マイライブラリ
マイライブラリ

+ マイライブラリに追加

電話

お問い合わせ履歴

電話(英語)

+7 (495) 789-45-86

Profile

Adware.Dowgin.1189

Added to the Dr.Web virus database: 2018-05-15

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Adware.Dowgin.14.origin
Network activity:
Connecting to:
  • UDP(DNS) <Google DNS>
  • TCP(HTTP/1.1) beacon-####.rubicon####.com:80
  • TCP(HTTP/1.1) www.googlet####.com:80
  • TCP(HTTP/1.1) tlx.3####.com:80
  • TCP(HTTP/1.1) p####.chart####.net:80
  • TCP(HTTP/1.1) t####.blu####.com.####.net:80
  • TCP(HTTP/1.1) im####.google####.com:80
  • TCP(HTTP/1.1) edigita####.com:80
  • TCP(HTTP/1.1) b.scoreca####.com.####.net:80
  • TCP(HTTP/1.1) eb2.3####.com:80
  • TCP(HTTP/1.1) td.crwdc####.net:80
  • TCP(HTTP/1.1) me####.effecti####.net:80
  • TCP(HTTP/1.1) ib.3####.com:80
  • TCP(HTTP/1.1) wild####.outb####.com.####.net:80
  • TCP(HTTP/1.1) www.go####.com:80
  • TCP(HTTP/1.1) s.effecti####.net:80
  • TCP(HTTP/1.1) w####.bbc.co.uk:80
  • TCP(HTTP/1.1) odb.outb####.com:80
  • TCP(HTTP/1.1) t####.crwdc####.net:80
  • TCP(HTTP/1.1) st####.bbc.co.####.net:80
  • TCP(HTTP/1.1) newfeat####.perfect####.com:80
  • TCP(HTTP/1.1) optimiz####.rubicon####.net.####.net:80
  • TCP(HTTP/1.1) sa.b####.co.uk:80
  • TCP(HTTP/1.1) cdn.optimi####.com.####.net:80
  • TCP(HTTP/1.1) r.b####.co.uk:80
  • TCP(HTTP/1.1) pag####.googles####.com:80
  • TCP(HTTP/1.1) im####.outbrai####.com:80
  • TCP(HTTP/1.1) log.outb####.org:80
  • TCP(HTTP/1.1) tpc.googles####.com:80
  • TCP(HTTP/1.1) ssc.l####.3925c5b####.####.uk:80
  • TCP(HTTP/1.1) pool-bi####.do####.ipo####.net:80
  • TCP(HTTP/1.1) td2.crwdc####.net:80
  • TCP(HTTP/1.1) w####.bbc.com:80
  • TCP(HTTP/1.1) st####.chart####.com:80
  • TCP(SSL/3.0) i.w####.net:443
  • TCP(SSL/3.0) bbc.gsco####.net:443
  • TCP(SSL/3.0) bh.contex####.com:443
  • TCP(SSL/3.0) s####.tubem####.com:443
  • TCP(TLS/1.0) digice####.rubicon####.com.####.net:443
  • TCP(TLS/1.0) securep####.g.doublec####.net:443
  • TCP(TLS/1.0) sb.scoreca####.com.####.net:443
  • TCP(TLS/1.0) tpc.googles####.com:443
  • TCP(TLS/1.0) www.go####.com:443
  • TCP(TLS/1.0) log-####.a####.tv:443
  • TCP(TLS/1.0) s####.ex####.tv:443
  • TCP(TLS/1.0) s####.srv.stacka####.com:443
  • TCP(TLS/1.0) td.crwdc####.net:443
  • TCP(TLS/1.0) px.powerl####.com:443
  • TCP(TLS/1.0) d5p.d####.com:443
  • TCP(TLS/1.0) w####.bbc.com:443
  • TCP(TLS/1.0) t####.eyevie####.com:443
  • TCP(TLS/1.0) pix.imp####.com:443
  • TCP(TLS/1.0) p####.onaudi####.com:443
  • TCP(TLS/1.0) m####.ad####.org:443
  • TCP(TLS/1.0) www.go####.nl:443
  • TCP(TLS/1.0) g####.e####.co:443
