Защити созданное

Другие наши ресурсы

  • free.drweb.uz — бесплатные утилиты, плагины, информеры
  • av-desk.com — интернет-сервис для поставщиков услуг Dr.Web AV-Desk
  • curenet.drweb.uz — сетевая лечащая утилита Dr.Web CureNet!
  • www.drweb.uz/web-iq — ВебIQметр
Закрыть

Библиотека
Моя библиотека

Чтобы добавить ресурс в библиотеку, войдите в аккаунт.

+ Добавить в библиотеку

Ресурсов: -

Последний: -

Моя библиотека

Поиск

Поиск

Поддержка
Круглосуточная поддержка | Правила обращения

Напишите

Запрос через форму

Позвоните

Бесплатно по России:
8-800-333-79-32

ЧаВо | Форум

Ваши запросы

  • Все: -
  • Незакрытые: -
  • Последний: -
Создать новый запрос Частые вопросы

Позвоните

Бесплатно по России:
8-800-333-79-32

Свяжитесь с нами Незакрытые запросы: 

Профиль

Профиль

UZ

RU CN DE EN ES FR IT JP KZ UZ PL BY
Закрыть
Сервисы
Сканеры
Dr.Web vxCube
Демо
Экспертиза ВКИ
Вирусная библиотека
База знаний

Технологии

Термины

Обучение и просвещение

Мифы

Новости

Trojan.Encoder.31606

Добавлен в вирусную базу Dr.Web: 2020-04-21

Описание добавлено:

Technical Information

To ensure autorun and distribution
Modifies the following registry keys
  • [<HKLM>\Software\Classes\.waiting\shell\open\command] '' = '<SYSTEM32>\mshta.exe "C:\ReadMe.hta"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] 'open' = '"C:\ReadMe.hta"'
Infects the following executable files
  • %ProgramFiles(x86)%\microsoft office\office14\grooveex.dll tzwsvuoy7.waiting
Creates the following files on removable media
  • <Drive name for removable media>:\delete.avi
  • <Drive name for removable media>:\join.avi
  • <Drive name for removable media>:\default.bmp
  • <Drive name for removable media>:\tileimage.bmp
  • <Drive name for removable media>:\dashborder_96.bmp
  • <Drive name for removable media>:\dashborder_144.bmp
  • <Drive name for removable media>:\dashborder_120.bmp
  • <Drive name for removable media>:\dashborder_192.bmp
  • <Drive name for removable media>:\sdkfailsafeemulator.cer
  • <Drive name for removable media>:\testcertificate.cer
  • <Drive name for removable media>:\sdksampleprivdeveloper.cer
  • <Drive name for removable media>:\pmd.cer
  • <Drive name for removable media>:\508softwareandos.doc
  • <Drive name for removable media>:\ovp25012015.doc
Malicious functions
Injects code into
the following system processes:
  • %WINDIR%\explorer.exe
Terminates or attempts to terminate
the following user processes:
  • firefox.exe
Modifies file system
Creates the following files
  • %WINDIR%\utox.exe
  • %ProgramFiles%\a2scan\readme.hta
  • C:\far2\addons\colors\readme.hta
  • C:\users\default\appdata\readme.hta
  • %PROGRAMDATA%\adobe\arm\{291aa914-a987-4ce9-bd63-ac0a92d435e5}\readme.hta
  • %ProgramFiles%\a2start\readme.hta
  • %ProgramFiles(x86)%\windows media player\readme.hta
  • %PROGRAMDATA%\microsoft\readme.hta
  • %PROGRAMDATA%\adobe\arm\reader_15.008.20082\readme.hta
  • %ProgramFiles%\agb5\readme.hta
  • %CommonProgramFiles(x86)%\adobe\arm\readme.hta
  • C:\users\all users\microsoft help\hx_1033_mtoc_hx.hxh tzwsvuoy7.waiting
  • C:\users\default user\readme.hta
  • %ProgramFiles(x86)%\k-lite codec pack\readme.hta
  • C:\users\all users\microsoft help\hx_1033_mkwd_namedurl.hxw tzwsvuoy7.waiting
  • %ProgramFiles(x86)%\internet explorer\signup\readme.hta
  • %ProgramFiles(x86)%\windows sidebar\readme.hta
  • C:\system volume information\spp\readme.hta
  • %ProgramFiles(x86)%\google\update\readme.hta
  • C:\users\all users\ntuser.pol tzwsvuoy7.waiting
  • C:\users\all users\microsoft help\hx_1033_mkwd_k.hxw tzwsvuoy7.waiting
  • %CommonProgramFiles(x86)%\adobe\readme.hta
  • %CommonProgramFiles(x86)%\speechengines\readme.hta
  • %ProgramFiles%\aavshield\readme.hta
  • %ProgramFiles%\ageofconan\readme.hta
  • %ProgramFiles(x86)%\mirc\defaults\readme.hta
  • %CommonProgramFiles(x86)%\adobe\reader\readme.hta
  • C:\msocache\all users\{90140000-0018-0409-1000-0000000ff1ce}-c\readme.hta
  • %ProgramFiles%\a2wizard\readme.hta
  • %ProgramFiles(x86)%\k-lite codec pack\filters\readme.hta
  • %CommonProgramFiles(x86)%\microsoft shared\help\1036\readme.hta
  • %ProgramFiles(x86)%\k-lite codec pack\icons\readme.hta
  • %CommonProgramFiles(x86)%\steam\readme.hta
  • %ProgramFiles(x86)%\uninstall information\readme.hta
  • %CommonProgramFiles(x86)%\adobe\acrobat\readme.hta
  • %CommonProgramFiles(x86)%\services\readme.hta
  • %CommonProgramFiles(x86)%\microsoft shared\information retrieval\readme.hta
  • %PROGRAMDATA%\adobe\arm\reader_15.007.20033\readme.hta
  • %ProgramFiles(x86)%\mirc\readme.hta
  • %CommonProgramFiles(x86)%\microsoft shared\msenv\readme.hta
  • C:\users\all users\templates\readme.hta
  • C:\users\all users\microsoft help\ms.dexplore.hxn tzwsvuoy7.waiting
  • C:\users\default\application data\readme.hta
  • %ProgramFiles(x86)%\msbuild\readme.hta
  • %ProgramFiles(x86)%\internet explorer\en-us\readme.hta
  • %ProgramFiles(x86)%\k-lite codec pack\icaros\readme.hta
  • C:\users\all users\microsoft help\hx_1033_mvalidator.hxd tzwsvuoy7.waiting
  • %CommonProgramFiles(x86)%\readme.hta
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\esl\readme.hta
  • %ProgramFiles%\a2cmd\readme.hta
  • D:\system volume information\readme.hta
  • %PROGRAMDATA%\documents\readme.hta
  • %ProgramFiles(x86)%\adobe\readme.hta
  • C:\perflogs\admin\readme.hta
  • %PROGRAMDATA%\desktop\readme.hta
  • C:\recovery\readme.hta
  • C:\perflogs\readme.hta
  • C:\msocache\readme.hta
  • %PROGRAMDATA%\favorites\readme.hta
  • %PROGRAMDATA%\application data\readme.hta
  • <Current directory>\readme.hta
  • C:\$recycle.bin\s-1-5-21-1960123792-2022915161-3775307078-1001\readme.hta
  • D:\$recycle.bin\s-1-5-21-1960123792-2022915161-3775307078-1001\readme.hta
  • C:\$recycle.bin\readme.hta
  • D:\$recycle.bin\readme.hta
  • D:\readme.hta
  • C:\documents and settings\readme.hta
  • %WINDIR%\rwjfk.bat
  • %WINDIR%\pghdn.txt
  • C:\readme.hta
  • %ProgramFiles%\a2service\readme.hta
  • %ProgramFiles(x86)%\google\readme.hta
  • %ProgramFiles%\360tray\readme.hta
  • C:\msocache\all users\{90140000-0016-0409-1000-0000000ff1ce}-c\readme.hta
  • %PROGRAMDATA%\adobe\setup\readme.hta
  • C:\users\all users\microsoft help\hx.hxn tzwsvuoy7.waiting
  • %ProgramFiles(x86)%\internet explorer\readme.hta
  • %ProgramFiles(x86)%\microsoft.net\readme.hta
  • %CommonProgramFiles(x86)%\microsoft shared\readme.hta
  • %CommonProgramFiles(x86)%\microsoft shared\dao\readme.hta
  • C:\msocache\all users\readme.hta
  • C:\far2\addons\readme.hta
  • %ProgramFiles(x86)%\readme.hta
  • %ProgramFiles%\a2upd\readme.hta
  • %PROGRAMDATA%\mozilla\readme.hta
  • C:\users\all users\microsoft toolkit\settings.xml tzwsvuoy7.waiting
  • %PROGRAMDATA%\adobe\readme.hta
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\readme.hta
  • %PROGRAMDATA%\microsoft toolkit\readme.hta
