https://www.reasoncoresecurity.com/rs.exe-eea3ca9cba99b8dd699e4235cdc94a2f2d17a2e1.aspx
Ovo su sve vektori napada preko kojih se prostire internetom:
Informacije su preuzete sa sajta http://urlquery.net/report.php?id=1451304176292
Fajl HY_Setup_duba04.exe (oko 20 MB) je veoma nezgodno ukloniti, a ne prepoznaje ga ni jedan antimalver ili antivirus !!!
Ne prepoznaje ga čak ni Kaspersky, ni Malwarebyte, budite veoma oprezni !!!
Evo listinga sa sajta VIRUSTOTAL:
https://www.virustotal.com/en/ip-address/94.242.253.86/information/
![]()
LU
Ovo su sve vektori napada preko kojih se prostire internetom:
Recent reports on same IP/ASN/Domain
Last 6 reports on IP: 94.242.253.86
| Date | UQ / IDS / BL | URL | IP |
|---|---|---|---|
| 2016-01-05 07:59:34 | 0 - 0 - 1 | down.baidu2016.com/qq/ADSafe.30619-12.exe |  94.242.253.86 |
| 2016-01-05 07:54:22 | 0 - 0 - 1 | down.baidu2016.com/qq/MTViewbuildmtview_295.exe | 94.242.253.86 |
| 2016-01-05 07:54:06 | 0 - 2 - 1 | down.baidu2016.com/qq/st_41.exe | 94.242.253.86 |
| 2016-01-04 20:20:54 | 0 - 2 - 1 | down.baidu2016.com/qq/MTViewbuildmtview_295.exe | 94.242.253.86 |
| 2016-01-04 17:35:38 | 0 - 0 - 3 | down.baidu2016.com/qq/HY_Setup_duba04.exe | 94.242.253.86 |
| 2016-01-04 13:45:42 | 0 - 0 - 3 | down.baidu2016.com/qq/test.txt | 94.242.253.86 |
Last 6 reports on ASN: AS5577 root SA
| Date | UQ / IDS / BL | URL | IP |
|---|---|---|---|
| 2016-01-05 08:28:37 | 0 - 2 - 0 | urlsbitsids.com/invitation.exe | 94.242.222.100 |
| 2016-01-05 07:59:34 | 0 - 0 - 1 | down.baidu2016.com/qq/ADSafe.30619-12.exe | 94.242.253.86 |
| 2016-01-05 07:54:22 | 0 - 0 - 1 | down.baidu2016.com/qq/MTViewbuildmtview_295.exe | 94.242.253.86 |
| 2016-01-05 07:54:06 | 0 - 2 - 1 | down.baidu2016.com/qq/st_41.exe | 94.242.253.86 |
| 2016-01-04 22:30:48 | 0 - 1 - 0 | depositfiles.com/files/a9601qt1y | 94.242.227.147 |
| 2016-01-04 20:20:54 | 0 - 2 - 1 | down.baidu2016.com/qq/MTViewbuildmtview_295.exe | 94.242.253.86 |
Last 6 reports on domain: down.baidu2016.com
| Date | UQ / IDS / BL | URL | IP |
|---|---|---|---|
| 2016-01-05 07:59:34 | 0 - 0 - 1 | down.baidu2016.com/qq/ADSafe.30619-12.exe | 94.242.253.86 |
| 2016-01-05 07:54:22 | 0 - 0 - 1 | down.baidu2016.com/qq/MTViewbuildmtview_295.exe | 94.242.253.86 |
| 2016-01-05 07:54:06 | 0 - 2 - 1 | down.baidu2016.com/qq/st_41.exe | 94.242.253.86 |
| 2016-01-04 20:20:54 | 0 - 2 - 1 | down.baidu2016.com/qq/MTViewbuildmtview_295.exe | 94.242.253.86 |
| 2016-01-04 17:35:38 | 0 - 0 - 3 | down.baidu2016.com/qq/HY_Setup_duba04.exe | 94.242.253.86 |
| 2016-01-04 13:45:42 | 0 - 0 - 3 | down.baidu2016.com/qq/test.txt | 94.242.253.86 |
Informacije su preuzete sa sajta http://urlquery.net/report.php?id=1451304176292
Fajl HY_Setup_duba04.exe (oko 20 MB) je veoma nezgodno ukloniti, a ne prepoznaje ga ni jedan antimalver ili antivirus !!!
