ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Adware.Gexin.10195

Added to the Dr.Web virus database: 2019-03-14

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Adware.Gexin.2.origin
Network activity:
Connects to:
  • UDP(DNS) <Google DNS>
  • TCP(HTTP/1.1) r####.v####.qq.com:80
  • TCP(HTTP/1.1) isds####.qq.com:80
  • TCP(HTTP/1.1) m1.pand####.cn:80
  • TCP(TLS/1.0) x####.tc.qq.com:443
  • TCP(TLS/1.0) sec.v####.qq.com:443
  • TCP(TLS/1.0) l####.v####.qq.com:443
  • TCP(TLS/1.0) v####.qq.com.####.net:443
  • TCP(TLS/1.0) shp.q####.cn:443
  • TCP(TLS/1.0) img.x####.us.####.com:443
  • TCP(TLS/1.0) 1####.217.17.46:443
  • TCP(TLS/1.0) bt####.v####.qq.com:443
  • TCP(TLS/1.0) v.q####.com:443
  • TCP(TLS/1.0) p####.tc.qq.com:443
  • TCP(TLS/1.0) cgiac####.tc.qq.com:443
DNS requests:
  • bt####.v####.qq.com
  • h####.v####.qq.com
  • i####.pand####.cn
  • i.g####.cn
  • img.x####.us
  • imgc####.qq.com
  • isds####.qq.com
  • l####.v####.qq.com
  • m1.pand####.cn
  • r####.v####.qq.com
  • sec.v####.qq.com
  • shp.q####.cn
  • u.pand####.cn
  • v####.qq.com
  • v.q####.com
HTTP GET requests:
  • isds####.qq.com/cgi-bin/v.cgi?flag1=####&flag2=####&1=####&2=####
  • m1.pand####.cn/Api/PlatProps/CheckAppVersion?AppType=####
  • m1.pand####.cn/Api/PlatProps/CheckAppVersion?isDiff=####&android=####&ap...
  • m1.pand####.cn/Article/Detail?id=####&title=####
  • m1.pand####.cn/assets/2018/04/20/16ff42d6846-655078_png!588x646.png
  • m1.pand####.cn/assets/2018/04/20/17061d08517-254495_png!640x226.png
  • m1.pand####.cn/assets/2018/04/20/1721be72965-249898_png!565x193.png
  • m1.pand####.cn/assets/2018/04/20/17469e55889-72768_png!374x220.png
  • m1.pand####.cn/assets/2018/04/20/174fba68247-73921_png!376x219.png
  • m1.pand####.cn/assets/2018/04/30/34445b91613-11097_png!100x100.png
  • m1.pand####.cn/assets/2018/04/30/344a57e3093-13357_png!100x100.png
  • m1.pand####.cn/assets/2018/04/30/344f7449582-10445_png!100x100.png
  • m1.pand####.cn/assets/2018/06/09/565c7073129-165210_jpg!1181x1181.jpg
  • m1.pand####.cn/assets/2018/06/22/2aedeb87633-216248_jpg!1000x1000.jpg
  • m1.pand####.cn/assets/2018/07/14/2a6476c6096-373514_jpg!750x750.jpg
  • m1.pand####.cn/assets/2018/07/14/347400a9206-141520_jpg!800x800.jpg
  • m1.pand####.cn/assets/2018/08/28/628900e8944-139555_jpg!1000x1000.jpg
  • m1.pand####.cn/assets/2018/08/30/33e34ed4478-130518_jpg!1000x1000.jpg
  • m1.pand####.cn/assets/2018/09/04/57ef4827425-114543_jpg!1000x1000.jpg
  • m1.pand####.cn/assets/2018/09/06/592eed18056-210562_jpg!1000x1000.jpg
  • m1.pand####.cn/assets/2018/09/12/18a84157246-211032_jpg!1000x1000.jpg
  • m1.pand####.cn/assets/2018/09/12/1d1f0538775-176727_jpg!1000x1000.jpg
  • m1.pand####.cn/assets/2018/09/12/1d6d10b6814-151158_jpg!1000x1000.jpg
  • m1.pand####.cn/assets/2018/09/13/1e557413222-160942_jpg!1000x1000.jpg
  • m1.pand####.cn/assets/2018/09/25/137bec73744-180351_jpg!1000x1000.jpg
  • m1.pand####.cn/assets/2018/09/25/29960c89336-159524_jpg!1000x1000.jpg
  • m1.pand####.cn/assets/2018/09/28/32a88e21272-217080_jpg!1000x1000.jpg
  • m1.pand####.cn/assets/2018/09/29/1d610909992-132631_jpg!1000x1000.jpg
  • m1.pand####.cn/assets/2018/09/29/325d75c5044-196936_jpg!1000x1000.jpg