  • %PROGRAMDATA%\adobe\arm\readme.hta
  • %CommonProgramFiles(x86)%\java\readme.hta
  • C:\recovery\1195d5a8-f371-11e4-9c00-dd3082671db2\readme.hta
  • %ProgramFiles%\a2guard\readme.hta
  • %ProgramFiles%\a2hijackfree\readme.hta
  • %PROGRAMDATA%\microsoft\assistance\readme.hta
Moves the following files
  • from %ProgramFiles(x86)%\desktop.ini to %ProgramFiles(x86)%\desktop.ini tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\k-lite codec pack\filters\ffdshow64\ffvdub.vdf to %ProgramFiles(x86)%\k-lite codec pack\filters\ffdshow64\ffvdub.vdf tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\opera\assets\70x70logo.scale-100_contrast-white.png to %ProgramFiles(x86)%\opera\assets\70x70logo.scale-100_contrast-white.png tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\qip 2012\core\voip.dll to %ProgramFiles(x86)%\qip 2012\core\voip.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\opera\29.0.1795.47\message_center_win8.dll to %ProgramFiles(x86)%\opera\29.0.1795.47\message_center_win8.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\adobe.reader.dependencies.manifest to %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\adobe.reader.dependencies.manifest tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\k-lite codec pack\filters\ffdshow64\ff_libdts.dll to %ProgramFiles(x86)%\k-lite codec pack\filters\ffdshow64\ff_libdts.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\pidgin\libymsg.dll to %ProgramFiles(x86)%\pidgin\libymsg.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\qip 2012\langs\slovak.dll to %ProgramFiles(x86)%\qip 2012\langs\slovak.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\qip 2012\langs\russian.dll to %ProgramFiles(x86)%\qip 2012\langs\russian.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\adelrcp.exe to %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\adelrcp.exe tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\opera\assets\70x70logo.scale-140.png to %ProgramFiles(x86)%\opera\assets\70x70logo.scale-140.png tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\opera\29.0.1795.47\msvcp100.dll to %ProgramFiles(x86)%\opera\29.0.1795.47\msvcp100.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\pidgin\nss3.dll to %ProgramFiles(x86)%\pidgin\nss3.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\opera\assets\70x70logo.scale-140_contrast-white.png to %ProgramFiles(x86)%\opera\assets\70x70logo.scale-140_contrast-white.png tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\qip 2012\langs\spanish.dll to %ProgramFiles(x86)%\qip 2012\langs\spanish.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\microsoft office\office14\authzax.dll to %ProgramFiles(x86)%\microsoft office\office14\authzax.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\k-lite codec pack\icaros\resources\icarosdescriptions.propdesc to %ProgramFiles(x86)%\k-lite codec pack\icaros\resources\icarosdescriptions.propdesc tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\qip 2012\core\voip_cz.dll to %ProgramFiles(x86)%\qip 2012\core\voip_cz.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\k-lite codec pack\filters\ffdshow\ffmpeg.dll to %ProgramFiles(x86)%\k-lite codec pack\filters\ffdshow\ffmpeg.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\k-lite codec pack\filters\ffdshow\ffdshow.ax to %ProgramFiles(x86)%\k-lite codec pack\filters\ffdshow\ffdshow.ax tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\k-lite codec pack\icaros\64-bit\avcodec-ics-56.dll to %ProgramFiles(x86)%\k-lite codec pack\icaros\64-bit\avcodec-ics-56.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\opera\assets\70x70logo.scale-100.png to %ProgramFiles(x86)%\opera\assets\70x70logo.scale-100.png tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\pidgin\libxml2-2.dll to %ProgramFiles(x86)%\pidgin\libxml2-2.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\qip 2012\core\vistavolume.dll to %ProgramFiles(x86)%\qip 2012\core\vistavolume.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\opera\assets\150x150logo.scale-180_contrast-white.png to %ProgramFiles(x86)%\opera\assets\150x150logo.scale-180_contrast-white.png tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\qip 2012\langs\german.dll to %ProgramFiles(x86)%\qip 2012\langs\german.dll tzwsvuoy7.waiting
  • from %ProgramFiles%\almon\almon.exe to %ProgramFiles%\almon\almon.exe tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\opera\29.0.1795.47\libegl.dll to %ProgramFiles(x86)%\opera\29.0.1795.47\libegl.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\opera\assets\150x150logo.scale-80.png to %ProgramFiles(x86)%\opera\assets\150x150logo.scale-80.png tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\qip 2012\core\openssleay32.dll to %ProgramFiles(x86)%\qip 2012\core\openssleay32.dll tzwsvuoy7.waiting
  • from %ProgramFiles%\alsvc\alsvc.exe to %ProgramFiles%\alsvc\alsvc.exe tzwsvuoy7.waiting
  • from %ProgramFiles%\ashwebsv\ashwebsv.exe to %ProgramFiles%\ashwebsv\ashwebsv.exe tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\k-lite codec pack\filters\ffdshow64\ffdshow.ax to %ProgramFiles(x86)%\k-lite codec pack\filters\ffdshow64\ffdshow.ax tzwsvuoy7.waiting
