FOR CUSTOMERS

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY
Close
Support services
Scanners
Dr.Web vxCube
Trial
VCI investigations
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Adware.Gexin.13011

Added to the Dr.Web virus database: 2019-04-30

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Adware.Gexin.3.origin
Network activity:
Connects to:
  • UDP(DNS) <Google DNS>
  • TCP(HTTP/1.1) c-h####.g####.com:80
  • TCP(HTTP/1.1) sdk-ope####.g####.com:80
  • TCP(HTTP/1.1) aexcep####.b####.qq.com:8011
  • TCP(HTTP/1.1) t####.c####.q####.####.com:80
  • TCP(HTTP/1.1) and####.b####.qq.com:80
  • TCP(HTTP/1.1) api.map.b####.com:80
  • TCP(HTTP/1.1) aexcep####.b####.qq.com:8012
  • TCP(HTTP/1.1) st####.dc####.net.cn:80
  • TCP(TLS/1.0) ser####.dc####.net.cn:443
  • TCP(TLS/1.0) and####.cli####.go####.com:443
  • TCP sdk.o####.t####.####.com:5224
  • TCP c####.g####.ig####.com:5224
DNS requests:
  • a####.b####.qq.com
  • aexcep####.b####.qq.com
  • and####.b####.qq.com
  • and####.cli####.go####.com
  • api.map.b####.com
  • c####.g####.ig####.com
  • c-h####.g####.com
  • sdk-ope####.g####.com
  • sdk.c####.ig####.com
  • sdk.o####.t####.####.com
  • sdk.o####.t####.####.com
  • sdk.o####.t####.####.net
  • ser####.dc####.net.cn
  • st####.dc####.net.cn
HTTP GET requests:
  • api.map.b####.com/?qt=####&ak=####&callback=####
  • api.map.b####.com/api?v=####&ak=####
  • api.map.b####.com/getscript?v=####&ak=####&services=####&t=####
  • api.map.b####.com/images/blank.gif?product=####&sub_product=####&v=####&...
  • t####.c####.q####.####.com/config/hz-hzv6.conf
HTTP POST requests:
  • aexcep####.b####.qq.com:8011/rqd/async
  • aexcep####.b####.qq.com:8012/rqd/async
  • and####.b####.qq.com/rqd/async
  • c-h####.g####.com/api.php?format=####&t=####
  • sdk-ope####.g####.com/api.php?format=####&t=####
  • st####.dc####.net.cn/device/location
File system changes:
Creates the following files:
  • /data/data/####/.imei.txt
  • /data/data/####/H530CBD31.xml
  • /data/data/####/H530CBD31_storages.xml
  • /data/data/####/MultiDex.lock
  • /data/data/####/_adio.dcloud.feature.ad.a.a.xml
  • /data/data/####/bugly_db_legu-journal
  • /data/data/####/cc.db
  • /data/data/####/cc.db-journal
  • /data/data/####/clientid_igexin.xml
  • /data/data/####/data_0
  • /data/data/####/data_1
  • /data/data/####/data_2
  • /data/data/####/data_3
  • /data/data/####/dc_ad_type_key.xml
  • /data/data/####/f_000001
  • /data/data/####/gdaemon_20161017
  • /data/data/####/getui_sp.xml
  • /data/data/####/gx_sp.xml
  • /data/data/####/html5Geo.xml
  • /data/data/####/index
  • /data/data/####/init.pid
  • /data/data/####/init_c1.pid
  • /data/data/####/libnfix.so
  • /data/data/####/libshella-2.9.1.2.so
  • /data/data/####/libufix.so
  • /data/data/####/local_crash_lock
  • /data/data/####/mix.dex
  • /data/data/####/mobclick_agent_cached_com.daguo.bat20228
  • /data/data/####/multidex.version.xml
  • /data/data/####/native_record_lock
  • /data/data/####/pdr.xml
  • /data/data/####/push.pid
  • /data/data/####/push_db_name.xml
  • /data/data/####/pushext.db-journal
  • /data/data/####/pushg.db-journal
  • /data/data/####/pushsdk.db-journal
  • /data/data/####/run.pid
  • /data/data/####/security_info
  • /data/data/####/start_statistics_data.xml
  • /data/data/####/stream_permission.xml
  • /data/data/####/test_app
  • /data/data/####/umeng_general_config.xml
  • /data/data/####/webview.db-journal
  • /data/data/####/webviewCookiesChromium.db-journal
  • /data/data/####/webviewCookiesChromiumPrivate.db-journal
  • /data/media/####/.imei.txt
  • /data/media/####/1024x1024.png
  • /data/media/####/20190430.log
  • /data/media/####/6.png
  • /data/media/####/AccountMobileVerify.css
  • /data/media/####/AccountMobileVerify.html
  • /data/media/####/AccountMobileVerify.js
  • /data/media/####/AccountSandVerify.css
  • /data/media/####/AccountSandVerify.html
  • /data/media/####/AccountSandVerify.js
  • /data/media/####/AdEnable.dat
  • /data/media/####/AndroidApi.js
  • /data/media/####/AuthentType.html
  • /data/media/####/ClientApi.js
  • /data/media/####/Employer.png
  • /data/media/####/InviteMembers.html
  • /data/media/####/RobList.css
  • /data/media/####/User.css
  • /data/media/####/UserVerifyd.css
  • /data/media/####/UserVerifyd.html
  • /data/media/####/UserVerifyd.js
  • /data/media/####/VerifySuccess.css
  • /data/media/####/VerifySuccess.html
  • /data/media/####/acceptMaterial.html
