017-05-20

Описание добавлено:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.Xiny.20
Downloads the following detected threats from the Web:
  • Android.Xiny.20
Network activity:
Connecting to:
  • s####.####.com
  • t####.####.com
  • h####.####.com
  • r####.####.cn
  • d####.####.cn
  • j####.####.cn
  • too####.####.cn
  • w####.####.com
  • q####.####.com
  • di####.####.cn
  • ping####.####.com
HTTP GET requests:
  • too####.####.cn/data/attachment/common/ed/common_267_icon.png
  • too####.####.cn/data/attachment/common/f7/common_392_icon.png
  • too####.####.cn/template/qitu140227/static/common/pn.png
  • too####.####.cn/data/attachment/common/e4/common_242_icon.png
  • too####.####.cn/data/attachment/block/bf/bfde51a24e7dfc48c92ae5c9ae3990a...
  • too####.####.cn/data/attachment/common/b3/common_344_icon.png
  • too####.####.cn/data/attachment/common/db/common_276_icon.png
  • too####.####.cn/template/qitu140227/images/search.png
  • t####.####.com/ping.js?v=####
  • too####.####.cn/template/qitu140227/static/common/pic_nv_next.gif
  • too####.####.cn/data/attachment/common/55/common_239_icon.png
  • too####.####.cn/data/attachment/common/07/common_278_icon.png
  • too####.####.cn/template/qitu140227/static/common/pic_nv_prev.gif
  • d####.####.cn/jarFile/SDKAutoUpdate/hyjwan.jar
  • too####.####.cn/data/attachment/common/19/common_251_icon.png
  • too####.####.cn/data/attachment/block/72/72ee9c7c5f7885c70ed1ef1bea24d48...
  • too####.####.cn/data/attachment/common/a2/common_189_icon.png
  • too####.####.cn/data/attachment/common/6c/common_356_icon.png
  • t####.####.com/heatmap/7/MjUzMDM3MDc=.js?rand=####
  • too####.####.cn/data/attachment/common/81/common_401_icon.png
  • too####.####.cn/data/attachment/common/53/common_293_icon.png
  • too####.####.cn/data/attachment/common/20/common_277_icon.png
  • too####.####.cn/data/attachment/common/d2/common_296_icon.png
  • too####.####.cn/data/attachment/common/ee/common_185_icon.png
  • too####.####.cn/data/attachment/forum/201607/12/112322ucuvyuzny9vwxaa3.png
  • too####.####.cn/data/attachment/common/a0/common_390_icon.png
  • too####.####.cn/data/cache/style_4_common.css?t####
  • too####.####.cn/data/attachment/common/e3/common_281_icon.png
  • too####.####.cn/template/qitu140227/images/top_dh.png
  • too####.####.cn/data/attachment/common/15/common_313_icon.png
  • t####.####.com/icon/toss_11.gif
  • too####.####.cn/data/attachment/common/13/common_224_icon.png
  • too####.####.cn/data/attachment/common/dc/common_385_icon.png
  • too####.####.cn/data/attachment/common/58/common_342_icon.png
  • too####.####.cn/data/attachment/common/5a/common_391_icon.png
  • too####.####.cn/data/attachment/common/fa/common_164_icon.png
  • too####.####.cn/template/qitu140227/images/dh_wb.png
  • too####.####.cn/data/attachment/common/5e/common_366_icon.gif
  • too####.####.cn/template/qitu140227/static/common/search.png
  • too####.####.cn/data/attachment/common/4c/common_182_icon.png
  • too####.####.cn/data/attachment/common/d3/common_279_icon.png
  • too####.####.cn/data/attachment/common/e9/common_218_icon.png
  • too####.####.cn/data/attachment/common/f2/common_324_icon.png
  • too####.####.cn/data/attachment/common/f8/common_396_icon.png
  • too####.####.cn/data/attachment/common/98/common_186_icon.png
  • too####.####.cn/data/attachment/common/89/common_325_icon.png
  • too####.####.cn/data/attachment/common/ea/common_205_icon.png
  • too####.####.cn/data/attachment/common/3c/common_247_icon.png
  • too####.####.cn/data/attachment/common/8e/common_387_icon.png
  • too####.####.cn/data/attachment/common/6c/common_250_icon.png
  • too####.####.cn/data/attachment/common/fe/common_255_icon.png
  • too####.####.cn/data/attachment/common/fb/common_357_icon.png
  • too####.####.cn/data/attachment/common/6d/common_331_icon.png
  • too####.####.cn/data/cache/forum.js?t####