  • TCP(TLS/1.0) ad.t####.com:443
  • TCP(TLS/1.0) g.geo####.com:443
  • TCP(TLS/1.0) mpp.vindico####.com:443
  • TCP(TLS/1.0) s####.tid####.com:443
  • TCP(TLS/1.0) pxl.conne####.net:443
  • TCP(TLS/1.0) p####.adsafep####.com:443
  • TCP(TLS/1.0) a####.tribalf####.com.####.net:443
  • TCP(TLS/1.0) www.googlet####.com:443
  • TCP(TLS/1.0) sa.b####.co.uk:443
  • TCP(TLS/1.0) s####.tubem####.com:443
  • TCP(TLS/1.0) googl####.g.doublec####.net:443
  • TCP(TLS/1.0) pixelt####.eyevie####.com:443
  • TCP(TLS/1.0) u####.aws.rubicon####.com:443
  • TCP(TLS/1.0) js####.dynat####.com:443
  • TCP(TLS/1.0) bh.contex####.com:443
  • TCP(TLS/1.0) t####.adfor####.ak####.net:443
  • TCP(TLS/1.0) prod-ma####.ru####.com:443
  • TCP(TLS/1.0) px.ad####.net:443
  • TCP(TLS/1.0) im####.google####.com:443
  • TCP(TLS/1.0) dt.adsafep####.com:443
  • TCP(TLS/1.0) m####.a####.bidthe####.com:443
  • TCP(TLS/1.0) m####.p####.b####.io:443
  • TCP(TLS/1.0) st####.bbc.co.####.net:443
  • TCP(TLS/1.0) cm.net####.com:443
  • TCP(TLS/1.0) aa####.amazon-####.com:443
  • TCP(TLS/1.0) afp.ams.do####.####.net:443
  • TCP(TLS/1.0) ssl.gst####.com:443
  • TCP(TLS/1.0) bbc.gsco####.net:443
  • TCP(TLS/1.0) s####.1rx.io:443
  • TCP(TLS/1.0) t####.blu####.com.####.net:443
  • TCP(TLS/1.0) cm.ctn####.com:443
  • TCP(TLS/1.0) dsp.adf####.adi####.com:443
  • TCP(TLS/1.0) b1####.zem####.com:443
  • TCP(TLS/1.0) btt####.com:443
  • TCP(TLS/1.0) x.bidsw####.net:443
  • TCP(TLS/1.0) cdn.optimi####.com:443
  • TCP(TLS/1.0) track-####.mobilea####.com:443
  • TCP(TLS/1.0) w####.bbc.co.uk:443
  • TCP(TLS/1.0) um.si####.fi:443
  • TCP(TLS/1.0) akamai-####.quants####.com.####.net:443
  • TCP(TLS/1.0) trac####.m6r.eu.####.net:443
  • TCP(TLS/1.0) wild####.cdn.optimi####.####.net:443
  • TCP(TLS/1.0) pag####.googles####.com:443
  • TCP(TLS/1.0) s####.bbc.co.uk:443
  • TCP(TLS/1.0) pix####.sites####.com:443
  • TCP(TLS/1.0) p####.mat####.com.####.net:443
  • TCP(TLS/1.0) bf8881####.bf.dynat####.com:443
  • TCP(TLS/1.0) acuityp####.com:443
  • TCP(TLS/1.0) adser####.go####.com:443
  • TCP(TLS/1.0) a.rf####.com.####.net:443
  • TCP(TLS/1.0) f####.bbc.co.uk:443
  • TCP(TLS/1.0) api.tr.blism####.com:443
  • TCP(TLS/1.0) ads.creativ####.com:443
  • TCP(TLS/1.0) rp.gwa####.com:443
  • TCP(TLS/1.0) t####.rubicon####.com:443
  • TCP(TLS/1.0) rtb.a####.com:443
  • TCP(TLS/1.0) cti.wac.4####.####.net:443
  • TCP(TLS/1.0) i####.de####.net:443
  • TCP(TLS/1.0) p####.rubicon####.com:443
  • TCP(TLS/1.0) d.t####.com:443
  • TCP(TLS/1.0) s####.mat####.com:443
  • TCP(TLS/1.0) l####.optimi####.com:443