  • /data/media/####/acceptMaterial.js
  • /data/media/####/add-account.html
  • /data/media/####/add-point-alert-bg.png
  • /data/media/####/add.png
  • /data/media/####/addAccount.js
  • /data/media/####/addBankSuccess.html
  • /data/media/####/add_bank.png
  • /data/media/####/add_dotted.png
  • /data/media/####/add_solid.png
  • /data/media/####/address_check.png
  • /data/media/####/address_close.png
  • /data/media/####/agreement.html
  • /data/media/####/agressment.css
  • /data/media/####/allCity.js
  • /data/media/####/allQuestion.html
  • /data/media/####/allQuestion.js
  • /data/media/####/alrProject.html
  • /data/media/####/anheng.png
  • /data/media/####/anheng_bind.html
  • /data/media/####/anheng_bind.js
  • /data/media/####/anheng_loading.gif
  • /data/media/####/anheng_loading.html
  • /data/media/####/anheng_loading.js
  • /data/media/####/anz01.png
  • /data/media/####/anz02.png
  • /data/media/####/app.db
  • /data/media/####/applicationList.html
  • /data/media/####/applicationList.js
  • /data/media/####/applyBill.css
  • /data/media/####/applyMoney.html
  • /data/media/####/applyMoney.js
  • /data/media/####/areaSelect.js
  • /data/media/####/baiduMapPosition.html
  • /data/media/####/baiduMapiframe.html
  • /data/media/####/bank1.png
  • /data/media/####/bankAccount.css
  • /data/media/####/bankAccount.html
  • /data/media/####/bankAccount.js
  • /data/media/####/bankCardManage.html
  • /data/media/####/bankCardManage.js
  • /data/media/####/bankData.json
  • /data/media/####/bank_uion.png
  • /data/media/####/bannerIframe.html
  • /data/media/####/bannerPosition.html
  • /data/media/####/base.css
  • /data/media/####/bg_coupons.png
  • /data/media/####/bg_coupons_1.png
  • /data/media/####/bg_dashed.png
  • /data/media/####/bg_info.png
  • /data/media/####/bg_large_bz.jpg
  • /data/media/####/bg_photo.png
  • /data/media/####/bg_top.png
  • /data/media/####/bg_top_1.png
  • /data/media/####/big_logo_3.png
  • /data/media/####/bill.png
  • /data/media/####/billDetail.css
  • /data/media/####/billHistory.css
  • /data/media/####/billHistory.js
  • /data/media/####/billHistory.png
  • /data/media/####/billProjects.css
  • /data/media/####/billing-type.html
  • /data/media/####/billing-type.js
  • /data/media/####/bind.html
  • /data/media/####/bind.js
  • /data/media/####/bindPhone.html
  • /data/media/####/bindTip.html
  • /data/media/####/bindTip.js
  • /data/media/####/boy.png
  • /data/media/####/buildMyTeam.js
  • /data/media/####/buildmyteam.html
  • /data/media/####/call.png
  • /data/media/####/camera.png
  • /data/media/####/card.css
  • /data/media/####/card.js
  • /data/media/####/center-icon-coupon.png
  • /data/media/####/center-icon-score.png
  • /data/media/####/center-icon-wallet.png
  • /data/media/####/changeSuccess.html
  • /data/media/####/checkIn.png
  • /data/media/####/check_circular.png
  • /data/media/####/chooseBankCard.html
  • /data/media/####/chooseBankCard.js
  • /data/media/####/city.data-3.js
  • /data/media/####/city.data-4.js
  • /data/media/####/city_location.png
  • /data/media/####/close-btn-icon.png
  • /data/media/####/close.png
  • /data/media/####/collect.png
  • /data/media/####/collection.png
  • /data/media/####/collectioned.png
  • /data/media/####/com.daguo.bat.bin
  • /data/media/####/com.daguo.bat.db
  • /data/media/####/com.igexin.sdk.deviceId.db
  • /data/media/####/comment.css
  • /data/media/####/comment.js
  • /data/media/####/commitSuccess.html
  • /data/media/####/company.png
  • /data/media/####/companyDetail.html
  • /data/media/####/companyDetail.js
  • /data/media/####/complete.png
  • /data/media/####/component.css
  • /data/media/####/config.js
  • /data/media/####/config1.js
  • /data/media/####/config3.js
  • /data/media/####/confirmBtn.png
  • /data/media/####/confirmPub.jpg
  • /data/media/####/constructionAuthent.html
  • /data/media/####/constructionAuthent.js
  • /data/media/####/constructionGuarantee.html
  • /data/media/####/counstructionAuthent.css
  • /data/media/####/coupon-detail-bg-money.png
  • /data/media/####/coupon-detail.png
  • /data/media/####/coupon-effective-icon.png
  • /data/media/####/coupon-error.png
  • /data/media/####/coupon-success.png
  • /data/media/####/coupon.png
  • /data/media/####/couponDetail.css
  • /data/media/####/couponDetail.html
  • /data/media/####/couponDetail.js
  • /data/media/####/couponRecord.css
  • /data/media/####/couponRecord.html
  • /data/media/####/couponRecord.js