  • too####.####.cn/data/attachment/common/8d/common_319_icon.png
  • too####.####.cn/data/attachment/common/4f/common_382_icon.png
  • too####.####.cn/data/attachment/common/cd/common_328_icon.png
  • too####.####.cn/data/attachment/common/ca/common_321_icon.jpg
  • too####.####.cn/data/attachment/common/39/common_386_icon.jpg
  • too####.####.cn/data/attachment/common/bc/common_380_icon.png
  • too####.####.cn/data/attachment/common/0f/common_283_icon.png
  • too####.####.cn/data/attachment/common/fe/common_330_icon.png
  • too####.####.cn/data/attachment/common/bc/common_323_icon.png
  • too####.####.cn/data/attachment/common/f6/common_375_icon.png
  • too####.####.cn/static/image/common/security.png
  • too####.####.cn/template/qitu140227/static/common/site_qq.jpg
  • too####.####.cn/data/attachment/common/c2/common_253_icon.png
  • too####.####.cn/data/attachment/common/cf/common_259_icon.png
  • too####.####.cn/data/attachment/common/cb/common_243_icon.png
  • too####.####.cn/data/attachment/common/01/common_236_icon.png
  • too####.####.cn/data/attachment/common/0c/common_369_icon.png
  • too####.####.cn/data/attachment/common/11/common_223_icon.png
  • too####.####.cn/data/attachment/common/94/common_300_icon.png
  • too####.####.cn/template/qitu140227/images/nv_a.png
  • too####.####.cn/data/attachment/common/84/common_199_icon.png
  • too####.####.cn/source/plugin/it618_firstnfocus_gfan/images/style.css
  • too####.####.cn/template/qitu140227/static/common/collapsed_no.gif
  • too####.####.cn/data/attachment/common/01/common_348_icon.jpg
  • too####.####.cn/data/attachment/common/0e/common_198_icon.png
  • too####.####.cn/data/attachment/common/49/common_305_icon.png
  • too####.####.cn/data/attachment/common/07/common_249_icon.png
  • too####.####.cn/data/attachment/common/14/common_170_icon.png
  • too####.####.cn/data/attachment/common/38/common_176_icon.png
  • too####.####.cn/data/attachment/common/7a/common_272_icon.png
  • r####.####.cn/bbs/tt/hf2.jpg
  • too####.####.cn/data/attachment/common/ad/common_315_icon.png
  • too####.####.cn/data/cache/common_extra.js?t####
  • too####.####.cn/data/attachment/block/b0/b031a777a15ef28800b76bb6d5593e0...
  • too####.####.cn/data/attachment/common/17/common_292_icon.png
  • too####.####.cn/data/attachment/block/a5/a54e44ca431171bfef96be25f1b510f...
  • too####.####.cn/data/attachment/common/28/common_234_icon.png
  • too####.####.cn/forum.php?mobile=####
  • too####.####.cn/data/cache/common.js?t####
  • too####.####.cn/data/attachment/common/c3/common_362_icon.jpg
  • too####.####.cn/data/attachment/common/f9/common_290_icon.png
  • too####.####.cn/data/attachment/common/bd/common_193_icon.png
  • too####.####.cn/template/qitu140227/static/common/qmenu.png
  • too####.####.cn/template/qitu140227/static/common/qq_login.gif
  • too####.####.cn/data/attachment/common/15/common_395_icon.png
  • too####.####.cn/data/attachment/common/8d/common_354_icon.jpg
  • di####.####.cn/cloud/scripts/discuz_tips.js?v=####
  • too####.####.cn/data/cache/logging.js?t####
  • too####.####.cn/data/attachment/common/57/common_322_icon.png
  • too####.####.cn/data/attachment/common/f7/common_256_icon.png
  • too####.####.cn/data/attachment/common/9f/common_297_icon.png
  • too####.####.cn/data/attachment/common/03/common_252_icon.png
  • too####.####.cn/template/qitu140227/static/common/scrolltop.png
  • too####.####.cn/data/attachment/common/83/common_289_icon.png
  • too####.####.cn/data/attachment/common/e7/common_360_icon.png
  • too####.####.cn/template/qitu140227/static/common/px.png
  • too####.####.cn/data/attachment/common/b1/common_261_icon.png
  • too####.####.cn/data/attachment/common/35/common_399_icon.png
  • too####.####.cn/data/attachment/common/d9/common_257_icon.png
  • too####.####.cn/data/attachment/block/34/3421e2c6f3f08f2b4dd983b2a5b7f25...