  • TCP(TLS/1.0) st####.adsafep####.com:443
  • TCP(TLS/1.0) s####.ado####.com:443
  • TCP(TLS/1.0) www.gst####.com:443
  • TCP(TLS/1.0) pxl.ace.adverti####.com:443
  • TCP(TLS/1.0) ad.doublec####.net:443
  • TCP(TLS/1.0) s####.ipredic####.com:443
  • TCP(TLS/1.0) csi.gst####.com:443
  • TCP(TLS/1.0) wild####.own####.net.####.net:443
  • TCP(TLS/1.0) i.w####.net:443
  • TCP(TLS/1.0) rcp.c.ap####.net:443
  • TCP(TLS/1.0) eus.rubicon####.com.####.net:443
DNS requests:
  • a.tribalf####.com
  • a462104####.cdn.optimi####.com
  • aa####.amazon-####.com
  • acuityp####.com
  • ad.crwdc####.net
  • ad.doublec####.net
  • ad.t####.com
  • ads.creativ####.com
  • ads.rubicon####.com
  • adser####.go####.com
  • adser####.go####.nl
  • api.tr.blism####.com
  • b.scoreca####.com
  • b1####.zem####.com
  • bbc.gsco####.net
  • bcp.crwdc####.net
  • beacon-####.rubicon####.com
  • bf8881####.bf.dynat####.com
  • bh.contex####.com
  • btt####.com
  • c####.optimi####.com
  • c1.ad####.net
  • cdn.optimi####.com
  • cm.a####.com
  • cm.ctn####.com
  • cm.g.doublec####.net
  • cm.net####.com
  • cms.quants####.com
  • csi.gst####.com
  • cti.w####.net
  • d####.fl####.com
  • d.t####.com
  • d5p.d####.com
  • dpm.de####.net
  • dsp.adf####.adi####.com
  • dt.adsafep####.com
  • e####.bbc.com
  • eb2.3####.com
  • edigita####.com
  • emp.b####.co.uk
  • eus.rubicon####.com
  • f####.b####.co.uk
  • f####.bbc.co.uk
  • f####.google####.com
  • f2.doodlem####.com
  • g####.e####.co
  • googl####.g.doublec####.net
  • home####.f####.b####.####.uk
  • i####.b####.co.uk
  • i.w####.net
  • ib.3####.com
  • ib.a####.com
  • ich####.b####.co.uk
  • im####.google####.com
  • im####.outb####.com
  • im####.outbrai####.com
  • js####.dynat####.com
  • l####.optimi####.com
  • log.outb####.com
  • m####.a####.bidthe####.com
  • m####.ad####.org
  • m####.f####.b####.####.uk
  • m####.p####.b####.io
  • m####.ru####.com
  • m.f####.b####.####.uk
  • me####.effecti####.net
  • mpp.vindico####.com
  • mybbc-a####.f####.b####.####.uk
  • nav.f####.b####.####.uk
  • newfeat####.perfect####.com
  • odb.outb####.com
  • optimiz####.rubicon####.com
  • p####.adsafep####.com
  • p####.chart####.net
  • p####.mat####.com
  • p####.onaudi####.com
  • p####.rubicon####.com
  • p.rf####.com
  • pag####.googles####.com
  • pix####.sites####.com
  • pix.imp####.com
  • pixelt####.eyevie####.com
  • pol####.bbc.co.uk
  • px.ad####.net
  • px.own####.net
  • px.powerl####.com
  • pxl.conne####.net
  • r.b####.co.uk
  • rcp.c.ap####.net
  • rp.gwa####.com
  • rtb.mfad####.com