  • /data/media/####/couponState.js
  • /data/media/####/couponStatus.css
  • /data/media/####/couponStatus.html
  • /data/media/####/coupons.css
  • /data/media/####/couponsLogo.png
  • /data/media/####/csMessage.css
  • /data/media/####/csMessage.html
  • /data/media/####/csMessage.js
  • /data/media/####/cz_bank.png
  • /data/media/####/cz_line.png
  • /data/media/####/cz_tel.png
  • /data/media/####/default.css
  • /data/media/####/default_bank.png
  • /data/media/####/del.png
  • /data/media/####/device01.png
  • /data/media/####/device02.png
  • /data/media/####/distr.png
  • /data/media/####/doc.png
  • /data/media/####/dot.png
  • /data/media/####/draw-box-bg.png
  • /data/media/####/draw-btn-txt.png
  • /data/media/####/draw-btn.png
  • /data/media/####/draw-page-bg.png
  • /data/media/####/draw-rule-bg.png
  • /data/media/####/drawPage.css
  • /data/media/####/drawPage.html
  • /data/media/####/drawPage.js
  • /data/media/####/drawRule.html
  • /data/media/####/dynamics.min.js
  • /data/media/####/edit.png
  • /data/media/####/editComment.html
  • /data/media/####/editComment.js
  • /data/media/####/editPersonalMsg.html
  • /data/media/####/editPersonalMsg.js
  • /data/media/####/editPosition.html
  • /data/media/####/editPosition.js
  • /data/media/####/editResume.html
  • /data/media/####/editResume.js
  • /data/media/####/editWorkerPlace.html
  • /data/media/####/editWorkerPlace.js
  • /data/media/####/educationExpPage.html
  • /data/media/####/educationExpPage.js
  • /data/media/####/education_exp.png
  • /data/media/####/eje3cnc
  • /data/media/####/employ_pro_empty.png
  • /data/media/####/employer_distr.png
  • /data/media/####/employer_pri.png
  • /data/media/####/employer_rule.png
  • /data/media/####/empty.png
  • /data/media/####/empty_bill.png
  • /data/media/####/enroll-fail.html
  • /data/media/####/enroll-fail.png
  • /data/media/####/entVerify.css
  • /data/media/####/entVerifyFail.css
  • /data/media/####/enterprise_icon.png
  • /data/media/####/error01.png
  • /data/media/####/error02.png
  • /data/media/####/exif.js
  • /data/media/####/exp.png
  • /data/media/####/exp_active.png
  • /data/media/####/feedback.html
  • /data/media/####/feedback.js
  • /data/media/####/file__0.localstorage-journal
  • /data/media/####/finacialDetailPage.css
  • /data/media/####/finacialDetailPage.html
  • /data/media/####/finacialDetailPage.js
  • /data/media/####/fire.png
  • /data/media/####/flower_bad.png
  • /data/media/####/flower_bad_on.png
  • /data/media/####/flower_good.png
  • /data/media/####/flower_good_on.png
  • /data/media/####/flower_normal.png
  • /data/media/####/flower_normal_on.png
  • /data/media/####/footer.js
  • /data/media/####/footer_warm.png
  • /data/media/####/get-draw-coupon.png
  • /data/media/####/get-draw-score.png
  • /data/media/####/girl.png
  • /data/media/####/global.css
  • /data/media/####/global.js
  • /data/media/####/go-draw-btn.png
  • /data/media/####/grade_1.png
  • /data/media/####/grade_2.png
  • /data/media/####/grade_3.png
  • /data/media/####/grade_4.png
  • /data/media/####/grade_5.png
  • /data/media/####/grat_bottom.png
  • /data/media/####/guaranteeApply.html
  • /data/media/####/guaranteeApply.js
  • /data/media/####/guide.css
  • /data/media/####/guide.html
  • /data/media/####/guide1.jpg
  • /data/media/####/guide2.jpg
  • /data/media/####/guide3.jpg
  • /data/media/####/hasUsed.png
  • /data/media/####/has_sign.png
  • /data/media/####/head.js
  • /data/media/####/head.png
  • /data/media/####/help.png
  • /data/media/####/helpCenter.html
  • /data/media/####/helpCenter.js
  • /data/media/####/hide-icon.png
  • /data/media/####/homePageProDetail.html
  • /data/media/####/homePageProDetail.js
  • /data/media/####/iOSApi.js
  • /data/media/####/icon-del.png
  • /data/media/####/icon-img-code.png
  • /data/media/####/icon_bank.png
  • /data/media/####/icon_bell.png
  • /data/media/####/icon_bz_money.png
  • /data/media/####/icon_bz_shigong.png
  • /data/media/####/icon_call.png
  • /data/media/####/icon_checkBox.png
  • /data/media/####/icon_code.png
  • /data/media/####/icon_collect.png
  • /data/media/####/icon_del.png
  • /data/media/####/icon_down.png
  • /data/media/####/icon_edit.png
  • /data/media/####/icon_file.png
  • /data/media/####/icon_finnal_budge.png
  • /data/media/####/icon_flower.png
  • /data/media/####/icon_friend.png
  • /data/media/####/icon_ident.png
  • /data/media/####/icon_location.png