  • m1.pand####.cn/assets/2018/10/05/5abfe936231-131478_jpg!1000x1000.jpg
  • m1.pand####.cn/assets/2018/10/08/15636ed8328-122474_jpg!1000x1000.jpg
  • m1.pand####.cn/assets/2018/10/08/1763cf08974-126504_jpg!1000x1000.jpg
  • m1.pand####.cn/assets/2018/10/08/20d21773581-166755_jpg!1000x1000.jpg
  • m1.pand####.cn/assets/2018/10/08/20d5b159420-156031_jpg!1000x1000.jpg
  • m1.pand####.cn/assets/2018/10/09/cce3985309-155398_jpg!1000x1000.jpg
  • m1.pand####.cn/assets/2018/10/09/dabddc3422-300958_jpg!1000x1000.jpg
  • m1.pand####.cn/assets/2018/10/10/288a3e06127-145888_jpg!1000x1000.jpg
  • m1.pand####.cn/assets/2018/10/10/288efec9379-106344_jpg!1000x1000.jpg
  • m1.pand####.cn/assets/2018/10/15/174a84d9447-156758_jpg!1000x1000.jpg
  • m1.pand####.cn/assets/2018/10/15/1fad5666541-171888_jpg!1000x1000.jpg
  • m1.pand####.cn/assets/2018/10/29/14504da7434-118339_jpg!1000x1000.jpg
  • m1.pand####.cn/assets/2018/10/29/620e94b3164-124487_jpg!1000x1000.jpg
  • m1.pand####.cn/assets/2018/10/31/1cd403b3372-8575_png!100x100.png
  • m1.pand####.cn/assets/2018/10/31/6e496546531-8575_png!100x100.png
  • m1.pand####.cn/assets/2018/11/10/ebdc937280-371972_jpg!750x750.jpg
  • m1.pand####.cn/assets/2018/11/12/59a69372676-14231_png!200x200.png
  • m1.pand####.cn/assets/2018/11/12/59a92f23843-14209_png!167x167.png
  • m1.pand####.cn/assets/2018/11/12/59ab4222497-15142_png!200x200.png
  • m1.pand####.cn/assets/2018/11/12/59c70bd4340-15877_png!200x200.png
  • m1.pand####.cn/assets/2018/11/13/169b52a5261-240521_jpg!1000x1000.jpg
  • m1.pand####.cn/assets/2018/11/13/16bb8da8763-275735_jpg!1000x1000.jpg
  • m1.pand####.cn/assets/2018/11/13/18b51708606-182708_jpg!1000x1000.jpg
  • m1.pand####.cn/assets/2018/11/13/d34c5e4434-261634_jpg!1600x1600.jpg
  • m1.pand####.cn/assets/2018/11/13/da92a72509-163119_jpg!1000x1000.jpg
  • m1.pand####.cn/assets/2018/11/14/733e24c6328-57820_jpg!800x800.jpg
  • m1.pand####.cn/assets/2018/11/14/73c84769980-122312_jpg!800x800.jpg
  • m1.pand####.cn/assets/2018/11/14/73ff6dc5626-71249_jpg!800x800.jpg
  • m1.pand####.cn/assets/2018/11/14/7413a864282-56000_jpg!800x800.jpg
  • m1.pand####.cn/assets/2018/11/14/743315b5336-52925_jpg!800x800.jpg
  • m1.pand####.cn/assets/2018/11/14/744613b3430-61509_jpg!800x800.jpg
  • m1.pand####.cn/assets/2018/11/14/7462e565757-83095_jpg!800x800.jpg
  • m1.pand####.cn/assets/2018/11/14/b937d74225-132709_jpg!1000x1000.jpg
  • m1.pand####.cn/assets/2018/11/14/bdda7f1217-178767_jpg!1000x1000.jpg
  • m1.pand####.cn/assets/2018/11/16/265c1805306-150001_jpg!1000x1000.jpg
  • m1.pand####.cn/assets/2018/11/16/2788f905711-194662_jpg!1000x1000.jpg
  • m1.pand####.cn/assets/2018/11/16/28302964329-182644_jpg!1000x1000.jpg
  • m1.pand####.cn/assets/2018/12/12/2b369cf4633-191289_jpg!1000x1000.jpg
  • m1.pand####.cn/assets/2018/12/12/56a400f9104-137950_jpg!1000x1000.jpg
  • m1.pand####.cn/assets/2019/01/04/60dae963092-196656_jpg!750x360.jpg
  • m1.pand####.cn/assets/2019/01/04/60f16018293-145655_jpg!750x360.jpg
  • m1.pand####.cn/assets/2019/01/04/61053652659-262855_jpg!750x360.jpg
  • m1.pand####.cn/assets/images/loading-74-74.gif
  • r####.v####.qq.com/web_report?cmd=3529&url=http://m1.pandakid.cn/Article...
