FÜR NUTZER

Schließen

Meine Bibliothek
Meine Bibliothek

+ Zur Bibliothek hinzufügen

Suche
Suche

Support
Support 24/7 | Regeln zur Anfragenübermittlung

Schreiben Sie uns

Online-Formular

Telefon

+49 (0) 170 488 40 28

Forum

Ihre Anfragen

Neue Anfrage

Rufen Sie uns an

+7 (495) 789-45-86

Profil

DE

RU CN DE EN ES FR IT JP KZ UZ PL BY
Schließen
Services
Scanner
Dr.Web vxCube
Testversion
Analyse von virenabhängigen Vorfällen
Virenbibliothek
Wissensdatenbank

Technologies

Begriffe

Schulung und Training

Mythen

News

Trojan.MulDrop5.34563

Added to the Dr.Web virus database: 2014-07-21

Virus description added:

Technical Information

To ensure autorun and distribution:
Modifies the following registry keys:
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'CCAD7' = '%WINDIR%\Temp\C7temp\C7_Up.exe Ccadfree'
Malicious functions:
Creates and executes the following:
  • '%TEMP%\RarSFX0\c7free2\INSTMSI.EXE'
  • '%CommonProgramFiles%\InstallShield\Driver\8\Intel 32\IDriver.exe' -Embedding
  • '%TEMP%\RarSFX0\c7free2\Setup.exe'
  • '%WINDIR%\Temp\Data2.exe'
Executes the following:
  • '<SYSTEM32>\msiexec.exe' -Embedding E9F8C2425946F3A3C1C4528927B7E951 C
  • '<SYSTEM32>\msiexec.exe' /V
Modifies file system :
Creates the following files:
  • %WINDIR%\Temp\c7temp\Library\2 专业资料\A 机械工程手册\13 齿轮\01 渐开线圆柱齿轮\09 结构设计\14-108b 锻造齿轮_厚壁.plb
  • %WINDIR%\Temp\c7temp\Library\2 专业资料\A 机械工程手册\13 齿轮\01 渐开线圆柱齿轮\09 结构设计\14-108a 轴齿轮.plb
  • %WINDIR%\Temp\c7temp\Library\2 专业资料\A 机械工程手册\13 齿轮\01 渐开线圆柱齿轮\09 结构设计\14-109a 铸造齿轮_平腹板.plb
  • %WINDIR%\Temp\c7temp\Library\2 专业资料\A 机械工程手册\13 齿轮\01 渐开线圆柱齿轮\09 结构设计\14-108c 锻造齿轮_薄壁.plb
  • %WINDIR%\Temp\c7temp\Library\2 专业资料\A 机械工程手册\10 弹簧\01 圆柱螺旋弹簧\03 常用规格\11-07b 圆柱螺旋压缩弹簧.plb
  • %WINDIR%\Temp\c7temp\Library\2 专业资料\A 机械工程手册\08 五金管件\03 管件\01 螺纹管件\02 水煤气管件\9-32f 内外螺丝.plb
  • %WINDIR%\Temp\c7temp\Library\2 专业资料\A 机械工程手册\10 弹簧\01 圆柱螺旋弹簧\03 常用规格\11-22a 圆柱螺旋扭转弹簧.plb
  • %WINDIR%\Temp\c7temp\Library\2 专业资料\A 机械工程手册\10 弹簧\01 圆柱螺旋弹簧\03 常用规格\11-17a 圆柱螺旋拉伸弹簧.plb