  • too####.####.cn/data/attachment/common/0e/common_285_icon.png
  • too####.####.cn/data/attachment/common/24/common_372_icon.png
  • too####.####.cn/data/attachment/common/8b/common_378_icon.png
  • too####.####.cn/data/attachment/common/8f/common_178_icon.png
  • too####.####.cn/data/attachment/common/70/common_393_icon.png
  • too####.####.cn/data/attachment/common/c0/common_359_icon.png
  • too####.####.cn/data/attachment/common/2f/common_334_icon.png
  • too####.####.cn/data/attachment/common/43/common_318_icon.png
  • too####.####.cn/data/attachment/common/ad/common_374_icon.png
  • too####.####.cn/template/qitu140227/images/titlebg.png
  • too####.####.cn/source/plugin/it618_firstnfocus_gfan/images/images/dian....
  • too####.####.cn/source/plugin/it618_firstnfocus_gfan/js/function.js
  • too####.####.cn/data/attachment/common/91/common_244_icon.png
  • too####.####.cn/template/qitu140227/images/logo.png
  • too####.####.cn/data/attachment/common/62/common_248_icon.png
  • too####.####.cn/data/attachment/common/02/common_245_icon.png
  • too####.####.cn/data/attachment/common/a6/common_326_icon.png
  • j####.####.cn/Redirector.ashx?&from=####&action=####&brand=####&model=####
  • too####.####.cn/data/attachment/common/d7/common_370_icon.png
  • too####.####.cn/data/attachment/common/d9/common_388_icon.png
  • too####.####.cn/data/attachment/common/48/common_288_icon.png
  • too####.####.cn/data/attachment/common/b7/common_398_icon.jpg
  • w####.####.com/core.php?web_id=####&l=####&t=####
  • too####.####.cn/data/attachment/common/c5/common_254_icon.png
  • too####.####.cn/data/attachment/common/9d/common_188_icon.png
  • too####.####.cn/data/attachment/common/c0/common_332_icon.png
  • too####.####.cn/data/attachment/common/9d/common_350_icon.png
  • too####.####.cn/data/attachment/common/f3/common_241_icon.png
  • too####.####.cn/data/attachment/common/28/common_394_icon.jpg
  • too####.####.cn/data/attachment/common/d6/common_264_icon.png
  • too####.####.cn/template/qitu140227/static/common/collapsed_yes.gif
  • too####.####.cn/source/plugin/it618_firstnfocus_gfan/js/run.js
  • too####.####.cn/data/attachment/block/44/44cc80ccb537f86a8fa20389f703c60...
  • too####.####.cn/data/attachment/common/3a/common_343_icon.png
  • too####.####.cn/data/attachment/common/36/common_200_icon.png
  • too####.####.cn/data/attachment/common/26/common_298_icon.png
  • too####.####.cn/data/attachment/block/65/65d9020d24de3ce803a113520d23c3f...
  • too####.####.cn/home.php?mod=####&ac=####&rand=####
  • too####.####.cn/template/qitu140227/static/common/pt_item.png
  • too####.####.cn/data/attachment/common/91/common_287_icon.png
  • too####.####.cn/data/attachment/common/9b/common_231_icon.png
  • too####.####.cn/data/attachment/block/11/11308095af853bcd4d57165a807182e...
  • too####.####.cn/data/attachment/common/68/common_294_icon.png
  • too####.####.cn/data/attachment/common/c8/common_389_icon.png
  • too####.####.cn/data/attachment/block/5f/5f047288b5d3de90ceac0db3374ec17...
  • too####.####.cn/data/attachment/common/9b/common_365_icon.png
  • too####.####.cn/data/attachment/common/ff/common_373_icon.png
  • q####.####.com/stat.htm?id=####&r=####&lg=####&ntime=####&cnzz_eid=####&...
  • too####.####.cn/data/attachment/common/ed/common_309_icon.png
  • too####.####.cn/data/attachment/common/37/common_352_icon.png
  • too####.####.cn/data/attachment/common/11/common_303_icon.png
  • too####.####.cn/data/attachment/common/41/common_371_icon.png
  • too####.####.cn/data/attachment/common/0b/common_349_icon.jpg
  • too####.####.cn/data/attachment/common/d8/common_345_icon.png
  • too####.####.cn/data/attachment/block/3a/3a8757e077f81412583aacc3dbc06aa...
  • too####.####.cn/data/attachment/common/03/common_195_icon.png
  • too####.####.cn/data/attachment/common/9c/common_291_icon.png
  • too####.####.cn/data/attachment/common/7f/common_271_icon.png
  • too####.####.cn/data/attachment/common/06/common_310_icon.png
  • too####.####.cn/data/attachment/common/6f/common_329_icon.png
  • too####.####.cn/data/attachment/common/c8/common_2_icon.png
  • too####.####.cn/data/attachment/common/32/common_72_icon.png
  • w####.####.com/q_stat.php?id=####&l=####
  • too####.####.cn/data/attachment/common/b8/common_327_icon.png
  • too####.####.cn/data/cache/style_4_forum_index.css?t####
  • ping####.####.com/pingd?dm=####&url=####&arg=####&rdm=####&rurl=####&adt...
