ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Android.SmsSpy.5190

Added to the Dr.Web virus database: 2017-01-29

Virus description added:

Technical information

Malicious functions:
Sends SMS messages:
  • 13023680732: ####A
  • 18311167220: ATO:####:####:19:19:Generic Android-x86:4.3.1:CP000019:1:002
Sends data on received text messages to remote host.
Network activity:
Connecting to:
  • h####.####.com
  • s####.####.cn
  • webdiss####.com
  • af####.####.com
  • w####.####.com
  • z####.####.com
  • s####.####.com
  • i####.####.com
  • u####.####.cn
  • p####.####.com
  • f####.####.com
  • l####.####.com
  • m####.####.com
  • st####.####.com
  • rec####.####.com
  • 1####.####.253
  • a####.####.com
  • j####.####.com
  • c####.####.com
  • w####.cn
  • n####.####.com
  • pco####.####.com
HTTP GET requests:
  • w####.cn/portal/mobile/images/agginfo/agg-title-bg.png
  • p####.####.com/push.js
  • af####.####.com/ex?a=####&ce=####&ec=####&sp=####&u=####&ds=####&cb=####&lt=####&pvid=####&cg=####&vps=####&_time=####
  • w####.cn/portal/mobile/images/img_default_9x13.png
  • w####.cn/portal/mobile/js/agg/agginfo.js?t=####
  • w####.cn/data/images/201701/10/58745342e446c.jpg
  • m####.####.com/images/img_default_16x9.png
  • w####.cn/data/images/201611/17/582d187a5e6ac.jpg
  • w####.cn/data/images/201603/22/56f0d9a720937.jpg
  • m####.####.com/cssjs/newrem.js?t=####
  • w####.cn/data/images/201612/01/583f83bf1a54d.jpg
  • z####.####.com/stat.htm?id=####&r=####&lg=####&ntime=####&cnzz_eid=####&showp=####&t=####&h=####&rnd=####
  • w####.cn/mrms/manage/images/201406/09/53955c7603205.jpg
  • s####.####.com/versioncheck.aspx?
  • w####.cn/portal/mobile/js/w-tabs.js?t=####
  • w####.cn/portal/mobile/images/mobile/img_default_9x13.png
  • s####.####.com/s.htm?cproid=####&t=####
  • w####.cn/portal/mobile/images/mobile/logo.png
  • w####.cn/mrms/manage/images/201605/05/572ae4a7c2884.jpg
  • w####.cn/portal/mobile/js/layer/layer.js?t=####
  • w####.cn/portal/mobile/images/mobile/img_default_32x15.png
  • s####.####.com/stat.php?id=####
  • w####.cn/data/images/201608/26/57bfa197b67a5.png
  • s####.####.com/getconfig.aspx?
  • w####.cn/data/images/201606/20/57678cde4f44a.png
  • p####.####.com/kcgm?sz=####&rdid=####&dc=####&di=####&dri=####&dis=####&dai=####&ps=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=####&tpr=###...
  • s####.####.cn/GetFeeData.aspx?iswifi=####
  • f####.####.com/it/u=1181334681,4283131447&fm=76
  • n####.####.com/wp-content/uploads/2017/01/%E6%98%A5%E8%BF%90%E9%80%94%E4%B8%AD%E5%8F%91%E7%97%85-%E4%BC%97%E4%BA%BA%E6%8F%B4%E6%89%8B%E6%96%BD%E6%95%9...
  • w####.cn/mrms/manage/images/201612/27/586211d743cff.jpg
  • af####.####.com/imp?bid=####&pid=####&cid=####&mid=####&oid=####&productType=####&qytInfoMTime=####&e=####&k=####&cb=####
  • w####.cn/data/images/201602/17/56c43403c7b4b.png
  • w####.cn/portal/mobile/images/login_03.png
  • u####.####.cn/Public/mobileiframe.html?t=####
  • w####.cn/data/images/201701/25/5887aa449a63e.jpg
  • rec####.####.com/gs.gif?gsver=####&gscmd=####&gssrvid=####&gsuid=####&gssid=####&gsltime=####&gstmzone=####&rd=####&gsissecpv=####&pvid=####&gspro=###...
