Trojan:Win32/DefenseEvasion!rfn (Microsoft); RDN/Generic.dx (McAfee); Trojan.Win32.Bsymem.mww (Kaspersky); Trojan.Win32.Generic!BT (Sunbelt)

 Plate-forme:

Windows

 Overall Risk:
 Dommages potentiels: :
 Distribution potentielle: :
 reportedInfection:
Faible
Medium
Élevé
Critique

  • Type de grayware:
    Trojan

  • Destructif:
    Non

  • Chiffrement:
     

  • In the wild::
    Oui

  Overview

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

  Détails techniques

File size: 519,680 bytes
File type: EXE
Memory resident: Oui
Date de réception des premiers échantillons: 10 mars 2020

Übertragungsdetails

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Andere Systemänderungen

Fügt die folgenden Registrierungseinträge hinzu:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
SystemCertificates\Disallowed\Certificates\
4E564B9FBCE8F496FFF51278CCD14EE17F09A1CE
Blob = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
SystemCertificates\Disallowed\Certificates\
F75019695C0504E3ABEFEDCD8FBE500DA08EC8FA
Blob = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
SystemCertificates\Disallowed\Certificates\
58939B78BC28EF464220127BB754E3D130306988
Blob = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
SystemCertificates\Disallowed\Certificates\
8887AF2636E0D3B763AC4D56729218AF89653CA4
Blob = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
SystemCertificates\Disallowed\Certificates\
328E73F58737F1AB8DB0DA98FECFA17EB7BFAA40
Blob = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
SystemCertificates\Disallowed\Certificates\
8B6DD299C6E4092040E98EB773F3818DF50B038D
Blob = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
SystemCertificates\Disallowed\Certificates\
A5341949ABE1407DD7BF7DFE75460D9608FBC309
Blob = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
SystemCertificates\Disallowed\Certificates\
D70D7D00CA12E1B3E20F3BF7534DEB2C2E7C2404
Blob = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
SystemCertificates\Disallowed\Certificates\
E27AA5FFDCA62A60E435292A243D0C6D43DCC513
Blob = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
SystemCertificates\Disallowed\Certificates\
4E393AA1586C93E0BC9E7FEBCF7BFB62066DC22A
Blob = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
SystemCertificates\Disallowed\Certificates\
BDEEFEC5F002E281B2292A8C72EACA468CBF9952
Blob = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
SystemCertificates\Disallowed\Certificates\
F83099622B4A9F72CB5081F742164AD1B8D048C9
Blob = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
SystemCertificates\Disallowed\Certificates\
8DC9FE53D5F1D7D558EBE131E922730780D88865
Blob = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
SystemCertificates\Disallowed\Certificates\
0A0CF21F2AD2796FCC1309F2993659FC9F4BBFB9
Blob = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
SystemCertificates\Disallowed\Certificates\
5AACB6A43D9D806E6963937BE702B7A43C1978AE
Blob = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
SystemCertificates\Disallowed\Certificates\
2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF
Blob = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
SystemCertificates\Disallowed\Certificates\
B7E607E1FB8943C634580F621788C01C962E8280
Blob = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
SystemCertificates\Disallowed\Certificates\
AA8399A239AE1785200917D32C21F6B662477BE4
Blob = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
SystemCertificates\Disallowed\Certificates\
3C92C9274AB6D3DD520B13029A2490C4A1D98BC0
Blob = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
SystemCertificates\Disallowed\Certificates\
BF9254919794C1075EA027889C5D304F1121C653
Blob = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
SystemCertificates\Disallowed\Certificates\
816BE9397F66D1A26EFA04035BCA3BB9E3779740
Blob = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
SystemCertificates\Disallowed\Certificates\
DBFAD9D59A6A07DCEB004DBE2DC246B547249E86
Blob = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
SystemCertificates\Disallowed\Certificates\
775B373B33B9D15B58BC02B184704332B97C3CAF
Blob = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
SystemCertificates\Disallowed\Certificates\
88AD5DFE24126872B33175D1778687B642323ACF
Blob = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
SystemCertificates\Disallowed\Certificates\
1B581436B0ED7536755B8B1C81112509A5AAF6ED
Blob = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
SystemCertificates\Disallowed\Certificates\
9A32249E9A6B9CF5C36B0749C81613524D37C594
Blob = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
SystemCertificates\Disallowed\Certificates\
AEEA60E86C66327BFBB8492C33122687AB2B5D91
Blob = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
SystemCertificates\Disallowed\Certificates\
BE894F99B870DA5FCA623F7F4A85D3970A46CDE1
Blob = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
SystemCertificates\Disallowed\Certificates\
31AC96A6C17C425222C46D55C3CCA6BA12E54DAF
Blob = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
SystemCertificates\Disallowed\Certificates\
1518752920E9221E1FE1728AACAC536728B37BA7
Blob = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
SystemCertificates\Disallowed\Certificates\
7450C07722C75E711EF24209A22F0C5C6A5BEC4E
Blob = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
SystemCertificates\Disallowed\Certificates\
5DE56B2BAAA995F447949B869356528F91230A49
Blob = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
SystemCertificates\Disallowed\Certificates\
78C55D604474B534EB2B565CAD312FC7D71FE9DE
Blob = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
SystemCertificates\Disallowed\Certificates\
E4A0C1054F8025DD88EE5053094A9A61661AE123
Blob = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\
Microsoft\Windows Defender
DisableAntiSpyware = "1"

  Solutions

Moteur de scan minimum: 9.850

Step 1

Für Windows ME und XP Benutzer: Stellen Sie vor einer Suche sicher, dass die Systemwiederherstellung deaktiviert ist, damit der gesamte Computer durchsucht werden kann.