  • too####.####.cn/template/qitu140227/images/nv.png
  • too####.####.cn/data/attachment/common/5b/common_317_icon.png
  • too####.####.cn/data/attachment/common/41/common_417_icon.jpg
  • too####.####.cn/template/qitu140227/static/common/chart.png
  • too####.####.cn/data/attachment/common/ac/common_238_icon.png
  • too####.####.cn/data/attachment/common/49/common_295_icon.png
  • too####.####.cn/data/attachment/common/13/common_346_icon.jpg
  • too####.####.cn/data/attachment/common/40/common_340_icon.png
  • too####.####.cn/data/attachment/common/00/common_363_icon.png
  • too####.####.cn/data/attachment/common/ba/common_364_icon.gif
  • too####.####.cn/data/attachment/common/18/common_400_icon.png
  • too####.####.cn/data/attachment/common/68/common_336_icon.png
  • too####.####.cn/data/attachment/common/31/common_333_icon.png
  • too####.####.cn/data/attachment/common/36/common_262_icon.jpg
  • too####.####.cn/data/attachment/common/be/common_383_icon.png
  • too####.####.cn/data/attachment/common/cf/common_368_icon.png
  • too####.####.cn/data/attachment/common/ef/common_299_icon.png
  • too####.####.cn/data/attachment/common/aa/common_358_icon.png
  • too####.####.cn/data/attachment/common/05/common_367_icon.png
HTTP POST requests:
  • too####.####.cn/ApiHandler/PhoneHandler.ashx?action=####
  • too####.####.cn/ApiHandler/PhoneHandler.ashx?action=####&param=####
  • h####.####.com/app.gif
  • s####.####.com/cw/cp.action?requestId=####&g=####
  • too####.####.cn/ApiHandler/VersionDeployHandler.ashx?action=####&param=#...
  • s####.####.com/cw/interface!u2.action?protocol=####&version=####&cid=####
Modified file system:
Creates the following files:
  • <Package Folder>/cache/webviewCacheChromium/f_000023
  • <Package Folder>/cache/webviewCacheChromium/f_000018
  • <Package Folder>/cache/webviewCacheChromium/f_000019
  • <Package Folder>/cache/webviewCacheChromium/f_000016
  • <Package Folder>/cache/webviewCacheChromium/f_000017
  • <Package Folder>/cache/webviewCacheChromium/f_000014
  • <Package Folder>/cache/webviewCacheChromium/f_000015
  • <Package Folder>/cache/webviewCacheChromium/f_000012
  • <Package Folder>/cache/webviewCacheChromium/f_000013
  • <Package Folder>/cache/webviewCacheChromium/f_000010
  • <Package Folder>/cache/webviewCacheChromium/f_000011
  • <Package Folder>/cache/webviewCacheChromium/f_00002c
  • <Package Folder>/cache/webviewCacheChromium/f_00002b
  • <Package Folder>/cache/webviewCacheChromium/f_00002a
  • <Package Folder>/cache/webviewCacheChromium/f_00002d
  • <Package Folder>/cache/webviewCacheChromium/f_00000a
  • <Package Folder>/cache/webviewCacheChromium/f_00000c
  • <Package Folder>/cache/webviewCacheChromium/f_00000b
  • <Package Folder>/cache/webviewCacheChromium/f_00000e
  • <Package Folder>/cache/webviewCacheChromium/f_00000d
  • <Package Folder>/cache/webviewCacheChromium/f_00000f
  • <Package Folder>/shared_prefs/checkmodel.xml
  • <Package Folder>/databases/model.db-journal
  • <Package Folder>/files/4.3_hyjwan.dex
  • <Package Folder>/databases/webview.db
  • <Package Folder>/shared_prefs/a.xml
  • <Package Folder>/shared_prefs/W_Key.xml.bak
  • <Package Folder>/databases/downloadswc-journal
  • <Package Folder>/files/busybox
  • <Package Folder>/cache/webviewCacheChromium/f_000029
  • <Package Folder>/cache/webviewCacheChromium/f_000009
  • <Package Folder>/cache/webviewCacheChromium/f_000008
  • <Package Folder>/cache/webviewCacheChromium/f_000021
  • <Package Folder>/cache/webviewCacheChromium/f_000020
  • <Package Folder>/cache/webviewCacheChromium/f_000027
  • <Package Folder>/cache/webviewCacheChromium/f_000026
  • <Package Folder>/cache/webviewCacheChromium/f_000025
  • <Package Folder>/cache/webviewCacheChromium/f_000024
  • <Package Folder>/cache/webviewCacheChromium/f_000001
  • <Package Folder>/cache/webviewCacheChromium/f_000003