  • from %ProgramFiles%\admunch\admunch.exe to %ProgramFiles%\admunch\admunch.exe tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\pidgin\libssp-0.dll to %ProgramFiles(x86)%\pidgin\libssp-0.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\qip 2012\langs\kazakh.dll to %ProgramFiles(x86)%\qip 2012\langs\kazakh.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\opera\29.0.1795.47\libglesv2.dll to %ProgramFiles(x86)%\opera\29.0.1795.47\libglesv2.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\acrosup64.dll to %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\acrosup64.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\adobe\acrobat reader dc\resource\enutxt.pdf to %ProgramFiles(x86)%\adobe\acrobat reader dc\resource\enutxt.pdf tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\opera\assets\150x150logo.scale-80_contrast-white.png to %ProgramFiles(x86)%\opera\assets\150x150logo.scale-80_contrast-white.png tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\qip 2012\core\sqlite3.dll to %ProgramFiles(x86)%\qip 2012\core\sqlite3.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\k-lite codec pack\filters\ffdshow64\ffmpeg.dll to %ProgramFiles(x86)%\k-lite codec pack\filters\ffdshow64\ffmpeg.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\qip 2012\langs\portuguese.dll to %ProgramFiles(x86)%\qip 2012\langs\portuguese.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\acrotextextractor.exe to %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\acrotextextractor.exe tzwsvuoy7.waiting
  • from %ProgramFiles%\amon\amon.exe to %ProgramFiles%\amon\amon.exe tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\k-lite codec pack\filters\haali\cue2xml.js to %ProgramFiles(x86)%\k-lite codec pack\filters\haali\cue2xml.js tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\adobecollabsync.exe to %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\adobecollabsync.exe tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\google\update\1.3.26.9\googlecrashhandler.exe to %ProgramFiles(x86)%\google\update\1.3.26.9\googlecrashhandler.exe tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\pidgin\gtk\contents to %ProgramFiles(x86)%\pidgin\gtk\contents tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\k-lite codec pack\filters\ffdshow64\ff_libmad.dll to %ProgramFiles(x86)%\k-lite codec pack\filters\ffdshow64\ff_libmad.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\k-lite codec pack\filters\haali\gdsmux.exe to %ProgramFiles(x86)%\k-lite codec pack\filters\haali\gdsmux.exe tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\microsoft office\office14\ieawsdc.dll to %ProgramFiles(x86)%\microsoft office\office14\ieawsdc.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\google\update\1.3.26.9\googleupdatebroker.exe to %ProgramFiles(x86)%\google\update\1.3.26.9\googleupdatebroker.exe tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\k-lite codec pack\icaros\32-bit\avutil-ics-54.dll to %ProgramFiles(x86)%\k-lite codec pack\icaros\32-bit\avutil-ics-54.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\k-lite codec pack\icaros\64-bit\icarospropertyhandler.dll to %ProgramFiles(x86)%\k-lite codec pack\icaros\64-bit\icarospropertyhandler.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe to %ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\opera\assets\70x70logo.scale-80.png to %ProgramFiles(x86)%\opera\assets\70x70logo.scale-80.png tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\k-lite codec pack\info\faq.css to %ProgramFiles(x86)%\k-lite codec pack\info\faq.css tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\qip 2012\core\voip_fr.dll to %ProgramFiles(x86)%\qip 2012\core\voip_fr.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\k-lite codec pack\filters\ffdshow64\ff_samplerate.dll to %ProgramFiles(x86)%\k-lite codec pack\filters\ffdshow64\ff_samplerate.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\adoberfp.dll to %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\adoberfp.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\pidgin\gtk\bin\gdk-pixbuf-query-loaders.exe to %ProgramFiles(x86)%\pidgin\gtk\bin\gdk-pixbuf-query-loaders.exe tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\pidgin\pidgin.dll to %ProgramFiles(x86)%\pidgin\pidgin.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\k-lite codec pack\info\faq.htm to %ProgramFiles(x86)%\k-lite codec pack\info\faq.htm tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\k-lite codec pack\filters\ffdshow\ff_kerneldeint.dll to %ProgramFiles(x86)%\k-lite codec pack\filters\ffdshow\ff_kerneldeint.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\mirc\defaults\scripts\aliases.ini to %ProgramFiles(x86)%\mirc\defaults\scripts\aliases.ini tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\k-lite codec pack\icaros\32-bit\icarospropertyhandler.dll to %ProgramFiles(x86)%\k-lite codec pack\icaros\32-bit\icarospropertyhandler.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\opera\assets\70x70logo.scale-80_contrast-white.png to %ProgramFiles(x86)%\opera\assets\70x70logo.scale-80_contrast-white.png tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\k-lite codec pack\filters\haali\mkunicode.dll to %ProgramFiles(x86)%\k-lite codec pack\filters\haali\mkunicode.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\k-lite codec pack\icaros\64-bit\icarosthumbnailprovider.dll to %ProgramFiles(x86)%\k-lite codec pack\icaros\64-bit\icarosthumbnailprovider.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\pidgin\pidgin-uninst.exe to %ProgramFiles(x86)%\pidgin\pidgin-uninst.exe tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\adobelinguistic.dll to %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\adobelinguistic.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\pidgin\gtk\bin\freetype6.dll to %ProgramFiles(x86)%\pidgin\gtk\bin\freetype6.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\k-lite codec pack\filters\ffdshow\ffvdub.vdf to %ProgramFiles(x86)%\k-lite codec pack\filters\ffdshow\ffvdub.vdf tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\k-lite codec pack\icaros\32-bit\avcodec-ics-56.dll to %ProgramFiles(x86)%\k-lite codec pack\icaros\32-bit\avcodec-ics-56.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\pidgin\nssutil3.dll to %ProgramFiles(x86)%\pidgin\nssutil3.