  • /data/media/####/icon_logo_bg.png
  • /data/media/####/icon_look.png
  • /data/media/####/icon_mailCode.png
  • /data/media/####/icon_message.png
  • /data/media/####/icon_mobile.png
  • /data/media/####/icon_msg.png
  • /data/media/####/icon_msg_share.png
  • /data/media/####/icon_need_worker.png
  • /data/media/####/icon_noLogin.png
  • /data/media/####/icon_opacity.png
  • /data/media/####/icon_proId.png
  • /data/media/####/icon_pro_forget.png
  • /data/media/####/icon_process.png
  • /data/media/####/icon_project.png
  • /data/media/####/icon_publish_pro.png
  • /data/media/####/icon_publish_pro_zb.png
  • /data/media/####/icon_pwd.png
  • /data/media/####/icon_qq.png
  • /data/media/####/icon_question.png
  • /data/media/####/icon_reg_check.png
  • /data/media/####/icon_reg_unckeck.png
  • /data/media/####/icon_releasPro.png
  • /data/media/####/icon_resume.png
  • /data/media/####/icon_score_question.png
  • /data/media/####/icon_selc.png
  • /data/media/####/icon_selced.png
  • /data/media/####/icon_setTop.png
  • /data/media/####/icon_setTop2.png
  • /data/media/####/icon_share.png
  • /data/media/####/icon_slide.png
  • /data/media/####/icon_star.png
  • /data/media/####/icon_time.png
  • /data/media/####/icon_tip_success.png
  • /data/media/####/icon_tx.png
  • /data/media/####/icon_uncheckBox.png
  • /data/media/####/icon_weixin.png
  • /data/media/####/icon_worker.png
  • /data/media/####/icon_wx.png
  • /data/media/####/icon_xuanshang.png
  • /data/media/####/icon_xy.png
  • /data/media/####/icon_zan_num.png
  • /data/media/####/icon_zb_label.png
  • /data/media/####/icon_zfb.png
  • /data/media/####/icon_zhibao.png
  • /data/media/####/icon_zixun.png
  • /data/media/####/iconfont.ttf
  • /data/media/####/img1.png
  • /data/media/####/img_bg.png
  • /data/media/####/img_v.png
  • /data/media/####/import.png
  • /data/media/####/index.css
  • /data/media/####/index.html
  • /data/media/####/index.js
  • /data/media/####/index.png
  • /data/media/####/index_loading.jpg
  • /data/media/####/index_loading.png
  • /data/media/####/index_on.png
  • /data/media/####/info.png
  • /data/media/####/infoSearch.css
  • /data/media/####/infoSearch.html
  • /data/media/####/infoSearch.js
  • /data/media/####/information.css
  • /data/media/####/information.html
  • /data/media/####/information.js
  • /data/media/####/informationDetail.html
  • /data/media/####/informationDetail.js
  • /data/media/####/intro.css
  • /data/media/####/intro.js
  • /data/media/####/invite-btn.png
  • /data/media/####/invite-courtesy-bg-w.png
  • /data/media/####/invite-courtesy-bg.png
  • /data/media/####/invite-draw-box-bg.png
  • /data/media/####/invite-icon-g1.png
  • /data/media/####/invite-icon-g2.png
  • /data/media/####/invite-icon-g3.png
  • /data/media/####/invite-icon.png
  • /data/media/####/invite-reward-type1.png
  • /data/media/####/invite-reward-type2.png
  • /data/media/####/invite.js
  • /data/media/####/inviteCourtesy.html
  • /data/media/####/inviteCourtesy.js
  • /data/media/####/invite_call.js
  • /data/media/####/invite_tip_icon.png
  • /data/media/####/invoiceAgreement.html
  • /data/media/####/job_exp.png
  • /data/media/####/jquery-3.2.0.min.js
  • /data/media/####/jquery.cookie.js
  • /data/media/####/jquery_sign.css
  • /data/media/####/jquery_sign.js
  • /data/media/####/kefu-code.png
  • /data/media/####/kefu.png
  • /data/media/####/kefuIframe.html
  • /data/media/####/kefuPosition.html
  • /data/media/####/kf.png
  • /data/media/####/kf_msg.png
  • /data/media/####/kp_mail.png
  • /data/media/####/kp_quik.png
  • /data/media/####/kp_state.png
  • /data/media/####/line.png
  • /data/media/####/location.png
  • /data/media/####/login.html
  • /data/media/####/login.js
  • /data/media/####/login_QQ.png
  • /data/media/####/login_total.html
  • /data/media/####/login_wx.png
  • /data/media/####/logo.png
  • /data/media/####/logo_yellow.png
  • /data/media/####/main.html
  • /data/media/####/main.js
  • /data/media/####/manageJob.html
  • /data/media/####/manageJob.js
  • /data/media/####/manifest.json
  • /data/media/####/manifest.json.mine
  • /data/media/####/manifest.json.r8387
  • /data/media/####/manifest.json.r8399
  • /data/media/####/md5.js
  • /data/media/####/mem-no-team.png
  • /data/media/####/member-icon-money.png
  • /data/media/####/member-icon-point.png
  • /data/media/####/member-list-icon1.png
  • /data/media/####/member-list-icon10.png