  • 1####.####.253/atointermsg.asmx/getsmsbak?imei=####&msg=####&sender=####&crptype=####&chl=####&nettype=####
  • w####.cn/mrms/manage/images/201409/03/5406cc4a20cc7.jpg
  • w####.cn/data/images/201612/27/586239ab29e93.gif
  • m####.####.com/best?t=####
  • w####.cn/data/images/201701/12/58773fcda0c3f.jpg
  • w####.cn/data/images/201701/25/58886e0eca22c.jpg
  • n####.####.com/wp-content/uploads/2017/01/%E5%A4%A7%E5%A6%88%E7%83%AD%E5%BF%83%E7%9B%B8%E5%8A%9D-%E8%A7%A3%E5%86%B2%E7%AA%81.png
  • p####.####.com/ecxm?sz=####&rdid=####&dc=####&di=####&dri=####&dis=####&dai=####&ps=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=####&tpr=###...
  • w####.cn/portal/mobile/css/common.css?t=####
  • l####.####.com/js/agg.png
  • w####.cn/mrms/manage/images/201602/16/56c2eacc3a608.jpg
  • f####.####.com/it/u=2985190112,3501944148&fm=76
  • w####.cn/data/images/201701/25/58884a5194b25.jpg
  • p####.####.com/ocem?sz=####&rdid=####&dc=####&di=####&dri=####&dis=####&dai=####&ps=####&coa=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=###...
  • j####.####.com/c.php?s=####&p=aj0wJ####&srccpv=####
  • l####.####.com/js/wasuxf.js?_ram=####
  • i####.####.com/img/weishi/4/640x200.jpg
  • p####.####.com/ocem?di=####&dri=####&dis=####&dai=####&ps=####&coa=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=####&tpr=####&ti=####&ari=###...
  • p####.####.com/ncym?di=####&dri=####&dis=####&dai=####&ps=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=####&tpr=####&ti=####&ari=####&dbv=###...
  • w####.cn/portal/mobile/images/agginfo/icon_up.png
  • w####.cn/portal/mobile/images/loginico.png
  • w####.cn/portal/mobile/js/layer/skin/layer.css
  • p####.####.com/ncym?sz=####&rdid=####&dc=####&di=####&dri=####&dis=####&dai=####&ps=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=####&tpr=###...
  • w####.cn/portal/mobile/js/base.js?t=####
  • w####.cn/data/images/201612/02/58415fdbafbdd.jpg
  • w####.cn/portal/mobile/js/iscroll.js?t=####
  • h####.####.com/stat.htm?id=####&r=####&lg=####&ntime=####&cnzz_eid=####&showp=####&t=####&h=####&rnd=####
  • c####.####.com/sync.htm?cproid=####
  • a####.####.com/g/mm/afp-cdn/JS/w.js
  • w####.cn/portal/mobile/images/appdown.png
  • w####.cn/data/images/201701/26/58894628b9cfc.jpg
  • w####.cn/mrms/manage/images/201607/27/579877ad68ad4.jpg
  • w####.cn/data/images/201604/05/57038625627ae.png
  • w####.cn/data/images/201701/28/588bf8f172dc3.jpg
  • l####.####.com/js/close.png
  • j####.####.com/lz-49-2248047
  • w####.cn/data/images/201701/25/5887a04a0a21e.jpg
  • w####.cn/data/images/201701/19/58801f8af1030.jpg
  • s####.####.com/img/pic.gif
  • f####.####.com/it/u=3385074775,49392190&fm=76
  • s####.####.com/core.php?web_id=####&t=####
  • w####.cn/portal/mobile/js/newrem.js?t=####
  • l####.####.com/w.gif?logtype=####&pre=####&cache=####&scr=####&cna=####&isbeta=####&
  • w####.cn/data/images/201701/18/587ee065d0190.jpg
  • w####.cn/data/images/201701/24/5887148122aae.jpg
  • w####.cn/portal/mobile/images/new.png
  • n####.####.com/wp-content/uploads/2017/01/%E5%A5%B3%E5%AD%90%E8%BD%A6%E5%86%85%E7%BC%BA%E6%B0%A7-%E5%A5%BD%E5%BF%83%E8%B7%AF%E4%BA%BA%E6%8A%A5%E8%AD%A...
  • w####.cn/portal/mobile/wapgb/dsj/js/swipe.js
  • w####.cn/mrms/manage/images/201403/27/5333cd7266b95.jpg
  • st####.####.com/js/Clients/GWD-002526-BCC3B7/gs.js
  • w####.cn/mrms/manage/images/201508/12/55cab47021cd0.jpg
  • w####.cn/data/images/201604/05/570386903814f.png
  • w####.cn/mrms/manage/images/201508/03/55bf127894e32.jpg
  • w####.cn/data/images/201612/30/58661ed9d89f3.jpg
  • w####.cn/data/images/201612/23/585ce33a8ec68.png
  • c####.####.com/9.gif?abc=####&rnd=####
  • w####.cn/portal/mobile/images/img_default_16x9.png
  • w####.cn/data/images/201612/30/5866033c75c96.jpg
  • w####.cn/data/images/201701/10/58744fbf8c98f.jpg
  • w####.cn/data/images/201605/05/572ae89d8e71d.jpg
  • s####.####.cn/versioncheck.aspx?