  • r####.v####.qq.com/web_report?cmd=3532&url=http://m1.pandakid.cn/Article...
  • r####.v####.qq.com/web_report?cmd=3536&url=http://m1.pandakid.cn/Article...
HTTP POST requests:
  • m1.pand####.cn/Api/Ad/IndexAd
  • m1.pand####.cn/Api/Article/HeadLine
  • m1.pand####.cn/Api/Product/Index
  • m1.pand####.cn/Api/Slide/IndexBanner
  • m1.pand####.cn/api/PlatProps/PlatBaseData
  • m1.pand####.cn/api/PlatProps/PlatVendor
  • m1.pand####.cn/api/PlatProps/SetUserMenuStates
  • m1.pand####.cn/api/PlatProps/UserMenuStates
File system changes:
Creates the following files:
  • /data/data/####/.jg.ic
  • /data/data/####/00a0810577edd86e4cb0071deb7edc4197653926ddefbdb....0.tmp
  • /data/data/####/02bcb6052fa99bb27c62766453ec0d3c336f7a42e473aec....0.tmp
  • /data/data/####/049e20caffe206dd2141d1257dc1cf4d570e94318cca896....0.tmp
  • /data/data/####/0568a58c1993888811607892cef4e89970d34f206020183....0.tmp
  • /data/data/####/0cea72564c220f62cbefd2a27e2d04fd01a1ebcb208e8d2....0.tmp
  • /data/data/####/0d745759ee4d6bbfd6dc1a0aa4da4c7241a31ae537bc0f7....0.tmp
  • /data/data/####/0ddf84bdd282db87343330cdcde63fdf52691f026991582....0.tmp
  • /data/data/####/0f311ccb71b8bb4b2e35903dfe59cae7ce61b4fd995856b....0.tmp
  • /data/data/####/1413e4398bfc7440e1dc2d57978fd186919dba270e023fb....0.tmp
  • /data/data/####/157806c1fcab91f2523edd409a2de223272fa28aacb5ab2....0.tmp
  • /data/data/####/164593aba8a094515c8e1e2fcfead43f9c4bb440fe1326b....0.tmp
  • /data/data/####/1666fc2b762d9810b5ccbdf3da214bfffbf01fba8583db6....0.tmp
  • /data/data/####/16c2d532623c05c08ebf6a28cb4661da84fe948d4362ea4....0.tmp
  • /data/data/####/16f24bff1b3c37ddca1c29f3e0ed9ab25782a6a8cc6197e....0.tmp
  • /data/data/####/1ef80fde8158324e49567f7d00ebb9a661ed8d7461488ba....0.tmp
  • /data/data/####/1fc95faa9cb832b5fec67d3b19ce88c0afa3fb952cb4afc....0.tmp
  • /data/data/####/212a8e443aad431d240fbe018a15922dda044f29434013c....0.tmp
  • /data/data/####/275c5748076ffc8c144a246c1da6cee40e151be118ce457....0.tmp
  • /data/data/####/287e736c6ec5e9d8fee25d17c984e2894c9e563285fb5ad....0.tmp
  • /data/data/####/29a397d8bee17938933261a49102c384452f40957d1d320....0.tmp
  • /data/data/####/29b66fb3a5634ee0578020bfa4211efe163f60fe0a46938....0.tmp
  • /data/data/####/2b3b80da9c3c2081f314a45c72d200209c1a8c552c44ab5....0.tmp
  • /data/data/####/2cd597c305e97bbaf7ab1ad5cccab2273e52b98c3a8bcb0....0.tmp
  • /data/data/####/2db21f6131ce0c26433f74daf5245b1609800e8b4f092c5....0.tmp
  • /data/data/####/3245d8e7d4e2ada89dd212f97635b88067e5035086f771f....0.tmp
  • /data/data/####/32ef0ee0a49e3668864245536fbcd48d7250849ea258563....0.tmp
  • /data/data/####/330b55d06dc74c53af1c430aeeaf162a76f13f352b6d588....0.tmp
  • /data/data/####/379dba5b9dcfb461502bdfb8e55ffeddd5415e1b47f78c0....0.tmp
  • /data/data/####/39961c656d17aa8b180fd26f436cd4e46b6047b1f3b90cf....0.tmp
  • /data/data/####/3c043d7fc6866f35758b79a3c0183bf87a5946de009f8d5....0.tmp
  • /data/data/####/40c6569fb6e119e807cc54368146b76683503902ba75f56....0.tmp
  • /data/data/####/419f32f4d8448c79e0798636efcab59a2e5ae89ab3f1c85....0.tmp
  • /data/data/####/485f65de76f191292fd6e0c3e57cf630e857bbe1a985b1f....0.tmp
  • /data/data/####/4bb5dc9d416e783ee7e61fbfa5a5bbb8301f3c423deb7f3....0.tmp
  • /data/data/####/4d403c89a19ce446a803dfd12d193989c36fe907d95906c....0.tmp