  • rub####.dig####.st
  • rub.pxl.ace.####.com
  • rubicon####.do####.com
  • s####.1rx.io
  • s####.ad####.adverti####.com
  • s####.ado####.com
  • s####.api.bbc.com
  • s####.bbc.co.uk
  • s####.blu####.com
  • s####.ex####.tv
  • s####.ipredic####.com
  • s####.mat####.com
  • s####.outb####.com
  • s####.srv.stacka####.com
  • s####.tid####.com
  • s.effecti####.net
  • s0.2####.net
  • sa.b####.co.uk
  • sb.scoreca####.com
  • se####.a####.com
  • securep####.g.doublec####.net
  • ssl.gst####.com
  • st####.adsafep####.com
  • st####.b####.co.uk
  • st####.bbc.co.uk
  • st####.chart####.com
  • syn####.everest####.net
  • t####.blu####.com
  • t####.crwdc####.net
  • t####.eyevie####.com
  • t####.rubicon####.com
  • tlx.3####.com
  • tpc.googles####.com
  • trac####.m6r.eu
  • track-####.mobilea####.com
  • u####.aws.rubicon####.com
  • um.si####.fi
  • w####.bbc.co.uk
  • w####.bbc.com
  • wid####.outb####.com
  • www.go####.com
  • www.go####.nl
  • www.googlet####.com
  • www.gst####.com
  • x.bidsw####.net
HTTP GET requests:
  • b.scoreca####.com.####.net/b?c1=####&c2=####&b_imp_src=####&b_vs_un=####...
  • b.scoreca####.com.####.net/b?c1=####&c2=####&c3=####&ns__t=####&ns_c=###...
  • b.scoreca####.com.####.net/beacon.js
  • b.scoreca####.com.####.net/p2?ns_alias=####&c1=####&c2=####&b_imp_src=##...
  • b.scoreca####.com.####.net/p?ns_alias=####&c1=####&c2=####&b_imp_src=###...
  • beacon-####.rubicon####.com/beacon/d/01e7c1d1-52c4-4a71-91ae-e8c57b3890d...
  • beacon-####.rubicon####.com/beacon/d/0302e9b1-c754-49ed-9b84-9def666c907...
  • beacon-####.rubicon####.com/beacon/d/10c3c991-f5fa-4373-a94c-732588d02fb...
  • beacon-####.rubicon####.com/beacon/d/1a33e6e2-9ae3-43b4-9b0e-1b314846317...
  • beacon-####.rubicon####.com/beacon/d/2cd1b3e6-3bf4-4484-a0ba-cdaf95e79b2...
  • beacon-####.rubicon####.com/beacon/d/3fe8d219-bea8-4cae-899b-4857c989d37...
  • beacon-####.rubicon####.com/beacon/d/5b125b1a-7d97-44b6-bc81-5f63334e94f...
  • beacon-####.rubicon####.com/beacon/d/79a2393a-a13d-439f-9123-7ea5a8507dd...
  • beacon-####.rubicon####.com/beacon/d/7d45c9cf-fff7-4985-864d-767e46928ef...
  • beacon-####.rubicon####.com/beacon/d/a27d4916-979e-4e85-93cc-28b6ebdbf79...
  • beacon-####.rubicon####.com/beacon/d/a7867488-9094-48da-88ba-415ecda6712...
  • beacon-####.rubicon####.com/beacon/d/de512e0a-f7a8-4fe9-9c68-f08415cea59...
  • cdn.optimi####.com.####.net/js/geo2.js
  • eb2.3####.com/r?rr=####&domain=####&ref=####&pr=####&impid=####&aid=####...
  • edigita####.com/l.php?id=####&v=####&x=####&y=####&d=####&c=####&ck=####...