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\qip 2012\langs\ukrainian.dll to %ProgramFiles(x86)%\qip 2012\langs\ukrainian.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\qip 2012\core\voip_de.dll to %ProgramFiles(x86)%\qip 2012\core\voip_de.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\mozilla firefox\browser\blocklist.xml to %ProgramFiles(x86)%\mozilla firefox\browser\blocklist.xml tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\opera\29.0.1795.47\msvcr100.dll to %ProgramFiles(x86)%\opera\29.0.1795.47\msvcr100.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\k-lite codec pack\icaros\64-bit\avformat-ics-56.dll to %ProgramFiles(x86)%\k-lite codec pack\icaros\64-bit\avformat-ics-56.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\google\update\1.3.26.9\googlecrashhandler64.exe to %ProgramFiles(x86)%\google\update\1.3.26.9\googlecrashhandler64.exe tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\opera\assets\70x70logo.scale-180.png to %ProgramFiles(x86)%\opera\assets\70x70logo.scale-180.png tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\microsoft office\office14\bcslaunch.dll to %ProgramFiles(x86)%\microsoft office\office14\bcslaunch.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\k-lite codec pack\filters\ffdshow64\ff_libfaad2.dll to %ProgramFiles(x86)%\k-lite codec pack\filters\ffdshow64\ff_libfaad2.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\qip 2012\core\voip_es.dll to %ProgramFiles(x86)%\qip 2012\core\voip_es.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\mozilla firefox\browser\chrome.manifest to %ProgramFiles(x86)%\mozilla firefox\browser\chrome.manifest tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\k-lite codec pack\filters\haali\dsmux.exe to %ProgramFiles(x86)%\k-lite codec pack\filters\haali\dsmux.exe tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\opera\29.0.1795.47\natives_blob.bin to %ProgramFiles(x86)%\opera\29.0.1795.47\natives_blob.bin tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\k-lite codec pack\icaros\32-bit\avformat-ics-56.dll to %ProgramFiles(x86)%\k-lite codec pack\icaros\32-bit\avformat-ics-56.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\google\update\1.3.26.9\googleupdate.exe to %ProgramFiles(x86)%\google\update\1.3.26.9\googleupdate.exe tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\microsoft office\office14\grooveex.dll to %ProgramFiles(x86)%\microsoft office\office14\grooveex.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\k-lite codec pack\icaros\64-bit\avutil-ics-54.dll to %ProgramFiles(x86)%\k-lite codec pack\icaros\64-bit\avutil-ics-54.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\opera\assets\70x70logo.scale-180_contrast-white.png to %ProgramFiles(x86)%\opera\assets\70x70logo.scale-180_contrast-white.png tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\k-lite codec pack\info\contents.rtf to %ProgramFiles(x86)%\k-lite codec pack\info\contents.rtf tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\qip 2012\core\voip_kk.dll to %ProgramFiles(x86)%\qip 2012\core\voip_kk.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\acrord32res.dll to %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\acrord32res.dll tzwsvuoy7.waiting
  • from %ProgramFiles%\airdefense\airdefense.exe to %ProgramFiles%\airdefense\airdefense.exe tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\microsoft office\office10\ucscribe.dll to %ProgramFiles(x86)%\microsoft office\office10\ucscribe.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\mozilla firefox\breakpadinjector.dll to %ProgramFiles(x86)%\mozilla firefox\breakpadinjector.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\mozilla thunderbird\accessiblemarshal.dll to %ProgramFiles(x86)%\mozilla thunderbird\accessiblemarshal.dll tzwsvuoy7.waiting
  • from %ProgramFiles%\agb5\agb5.exe to %ProgramFiles%\agb5\agb5.exe tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\pidgin\libnspr4.dll to %ProgramFiles(x86)%\pidgin\libnspr4.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\mozilla thunderbird\application.ini to %ProgramFiles(x86)%\mozilla thunderbird\application.ini tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\ace.dll to %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\ace.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\k-lite codec pack\icaros\ffmpeg license.txt to %ProgramFiles(x86)%\k-lite codec pack\icaros\ffmpeg license.txt tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\mirc\readme.txt to %ProgramFiles(x86)%\mirc\readme.txt tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\a3dutils.dll to %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\a3dutils.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\pidgin\libmeanwhile-1.dll to %ProgramFiles(x86)%\pidgin\libmeanwhile-1.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\mozilla thunderbird\blocklist.xml to %ProgramFiles(x86)%\mozilla thunderbird\blocklist.xml tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\k-lite codec pack\icaros\icaros license.txt to %ProgramFiles(x86)%\k-lite codec pack\icaros\icaros license.txt tzwsvuoy7.waiting
  • from %ProgramFiles%\ageofconan\ageofconan.exe to %ProgramFiles%\ageofconan\ageofconan.exe tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\pidgin\liboscar.dll to %ProgramFiles(x86)%\pidgin\liboscar.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\mirc\uninstall.exe to %ProgramFiles(x86)%\mirc\uninstall.exe tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\mozilla thunderbird\breakpadinjector.dll to %ProgramFiles(x86)%\mozilla thunderbird\breakpadinjector.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\msbuild\microsoft.office.infopath.targets to %ProgramFiles(x86)%\msbuild\microsoft.office.infopath.targets tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\acrobroker.exe to %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\acrobroker.exe tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\k-lite codec pack\icons\config.ico to %ProgramFiles(x86)%\k-lite codec pack\icons\config.ico tzwsvuoy7.waiting