  • /data/data/####/4d4a5fe77880996d1b380b02f967b66de64d5e2459d9049....0.tmp
  • /data/data/####/4d63fc36975426e10a418fd4b289e887ba381e4c653e1e8....0.tmp
  • /data/data/####/4d64b1758a0b8b3ca804f56ad128592a09f192a5ad932e6....0.tmp
  • /data/data/####/4e099b0961c1f8e6899c3ccf9103a3cc15679bf02665f89....0.tmp
  • /data/data/####/5290735148fc4a67933363ed2d59a2a1c0b6889330d0049....0.tmp
  • /data/data/####/536c653d5f898b8ccd4a9aa45d0f1346dc107addae45ac3....0.tmp
  • /data/data/####/53bbed0defee6bd076b8c6710112d2881fa1da72ff761ef....0.tmp
  • /data/data/####/545d4bfd6ae1f8ef79f4e4e103eb792ce35b1bb1f2ae135....0.tmp
  • /data/data/####/5580c5b5dfe3e40d857ef1d0e3e538bfd286ecc6939ae9e....0.tmp
  • /data/data/####/565166d6b3d26f9e1803401f51659a5766ff0b6871623b9....0.tmp
  • /data/data/####/57a7a1adb31d4728562310f5691bf4b60c070bfc7bfdadb....0.tmp
  • /data/data/####/580d92e19991f6772b12fb24ab22c11ba888211c9a4561e....0.tmp
  • /data/data/####/5e407b7c2618d101d6d0a3c351f15dca566add804df527f....0.tmp
  • /data/data/####/60fae30b3c0b89f9172bef122f3d47fbb11e1802ad2a0c0....0.tmp
  • /data/data/####/614d5c2047b86db093b18ec7e6db3ff1a75db30d2fe18d7....0.tmp
  • /data/data/####/63df86d14348b6580390ba2eb66d13e2ad24a1d3ee91eac....0.tmp
  • /data/data/####/667299af05d0cace39b8a920a87aeaef1801b8a54a32c86....0.tmp
  • /data/data/####/6844d9502985c0a8b6df8ecf52f52546521ae640e558fd0....0.tmp
  • /data/data/####/699d959bbcfae333d915fac051b8b60d7f8b7051876d1a7....0.tmp
  • /data/data/####/6a3639b2b634f2529732859c63ad1247f2db2bc54f5a415....0.tmp
  • /data/data/####/6d8669bdf1da924403de1572252573aeea6f7a6ac7fc034....0.tmp
  • /data/data/####/729d057447c6ddd9da3209f2a763c9089c3ace8bbba2c45....0.tmp
  • /data/data/####/7683cf7894c0a4bc953e3d197718f93fa57ad4a061307c0....0.tmp
  • /data/data/####/77aa04469f0b0dee6d06d2e2d77b2c345c97275382392ba....0.tmp
  • /data/data/####/7adfb7401149e90b83e6ecde5575e2d463dba23813c529c....0.tmp
  • /data/data/####/7adfb7401149e90b83e6ecde5575e2d463dba23813c529c...e362.0
  • /data/data/####/7b6a06dc69fdfdc6da9fb364cecd95bbdb79f0ecc023ec5....0.tmp
  • /data/data/####/7e0342913030a58fae13ffbedb68a9c3de04301231a479c....0.tmp
  • /data/data/####/801cedd9537c0012434a6eb460a72cc567f13f85269ff3e....0.tmp
  • /data/data/####/80c936794af6a728a150c8df6d96e1b5560519bfbff58c5....0.tmp
  • /data/data/####/85fb249973f54d05b7bbe49e66e019269c0464cd23c4b38....0.tmp
  • /data/data/####/88d128832d0862b38e04fd3a71c30226189327280851c1a....0.tmp
  • /data/data/####/899041e95749d2e1bcb94b376f56a7623fd72a2191bf846....0.tmp
  • /data/data/####/899041e95749d2e1bcb94b376f56a7623fd72a2191bf846...b330.0
  • /data/data/####/89e224dc80a2543dbf8eaf84c6efbaea3c1caf0e82fa86e....0.tmp
  • /data/data/####/8a9f0d3797c839ae389c000af63f1f4d97fc4281b048e33....0.tmp
  • /data/data/####/8c5c7e3573f91d921efec8e60eebca2bdd93565e6344ec0....0.tmp
  • /data/data/####/908edf1e3c1677d4c072eba45d103b4760557af8ce49485....0.tmp
  • /data/data/####/95017e351a1b11ec448c627b94f986f1c5995ec75fc12e3....0.tmp
  • /data/data/####/95384f9d13b11d9a80a5dca1c44544a6b9bde9f6b25f4e0....0.tmp
  • /data/data/####/971d72bd015c28f0f3d230696043efafc05b9b3cf3b0b85....0.tmp
  • /data/data/####/99f3bb0538f3738a6b7068a64486022a8e490645852c862....0.tmp
  • /data/data/####/9c554d44ea7e30a48cad77e7f47d8f4f54cf5a1d6137fee....0.tmp
