Logo Hardware.com.br
TmfeijoMMonroe
TmfeijoMMonr... Cyber Highlander Registrado
13.7K Mensagens 4.2K Curtidas

Adwares ganchos puxados pelo baidu

#1 Por TmfeijoMMonr... 20/06/2014 - 18:16
Boa tarde ! Prezados


Para não invadir o tópico de nossa amiga Monica Gurzoni :

https://www.hardware.com.br/comunidade/navegacao-sequestrador/1344224/#post6903044

Crio aqui ! Isto é adware que uma máquina contaminada e que já foi pelo baidu; o mesmo puxa . E o sistema dela está infectado por este chinês .


A página em dl.sinoadv.com diz:

Atenção!
Sua versão do Java está Desatualizada. Há Riscos de Segurança.
Por favor Atualize Agora


Ao nagevar o baidu puxa sim :


http://s1062.photobucket.com/user/Edson_Melo/media/ScreenShot06-20-14at0550PM.png.html?sort=3&o=0

Eu estava em um site de armazenar imagens ; o photobucket .

O avast pegou win32-evo-gen; na hora :

http://s1062.photobucket.com/user/Edson_Melo/media/ScreenShot06-20-14at0555PM.png.html?sort=3&o=0

http://s1062.photobucket.com/user/Edson_Melo/media/ScreenShot06-20-14at0730PM.png.html?sort=3&o=0

Aconteceu novamente; desta vez no cjoint :

http://cjoint.com/data3/3FvcCyY6osV.htm

http://cjoint.com/data3/3FvcGA0ylSg.htm

http://s1062.photobucket.com/user/Edson_Melo/media/ScreenShot06-20-14at0926PM.png.html?sort=3&o=0

http://s1062.photobucket.com/user/Edson_Melo/media/ScreenShot06-20-14at0927PM.png.html?sort=3&o=0


É redirecionado automáticamente para um site falso para atualizar/instalar java :

http://dl.sinoadv.com/topic/java/download.php?country=BR&ext=3&aid=102 ( CUIDADO NÃO NAVEGUEM NESTE LINK )

Avast novamente apitou :

http://s1062.photobucket.com/user/Edson_Melo/media/ScreenShot06-20-14at0933PM.png.html?sort=3&o=0


Abraços
boa prezados puxa invadir adwares ganchos puxados tarde baidu
TmfeijoMMonroe
TmfeijoMMonr... Cyber Highlander Registrado
13.7K Mensagens 4.2K Curtidas
#3 Por TmfeijoMMonr...
21/06/2014 - 12:01
Boa tarde !


Creio que com a chegada no Brasil; do site de buscas baidu maide in China; estes episódios vão crescer . Dos mais variados adwares .


Aqui vou rodar o ad aware . Só vou esperar a boa vontade da instalação :


http://s1062.photobucket.com/user/Edson_Melo/media/ScreenShot06-21-14at1206PM.png.html?sort=3&o=0


http://s1062.photobucket.com/user/Edson_Melo/media/ScreenShot06-21-14at1218PM.png.html?sort=3&o=0


Não pegou nadarindo_ate_agora.png; porém este software não tem mais a eficiência de 10 anos atrás .cap_chateado.png

http://s1062.photobucket.com/user/Edson_Melo/media/ScreenShot06-21-14at0150PM.png.html?sort=3&o=0


Coincidência :

https://www.hardware.com.br/comunidade/v-t/1344563/

https://www.hardware.com.br/comunidade/antivirus-detectou/992751/

http://cjoint.com/data/0FzsAWMReqX.htm

D:\Arquivos de programas\Java\jre6\bin\java.exe

c:\program files\Java\jre7\bin\jp2ssv.dll ( atual )

Após quase exatos 5 anos !


http://s1062.photobucket.com/user/Edson_Melo/media/ScreenShot06-25-14at0206PM.png.html?sort=3&o=0


Runscanner logfile http://www.runscanner.net

* = signed file
- = file not found

General info
------------
Computer name : EDSON-PC
Creation time : 25/06/2014 14:01:37
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 9.11.9600.17126
OS : Windows 7 Home Basic
OS Build : 7601
OS SP : Service Pack 1
RunScanner Version : 2.0.0.60
User Language : Português (Brasil)
User rights : Administrator
Windows folder : C:\Windows

Running processes
-----------------
* C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
* C:\Windows\System32\wininit.exe (Microsoft Corporation)
* C:\Windows\System32\winlogon.exe (Microsoft Corporation)
* C:\Windows\System32\services.exe (Microsoft Corporation)
* C:\Windows\System32\spoolsv.exe (Microsoft Corporation)
* C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
* C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
* C:\Program Files\Comodo\Dragon\dragon_updater.exe
* C:\PROGRA~1\GbPlugin\gbpsv.exe (GAS Tecnologia)
* C:\Windows\System32\dwm.exe (Microsoft Corporation)
* C:\Windows\System32\smss.exe (Microsoft Corporation)
* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation)
* C:\Windows\system32\audiodg.exe (Microsoft Corporation)
* C:\Windows\System32\lsass.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\taskhost.exe (Microsoft Corporation)
* C:\Windows\System32\csrss.exe (Microsoft Corporation)
* C:\Windows\System32\csrss.exe (Microsoft Corporation)
* C:\Users\EDSON\Downloads\runscanner.exe (Runscanner.net)
* C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
* C:\Windows\System32\lsm.exe (Microsoft Corporation)
* C:\Windows\explorer.exe (Microsoft Corporation)