  • /data/media/####/member-list-icon11.png
  • /data/media/####/member-list-icon12.png
  • /data/media/####/member-list-icon2.png
  • /data/media/####/member-list-icon3.png
  • /data/media/####/member-list-icon4.png
  • /data/media/####/member-list-icon5.png
  • /data/media/####/member-list-icon6.png
  • /data/media/####/member-list-icon7.png
  • /data/media/####/member-list-icon8.png
  • /data/media/####/member-list-icon9.png
  • /data/media/####/member.png
  • /data/media/####/member_icon.jpg
  • /data/media/####/message.css
  • /data/media/####/message.html
  • /data/media/####/message.js
  • /data/media/####/message.png
  • /data/media/####/messageDetail.css
  • /data/media/####/messageDetail.html
  • /data/media/####/messageDetail.js
  • /data/media/####/messageOut.css
  • /data/media/####/messageOut.js
  • /data/media/####/message_on.png
  • /data/media/####/modernizr-custom.js
  • /data/media/####/more.png
  • /data/media/####/msgLogin.html
  • /data/media/####/mui.dtpicker.css
  • /data/media/####/mui.dtpicker.js
  • /data/media/####/mui.min.css
  • /data/media/####/mui.min.js
  • /data/media/####/mui.picker.all.js
  • /data/media/####/mui.picker.css
  • /data/media/####/mui.picker.min.css
  • /data/media/####/mui.picker.min.js
  • /data/media/####/mui.pullToRefresh.js
  • /data/media/####/mui.pullToRefresh.material.js
  • /data/media/####/mui.ttf
  • /data/media/####/mui.zjdtpicker.js
  • /data/media/####/my-coupon-list.png
  • /data/media/####/my-coupon.html
  • /data/media/####/my-label-icon1-on.png
  • /data/media/####/my-label-icon1.png
  • /data/media/####/my-label-icon2-on.png
  • /data/media/####/my-label-icon2.png
  • /data/media/####/my-label-icon3-on.png
  • /data/media/####/my-label-icon3.png
  • /data/media/####/myAdvantage.html
  • /data/media/####/myAdvantage.js
  • /data/media/####/myCollect.html
  • /data/media/####/myCollect.js
  • /data/media/####/myComment.html
  • /data/media/####/myCompany.html
  • /data/media/####/myCompany.js
  • /data/media/####/myCoupon.css
  • /data/media/####/myCoupon.js
  • /data/media/####/myCouponDeduction.js
  • /data/media/####/myCoupons.html
  • /data/media/####/myCoupons.js
  • /data/media/####/myInfo.html
  • /data/media/####/myInfo.js
  • /data/media/####/myInfo.png
  • /data/media/####/myInfo_on.png
  • /data/media/####/myLabel.html
  • /data/media/####/myLabel.js
  • /data/media/####/myPrerogative.html
  • /data/media/####/myPrerogative.js
  • /data/media/####/myQualification.html
  • /data/media/####/myQualification.js
  • /data/media/####/myRank.html
  • /data/media/####/myRank.js
  • /data/media/####/myResume.html
  • /data/media/####/myResume.js
  • /data/media/####/mySkills.html
  • /data/media/####/mySkills.js
  • /data/media/####/myTask.html
  • /data/media/####/myTask.js
  • /data/media/####/myTeam.js
  • /data/media/####/myTeamList.js
  • /data/media/####/myWallet.css
  • /data/media/####/myWallet.html
  • /data/media/####/myWallet.js
  • /data/media/####/myWalletTop.html
  • /data/media/####/myWalletTop.js
  • /data/media/####/mymember_icon.png
  • /data/media/####/myteam.html
  • /data/media/####/myteamlist.html
  • /data/media/####/mywallet_01.png
  • /data/media/####/mywallet_02.png
  • /data/media/####/mywallet_03.png
  • /data/media/####/mywallet_empty.png
  • /data/media/####/netWorkerAuthent.html
  • /data/media/####/networkerAuth.js
  • /data/media/####/newAddWorkerPlace.html
  • /data/media/####/newAddWorkerPlace.js
  • /data/media/####/news.png
  • /data/media/####/no-result.png
  • /data/media/####/noComment.png
  • /data/media/####/no_team.png
  • /data/media/####/nocheck_circular.png
  • /data/media/####/notContent.png
  • /data/media/####/notGrade_2.png
  • /data/media/####/notGrade_3.png
  • /data/media/####/notGrade_4.png
  • /data/media/####/notGrade_5.png
  • /data/media/####/not_recruit.png
  • /data/media/####/not_sign.png
  • /data/media/####/notice-msg.png
  • /data/media/####/notice-null.png
  • /data/media/####/noticeBg.png
  • /data/media/####/noticeMsg.css
  • /data/media/####/noticeMsg.html
  • /data/media/####/noticeMsg.js
  • /data/media/####/noticeMsgDetail.css
  • /data/media/####/noticeMsgDetail.html
  • /data/media/####/noticeMsgDetail.js
  • /data/media/####/nozan-active.png
  • /data/media/####/nozan.png
  • /data/media/####/openBill.css
  • /data/media/####/order_list.html
  • /data/media/####/order_list.js
  • /data/media/####/other01.png
  • /data/media/####/other02.png