  • /data/data/####/BMWEEXOPEN_NATIVE_SP.xml
  • /data/data/####/CookiePrefsFile.xml
  • /data/data/####/MultiDex.lock
  • /data/data/####/Updater.xml
  • /data/data/####/WXStorage-journal
  • /data/data/####/a0349013119a33077d21422517bce145dd141284af4adee....0.tmp
  • /data/data/####/a0451b00534423aa6376187a4011cae0b721c29d43bb62f....0.tmp
  • /data/data/####/a620ce611d35927ae65aee34902ca772021b394732f98df....0.tmp
  • /data/data/####/a866d9924085ee8f34ef3ca85b281f62213790fc7f87b4d....0.tmp
  • /data/data/####/aab4893ccc3ff0ac818d0e2f7c87eb0fd68fbf344fd9594....0.tmp
  • /data/data/####/aab4893ccc3ff0ac818d0e2f7c87eb0fd68fbf344fd9594...781d.0
  • /data/data/####/acbeedfb164eb9326d257cf0f9cc0d8a865bfac0e09e6ce....0.tmp
  • /data/data/####/aedbad3d051d292687fb0858970fb2e1438b4b3727fea82....0.tmp
  • /data/data/####/af35077d8a4b946f287330c240a19237e81d288fa45431e....0.tmp
  • /data/data/####/b0a3bc4ae0db7681f568130df6c663a1f89f183eb82d567....0.tmp
  • /data/data/####/b25023b8d272e4f3ee5051b359bab5a181dc9825efbf52a....0.tmp
  • /data/data/####/b3e425400fb0a9c7f6e743bf1e6b38ce955c90eb1f63a61....0.tmp
  • /data/data/####/b3f57e317941dca8e44f584600d0a4de4e2be20f2f49b1e....0.tmp
  • /data/data/####/b5de2f04c01bf0aff5f8746c920caadcc3c8cab91f66ff7....0.tmp
  • /data/data/####/bc05733958fc3e79124ebff4222253075129d5fddf01f9f....0.tmp
  • /data/data/####/bd4d5d3f19e8900b27fe391330125ec3f6246da8898e745....0.tmp
  • /data/data/####/bebe4f9e2d7c1b40fc080494f159fcde7079c156f0b1329....0.tmp
  • /data/data/####/bed8b957243647aab1103a50fade6ae8182916928fa0f66....0.tmp
  • /data/data/####/bfa63c662ba8dc84e079b1b7e5c68e4e6753eefc1899a28....0.tmp
  • /data/data/####/bfbb316ff953c8041914034c203f2eb5f9141773d534024....0.tmp
  • /data/data/####/c23be03568bc38452418939c3f23a39061d00930c2ff750....0.tmp
  • /data/data/####/c23be03568bc38452418939c3f23a39061d00930c2ff750...c340.0
  • /data/data/####/c24f8530c3606a09bf063eae6fdfbb7d970c016acd8ae68....0.tmp
  • /data/data/####/c524f34e87879bde9df56f8a0762dc7c7a93b76badf662d....0.tmp
  • /data/data/####/c5b4213e44438679fd0f569577ca88bea7adcd4abc496d0....0.tmp
  • /data/data/####/c6d9feee3ca25263d1e19466485a3ec69a9239a09790697....0.tmp
  • /data/data/####/c83a53df4acb10c5caaa924c92ce4a8c81034058218728b....0.tmp
  • /data/data/####/ca5831e7c8ca7b602c705caa40cf9917c2606773484fdbd....0.tmp
  • /data/data/####/cbd832f9cd3352f252dc21a2a2aa7348c1a2fb4c7b3b0f5....0.tmp
  • /data/data/####/cde6b8ae5bc744bbdd1ac06cef660b92e0a2b7f3595d1c2....0.tmp
  • /data/data/####/ce168258a1cfb86a7ae5a6c206066ac66617381efebc6ce....0.tmp
  • /data/data/####/ce5a8382e09439ad79cc1203636547ea447f77f9e2eb322....0.tmp
  • /data/data/####/cfc602d965ec9af47fa3a70e0b4f44a3edcb43a31f1d8e5....0.tmp
  • /data/data/####/d01ad47e4c0dbe4e91adbc3dd08116454cc34dd251a7b21....0.tmp
  • /data/data/####/d11d4df5d270841912a46455d2adbd72e91b71cd844b787....0.tmp
  • /data/data/####/d2bfe15ec7ba39eefe3586de7772dd098ffa7d5b478fc57....0.tmp
  • /data/data/####/d54f24be2289ca0688e8193ffe270158adc85e0ffa71f6e....0.tmp
  • /data/data/####/d85b75eac10b1ac2930cb821076b982cf2fd4f4c1c0026d....0.tmp
  • /data/data/####/data_0
  • /data/data/####/data_1
  • /data/data/####/data_2
  • /data/data/####/data_3
  • /data/data/####/dbed82780a506c58003e77e20c18db7c5ab41198a4f60e8....0.tmp