  • %WINDIR%\Temp\c7temp\Project\Sample\Sample-2.dcc
  • %WINDIR%\Temp\c7temp\Project\Sample\Sample-1.dcc
  • %WINDIR%\Temp\c7temp\Project\Sample\SampleC.tcc
  • %WINDIR%\Temp\c7temp\Project\Sample\Sample.dcc
  • %WINDIR%\Temp\c7temp\Library\2 专业资料\A 机械工程手册\13 齿轮\01 渐开线圆柱齿轮\09 结构设计\14-109c 铸造齿轮_三角板.plb
  • %WINDIR%\Temp\c7temp\Library\2 专业资料\A 机械工程手册\13 齿轮\01 渐开线圆柱齿轮\09 结构设计\14-109b 铸造齿轮_斜腹板.plb
  • %WINDIR%\Temp\c7temp\Library\2 专业资料\A 机械工程手册\13 齿轮\03 锥齿轮\07 结构设计\14-159b 直线齿锥齿轮.plb
  • %WINDIR%\Temp\c7temp\Library\2 专业资料\A 机械工程手册\13 齿轮\01 渐开线圆柱齿轮\09 结构设计\14-109d 铸造齿轮_双腹板.plb
  • %WINDIR%\Temp\c7temp\Library\2 专业资料\A 机械工程手册\08 五金管件\03 管件\01 螺纹管件\02 水煤气管件\9-32e 异径内接头.plb
  • %WINDIR%\Temp\c7temp\Library\2 专业资料\A 机械工程手册\08 五金管件\03 管件\01 螺纹管件\02 水煤气管件\9-31g 四通.plb
  • %WINDIR%\Temp\c7temp\Library\2 专业资料\A 机械工程手册\08 五金管件\03 管件\01 螺纹管件\02 水煤气管件\9-31f 三通.plb
  • %WINDIR%\Temp\c7temp\Library\2 专业资料\A 机械工程手册\08 五金管件\03 管件\01 螺纹管件\02 水煤气管件\9-31i 通丝外接头.plb
  • %WINDIR%\Temp\c7temp\Library\2 专业资料\A 机械工程手册\08 五金管件\03 管件\01 螺纹管件\02 水煤气管件\9-31h 外接头.plb
  • %WINDIR%\Temp\c7temp\Library\2 专业资料\A 机械工程手册\08 五金管件\03 管件\01 螺纹管件\02 水煤气管件\9-31 低压输送管.plb
  • %WINDIR%\Temp\c7temp\Library\2 专业资料\A 机械工程手册\08 五金管件\03 管件\01 螺纹管件\01 螺纹管接头\9-31c 圆锥形螺纹可锻铸铁管接头.plb
  • %WINDIR%\Temp\c7temp\Library\2 专业资料\A 机械工程手册\08 五金管件\03 管件\01 螺纹管件\02 水煤气管件\9-31e 45度弯头.plb
  • %WINDIR%\Temp\c7temp\Library\2 专业资料\A 机械工程手册\08 五金管件\03 管件\01 螺纹管件\02 水煤气管件\9-31d 弯头.plb
  • %WINDIR%\Temp\c7temp\Library\2 专业资料\A 机械工程手册\08 五金管件\03 管件\01 螺纹管件\02 水煤气管件\9-32b 中小异径三通.plb
  • %WINDIR%\Temp\c7temp\Library\2 专业资料\A 机械工程手册\08 五金管件\03 管件\01 螺纹管件\02 水煤气管件\9-32a 异径弯头.plb
  • %WINDIR%\Temp\c7temp\Library\2 专业资料\A 机械工程手册\08 五金管件\03 管件\01 螺纹管件\02 水煤气管件\9-32d 异径外接头.plb
  • %WINDIR%\Temp\c7temp\Library\2 专业资料\A 机械工程手册\08 五金管件\03 管件\01 螺纹管件\02 水煤气管件\9-32c 异径四通.plb
  • %WINDIR%\Temp\c7temp\Library\2 专业资料\A 机械工程手册\08 五金管件\03 管件\01 螺纹管件\02 水煤气管件\9-31k 锁紧螺母.plb
  • %WINDIR%\Temp\c7temp\Library\2 专业资料\A 机械工程手册\08 五金管件\03 管件\01 螺纹管件\02 水煤气管件\9-31j 外方管堵.plb
  • %WINDIR%\Temp\c7temp\Library\2 专业资料\A 机械工程手册\08 五金管件\03 管件\01 螺纹管件\02 水煤气管件\9-31m 锥形活接头.plb
  • %WINDIR%\Temp\c7temp\Library\2 专业资料\A 机械工程手册\08 五金管件\03 管件\01 螺纹管件\02 水煤气管件\9-31l 内接头.plb
  • %TEMP%\{67FDE503-54B4-4E46-8011-F4E23AA87C9A}\IsConfig.INI
  • %TEMP%\{67FDE503-54B4-4E46-8011-F4E23AA87C9A}\ISRT.DLL
  • %TEMP%\{67FDE503-54B4-4E46-8011-F4E23AA87C9A}\_ISUSER.DLL
  • %TEMP%\{67FDE503-54B4-4E46-8011-F4E23AA87C9A}\_ISRES.DLL
  • %WINDIR%\Downloaded Installations\{D3F8D40C-FBD0-4A79-AE41-8AC56AE88F86}\Ccadfree.msi
  • %CommonProgramFiles%\InstallShield\Driver\8\Intel 32\IDriver2.exe
  • %TEMP%\{67FDE503-54B4-4E46-8011-F4E23AA87C9A}\setup.inx
  • %WINDIR%\Downloaded Installations\{D3F8D40C-FBD0-4A79-AE41-8AC56AE88F86}\0x0804.ini
  • %TEMP%\{67FDE503-54B4-4E46-8011-F4E23AA87C9A}\hhupd13.exe
  • %TEMP%\{67FDE503-54B4-4E46-8011-F4E23AA87C9A}\First.cfg
  • %TEMP%\MSI9.tmp
  • %TEMP%\MSI8.tmp
  • %TEMP%\{67FDE503-54B4-4E46-8011-F4E23AA87C9A}\IGdi.dll
  • %TEMP%\{67FDE503-54B4-4E46-8011-F4E23AA87C9A}\String2052.txt
  • %TEMP%\MSI7.tmp
  • %TEMP%\MSI6.tmp
  • %CommonProgramFiles%\InstallShield\Driver\8\Intel 32\_ISRES1033.dll
  • %TEMP%\_is2\0x0804.ini
  • %TEMP%\_is2\_ISMSIDEL.INI
  • %TEMP%\_is2\ISScript8.Msi
  • %TEMP%\_is2\Ccadfree.msi
  • %WINDIR%\winsetnet.exe
  • %WINDIR%\InstRk42.dll
  • %TEMP%\_is2\Setup.INI
  • %TEMP%\~1.tmp
  • %CommonProgramFiles%\InstallShield\Driver\8\Intel 32\IUser8.dll
  • %CommonProgramFiles%\InstallShield\Driver\8\Intel 32\objps8.dll
  • %CommonProgramFiles%\InstallShield\Driver\8\Intel 32\ISRT.dll
  • %CommonProgramFiles%\InstallShield\Driver\8\Intel 32\IScript8.dll
  • %WINDIR%\Installer\MSI3.tmp
  • %WINDIR%\Installer\3b7a9.msi
  • %CommonProgramFiles%\InstallShield\Driver\8\Intel 32\IDriver.exe
  • C:\Config.Msi\3b7ac.rbs
  • %WINDIR%\Temp\c7temp\Library\2 专业资料\A 机械工程手册\08 五金管件\03 管件\01 螺纹管件\01 螺纹管接头\9-31b 圆柱形螺纹可锻铸铁管接头.plb
  • %WINDIR%\Temp\c7temp\Database\Personal\东工用户数据库.mdb
  • %WINDIR%\Temp\c7temp\C7_Up.exe
  • %WINDIR%\Temp\c7temp\Database\Template\Produce\1580 材料消耗工艺定额明细表.tib
  • %WINDIR%\Temp\c7temp\Database\Personal\用户数据库.mdb
  • %WINDIR%\Temp\c7temp\Bin\msvcp60.dll
  • %WINDIR%\Temp\c7temp\Bin\InstRk42.dll
  • %WINDIR%\Temp\c7temp\Bin\winsetnet.exe
  • %WINDIR%\Temp\c7temp\Bin\Set.exe
  • %WINDIR%\Temp\c7temp\Help\Chs\h_edit_part.swf
  • %WINDIR%\Temp\c7temp\Help\Chs\Ccad_Player.exe
  • %WINDIR%\Temp\c7temp\Help\Chs\h_export_dcc.swf
  • %WINDIR%\Temp\c7temp\Help\Chs\h_export_bmp.swf
  • %WINDIR%\Temp\c7temp\Database\Template\Title\机械行业标准② ZBTJ01035.3-90N.tit
  • %WINDIR%\Temp\c7temp\Database\Template\Produce\GH05 加工工艺过程卡片Ⅰ.tib
  • %WINDIR%\Temp\c7temp\Help\Chs\Ccadchs.chm
  • %WINDIR%\Temp\c7temp\Database\Template\Title\机械行业标准③ ZBTJ01035.3-90N.tit
  • %WINDIR%\Temp\c7temp\Bin\Chs.xdb
  • %WINDIR%\Temp\c7temp\Bin\0 通用配置.cfg
  • %WINDIR%\Temp\Data2.exe
  • %WINDIR%\Temp\c7temp\Bin\2 电类专业配置.cfg
  • %WINDIR%\Temp\c7temp\Bin\1 机类专业配置.cfg
  • %TEMP%\RarSFX0\c7free2\Data2.cab
  • %TEMP%\RarSFX0\c7free2\CCADFREE.MSI
  • %TEMP%\RarSFX0\c7free2\Setup.exe
  • %TEMP%\RarSFX0\c7free2\INSTMSI.EXE
  • %WINDIR%\Temp\c7temp\Bin\Chs.dll
  • %WINDIR%\Temp\c7temp\Bin\c3.obj
  • %WINDIR%\Temp\c7temp\Bin\Chs.mnu
  • %WINDIR%\Temp\c7temp\Bin\Chs.mdb
  • %WINDIR%\Temp\c7temp\Bin\Bin7_c.obj
  • %WINDIR%\Temp\c7temp\Bin\3 建筑专业配置.cfg
  • %WINDIR%\Temp\c7temp\Bin\Bin7_t.obj
  • %WINDIR%\Temp\c7temp\Bin\Bin7_n.obj
  • %WINDIR%\Temp\c7temp\Library\1 常用资料\05 图形\02 孔\07 螺纹盲孔.plb
  • %WINDIR%\Temp\c7temp\Library\1 常用资料\05 图形\02 孔\06 螺纹通孔.plb
  • %WINDIR%\Temp\c7temp\Library\2 专业资料\1 设计资料\01 普通机械\D 管路法兰及垫片标准\81--42 凸面板式平焊钢制管法兰.plb
  • %WINDIR%\Temp\c7temp\Library\1 常用资料\05 图形\02 孔\10 中心孔.plb
  • %WINDIR%\Temp\c7temp\Library\1 常用资料\03 公式\01 数学公式\17 椭圆.plb
  • %WINDIR%\Temp\c7temp\Library\0 常用符号\05 建筑符号\02 建筑\04 屋面及檐口大样.flb
  • %WINDIR%\Temp\c7temp\Library\1 常用资料\05 图形\02 孔\05 划盲孔.plb
  • %WINDIR%\Temp\c7temp\Library\1 常用资料\05 图形\02 孔\04 划通孔.plb
  • %WINDIR%\Temp\c7temp\Library\2 专业资料\A 机械工程手册\04 联接\03 销与键联接\01 销联接\02 销\5-150 销轴.plb
  • %WINDIR%\Temp\c7temp\Library\2 专业资料\A 机械工程手册\04 联接\01 螺纹联接\02 紧固件\01 螺栓\5-65d 六角头头部带孔螺栓-细牙-A-B级.plb
  • %WINDIR%\Temp\c7temp\Library\2 专业资料\A 机械工程手册\08 五金管件\03 管件\01 螺纹管件\01 螺纹管接头\9-31a 圆柱形钢制管接头.plb
  • %WINDIR%\Temp\c7temp\Library\2 专业资料\A 机械工程手册\06 轴承\02 滚动轴承\02 常用滚动轴承\7-152 深沟球轴承.plb
  • %WINDIR%\Temp\c7temp\Library\2 专业资料\1 设计资料\03 石油化工\A 钢制管法兰标准\61-132 突面钢制法兰盖.plb
  • %WINDIR%\Temp\c7temp\Library\2 专业资料\1 设计资料\01 普通机械\D 管路法兰及垫片标准\861-82 凸面钢制管法兰盖.plb
  • %WINDIR%\Temp\c7temp\Library\2 专业资料\A 机械工程手册\03 材料\01 黑色金属\03 钢材\02 型钢\3-102 热轧等边角钢.plb
  • %WINDIR%\Temp\c7temp\Library\2 专业资料\A 机械工程手册\03 材料\01 黑色金属\03 钢材\02 型钢\3-100a 热轧圆钢.plb
  • %WINDIR%\Temp\c7temp\Library\0 常用符号\05 建筑符号\02 建筑\03 墙身及台阶大样.flb
  • %WINDIR%\Temp\c7temp\Help\Chs\h_main_scale.swf
  • %WINDIR%\Temp\c7temp\Help\Chs\h_inport_dwg.swf
  • %WINDIR%\Temp\c7temp\Help\Chs\v_item_dxf.swf
  • %WINDIR%\Temp\c7temp\Help\Chs\h_new_sbg.swf
  • %WINDIR%\Temp\c7temp\Help\Chs\h_export_dwg.swf
  • %WINDIR%\Temp\c7temp\Help\Chs\h_export_dccs.swf
  • %WINDIR%\Temp\c7temp\Help\Chs\h_inport_bmp.swf
  • %WINDIR%\Temp\c7temp\Help\Chs\h_export_pdf.swf
  • %WINDIR%\Temp\c7temp\Library\0 常用符号\00 系统符号\03 标注.flb
  • %WINDIR%\Temp\c7temp\Library\0 常用符号\00 系统符号\02 文本.flb
  • %WINDIR%\Temp\c7temp\Library\0 常用符号\00 系统符号\05 剖面.flb
  • %WINDIR%\Temp\c7temp\Library\0 常用符号\00 系统符号\04 焊缝.flb
  • %WINDIR%\Temp\c7temp\Help\订购单.txt
  • %WINDIR%\Temp\c7temp\Help\Flashplayer.exe
  • %WINDIR%\Temp\c7temp\Library\0 常用符号\00 系统符号\01 线型.flb
  • %WINDIR%\Temp\c7temp\Library\0 常用符号\00 系统符号\00 实体.flb
Deletes the following files:
  • %TEMP%\MSI6.tmp
  • %WINDIR%\Installer\3b7a9.msi
  • %TEMP%\MSI7.tmp
  • %TEMP%\MSI9.tmp
  • %TEMP%\MSI8.tmp
  • %WINDIR%\Temp\c7temp\Bin\winsetnet.exe
  • %WINDIR%\Temp\c7temp\Bin\InstRk42.dll
  • %TEMP%\~1.tmp
  • C:\Config.Msi\3b7ac.rbs
  • %WINDIR%\Installer\MSI3.tmp
Miscellaneous:
Searches for the following windows:
  • ClassName: 'Shell_TrayWnd' WindowName: '(null)'
  • ClassName: 'EDIT' WindowName: '(null)'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play