  • /data/media/####/outLineTransfer.html
  • /data/media/####/outLineTransfer.js
  • /data/media/####/overdue.png
  • /data/media/####/overdueCoupon.html
  • /data/media/####/overdueCoupon.js
  • /data/media/####/overdueCoupon1.png
  • /data/media/####/overdueCoupon2.png
  • /data/media/####/pass-icon.png
  • /data/media/####/passwordInvitation.html
  • /data/media/####/payAgreement.html
  • /data/media/####/payIframe.html
  • /data/media/####/payPosition.html
  • /data/media/####/paySuccess.html
  • /data/media/####/pay_fail.png
  • /data/media/####/perMsg.png
  • /data/media/####/personalInformation.css
  • /data/media/####/personalInformation.html
  • /data/media/####/personalMsg.css
  • /data/media/####/personalMsg.html
  • /data/media/####/personalMsg.js
  • /data/media/####/phone_down.png
  • /data/media/####/photo_default.png
  • /data/media/####/photo_unlogin.png
  • /data/media/####/pinyin.js
  • /data/media/####/plateform_exp.png
  • /data/media/####/plus.js
  • /data/media/####/point-null.png
  • /data/media/####/pointShop.css
  • /data/media/####/pointShop.html
  • /data/media/####/pointShop.js
  • /data/media/####/pop.css
  • /data/media/####/positionDetail.html
  • /data/media/####/positionDetail.js
  • /data/media/####/pri_1.png
  • /data/media/####/pri_2.png
  • /data/media/####/pri_3.png
  • /data/media/####/pri_3_3.png
  • /data/media/####/pri_4.png
  • /data/media/####/pri_4_4.png
  • /data/media/####/proDetail.css
  • /data/media/####/proDetail.html
  • /data/media/####/proDetail.js
  • /data/media/####/proDetail_2.png
  • /data/media/####/proMessage.css
  • /data/media/####/proMessage.html
  • /data/media/####/proMessage.js
  • /data/media/####/proPay.png
  • /data/media/####/proSearch.js
  • /data/media/####/pro_daily.png
  • /data/media/####/pro_desc.png
  • /data/media/####/pro_efficy.png
  • /data/media/####/pro_give.png
  • /data/media/####/pro_location.png
  • /data/media/####/pro_msg.png
  • /data/media/####/pro_receive.png
  • /data/media/####/pro_server.png
  • /data/media/####/pro_source.png
  • /data/media/####/pro_team.png
  • /data/media/####/pro_tel.png
  • /data/media/####/pro_waiting.png
  • /data/media/####/pro_warm.png
  • /data/media/####/process_arrvive.png
  • /data/media/####/process_bottom.png
  • /data/media/####/process_bottom_arrvive.png
  • /data/media/####/process_bottom_org.png
  • /data/media/####/process_top.png
  • /data/media/####/process_top_arrvive.png
  • /data/media/####/process_top_org.png
  • /data/media/####/project.css
  • /data/media/####/project.html
  • /data/media/####/project.js
  • /data/media/####/project.png
  • /data/media/####/projectMore.css
  • /data/media/####/projectMore.js
  • /data/media/####/project_on.png
  • /data/media/####/publish.png
  • /data/media/####/pull.css
  • /data/media/####/qiandao.png
  • /data/media/####/qq-icon.png
  • /data/media/####/qualification.css
  • /data/media/####/qualification.js
  • /data/media/####/questionDetail.html
  • /data/media/####/questionDetail.js
  • /data/media/####/quill.bubble.css
  • /data/media/####/quill.js
  • /data/media/####/quill.min.js
  • /data/media/####/radius_check_org.png
  • /data/media/####/radius_uncheck.png
  • /data/media/####/rankRule.html
  • /data/media/####/reasonCancel.html
  • /data/media/####/recharge.html
  • /data/media/####/recharge.js
  • /data/media/####/rechargeFinished.html
  • /data/media/####/rechargeFinished.js
  • /data/media/####/record.png
  • /data/media/####/recruit.css
  • /data/media/####/recruit.png
  • /data/media/####/recruit_hall.html
  • /data/media/####/recruit_hall.js
  • /data/media/####/recruit_manage.png
  • /data/media/####/red_bottom.png
  • /data/media/####/red_top.png
  • /data/media/####/refuse_efficy.png
  • /data/media/####/register.html
  • /data/media/####/register.js
  • /data/media/####/report.png
  • /data/media/####/reportPage.html
  • /data/media/####/reportPage.js
  • /data/media/####/require.png
  • /data/media/####/resetPwd.html
  • /data/media/####/resetPwd.js
  • /data/media/####/resume_detail.html
  • /data/media/####/resume_detail.js
  • /data/media/####/resume_manage.html
  • /data/media/####/resume_manage.js
  • /data/media/####/reward-hd-img.png
  • /data/media/####/rewardRules.html
  • /data/media/####/rewardShare.html
  • /data/media/####/rewardShareRule.html
  • /data/media/####/rewardShareRule.png
  • /data/media/####/right.png
  • /data/media/####/rob_quik.png
  • /data/media/####/rob_tel.png