  • <Package Folder>/cache/webviewCacheChromium/f_000002
  • <Package Folder>/cache/webviewCacheChromium/f_000005
  • <Package Folder>/cache/webviewCacheChromium/f_000004
  • <Package Folder>/cache/webviewCacheChromium/f_000007
  • <Package Folder>/cache/webviewCacheChromium/f_000006
  • <Package Folder>/files/__local_stat_cache.json
  • <Package Folder>/databases/downloadswc
  • <Package Folder>/shared_prefs/st.xml
  • <Package Folder>/cache/webviewCacheChromium/f_00001f
  • <Package Folder>/shared_prefs/W_Key.xml
  • <Package Folder>/cache/webviewCacheChromium/f_00001d
  • <Package Folder>/cache/webviewCacheChromium/f_00001e
  • <Package Folder>/cache/webviewCacheChromium/f_00001b
  • <Package Folder>/cache/webviewCacheChromium/f_00001c
  • <Package Folder>/cache/webviewCacheChromium/f_000022
  • <Package Folder>/cache/webviewCacheChromium/f_00001a
  • <Package Folder>/files/__local_last_session.json
  • <Package Folder>/databases/model.db
  • <Package Folder>/databases/webviewCookiesChromiumPrivate.db-journal
  • <Package Folder>/databases/webviewCookiesChromium.db
  • <Package Folder>/databases/webview.db-journal
  • <Package Folder>/cache/webviewCacheChromium/index
  • <Package Folder>/databases/webviewCookiesChromium.db-journal
  • <Package Folder>/files/__local_except_cache.json
  • <Package Folder>/shared_prefs/<Package>_preferences.xml
  • <Package Folder>/shared_prefs/__Baidu_Stat_SDK_SendRem.xml
  • <Package Folder>/cache/webviewCacheChromium/f_000028
  • <Package Folder>/databases/webviewCookiesChromiumPrivate.db
  • <Package Folder>/shared_prefs/<Package>_preferences.xml.bak
  • <Package Folder>/cache/webviewCacheChromium/data_3
  • <Package Folder>/cache/webviewCacheChromium/data_2
  • <Package Folder>/cache/webviewCacheChromium/data_1
  • <Package Folder>/cache/webviewCacheChromium/data_0
Miscellaneous:
Executes next shell scripts:
  • grep recovery
  • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  • su
  • sh
  • /system/bin/app_process /system/bin com.android.commands.am.Am start -n com.android.settings/com.android.settings.cyanogenmod.superuser.RequestActivity --es socket /dev/com.android.settings/.socket2222 --user 0
  • <dexopt>
  • /system/bin/app_process /system/bin com.android.commands.am.Am broadcast -n com.android.settings/com.android.settings.cyanogenmod.superuser.SuReceiver --ei binary_version 16 --es from_name u0_a44 --es desired_name --ei uid 10044 --ei desired_uid 0 --es c
  • chmod 777 <Package Folder>/files/busybox
Uses elevated priveleges.
Contains functionality to send SMS messages automatically.

Рекомендации по лечению


Android

  1. Если мобильное устройство функционирует в штатном режиме, загрузите и установите на него бесплатный антивирусный продукт Dr.Web для Android Light. Выполните полную проверку системы и используйте рекомендации по нейтрализации обнаруженных угроз.
  2. Если мобильное устройство заблокировано троянцем-вымогателем семейства Android.Locker (на экране отображается обвинение в нарушении закона, требование выплаты определенной денежной суммы или иное сообщение, мешающее нормальной работе с устройством), выполните следующие действия:
    • загрузите свой смартфон или планшет в безопасном режиме (в зависимости от версии операционной системы и особенностей конкретного мобильного устройства эта процедура может быть выполнена различными способами; обратитесь за уточнением к инструкции, поставляемой вместе с приобретенным аппаратом, или напрямую к его производителю);
    • после активации безопасного режима установите на зараженное устройство бесплатный антивирусный продукт Dr.Web для Android Light и произведите полную проверку системы, выполнив рекомендации по нейтрализации обнаруженных угроз;
    • выключите устройство и включите его в обычном режиме.

Подробнее о Dr.Web для Android

Демо бесплатно на 14 дней

Выдаётся при установке