Step 2

Diesen Registrierungswert löschen

[ learnMore ]

Wichtig: Eine nicht ordnungsgemäße Bearbeitung der Windows Registrierung kann zu einer dauerhaften Fehlfunktion des Systems führen. Führen Sie diesen Schritt nur durch, wenn Sie mit der Vorgehensweise vertraut sind oder wenn Sie Ihren Systemadministrator um Unterstützung bitten können. Lesen Sie ansonsten zuerst diesen Microsoft Artikel, bevor Sie die Registrierung Ihres Computers ändern.

  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\4E564B9FBCE8F496FFF51278CCD14EE17F09A1CE
    • Blob = "{random characters}"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\F75019695C0504E3ABEFEDCD8FBE500DA08EC8FA
    • Blob = "{random characters}"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\58939B78BC28EF464220127BB754E3D130306988
    • Blob = "{random characters}"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\8887AF2636E0D3B763AC4D56729218AF89653CA4
    • Blob = "{random characters}"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\328E73F58737F1AB8DB0DA98FECFA17EB7BFAA40
    • Blob = "{random characters}"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\8B6DD299C6E4092040E98EB773F3818DF50B038D
    • Blob = "{random characters}"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\A5341949ABE1407DD7BF7DFE75460D9608FBC309
    • Blob = "{random characters}"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\D70D7D00CA12E1B3E20F3BF7534DEB2C2E7C2404
    • Blob = "{random characters}"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\E27AA5FFDCA62A60E435292A243D0C6D43DCC513
    • Blob = "{random characters}"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\4E393AA1586C93E0BC9E7FEBCF7BFB62066DC22A
    • Blob = "{random characters}"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\BDEEFEC5F002E281B2292A8C72EACA468CBF9952
    • Blob = "{random characters}"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\F83099622B4A9F72CB5081F742164AD1B8D048C9
    • Blob = "{random characters}"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\8DC9FE53D5F1D7D558EBE131E922730780D88865
    • Blob = "{random characters}"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\0A0CF21F2AD2796FCC1309F2993659FC9F4BBFB9
    • Blob = "{random characters}"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\5AACB6A43D9D806E6963937BE702B7A43C1978AE
    • Blob = "{random characters}"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF
    • Blob = "{random characters}"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\B7E607E1FB8943C634580F621788C01C962E8280
    • Blob = "{random characters}"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\AA8399A239AE1785200917D32C21F6B662477BE4
    • Blob = "{random characters}"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\3C92C9274AB6D3DD520B13029A2490C4A1D98BC0
    • Blob = "{random characters}"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\BF9254919794C1075EA027889C5D304F1121C653
    • Blob = "{random characters}"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\816BE9397F66D1A26EFA04035BCA3BB9E3779740
    • Blob = "{random characters}"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\DBFAD9D59A6A07DCEB004DBE2DC246B547249E86
    • Blob = "{random characters}"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\775B373B33B9D15B58BC02B184704332B97C3CAF
    • Blob = "{random characters}"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\88AD5DFE24126872B33175D1778687B642323ACF
    • Blob = "{random characters}"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\1B581436B0ED7536755B8B1C81112509A5AAF6ED
    • Blob = "{random characters}"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\9A32249E9A6B9CF5C36B0749C81613524D37C594
    • Blob = "{random characters}"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\AEEA60E86C66327BFBB8492C33122687AB2B5D91
    • Blob = "{random characters}"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\BE894F99B870DA5FCA623F7F4A85D3970A46CDE1
    • Blob = "{random characters}"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF
    • Blob = "{random characters}"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\1518752920E9221E1FE1728AACAC536728B37BA7
    • Blob = "{random characters}"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7450C07722C75E711EF24209A22F0C5C6A5BEC4E
    • Blob = "{random characters}"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\5DE56B2BAAA995F447949B869356528F91230A49
    • Blob = "{random characters}"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\78C55D604474B534EB2B565CAD312FC7D71FE9DE
    • Blob = "{random characters}"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\E4A0C1054F8025DD88EE5053094A9A61661AE123
    • Blob = "{random characters}"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
    • DisableAntiSpyware = "1"

Step 3

Durchsuchen Sie Ihren Computer mit Ihrem Trend Micro Produkt, und löschen Sie Dateien, die als Trojan.Win32.BSYMEM.AB entdeckt werden. Falls die entdeckten Dateien bereits von Ihrem Trend Micro Produkt gesäubert, gelöscht oder in Quarantäne verschoben wurden, sind keine weiteren Schritte erforderlich. Dateien in Quarantäne können einfach gelöscht werden. Auf dieser Knowledge-Base-Seite finden Sie weitere Informationen.


Participez à notre enquête!