  • from %ProgramFiles%\a2start\a2start.exe to %ProgramFiles%\a2start\a2start.exe tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\mozilla firefox\crashreporter.exe to %ProgramFiles(x86)%\mozilla firefox\crashreporter.exe tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\internet explorer\signup\install.ins to %ProgramFiles(x86)%\internet explorer\signup\install.ins tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\mirc\mirc.exe to %ProgramFiles(x86)%\mirc\mirc.exe tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\mozilla firefox\application.ini to %ProgramFiles(x86)%\mozilla firefox\application.ini tzwsvuoy7.waiting
  • from %ProgramFiles%\a2cmd\a2cmd.exe to %ProgramFiles%\a2cmd\a2cmd.exe tzwsvuoy7.waiting
  • from %ProgramFiles%\a2hijackfree\a2hijackfree.exe to %ProgramFiles%\a2hijackfree\a2hijackfree.exe tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\adobe\acrobat reader dc\readme.htm to %ProgramFiles(x86)%\adobe\acrobat reader dc\readme.htm tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\adobe\acrobat reader dc\esl\aiodlite.dll to %ProgramFiles(x86)%\adobe\acrobat reader dc\esl\aiodlite.dll tzwsvuoy7.waiting
  • from %ProgramFiles%\a2guard\a2guard.exe to %ProgramFiles%\a2guard\a2guard.exe tzwsvuoy7.waiting
  • from %ProgramFiles%\a2scan\a2scan.exe to %ProgramFiles%\a2scan\a2scan.exe tzwsvuoy7.waiting
  • from %ProgramFiles%\a2service\a2service.exe to %ProgramFiles%\a2service\a2service.exe tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\pidgin\exchndl.dll to %ProgramFiles(x86)%\pidgin\exchndl.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\qip 2012\qip.exe to %ProgramFiles(x86)%\qip 2012\qip.exe tzwsvuoy7.waiting
  • from %ProgramFiles%\360tray\360tray.exe to %ProgramFiles%\360tray\360tray.exe tzwsvuoy7.waiting
  • from %ProgramFiles%\a2upd\a2upd.exe to %ProgramFiles%\a2upd\a2upd.exe tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\k-lite codec pack\unins000.dat to %ProgramFiles(x86)%\k-lite codec pack\unins000.dat tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\mirc\ircintro.chm to %ProgramFiles(x86)%\mirc\ircintro.chm tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\windows sidebar\settings.ini to %ProgramFiles(x86)%\windows sidebar\settings.ini tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\google\update\googleupdate.exe to %ProgramFiles(x86)%\google\update\googleupdate.exe tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\mirc\mirc.chm to %ProgramFiles(x86)%\mirc\mirc.chm tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\k-lite codec pack\unins000.exe to %ProgramFiles(x86)%\k-lite codec pack\unins000.exe tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\1494870c-9912-c184-4cc9-b401-a53f4d8de290.pdf to %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\1494870c-9912-c184-4cc9-b401-a53f4d8de290.pdf tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\mozilla firefox\accessiblemarshal.dll to %ProgramFiles(x86)%\mozilla firefox\accessiblemarshal.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\pidgin\libjabber.dll to %ProgramFiles(x86)%\pidgin\libjabber.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\pidgin\freebl3.dll to %ProgramFiles(x86)%\pidgin\freebl3.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\mozilla firefox\crashreporter.ini to %ProgramFiles(x86)%\mozilla firefox\crashreporter.ini tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\pidgin\libplc4.dll to %ProgramFiles(x86)%\pidgin\libplc4.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\k-lite codec pack\filters\vsfilter.dll to %ProgramFiles(x86)%\k-lite codec pack\filters\vsfilter.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\mirc\versions.txt to %ProgramFiles(x86)%\mirc\versions.txt tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\microsoft office\office10\seqchk10.dll to %ProgramFiles(x86)%\microsoft office\office10\seqchk10.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\acrord32.exe to %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\acrord32.exe tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\qip 2012\core\infiumdetect.dll to %ProgramFiles(x86)%\qip 2012\core\infiumdetect.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\qip 2012\langs\czech.dll to %ProgramFiles(x86)%\qip 2012\langs\czech.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\opera\29.0.1795.47\icudtl.dat to %ProgramFiles(x86)%\opera\29.0.1795.47\icudtl.dat tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\mirc\defaults\urls.ini to %ProgramFiles(x86)%\mirc\defaults\urls.ini tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\mozilla firefox\dependentlibs.list to %ProgramFiles(x86)%\mozilla firefox\dependentlibs.list tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\opera\assets\150x150logo.scale-140.png to %ProgramFiles(x86)%\opera\assets\150x150logo.scale-140.png tzwsvuoy7.waiting
  • from %ProgramFiles%\aavshield\aavshield.exe to %ProgramFiles%\aavshield\aavshield.exe tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\microsoft office\office10\thdic.lex to %ProgramFiles(x86)%\microsoft office\office10\thdic.lex tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\qip 2012\core\mousephone.dll to %ProgramFiles(x86)%\qip 2012\core\mousephone.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\qip 2012\langs\english.dll to %ProgramFiles(x86)%\qip 2012\langs\english.dll tzwsvuoy7.waiting