  • /data/data/####/dcd6cb865b9282b707a6016272d306bf65185d5c048a33e....0.tmp
  • /data/data/####/de11e5ccffccfa825b9c8e3d10ad1c4f26d14b3e1b0cc8c....0.tmp
  • /data/data/####/de74076498a6bd3aadbbf2d90a0027c75d9332c9513678a....0.tmp
  • /data/data/####/e045ebce5ab02857fc942c4fb35c496ab8d27f21f336d05....0.tmp
  • /data/data/####/e270d14a37e990a2f91e98092b3b9b1e7d5505c70afc891....0.tmp
  • /data/data/####/e338d1fa72a13826a35aa7df1376975abaa97b9fbc358a6....0.tmp
  • /data/data/####/e3712ba90bf24507cf328d4037cface781270b2261aedb3....0.tmp
  • /data/data/####/e64fa8bc047598af6147c031d83c633c1d80032d0378e5a....0.tmp
  • /data/data/####/ea409655a3009a367a2a5669c3cc82444d303a3ba55aedf...1bc4.0
  • /data/data/####/f156579ea48fcf945eae20db123b734c57c9e5ccc9916bf....0.tmp
  • /data/data/####/f463f6610cb63a3e9a20b110fa644f755bf80ac48ae0ce2....0.tmp
  • /data/data/####/f5a730c5c024425f63e62bbae154e7e1b7fc4e926baa25d....0.tmp
  • /data/data/####/f797ef39b1f199bd3bf33dc905bddf1e3e8c44caca43d50....0.tmp
  • /data/data/####/f_000001
  • /data/data/####/f_000002
  • /data/data/####/f_000003
  • /data/data/####/f_000004
  • /data/data/####/f_000005
  • /data/data/####/f_000006
  • /data/data/####/f_000007
  • /data/data/####/f_000008
  • /data/data/####/fb15a2e1fe1e1d3c85efad5100f5b18dc6733befae1cd93....0.tmp
  • /data/data/####/fb446f29e66abf7783097f81a36ffd5692ba2352b751d15....0.tmp
  • /data/data/####/fccc3158d3804901a3116fe8dd60dcc375cf67c1623b20a....0.tmp
  • /data/data/####/fe3e333d50ea9063b5e33c54c43c467ccb51c6a7a2707f6....0.tmp
  • /data/data/####/fe8644c41c6afebe8d1958e919832bc50e6b1977ff101f4....0.tmp
  • /data/data/####/fec273f027c5656d499512525aede8b4e90856b3c5ffb28....0.tmp
  • /data/data/####/fec273f027c5656d499512525aede8b4e90856b3c5ffb28...c411.0
  • /data/data/####/index
  • /data/data/####/journal.tmp
  • /data/data/####/libjiagu1390117721.so
  • /data/data/####/libweexjsb.so
  • /data/data/####/multidex.version.xml
  • /data/data/####/webview.db-journal
  • /data/data/####/webviewCookiesChromium.db-journal
  • /data/media/####/Share.png
  • /data/media/####/ad_sel.png
  • /data/media/####/add.png
  • /data/media/####/addAddress.js
  • /data/media/####/addressEdit.js
  • /data/media/####/agencyArea.js
  • /data/media/####/agentDistribution.js
  • /data/media/####/applyAgent.js
  • /data/media/####/applyUpgrade.js
  • /data/media/####/arror.png
  • /data/media/####/award.js
  • /data/media/####/b1.png
  • /data/media/####/b10.png
  • /data/media/####/b11.png
  • /data/media/####/b12.png
  • /data/media/####/b2.png
  • /data/media/####/b3.png
  • /data/media/####/b4.png
  • /data/media/####/b5.png
  • /data/media/####/b6.png
  • /data/media/####/b7.png
  • /data/media/####/b8.png
  • /data/media/####/b9.png
  • /data/media/####/bankEdit.js
  • /data/media/####/blank.html
  • /data/media/####/blank.png
  • /data/media/####/bot_arrow_1.png
  • /data/media/####/bot_arrow_2.png
  • /data/media/####/bundle.zip
  • /data/media/####/buy.png
  • /data/media/####/c10_ico.png
  • /data/media/####/c11_ico.png
  • /data/media/####/c12_ico.png
  • /data/media/####/c13_ico.png
  • /data/media/####/c14_ico.png
  • /data/media/####/c15_ico.png
  • /data/media/####/c16_ico.png
  • /data/media/####/c17_ico.png
  • /data/media/####/c18_ico.png
  • /data/media/####/c19_ico.png
  • /data/media/####/c1_ico.png