  • w####.cn/data/images/201701/23/5885c09b07d57.jpg
  • w####.cn/data/images/201701/11/5876068fa2d67.gif
  • 1####.####.253/atointermsg.asmx/getservermobile?imei=####
  • w####.cn/portal/mobile/images/agg/source_wasu.png
  • w####.cn/data/images/201701/27/588aef2adf661.jpg
  • n####.####.com/wp-content/uploads/2017/01/%E6%89%8B%E6%9C%AF%E4%B8%AD%E7%B4%AF%E6%99%95%E5%80%92-%E4%B8%BA%E5%A5%BD%E5%8C%BB%E7%94%9F%E7%82%B9%E8%B5%9...
  • w####.cn/portal/mobile/js/jquery.js?t=####
  • s####.####.cn/getconfig.aspx?
  • w####.cn/portal/mobile/images/agginfo/right.png
  • n####.####.com/wp-content/uploads/2017/01/%E5%A4%A7%E7%88%B7%E7%82%92%E7%93%9C%E5%AD%9018%E5%B9%B4-%E6%94%92%E5%87%BA%E4%B8%80%E5%BA%A7%E4%BE%BF%E6%B0...
  • w####.cn/mrms/manage/images/201611/24/5836573ad822d.jpg
  • w####.cn/portal/mobile/images/agginfo/icon_down.png
  • w####.cn/mrms/manage/images/201609/23/57e41df93ed13.jpg
  • w####.cn/mrms/manage/images/201701/16/587c775c0ccad.jpg
  • p####.####.com/sync_pos.htm?cproid=####&t=####
  • w####.cn/data/images/201610/22/580b37b2cf1d8.jpg
  • webdiss####.com/recv/gs.gif?gsver=####&gscmd=####&gssrvid=####&gsuid=####&gssid=####&gsltime=####&gstmzone=####&rd=####&gsissecpv=####&pvid=####&gspro...
  • w####.cn/portal/mobile/images/gotop.png
  • w####.cn/data/images/201606/20/57678e42d31d7.png
  • w####.cn/portal/mobile/images/vip_03.png
  • p####.####.com/hcdm?sz=####&rdid=####&dc=####&di=####&dri=####&dis=####&dai=####&ps=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=####&tpr=###...
  • w####.cn/data/images/201701/27/588aa7993a4ad.jpg
  • w####.cn/mrms/manage/images/201612/07/5847837c26cf4.jpg
  • w####.cn/wap/play/show/id/2067624
  • w####.cn/portal/mobile/css/li_list.css?t=####
  • w####.cn/data/images/201701/25/5887a31e59eed.jpg
  • a####.####.com/s.gif?l=####
  • w####.cn/data/images/201701/25/5887a0109ec8b.jpg
  • c####.####.com/pixel?dspid=####
  • n####.####.com/wp-content/uploads/2017/01/%E7%8E%AF%E5%8D%AB%E5%B7%A5%E4%B8%A2%E5%B7%A5%E8%B5%84-%E5%A5%BD%E5%BF%83%E4%BA%BA%E8%A1%A5%E9%BD%90.png
  • w####.cn/portal/mobile/css/li_list.css
  • w####.cn/data/images/201612/21/585a18c266338.jpg
  • n####.####.com/wp-content/uploads/2017/01/%E8%BD%BF%E8%BD%A6%E7%AA%81%E7%84%B6%E8%B5%B7%E7%81%AB-%E5%B8%82%E6%B0%91%E8%81%94%E6%89%8B%E7%81%AD%E7%81%A...