  • ib.3####.com/rev/96499ebe6b62078ab1ab83a8d7875521df124acd/dist/bundle.js
  • ib.3####.com/ttj?inv_code=####
  • im####.google####.com/js/core/bridge3.209.2_en.html
  • im####.google####.com/js/sdkloader/ima3.js
  • im####.outbrai####.com/transform/v3/eyJpdSI6IjA1ODdkNzNlYzA2YzU1ODEwZmM4...
  • im####.outbrai####.com/transform/v3/eyJpdSI6Ijg4NzVlMDA0OGQ5YmQwNDVmMzBh...
  • log.outb####.org/loggerServices/widgetGlobalEvent?eT=####&tm=####&pid=##...
  • me####.effecti####.net/em.js
  • odb.outb####.com/cookie-sync?p=####&uid=####
  • odb.outb####.com/utils/get?url=####&settings=####&recs=####&widgetJSId=#...
  • optimiz####.rubicon####.net.####.net/a/12198/52926/242928-15.js?&cb=####...
  • optimiz####.rubicon####.net.####.net/a/12198/52926/242928-2.js?&cb=####&...
  • optimiz####.rubicon####.net.####.net/a/12198/52926/243884-15.js?&cb=####...
  • optimiz####.rubicon####.net.####.net/a/12198/52926/243902-15.js?&cb=####...
  • optimiz####.rubicon####.net.####.net/a/12198/52926/243902-2.js?&cb=####&...
  • optimiz####.rubicon####.net.####.net/a/12198/52926/243904-15.js?&cb=####...
  • p####.chart####.net/ping?h=####&p=####&u=####&d=####&g=####&g0=####&n=##...
  • pag####.googles####.com/pagead/js/adsbygoogle.js
  • pag####.googles####.com/pagead/js/r20180514/r20180504/show_ads_impl.js
  • pag####.googles####.com/pagead/js/rum.js
  • pag####.googles####.com/pagead/osd.js
  • pool-bi####.do####.ipo####.net/sync?ssp=####&ssp_user_id=####
  • pool-bi####.do####.ipo####.net/ul_cb/sync?ssp=####&ssp_user_id=####
  • r.b####.co.uk/e/av/0/-/smpj/1.2.1/smphtml5/2.19.2.1850630.r/567FEC5F-DC2...
  • r.b####.co.uk/e/av/0/-/smpj/1.2.1/smphtml5/2.19.2.1850630.r/B587DA1F-99F...
  • s.effecti####.net/d/6/p?pu=####&ru=####&tz=####&fc=####&ii=####&ua=####&...
  • s.effecti####.net/d/6/p?pu=####&ru=####&tz=####&fv=####&ft=####&fc=####&...
  • s.effecti####.net/html/frame_2.3.7.html
  • sa.b####.co.uk/bbc/bbc/s?name=####&app_name=####&app_type=####&ml_name=#...
  • ssc.l####.3925c5b####.####.uk/?c1=####&c2=####&b_imp_src=####&b_vs_un=##...
  • ssc.l####.3925c5b####.####.uk/?ns_alias=####&c1=####&c2=####&b_imp_src=#...
  • st####.bbc.co.####.net/bbcdotcom/1.80.0/script/av/emp/adverts.js
  • st####.bbc.co.####.net/bbcdotcom/1.80.0/script/av/emp/analytics.js
  • st####.bbc.co.####.net/bbcdotcom/1.80.0/script/dist/bbcdotcom.js
  • st####.bbc.co.####.net/bbcdotcom/1.80.0/script/vendor/edr/edr.min.js
  • st####.bbc.co.####.net/bbcdotcom/1.80.0/style/dist/bbcdotcom-async.css
  • st####.bbc.co.####.net/echo-client-js/echo-11.0.1.min.js
  • st####.bbc.co.####.net/emp/SMPj/2.19.2/iframe.html
  • st####.bbc.co.####.net/emp/assets/2.0.21/cta_play.png
  • st####.bbc.co.####.net/emp/bump-3/bump-3.js
  • st####.bbc.co.####.net/frameworks/barlesque/3.22.44/orb/4/img/bbc-blocks...