  • from %ProgramFiles%\ackwin32\ackwin32.exe to %ProgramFiles%\ackwin32\ackwin32.exe tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\opera\assets\150x150logo.scale-140_contrast-white.png to %ProgramFiles(x86)%\opera\assets\150x150logo.scale-140_contrast-white.png tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\acrord32info.exe to %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\acrord32info.exe tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\opera\29.0.1795.47\installer.exe to %ProgramFiles(x86)%\opera\29.0.1795.47\installer.exe tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\microsoft office\office10\trigram.lex to %ProgramFiles(x86)%\microsoft office\office10\trigram.lex tzwsvuoy7.waiting
  • from %ProgramFiles%\aimpro\aimpro.exe to %ProgramFiles%\aimpro\aimpro.exe tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\pidgin\libsilcclient-1-1-3.dll to %ProgramFiles(x86)%\pidgin\libsilcclient-1-1-3.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\opera\assets\150x150logo.scale-180.png to %ProgramFiles(x86)%\opera\assets\150x150logo.scale-180.png tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\qip 2012\core\openlibeay32.dll to %ProgramFiles(x86)%\qip 2012\core\openlibeay32.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\opera\assets\150x150logo.scale-100_contrast-white.png to %ProgramFiles(x86)%\opera\assets\150x150logo.scale-100_contrast-white.png tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\pidgin\libsilc-1-1-2.dll to %ProgramFiles(x86)%\pidgin\libsilc-1-1-2.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\mirc\defaults\servers.ini to %ProgramFiles(x86)%\mirc\defaults\servers.ini tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\opera\29.0.1795.47\ffmpegsumo.dll to %ProgramFiles(x86)%\opera\29.0.1795.47\ffmpegsumo.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\k-lite codec pack\icons\delete.ico to %ProgramFiles(x86)%\k-lite codec pack\icons\delete.ico tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\mozilla firefox\d3dcompiler_43.dll to %ProgramFiles(x86)%\mozilla firefox\d3dcompiler_43.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\pidgin\libplds4.dll to %ProgramFiles(x86)%\pidgin\libplds4.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\mozilla thunderbird\crashreporter.exe to %ProgramFiles(x86)%\mozilla thunderbird\crashreporter.exe tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\k-lite codec pack\icons\x264vfw.ico to %ProgramFiles(x86)%\k-lite codec pack\icons\x264vfw.ico tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\pidgin\libpurple.dll to %ProgramFiles(x86)%\pidgin\libpurple.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\microsoft office\office10\msostyle.dll to %ProgramFiles(x86)%\microsoft office\office10\msostyle.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\mirc\defaults\mirc.ini to %ProgramFiles(x86)%\mirc\defaults\mirc.ini tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\acrofx32.dll to %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\acrofx32.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\k-lite codec pack\filters\vsfilter64.dll to %ProgramFiles(x86)%\k-lite codec pack\filters\vsfilter64.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\mozilla thunderbird\crashreporter.ini to %ProgramFiles(x86)%\mozilla thunderbird\crashreporter.ini tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\mozilla firefox\d3dcompiler_47.dll to %ProgramFiles(x86)%\mozilla firefox\d3dcompiler_47.dll tzwsvuoy7.waiting
  • from %ProgramFiles%\a2wizard\a2wizard.exe to %ProgramFiles%\a2wizard\a2wizard.exe tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\opera\29.0.1795.47\d3dcompiler_47.dll to %ProgramFiles(x86)%\opera\29.0.1795.47\d3dcompiler_47.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\mozilla thunderbird\d3dcompiler_43.dll to %ProgramFiles(x86)%\mozilla thunderbird\d3dcompiler_43.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\pidgin\libsasl.dll to %ProgramFiles(x86)%\pidgin\libsasl.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\acrord32.dll to %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\acrord32.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\qip 2012\core\bass.dll to %ProgramFiles(x86)%\qip 2012\core\bass.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\opera\assets\150x150logo.scale-100.png to %ProgramFiles(x86)%\opera\assets\150x150logo.scale-100.png tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\microsoft office\office10\saext.dll to %ProgramFiles(x86)%\microsoft office\office10\saext.dll tzwsvuoy7.waiting
  • from %ProgramFiles%\ahnsd\ahnsd.exe to %ProgramFiles%\ahnsd\ahnsd.exe tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\qip 2012\langs\french.dll to %ProgramFiles(x86)%\qip 2012\langs\french.dll tzwsvuoy7.waiting
  • from %ProgramFiles(x86)%\google\update\1.3.26.9\googleupdatecomregistershell64.exe to %ProgramFiles(x86)%\google\update\1.3.26.9\googleupdatecomregistershell64.exe tzwsvuoy7.waiting
Substitutes the following executable files
  • %ProgramFiles(x86)%\Microsoft Office\Office14\GROOVEEX.DLL
Substitutes the following files
  • %CommonProgramFiles(x86)%\Services\verisign.bmp
Deletes itself.
Miscellaneous
Creates and executes the following
  • '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\rwjfk.bat" "' (with hidden window)
Executes the following
  • '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\rwjfk.bat" "
  • '<SYSTEM32>\cmd.exe' /c wevtutil.exe el
  • '<SYSTEM32>\wevtutil.exe' el
  • '<SYSTEM32>\wevtutil.exe' cl "Analytic"
  • '<SYSTEM32>\wevtutil.exe' cl "Application"
  • '<SYSTEM32>\wevtutil.exe' cl "DebugChannel"
  • '<SYSTEM32>\wevtutil.exe' cl "DirectShowFilterGraph"
  • '<SYSTEM32>\wevtutil.exe' cl "DirectShowPluginControl"
  • '<SYSTEM32>\wevtutil.exe' cl "EndpointMapper"
  • '<SYSTEM32>\wevtutil.exe' cl "ForwardedEvents"