  • s####.####.com/stat.php?id=####&web_id=####&show=####
  • w####.cn/data/images/201611/14/58292c655fbf4.jpg
  • w####.cn/data/images/201701/27/588ab45039183.jpg
  • w####.cn/data/images/201612/16/585358a50a66b.jpg
  • w####.cn/data/images/201603/22/56f0d989c1516.jpg
  • w####.cn/portal/mobile/images/mobile/img_default_16x9.png
  • j####.####.com/lz-49-1757337
  • w####.cn/data/images/201701/25/5887a5525cf1b.jpg
  • w####.cn/portal/mobile/js/jquery.js
  • w####.cn/mrms/manage/images/201611/25/5837da652fdb9.jpg
  • w####.cn/data/images/201604/06/570476d939249.jpg
  • p####.####.com/sync_pos.htm?cproid=####
  • w####.cn/portal/mobile/images/navpage.jpg
  • pco####.####.com/app.gif?&cna=####
  • p####.####.com/hcdm?di=####&dri=####&dis=####&dai=####&ps=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=####&tpr=####&ti=####&ari=####&dbv=###...
  • af####.####.com/acookie.html
  • w####.cn/data/images/201701/27/588aa6dd55c89.jpg
  • s####.####.com/GetFeeData.aspx?iswifi=####
  • i####.####.com/img/zhushou/1/640x200.png
  • c####.####.com/cpro/ui/noexpire/img/2.0.1/bd-logo4.png
  • s####.####.com/core.php?web_id=####&show=####&t=####
  • w####.####.com/adx.php?c=####
  • w####.cn/mrms/manage/images/201505/12/5551a45170a34.jpg
  • w####.cn/portal/mobile/js/swipe.js?t=####
  • s####.####.com/stat.php?id=####&web_id=####
  • w####.cn/data/images/201701/25/588816362a29a.jpg
  • c####.####.com/du?&baidu_user_id=####&cookie_version=####&timestamp=####&ext_data=####
  • w####.cn/wap/Agginfo/index/id/46423
  • w####.cn/portal/mobile/images/lookico.png
  • w####.cn/data/images/201701/10/58743c3ad68bc.jpg
  • p####.####.com/kcgm?di=####&dri=####&dis=####&dai=####&ps=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=####&tpr=####&ti=####&ari=####&dbv=###...
  • c####.####.com/cpro/ui/cm.js
  • w####.cn/data/images/201603/30/56fb4ac3979c2.png
  • w####.cn/data/images/201603/09/56dfeb1056326.jpg
  • n####.####.com/wp-content/uploads/2017/01/%E4%BC%97%E4%BA%BA%E7%8C%AE%E8%AE%A1%E6%95%91%E5%B0%8F%E7%8C%AB.png
  • w####.cn/portal/mobile/images/searchico.png
  • w####.cn/portal/mobile/js/fixbar.js?t=####
  • af####.####.com/opt?bid=####&pid=####&cid=####&mid=####&oid=####&productType=####&qytInfoMTime=####&cb=####
  • w####.cn/portal/mobile/js/cover.js?t=####
  • w####.cn/data/images/201701/10/58743c43e90fa.jpg
  • w####.cn/data/images/201612/21/585a194590eb6.jpg
  • w####.cn/data/images/201701/25/5888644cc3da1.png
  • w####.cn/data/images/201701/28/588bf8e3c737a.jpg
  • p####.####.com/ecxm?di=####&dri=####&dis=####&dai=####&ps=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=####&tpr=####&ti=####&ari=####&dbv=###...
  • w####.cn/data/images/201701/25/5887a514a69e2.jpg
  • w####.cn/portal/mobile/images/agginfo/search-bg.jpg
  • w####.cn/wap/
  • w####.cn/data/images/201701/18/587edf6e7bfaf.jpg
  • w####.cn/data/images/201604/05/5703866108205.png
Modified file system:
Creates the following files:
  • /data/data/####/cache/webviewCacheChromium/f_00002f
  • /data/data/####/cache/webviewCacheChromium/f_00002e
  • /data/data/####/cache/webviewCacheChromium/f_00002d
  • /data/data/####/cache/webviewCacheChromium/f_00002c
  • /data/data/####/cache/webviewCacheChromium/f_00002b
  • /data/data/####/cache/webviewCacheChromium/f_00002a
  • /data/data/####/cache/webviewCacheChromium/f_00003e
  • /data/data/####/cache/webviewCacheChromium/f_00000a
  • /data/data/####/cache/webviewCacheChromium/f_00000c
  • /data/data/####/cache/webviewCacheChromium/f_000020
  • /data/data/####/cache/webviewCacheChromium/f_00000e
  • /data/data/####/cache/webviewCacheChromium/f_00000d
  • /data/data/####/cache/webviewCacheChromium/f_00000f
  • /data/data/####/cache/webviewCacheChromium/f_000034
  • /data/data/####/cache/webviewCacheChromium/data_3