Unrated items
-------------
002 * C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
010 * C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (.NET Runtime Optimization Service)
010 * C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Acrobat Update Service)
010 * C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe® Flash® Player Update Service 12.0 r0)
010 * C:\Program Files\AVAST Software\Avast\AvastSvc.exe (avast! Service)
010 * C:\Program Files\Comodo\Dragon\dragon_updater.exe (dragon_updater.exe)
010 * C:\PROGRA~1\GbPlugin\GbpSv.exe (G-Buster Browser Defense - Service)
010 * C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (maintenanceservice.exe)
011 c:\windows\system32\drivers\aswHwid.sys (aswHwid.sys)
011 * C:\Windows\system32\drivers\aswRvrt.sys (aswRvrt.sys)
011 c:\windows\system32\drivers\aswSnx.sys (aswSnx.sys)
011 c:\windows\system32\drivers\aswSP.sys (aswSP.sys)
011 c:\windows\system32\drivers\aswStm.sys (aswStm.sys)
011 * C:\Windows\system32\drivers\aswVmm.sys (aswVmm.sys)
011 * c:\windows\system32\drivers\aswMonFlt.sys (avast! File System Minifilter for Windows 2003/Vista)
011 * c:\windows\system32\drivers\aswRdr2.sys (avast! WFP Redirect Driver)
011 * C:\Windows\system32\DRIVERS\gbpndisrdn.sys (GAS Tecnologia - LWF Helper Driver)
011 * C:\Windows\system32\drivers\gbpkm.sys (GbPlugin Device Driver)
035 * C:\Program Files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe (Google Inc.) {8A69D345-D564-463c-AFF1-A69D9E530F96}
047 Zone: seg.bb.com.br : https://seg.bb.com.br
047 Zone: www.bancobrasil.com.br : *.www.bancobrasil.com.br
047 Zone: www.bb.com.br : *.www.bb.com.br
047 Zone: www.bb.com.br : http://www.bb.com.br
047 Zone: www14.bancobrasil.com.br : https://www14.bancobrasil.com.br
047 Zone: www14.bancobrasil.com.br : *.www14.bancobrasil.com.br
047 Zone: www2.bancobrasil.com.br : *.www2.bancobrasil.com.br
047 Zone: www2.bancobrasil.com.br : https://www2.bancobrasil.com.br
050 * C:\PROGRAM FILES\GBPLUGIN\gbieh.dll (Banco do Brasil) {E37CB5F0-51F5-4395-A808-5FA49E399F83}
052 * C:\PROGRAM FILES\GBPLUGIN\gbieh.dll (Banco do Brasil) {C41A1C0E-EA6C-11D4-B1B8-444553540000}
052 * C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
052 * C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
061 * C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) {472083B0-C522-11CF-8763-00608CC02F24}
061 * C:\PROGRAM FILES\GBPLUGIN\gbieh.dll (Banco do Brasil) {98C11555-BC81-40aa-A053-DAADC5630000}
061 * C:\PROGRAM FILES\GBPLUGIN\gbieh.dll (Banco do Brasil) {E37CB5F0-51F5-4395-A808-5FA49E399F83}
062 * C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}
067 * C:\PROGRAM FILES\GBPLUGIN\gbieh.dll (Banco do Brasil)
104 * C:\Windows\system32\Macromed\Flash\Flash32_12_0_0_70.ocx (Adobe Systems, Inc.) {D27CDB6E-AE6D-11CF-96B8-444553540000}
173 * C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) {472083B0-C522-11CF-8763-00608CC02F24}
173 GUID / CLSID not found
221 * C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) {472083B0-C522-11CF-8763-00608CC02F24}
221 GUID / CLSID not found
223 * C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) {472083B0-C522-11CF-8763-00608CC02F24}
225 * C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) {472083B0-C522-11CF-8763-00608CC02F24}
225 * C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) {472083B0-C522-11CF-8763-00608CC02F24}
227 GUID / CLSID not found
231 * C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (Adobe Systems, Inc.) PDF Column Info
241 * C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) {472083B0-C522-11CF-8763-00608CC02F24}
254 * C:\PROGRAM FILES\GBPLUGIN\gbieh.dll (Banco do Brasil) {98C11555-BC81-40aa-A053-DAADC5630000}

Missing files
-------------
011 C:\Users\EDSON\AppData\Local\Temp\catchme.sys
032 rdpclip
052 C:\Program Files\Java\jre7\bin\jp2ssv.dll


http://cjoint.com/data3/3FAwadBwYIW.htm

http://cjoint.com/data/0FAvYNFAeBA.htm

http://cjoint.com/data3/3FAw6AJHlOo.htm

http://s1062.photobucket.com/user/Edson_Melo/media/ScreenShot06-30-14at0954PM.png.html?sort=3&o=0

http://s1062.photobucket.com/user/Edson_Melo/media/ScreenShot06-30-14at0947PM.png.html?sort=3&o=0

http://s1062.photobucket.com/user/Edson_Melo/media/ScreenShot06-30-14at1007PM.png.html?sort=3&o=0






Abraços
© 1999-2024 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal