Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Good NEWS "IMF and ASC Ultimate (ASC with AV 2013!)


Recommended Posts

Posted

In October 2012, we saw a new QUERVAR variant with a new structure, different from the previously detected variants but with the same infection routines. These included infecting .EXE and Microsoft Excel and Word files and then renaming them with a .SCR extension. However, the newer variants came with a new payload: downloading ransomware and ZACCESS variants.

 

The new QUERVAR variants are detected as PE_QUERVAR.E-O. PE_QUERVAR.E-O accesses the following malicious files below to download ransomware variants detected as TROJ_RANSOM.CMY and HTML_RANSOM.CMY, and the ZACCESS variant TROJ_SIREFEF.SZP.

 

http://{BLOCKED}ewidea1.ru/1.php?000102E0&pin=16FB2534B0B2D6E3

http://www.{BLOCKED}coservisi.com/test/php/way.php?000076A8&pin=16FB2534B0B2D6E3

http://{BLOCKED}y90.com/c/osnovnoj2.exe?00022F68 – detected as TROJ_RANSOM.CMY

http://{BLOCKED}lhgkjl.{BLOCKED}ilesexchnges.su/get.php?id=2 – detected as HTML_RANSOM.CMY

http://{BLOCKED}lhgkjl.un {BLOCKED}ilesexchnges.su/landings/first/US/NL_files/buttons.css

http://{BLOCKED}lhgkjl.{BLOCKED}ilesexchnges.su/landings/first/US/NL_files/jquery.min.js

http://{BLOCKED}lhgkjl.{BLOCKED}ilesexchnges.su/landings/first/US/FBI.png

http://{BLOCKED}lhgkjl.{BLOCKED}ilesexchnges.su/landings/first/US/NL_files/keyboard.js

http://{BLOCKED}lil.ru/33797470/2a06754.50664748/3052832ace10d474336096b36fbd49f05f190.exe?{random characters} – detected as TROJ_SIREFEF.SZP

 

IObit IMF and IObit ASC Ultimate users need not worry as they are protected via the Browser Guard and Network Guard. In particular, file reputation services blocks and deletes related malicious files, while the web reputation services blocks access to the sites where PE_QUERVAR.E-O downloads its malicious payload.

 

--> IObit Europe LAB Team

--> IObit Malware Fighter Team

--> IObit Europe Team

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...