Ne prepoznaje ga čak ni Kaspersky, ni Malwarebyte, budite veoma oprezni !!!
Evo listinga sa sajta VIRUSTOTAL:
https://www.virustotal.com/en/ip-address/94.242.253.86/information/
94.242.253.86 IP address information
Geolocation
Country
Autonomous System
5577 (root SA)
Passive DNS replication
VirusTotal's passive DNS only stores address records. The following domains resolved to the given IP address.
2015-10-18 asp.baidu2016.com
2015-09-21 down.baidu2016.com
Latest detected URLs
Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset.
7/66 2016-01-05 06:52:31 http://down.baidu2016.com/qq/ADSafe.30619-12.exe
6/66 2016-01-05 06:51:57 http://down.baidu2016.com/qq/MTViewbuildmtview_295.exe
9/66 2016-01-05 06:51:05 http://down.baidu2016.com/qq/st_41.exe
6/66 2016-01-05 06:50:46 http://down.baidu2016.com/qq/test.txt
6/66 2016-01-04 16:34:18 http://down.baidu2016.com/qq/hy_setup_duba04.exe
5/66 2016-01-04 12:19:45 http://down.baidu2016.com/qq/ADSafe.30619-10.exe
5/66 2016-01-02 10:07:29 http://down.baidu2016.com/qq/qqpcmgr_v10.11.16575.227_8881512_Silence.exe
6/66 2016-01-01 18:56:27 http://down.baidu2016.com/qq/adsafe.30619-9.exe
6/66 2016-01-01 18:39:56 http://down.baidu2016.com/qq/qqpcmgr_v11.1.16923.222_72547_silence.exe
8/66 2016-01-01 18:37:06 http://down.baidu2016.com/qq/ADSafe.30619-9.exe
Ova napast napada uglavnom Windows 7 Professional operativne sisteme, zato je bolje da predjete što pre na Windows 8.1 ili Windows 10.
Ne pomaže ni ako imate update-ovan Windows 7 Pro, a Windows Defender ga takodje ne prepoznaje kao pretnju, kao ni bilo koji drugi antivirus ili antimalver.
Obično se širi preko utorrent aplikacije ili freeware download sajtova.
Ukoliko imate fajl C:\Program Files\intel\rs.exe ili C:\Program Files (x86)\intel\rs.exe znači da ćete uskoro zapatiti sve one gore navedene napasti, koje se veoma teško uklanjaju (uglavnom ručno, jedan po jedan), jer ih antivirusi ne prepoznaju kao pretnju. Izvor infekcije obično počinje u TEMP folderu, zato CCleaner-om redovno čistite kompjuter.
Ova napast napada uglavnom Windows 7 Professional operativne sisteme, zato je bolje da predjete što pre na Windows 8.1 ili Windows 10.
Ne pomaže ni ako imate update-ovan Windows 7 Pro, a Windows Defender ga takodje ne prepoznaje kao pretnju, kao ni bilo koji drugi antivirus ili antimalver.
Obično se širi preko utorrent aplikacije ili freeware download sajtova.
Ukoliko imate fajl C:\Program Files\intel\rs.exe ili C:\Program Files (x86)\intel\rs.exe znači da ćete uskoro zapatiti sve one gore navedene napasti, koje se veoma teško uklanjaju (uglavnom ručno, jedan po jedan), jer ih antivirusi ne prepoznaju kao pretnju. Izvor infekcije obično počinje u TEMP folderu, zato CCleaner-om redovno čistite kompjuter.