  • /data/media/####/rolo_bg.png
  • /data/media/####/rule.css
  • /data/media/####/rule_logo.png
  • /data/media/####/search-result.png
  • /data/media/####/search.css
  • /data/media/####/search.png
  • /data/media/####/search2.png
  • /data/media/####/searchNoResult.html
  • /data/media/####/searchPage.html
  • /data/media/####/searchPage.js
  • /data/media/####/selCoupon.html
  • /data/media/####/selCoupon.png
  • /data/media/####/selcWorkerPlace.html
  • /data/media/####/selcWorkerPlace.js
  • /data/media/####/select_check.png
  • /data/media/####/selected.png
  • /data/media/####/send.png
  • /data/media/####/serviceArea.css
  • /data/media/####/serviceArea.html
  • /data/media/####/serviceArea.js
  • /data/media/####/serviceAreaData.json
  • /data/media/####/set.png
  • /data/media/####/setStatusBar.js
  • /data/media/####/setup.css
  • /data/media/####/setup.html
  • /data/media/####/setup.js
  • /data/media/####/setup_password.html
  • /data/media/####/setup_password.js
  • /data/media/####/sf-coupon-null.png
  • /data/media/####/sfInfo.css
  • /data/media/####/sfInfo.html
  • /data/media/####/sfInfo.js
  • /data/media/####/sfReward.css
  • /data/media/####/sfReward.html
  • /data/media/####/sfReward.js
  • /data/media/####/sf_reward.png
  • /data/media/####/share-btn.png
  • /data/media/####/share-draw-num.png
  • /data/media/####/share.js
  • /data/media/####/short_bar.png
  • /data/media/####/signSuccess.html
  • /data/media/####/sign_title.png
  • /data/media/####/skill.png
  • /data/media/####/skillLabel.html
  • /data/media/####/skillLabel.js
  • /data/media/####/skillTag.css
  • /data/media/####/skillTag.html
  • /data/media/####/skill_networker.png
  • /data/media/####/skill_team.png
  • /data/media/####/skip.png
  • /data/media/####/sm.png
  • /data/media/####/star_full_white.png
  • /data/media/####/star_full_yellow.png
  • /data/media/####/star_half_yellow.png
  • /data/media/####/statementList.css
  • /data/media/####/statementList.html
  • /data/media/####/statementList.js
  • /data/media/####/step_bar.png
  • /data/media/####/step_bar_2.png
  • /data/media/####/step_bar_3.png
  • /data/media/####/step_bar_4.png
  • /data/media/####/step_bar_5.png
  • /data/media/####/step_bar_6.png
  • /data/media/####/study.png
  • /data/media/####/suggest.png
  • /data/media/####/swiper.min.css
  • /data/media/####/swiper.min.js
  • /data/media/####/sysMessage.css
  • /data/media/####/sysMessage.html
  • /data/media/####/sysMessage.js
  • /data/media/####/sys_msg.png
  • /data/media/####/table.png
  • /data/media/####/targetingAppeal.html
  • /data/media/####/targetingAppeal.js
  • /data/media/####/team.png
  • /data/media/####/teamAgreement.html
  • /data/media/####/teamInfo.js
  • /data/media/####/teamMember.html
  • /data/media/####/teamMember.js
  • /data/media/####/teamMemberTask.html
  • /data/media/####/teamMemberTask.js
  • /data/media/####/teamProDetail.html
  • /data/media/####/teamTask.css
  • /data/media/####/teamTask.html
  • /data/media/####/teamTask.js
  • /data/media/####/team_income_icon.png
  • /data/media/####/team_info.png
  • /data/media/####/team_menber.png
  • /data/media/####/team_search.html
  • /data/media/####/team_task.png
  • /data/media/####/teaminfo.html
  • /data/media/####/tel.png
  • /data/media/####/test.log
  • /data/media/####/time.png
  • /data/media/####/titlelogo.png
  • /data/media/####/toggle.png
  • /data/media/####/topSearch.png
  • /data/media/####/transfer.css
  • /data/media/####/transfer.html
  • /data/media/####/transfer.js
  • /data/media/####/transferSuccess.html
  • /data/media/####/uploadDiary.html
  • /data/media/####/uploadDiary.js
  • /data/media/####/uploadPaper.html
  • /data/media/####/uploadPaper.js
  • /data/media/####/uploadQualification.html
  • /data/media/####/uploadQualification.js
  • /data/media/####/useCoupons.html
  • /data/media/####/user-center-guide.png
  • /data/media/####/user-center-page-img.jpg
  • /data/media/####/userCenter.css
  • /data/media/####/userInfo.css
  • /data/media/####/userInfo.js
  • /data/media/####/v1.png
  • /data/media/####/v2.png
  • /data/media/####/v3.png
  • /data/media/####/v4.png
  • /data/media/####/v5.png
  • /data/media/####/verifIdentity.html
  • /data/media/####/verifIdentityCode.html
  • /data/media/####/verifMethod.html
  • /data/media/####/version.html
  • /data/media/####/viewhistory.html
  • /data/media/####/voucher.html
  • /data/media/####/voucher.js