  • /data/data/####/cache/webviewCacheChromium/f_000036
  • /data/data/####/cache/webviewCacheChromium/f_000037
  • /data/data/####/cache/webviewCacheChromium/f_000030
  • /data/data/####/cache/webviewCacheChromium/f_000031
  • /data/data/####/cache/webviewCacheChromium/f_000018
  • /data/data/####/cache/webviewCacheChromium/f_000019
  • /data/data/####/cache/webviewCacheChromium/f_000016
  • /data/data/####/cache/webviewCacheChromium/f_000017
  • /data/data/####/cache/webviewCacheChromium/f_000014
  • /data/data/####/cache/webviewCacheChromium/f_000015
  • /data/data/####/cache/webviewCacheChromium/f_000012
  • /data/data/####/cache/webviewCacheChromium/f_000013
  • /data/data/####/cache/webviewCacheChromium/f_000010
  • /data/data/####/cache/webviewCacheChromium/f_000011
  • /data/data/####/databases/webviewCookiesChromium.db-journal
  • /data/data/####/cache/webviewCacheChromium/data_0
  • /data/data/####/databases/mydata.db
  • /data/data/####/cache/webviewCacheChromium/f_000043
  • /data/data/####/cache/webviewCacheChromium/f_000038
  • /data/data/####/cache/webviewCacheChromium/f_00003c
  • /data/data/####/cache/webviewCacheChromium/f_000027
  • /data/data/####/shared_prefs/uw.xml
  • /data/data/####/cache/webviewCacheChromium/f_000039
  • /data/data/####/cache/webviewCacheChromium/f_000007
  • /data/data/####/cache/webviewCacheChromium/f_000035
  • /data/data/####/cache/webviewCacheChromium/f_000006
  • /data/data/####/cache/webviewCacheChromium/f_00003d
  • /data/data/####/databases/mydata.db-journal
  • /data/data/####/cache/webviewCacheChromium/f_00003f
  • /data/data/####/cache/webviewCacheChromium/f_00000b
  • /data/data/####/cache/webviewCacheChromium/data_2
  • /data/data/####/cache/webviewCacheChromium/f_00003a
  • /data/data/####/cache/webviewCacheChromium/f_000042
  • /data/data/####/shared_prefs/ui.xml
  • /data/data/####/cache/webviewCacheChromium/f_00001f
  • /data/data/####/cache/webviewCacheChromium/f_000044
  • /data/data/####/cache/webviewCacheChromium/f_00001d
  • /data/data/####/cache/webviewCacheChromium/f_00001e
  • /data/data/####/cache/webviewCacheChromium/f_00001b
  • /data/data/####/cache/webviewCacheChromium/f_00001c
  • /data/data/####/cache/webviewCacheChromium/f_000032
  • /data/data/####/cache/webviewCacheChromium/f_00001a
  • /data/data/####/databases/webview.db-journal
  • /data/data/####/cache/webviewCacheChromium/f_000026
  • /data/data/####/cache/webviewCacheChromium/f_000025
  • /data/data/####/cache/webviewCacheChromium/f_000024
  • /data/data/####/cache/webviewCacheChromium/f_000023
  • /data/data/####/cache/webviewCacheChromium/f_000022
  • /data/data/####/cache/webviewCacheChromium/f_000021
  • /data/data/####/shared_prefs/config.xml
  • /data/data/####/cache/webviewCacheChromium/f_000001
  • /data/data/####/cache/webviewCacheChromium/f_000003
  • /data/data/####/cache/webviewCacheChromium/f_000002
  • /data/data/####/cache/webviewCacheChromium/f_000005
  • /data/data/####/cache/webviewCacheChromium/f_000004
  • /data/data/####/cache/webviewCacheChromium/f_000029
  • /data/data/####/cache/webviewCacheChromium/f_000028
  • /data/data/####/cache/webviewCacheChromium/f_000009
  • /data/data/####/cache/webviewCacheChromium/data_1
  • /data/data/####/cache/webviewCacheChromium/f_000008
  • /data/data/####/shared_prefs/ui.xml.bak
  • /data/data/####/cache/webviewCacheChromium/f_000033
  • /data/data/####/cache/webviewCacheChromium/f_000040
  • /data/data/####/shared_prefs/uw.xml.bak
  • /data/data/####/cache/webviewCacheChromium/f_00003b
  • /data/data/####/cache/webviewCacheChromium/f_000041
  • /data/data/####/cache/webviewCacheChromium/index
Miscellaneous:
Contains functionality to send SMS messages automatically.

Curing recommendations

Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play