  • st####.bbc.co.####.net/frameworks/barlesque/3.22.44/orb/4/img/bbccookies...
  • st####.bbc.co.####.net/frameworks/barlesque/3.22.44/orb/4/img/orb-sprite...
  • st####.bbc.co.####.net/frameworks/barlesque/3.22.44/orb/4/script/orb.min...
  • st####.bbc.co.####.net/frameworks/barlesque/3.22.44/orb/4/script/orb/api...
  • st####.bbc.co.####.net/frameworks/barlesque/3.22.44/orb/4/script/orb/fon...
  • st####.bbc.co.####.net/frameworks/barlesque/3.22.44/orb/4/style/orb.min....
  • st####.bbc.co.####.net/frameworks/jquery/0.4.1/sharedmodules/jquery-1.7....
  • st####.bbc.co.####.net/frameworks/jquery/0.4.1/sharedmodules/jquery-1.9....
  • st####.bbc.co.####.net/frameworks/requirejs/lib.js
  • st####.bbc.co.####.net/id/0.37.24/modules/idcta/dist/idcta-1.min.js
  • st####.bbc.co.####.net/id/0.37.24/modules/idcta/statusbar.js
  • st####.bbc.co.####.net/id/0.37.24/style/id-cta-v5.css
  • st####.bbc.co.####.net/id/0.37.24/style/id-cta.css
  • st####.bbc.co.####.net/id/0.37.24/svg/icon-sprite.svg
  • st####.bbc.co.####.net/modules/bbc-morph-news-front-page-js-bundle/1.17....
  • st####.bbc.co.####.net/modules/bbc-morph-news-navigation-body/3.1.4/navi...
  • st####.bbc.co.####.net/modules/bbc-morph-news-page-styles/2.0.7/enhanced...
  • st####.bbc.co.####.net/modules/bbc-morph-news-waf-page-meta/2.2.2/apple-...
  • st####.bbc.co.####.net/nav-analytics/0.1.0-95/js/istats-1.js
  • st####.bbc.co.####.net/news/1.240.02582/apple-touch-icon.png
  • st####.bbc.co.####.net/news/1.240.02582/fonts/gel-news-icons-v3/gelnewsi...
  • st####.bbc.co.####.net/news/1.240.02582/icons/generated/icons.data.svg.css
  • st####.bbc.co.####.net/news/1.240.02582/img/brand/generated/news-light.svg
  • st####.bbc.co.####.net/news/1.240.02582/img/elections/sprite-2.png
  • st####.bbc.co.####.net/news/1.240.02582/img/faux-block-link-transparent-...
  • st####.bbc.co.####.net/news/1.240.02582/img/news--icons-sprite.png
  • st####.bbc.co.####.net/news/1.240.02582/img/share_tools_44px.png
  • st####.bbc.co.####.net/news/1.240.02582/img/sprite-sharetools.png
  • st####.bbc.co.####.net/news/1.240.02582/js/compiled/all.js
  • st####.bbc.co.####.net/news/1.240.02582/js/module/translations/en-GB.js
  • st####.bbc.co.####.net/news/1.240.02582/js/module/userScroll.js
  • st####.bbc.co.####.net/news/1.240.02582/js/module/userScrollAdapter.js
  • st####.bbc.co.####.net/news/1.240.02582/js/vendor/jquery-1/jquery.js
  • st####.bbc.co.####.net/news/1.240.02582/js/vendor/jquery-2/jquery.min.js
  • st####.bbc.co.####.net/news/1.240.02582/stylesheets/services/news/core.css
  • st####.bbc.co.####.net/news/1.240.02582/stylesheets/services/news/tablet...