  • /data/media/####/w_bank.png
  • /data/media/####/w_bottom.png
  • /data/media/####/w_detail.png
  • /data/media/####/w_detail_2.png
  • /data/media/####/w_doing.png
  • /data/media/####/w_index(1).png
  • /data/media/####/w_index.png
  • /data/media/####/w_money.png
  • /data/media/####/w_nameAuthen.png
  • /data/media/####/w_network.png
  • /data/media/####/w_notRule5_5.png
  • /data/media/####/w_notRule_1.png
  • /data/media/####/w_notRule_2.png
  • /data/media/####/w_notRule_3.png
  • /data/media/####/w_notRule_4.png
  • /data/media/####/w_notRule_5.png
  • /data/media/####/w_proDetail.png
  • /data/media/####/w_qd.png
  • /data/media/####/w_rule5_5.png
  • /data/media/####/w_rule_1.png
  • /data/media/####/w_rule_2.png
  • /data/media/####/w_rule_3.png
  • /data/media/####/w_rule_4.png
  • /data/media/####/w_rule_5.png
  • /data/media/####/w_sign.png
  • /data/media/####/w_submit.png
  • /data/media/####/w_submitLog.png
  • /data/media/####/waitCheck.png
  • /data/media/####/wallet.png
  • /data/media/####/weixin-icon.png
  • /data/media/####/weixin.png
  • /data/media/####/white-zan.png
  • /data/media/####/withdrawalsSuccess.html
  • /data/media/####/worker.png
  • /data/media/####/workerCetificate.html
  • /data/media/####/workerCitySelc.js
  • /data/media/####/workerExpPage.html
  • /data/media/####/workerExpPage.js
  • /data/media/####/workerMsg.css
  • /data/media/####/workerMsg.js
  • /data/media/####/workerProSearch.html
  • /data/media/####/worker_exp.png
  • /data/media/####/worker_guide_1.jpg
  • /data/media/####/worker_guide_2.jpg
  • /data/media/####/worker_guide_3.jpg
  • /data/media/####/worker_pri.png
  • /data/media/####/worker_pro_empty1.png
  • /data/media/####/worker_project_empty.png
  • /data/media/####/xiadan.png
  • /data/media/####/year.png
  • /data/media/####/zan-active.png
  • /data/media/####/zan.png
  • /data/media/####/zhekou_icon.png
  • /data/media/####/zixun_active.png
  • /data/media/####/zonghe01.png
  • /data/media/####/zonghe02.png
  • /data/media/####/zs.png
  • /data/media/####/zzsc.css
Miscellaneous:
Executes the following shell scripts:
  • /system/bin/sh -c getprop ro.aa.romver
  • /system/bin/sh -c getprop ro.board.platform
  • /system/bin/sh -c getprop ro.build.fingerprint
  • /system/bin/sh -c getprop ro.build.nubia.rom.name
  • /system/bin/sh -c getprop ro.build.rom.id
  • /system/bin/sh -c getprop ro.build.tyd.kbstyle_version
  • /system/bin/sh -c getprop ro.build.version.emui
  • /system/bin/sh -c getprop ro.build.version.opporom
  • /system/bin/sh -c getprop ro.gn.gnromvernumber
  • /system/bin/sh -c getprop ro.lenovo.series
  • /system/bin/sh -c getprop ro.lewa.version
  • /system/bin/sh -c getprop ro.meizu.product.model
  • /system/bin/sh -c getprop ro.miui.ui.version.name
  • /system/bin/sh -c getprop ro.vivo.os.build.display.id
  • /system/bin/sh -c type su
  • <Package Folder>/files/gdaemon_20161017 0 <Package>/io.dcloud.feature.apsGt.GTNormalPushService 24250 300 0
  • chmod 700 <Package Folder>/files/gdaemon_20161017
  • chmod 700 <Package Folder>/tx_shell/libnfix.so
  • chmod 700 <Package Folder>/tx_shell/libshella-2.9.1.2.so
  • chmod 700 <Package Folder>/tx_shell/libufix.so
  • getprop ro.aa.romver
  • getprop ro.board.platform
  • getprop ro.build.fingerprint
  • getprop ro.build.nubia.rom.name
  • getprop ro.build.rom.id
  • getprop ro.build.tyd.kbstyle_version
  • getprop ro.build.version.emui
  • getprop ro.build.version.opporom
  • getprop ro.gn.gnromvernumber
  • getprop ro.lenovo.series
  • getprop ro.lewa.version
  • getprop ro.meizu.product.model
  • getprop ro.miui.ui.version.name
  • getprop ro.vivo.os.build.display.id
  • getprop ro.yunos.version
  • logcat -d -v threadtime
  • sh <Package Folder>/files/gdaemon_20161017 0 <Package>/io.dcloud.feature.apsGt.GTNormalPushService 24250 300 0
Loads the following dynamic libraries:
  • Bugly
  • getuiext3
  • libnfix
  • libshella-2.9.1.2
  • libufix
  • nfix
  • ufix
Uses the following algorithms to encrypt data:
  • AES-CBC-PKCS5Padding
  • AES-GCM-NoPadding
  • RSA-ECB-PKCS1Padding
  • RSA-NONE-OAEPWithSHA1AndMGF1Padding
Uses the following algorithms to decrypt data:
  • AES-GCM-NoPadding
Uses special library to hide executable bytecode.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Gets information about installed apps.
Adds tasks to the system scheduler.
Displays its own windows over windows of other apps.

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play