  • /data/media/####/c20_ico.png
  • /data/media/####/c21_ico.png
  • /data/media/####/c22_ico.png
  • /data/media/####/c23_ico.png
  • /data/media/####/c24_ico.png
  • /data/media/####/c25_ico.png
  • /data/media/####/c26_ico.png
  • /data/media/####/c27_ico.png
  • /data/media/####/c2_ico.png
  • /data/media/####/c3_ico.png
  • /data/media/####/c4_ico.png
  • /data/media/####/c5_ico.png
  • /data/media/####/c6_ico.png
  • /data/media/####/c7_ico.png
  • /data/media/####/c8_ico.png
  • /data/media/####/c9_ico.png
  • /data/media/####/card.png
  • /data/media/####/card_pic.png
  • /data/media/####/center_bg.png
  • /data/media/####/close.png
  • /data/media/####/code.png
  • /data/media/####/code_ico.png
  • /data/media/####/collect_off.png
  • /data/media/####/collect_on.png
  • /data/media/####/commission.js
  • /data/media/####/cumulativeInventory.js
  • /data/media/####/face.jpg
  • /data/media/####/face.png
  • /data/media/####/face1.jpg
  • /data/media/####/face1.png
  • /data/media/####/face2.png
  • /data/media/####/fhadd.png
  • /data/media/####/font_1469606063_76593.ttf
  • /data/media/####/font_1469606522_9417143.woff
  • /data/media/####/font_zn5b3jswpofuhaor.ttf
  • /data/media/####/forget.js
  • /data/media/####/fx_ico1.png
  • /data/media/####/fx_ico2.png
  • /data/media/####/fx_ico3.png
  • /data/media/####/gamesList.js
  • /data/media/####/home_ico.png
  • /data/media/####/icon_close.png
  • /data/media/####/iconfont-eros.ttf
  • /data/media/####/iconfont.ttf
  • /data/media/####/index.js
  • /data/media/####/index_banner_bg.png
  • /data/media/####/integral.js
  • /data/media/####/join.js
  • /data/media/####/joininfo.js
  • /data/media/####/kefu.js
  • /data/media/####/kefu.png
  • /data/media/####/kejian.png
  • /data/media/####/list-card.png
  • /data/media/####/lmtt_ico.png
  • /data/media/####/loading-50-50.gif
  • /data/media/####/loading-74-74.gif
  • /data/media/####/login.js
  • /data/media/####/logo.png
  • /data/media/####/md5.json
  • /data/media/####/messageDetail.js
  • /data/media/####/messages.js
  • /data/media/####/modifyPwd.js
  • /data/media/####/msg_agent.png
  • /data/media/####/msg_distribution.png
  • /data/media/####/msg_finance.png
  • /data/media/####/msg_ico.png
  • /data/media/####/msg_order.png
  • /data/media/####/msg_other.png
  • /data/media/####/msg_system.png
  • /data/media/####/myCollect.js
  • /data/media/####/myFans.js
  • /data/media/####/myTeam.js
  • /data/media/####/n1_ico.png
  • /data/media/####/n2_ico.png
  • /data/media/####/n3_ico.png
  • /data/media/####/n4_ico.png
  • /data/media/####/n5_ico.png
  • /data/media/####/nav1.png
  • /data/media/####/nav2.png
  • /data/media/####/nav3.png
  • /data/media/####/nav4.png
  • /data/media/####/nav5.png
  • /data/media/####/nearbyStores.js
  • /data/media/####/none_ico.png
  • /data/media/####/off_check.png
  • /data/media/####/off_radio.png
  • /data/media/####/onlinekefu.png
  • /data/media/####/orderDetail.js
  • /data/media/####/orderList.js
  • /data/media/####/orderPay.js
  • /data/media/####/orderPut.js
  • /data/media/####/parentchildComment.js
  • /data/media/####/parentchildLive.js
  • /data/media/####/parentchildTV.js
  • /data/media/####/parentchildTVList.js
  • /data/media/####/paySuccess.js
  • /data/media/####/pcode_ico.png