  • st####.bbc.co.####.net/news/1.55.2536/img/news--icons-sprite.png
  • st####.bbc.co.####.net/notification-ui/3.8.4/css/main.min.css
  • st####.bbc.co.####.net/notification-ui/3.8.4/js/NotificationsMain.js
  • st####.bbc.co.####.net/notification-ui/3.8.5/js/NotificationsMain.js
  • st####.bbc.co.####.net/plugins/dfpAdsHTML/3.24.1/css/dfpAds.css
  • st####.bbc.co.####.net/plugins/dfpAdsHTML/3.24.1/js/dfpAds.js
  • st####.bbc.co.####.net/searchbox/1.0.0-137/css/main.css
  • st####.bbc.co.####.net/searchbox/1.0.0-137/img/gel-icon-search-dark.svg
  • st####.bbc.co.####.net/weather/0.5.284/images/icons/individual_56_icons/...
  • st####.bbc.co.####.net/wwhp/1.123.289/fonts/wwhp-icons.ttf
  • st####.bbc.co.####.net/wwhp/1.123.289/modules/compiled.js
  • st####.bbc.co.####.net/wwhp/1.123.289/modules/vendor/bower/modernizr/mod...
  • st####.bbc.co.####.net/wwhp/1.123.289/responsive/css/wwhp.min.css
  • st####.bbc.co.####.net/wwhp/144/cpsprodpb/0C96/production/_101522230_isr...
  • st####.bbc.co.####.net/wwhp/144/cpsprodpb/140FB/production/_101217128_ou...
  • st####.bbc.co.####.net/wwhp/144/cpsprodpb/150D4/production/_101582268_me...
  • st####.bbc.co.####.net/wwhp/144/cpsprodpb/18692/production/_101568999_me...
  • st####.bbc.co.####.net/wwhp/144/cpsprodpb/2C85/production/_101279311_de7...
  • st####.bbc.co.####.net/wwhp/144/cpsprodpb/5F87/production/_101255442_nig...
  • st####.bbc.co.####.net/wwhp/144/cpsprodpb/A569/production/_101254324_hi0...
  • st####.bbc.co.####.net/wwhp/144/cpsprodpb/B1D7/production/_101572554_chi...
  • st####.bbc.co.####.net/wwhp/144/ibroadcast/images/live/p0/66/xd/p066xd1x...
  • st####.bbc.co.####.net/wwhp/144/ibroadcast/images/live/p0/67/3j/p0673jq6...
  • st####.bbc.co.####.net/wwhp/800/ibroadcast/images/live/p0/67/6x/p0676xh4...
  • st####.bbc.co.####.net/wwhp/999/cpsprodpb/150D4/production/_101582268_me...
  • st####.chart####.com/js/chartbeat.js
  • t####.blu####.com.####.net/site/29859?id=####
  • t####.crwdc####.net/c/10816/cc.js?ns=####
  • td.crwdc####.net/j/c=10816/rand=255553255/pv=y/genp=excl_cat:violence,se...
  • td.crwdc####.net/j/ct=y/c=10816/rand=255553255/pv=y/genp=excl_cat:violen...
  • td2.crwdc####.net/5/c=10815/pe=y/var=ccauds
  • tlx.3####.com/web/auction?inv_code=####&referrer=####&imp_id=####&rev=##...
  • tpc.googles####.com/safeframe/1-0-23/html/container.html
  • tpc.googles####.com/safeframe/1-0-23/html/container.html?n=####
  • w####.bbc.co.uk/
  • w####.bbc.co.uk/idcta/config?call####&locale=####&ptrt=####
  • w####.bbc.co.uk/idcta/translations?call####&locale=####
  • w####.bbc.com/
  • w####.bbc.com/favicon.ico
  • w####.bbc.com/news
  • w####.bbc.com/news/components?alternativeJsLoading=####&batch[from-other...
  • w####.bbc.com/news/components?alternativeJsLoading=####&batch[most-popul...
  • w####.bbc.com/news/pattern-library-components?options[assetId]=####&opti...