Рекомендации по лечению

  1. В случае если операционная система способна загрузиться (в штатном режиме или режиме защиты от сбоев), скачайте лечащую утилиту Dr.Web CureIt! и выполните с ее помощью полную проверку вашего компьютера, а также используемых вами переносных носителей информации.
  2. Если загрузка операционной системы невозможна, измените настройки BIOS вашего компьютера, чтобы обеспечить возможность загрузки ПК с компакт-диска или USB-накопителя. Скачайте образ аварийного диска восстановления системы Dr.Web® LiveDisk или утилиту записи Dr.Web® LiveDisk на USB-накопитель, подготовьте соответствующий носитель. Загрузив компьютер с использованием данного носителя, выполните его полную проверку и лечение обнаруженных угроз.
Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Выполните полную проверку системы с использованием Антивируса Dr.Web Light для macOS. Данный продукт можно загрузить с официального сайта Apple App Store.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Скачать Dr.Web с Apple Store

На загруженной ОС выполните полную проверку всех дисковых разделов с использованием продукта Антивирус Dr.Web для Linux.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

  1. Если мобильное устройство функционирует в штатном режиме, загрузите и установите на него бесплатный антивирусный продукт Dr.Web для Android Light. Выполните полную проверку системы и используйте рекомендации по нейтрализации обнаруженных угроз.
  2. Если мобильное устройство заблокировано троянцем-вымогателем семейства Android.Locker (на экране отображается обвинение в нарушении закона, требование выплаты определенной денежной суммы или иное сообщение, мешающее нормальной работе с устройством), выполните следующие действия:
    • загрузите свой смартфон или планшет в безопасном режиме (в зависимости от версии операционной системы и особенностей конкретного мобильного устройства эта процедура может быть выполнена различными способами; обратитесь за уточнением к инструкции, поставляемой вместе с приобретенным аппаратом, или напрямую к его производителю);
    • после активации безопасного режима установите на зараженное устройство бесплатный антивирусный продукт Dr.Web для Android Light и произведите полную проверку системы, выполнив рекомендации по нейтрализации обнаруженных угроз;
    • выключите устройство и включите его в обычном режиме.

Подробнее о Dr.Web для Android

Демо бесплатно на 14 дней

Выдаётся при установке

Скачать с сайта
Скачать с Google Play