  • /data/media/####/pl_ico.png
  • /data/media/####/pl_ico1.png
  • /data/media/####/post_ico.png
  • /data/media/####/post_icoy.png
  • /data/media/####/price.png
  • /data/media/####/pro.png
  • /data/media/####/pro1.png
  • /data/media/####/pro2.png
  • /data/media/####/proDetail.js
  • /data/media/####/proList.js
  • /data/media/####/pro_1.png
  • /data/media/####/pro_2.png
  • /data/media/####/product1.png
  • /data/media/####/psd.png
  • /data/media/####/purchase.js
  • /data/media/####/purchaseApplications.js
  • /data/media/####/purchaseMoney.js
  • /data/media/####/q1.png
  • /data/media/####/q2.png
  • /data/media/####/q3.png
  • /data/media/####/q4.png
  • /data/media/####/qou.png
  • /data/media/####/qq_ico.png
  • /data/media/####/rebate.js
  • /data/media/####/rebatePerformance.js
  • /data/media/####/rebateStat.js
  • /data/media/####/rebateTable.js
  • /data/media/####/recharge.js
  • /data/media/####/recommendFriends.js
  • /data/media/####/register.js
  • /data/media/####/remittanceCertificate.js
  • /data/media/####/resetpwd.js
  • /data/media/####/saixuan.png
  • /data/media/####/saveImageSlider.js
  • /data/media/####/search.png
  • /data/media/####/search_ico.png
  • /data/media/####/sel_check.png
  • /data/media/####/sel_radio.png
  • /data/media/####/sendBackProduct.js
  • /data/media/####/sendGoods.js
  • /data/media/####/set_face.png
  • /data/media/####/setting.js
  • /data/media/####/share_wx_circle.png
  • /data/media/####/share_wx_friend.png
  • /data/media/####/ship1.js
  • /data/media/####/ship2.js
  • /data/media/####/ship3.js
  • /data/media/####/shipOrder.js
  • /data/media/####/shop.png
  • /data/media/####/shop_ico.png
  • /data/media/####/statistics.js
  • /data/media/####/stock.js
  • /data/media/####/stockRecord.js
  • /data/media/####/storeDetail.js
  • /data/media/####/storeManage.js
  • /data/media/####/subordinate.js
  • /data/media/####/suc_pic.png
  • /data/media/####/t_bg.png
  • /data/media/####/teamOrder.js
  • /data/media/####/tel.png
  • /data/media/####/tj_banner.png
  • /data/media/####/top_arrow_1.png
  • /data/media/####/top_arrow_2.png
  • /data/media/####/tvDetail.js
  • /data/media/####/tv_ico.png
  • /data/media/####/tz1.png
  • /data/media/####/tz2.png
  • /data/media/####/up.jpg
  • /data/media/####/upgrade.js
  • /data/media/####/userBill.js
  • /data/media/####/userinfo.js
  • /data/media/####/vip_ico.png
  • /data/media/####/warehouseStock.js
  • /data/media/####/webView.js
  • /data/media/####/weix_ico.png
  • /data/media/####/withdraw.js
  • /data/media/####/withdrawList.js
  • /data/media/####/wx_ico.png
  • /data/media/####/xz_ico.png
  • /data/media/####/yuer_ico.png
  • /data/media/####/zan.png
  • /data/media/####/zan1.png
  • /data/media/####/zt_ico1.png
  • /data/media/####/zt_ico2.png
  • /data/media/####/zy_img.png
Miscellaneous:
Executes the following shell scripts:
  • /data/app-lib/<Package>-1/libweexjsb.so 50 0
  • chmod 755 <Package Folder>/.jiagu/libjiagu1390117721.so
Loads the following dynamic libraries:
  • Patcher
  • libjiagu1390117721
  • weexjsc
Uses the following algorithms to decrypt data:
  • AES-CBC-PKCS5Padding
Uses special library to hide executable bytecode.
Displays its own windows over windows of other apps.

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play