  • w####.bbc.com/news/world-middle-east-20415675
  • w####.bbc.com/news/world-middle-east-44131466
  • w####.bbc.com/wwscripts/flag
  • wild####.outb####.com.####.net/images/widgetIcons/achoice.svg
  • wild####.outb####.com.####.net/images/widgetIcons/play_100x100.png
  • wild####.outb####.com.####.net/nanoWidget/01003400/module/swipeLayout.js
  • wild####.outb####.com.####.net/nanoWidget/externals/obFrame/obFrame.htm
  • wild####.outb####.com.####.net/outbrain.js
  • wild####.outb####.com.####.net/transform/v3/eyJpdSI6IjA3MDNhZWE3ODVmNjg4...
  • wild####.outb####.com.####.net/transform/v3/eyJpdSI6IjE5OGExNzlkYWM4NzNm...
  • wild####.outb####.com.####.net/transform/v3/eyJpdSI6IjFlY2U5ZWM0Nzg5NGU0...
  • wild####.outb####.com.####.net/transform/v3/eyJpdSI6IjJiY2Y0YWM2MjUyY2Jj...
  • wild####.outb####.com.####.net/transform/v3/eyJpdSI6IjM0ZjJmMWJlZDYxOGY4...
  • wild####.outb####.com.####.net/transform/v3/eyJpdSI6IjMwMWM3MjY4M2YxOWJm...
  • wild####.outb####.com.####.net/transform/v3/eyJpdSI6IjNiNWVmYmRkNzdmYTg0...
  • wild####.outb####.com.####.net/transform/v3/eyJpdSI6IjQxNGZlYjM1ZGQ3Yjgx...
  • wild####.outb####.com.####.net/transform/v3/eyJpdSI6IjQzZWVjYWYwYjM4NWVj...
  • wild####.outb####.com.####.net/transform/v3/eyJpdSI6IjVjMDFhZDNmNGE5ZDI4...
  • wild####.outb####.com.####.net/transform/v3/eyJpdSI6IjVlMWRhMWMwZDQ1YTEw...
  • wild####.outb####.com.####.net/transform/v3/eyJpdSI6Ijc1MDdiODJiYmY4NDIx...
  • wild####.outb####.com.####.net/transform/v3/eyJpdSI6Ijg5NDg2NDExMjRmOWNi...
  • wild####.outb####.com.####.net/transform/v3/eyJpdSI6IjhhMGNmMmYxZGUwYWIw...
  • wild####.outb####.com.####.net/transform/v3/eyJpdSI6ImE3ODQ1MzAxNDZlZjI4...
  • wild####.outb####.com.####.net/transform/v3/eyJpdSI6ImFlNzE1YWMxNTA4ZTZm...
  • wild####.outb####.com.####.net/transform/v3/eyJpdSI6ImM2YjVhMWIwMDhiYzE5...
  • wild####.outb####.com.####.net/transform/v3/eyJpdSI6ImMxNTlhMGQxNDgxNDRj...
  • wild####.outb####.com.####.net/transform/v3/eyJpdSI6ImY0MzkyNGM1ODg4OTA5...
  • wild####.outb####.com.####.net/transform/v3/eyJpdSI6ImY4MDI2ZWJlNjRhZGU0...
  • wild####.outb####.com.####.net/transform/v3/eyJpdSI6ImYxODQzYzZhODA3MDJi...
  • www.go####.com/complete/search?hl=####&client=####&q=####
  • www.googlet####.com/tag/js/gpt.js
HTTP POST requests:
  • newfeat####.perfect####.com/featureview/getfeatureview/
Modified file system:
Creates the following files:
  • /data/data/####/.dmgames_prefs.xml
  • /data/data/####/.flurryagent.-4f724f0c
  • /data/data/####/0761513c.jar
  • /data/data/####/0813714c.jar
  • /data/data/####/f1a71.xml
Miscellaneous:
Loads the following dynamic libraries:
  • mono
  • unity
Uses the following algorithms to encrypt data:
  • DES
Gains access to telephone information (number, imei, etc.).
Gains access to information about installed applications.
Displays its own windows over windows of other applications.

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android