Защити созданное

Другие наши ресурсы

  • free.drweb.uz — бесплатные утилиты, плагины, информеры
  • av-desk.com — интернет-сервис для поставщиков услуг Dr.Web AV-Desk
  • curenet.drweb.uz — сетевая лечащая утилита Dr.Web CureNet!
  • www.drweb.uz/web-iq — ВебIQметр
Закрыть

Библиотека
Моя библиотека

Чтобы добавить ресурс в библиотеку, войдите в аккаунт.

+ Добавить в библиотеку

Ресурсов: -

Последний: -

Моя библиотека

Поиск

Поиск

Поддержка
Круглосуточная поддержка | Правила обращения

Напишите

Запрос через форму

Позвоните

Бесплатно по России:
8-800-333-79-32

ЧаВо | Форум

Ваши запросы

  • Все: -
  • Незакрытые: -
  • Последний: -
Создать новый запрос Частые вопросы

Позвоните

Бесплатно по России:
8-800-333-79-32

Свяжитесь с нами Незакрытые запросы: 

Профиль

Профиль

UZ

RU CN DE EN ES FR IT JP KZ UZ PL BY
Закрыть
Сервисы
Сканеры
Dr.Web vxCube
Демо
Экспертиза ВКИ
Вирусная библиотека
База знаний

Технологии

Термины

Обучение и просвещение

Мифы

Новости

Program.Unwanted.100

Добавлен в вирусную базу Dr.Web: 2014-09-04

Описание добавлено:

Technical Information

To ensure autorun and distribution:
Creates or modifies the following files:
  • %WINDIR%\Tasks\RegClean Pro_UPDATES.job
Malicious functions:
Creates and executes the following:
  • '%PROGRAM_FILES%\RCP\RegCleanPro.exe'
  • '%TEMP%\is-NJKCG.tmp\<Virus name>.tmp' /SL5="$30100,3334541,163328,<Full path to virus>"
Executes the following:
  • '<SYSTEM32>\regsvr32.exe' /s "<SYSTEM32>\jscript.dll"
Searches for windows to
detect analytical utilities:
  • ClassName: 'PROCMON_WINDOW_CLASS' WindowName: ''
  • ClassName: 'RegMonClass' WindowName: ''
  • ClassName: 'FileMonClass' WindowName: ''
Modifies file system :
Creates the following files:
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\Tick_gray[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\arrow[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\award[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\info_bg_middle[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\scanprog3[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\scanprog2[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\scanprog1[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\alluser_icon[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\Select_catag_icon[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\info_bg_right[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\currentuser_icon[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\Tick_green[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\Small_level_6[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\Home_alert[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\enterkey_left[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\Footer_award[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\money_back[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\enterkey_right[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\btn_blue_right_n[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\btn_blue_left_n[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\optimize_registry_icon[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\middle_nonaction_n[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\scanprog5[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\scanprog4[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\middle_nonaction_h[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\Gradiant_box[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\info_box_red[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\middle_nonaction_d[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\info[1]
  • %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\ED7D.tmp
  • <APATH_DUMPS_DIR>_net\CmdDotNetDumper.log
  • %HOMEPATH%\Downloads\afterinstall.asp:Zone.Identifier
  • %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\EE5A.tmp
  • %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F14C.tmp
  • %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F060.tmp
  • %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\EFB3.tmp
  • %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\MANIFEST-000001
  • %HOMEPATH%\Downloads\en:Zone.Identifier
  • %TEMP%\etilqs_zMOARFD86q33JRc
  • %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\000001.dbtmp
  • %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\LOG
  • %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\000002.dbtmp
  • %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\MANIFEST-000002
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\Small_level_6[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\ALERT_SQUARE[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\animatedcollapse[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\tick_list[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\info_bg_left[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\Big_level_1[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\Last_Scan_icon[1]
  • %APPDATA%\Roaming\Microsoft\Windows\Recent\CustomDestinations\6C2TI9WJI8973BMX9J0V.temp
  • %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F2D6.tmp
  • %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F20A.tmp
  • %APPDATA%\Roaming\Opera Software\Opera Stable\FB6F.tmp
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\ss_driverUpdater[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\btn_downloadNow[1]
  • <Auxiliary element>
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\Fix_errors_n_right[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\Fix_errors_n_left[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\Alert_icon[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\info[2]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\Red_strip[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\close_arrow[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\All_User[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\btn_bgnew[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\downloadNow_btn[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\banner1[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\tickaso[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\downloadNow_btn[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\banner1[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\plus[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\errorResultWindow[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\Total_errros_bg[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\Small_fixerror_n_right[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\btn_bgnew[1]
  • %TEMP%\etilqs_QokCkVw4rmkSOBy
  • <SYSTEM32>\Tasks\RegClean Pro_UPDATES
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\Gray_btn_Normal[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\Small_level_1[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\Small_level_6[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\Heading-BG[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\Com_Active[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\Small_fixerror_n_left[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\Startup[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\Current_user[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\Alldivs[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\Fix_errors_h_middle[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\Fix_errors_n_middle[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\Current_user_Small_dis[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\Fix_errors_d_middle[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\Small_fixerror_d_middle[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\Small_fixerror_h_middle[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\Small_fixerror_n_middle[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\right_nonaction_n[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\left_nonaction_n[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\Last_Scan_icon[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\info[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\Com_Active_Small_dis[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\blank[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\All_User_Small_dis[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\com_icon[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\partition_light_line[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\Heading-BG[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\startup_icon[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\Startup_Small_dis[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\right_green_n[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\left_green_n[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\plus[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\tickaso[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\INFO_alert[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\thank_award[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\btn_bg[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\enterkey_middle[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\Button_black_bg[1]
  • %PROGRAM_FILES%\RCP\is-QUUE4.tmp
  • %PROGRAM_FILES%\RCP\is-1Q7Q4.tmp
  • %PROGRAM_FILES%\RCP\is-P1LJ6.tmp
  • %PROGRAM_FILES%\RCP\is-S1189.tmp
  • %PROGRAM_FILES%\RCP\is-VRUV3.tmp
  • %PROGRAM_FILES%\RCP\is-Q830U.tmp
  • %PROGRAM_FILES%\RCP\is-TUFQB.tmp
  • %PROGRAM_FILES%\RCP\is-SICPH.tmp
  • %PROGRAM_FILES%\RCP\is-DKAIP.tmp
  • %PROGRAM_FILES%\RCP\is-MKNNF.tmp
  • %PROGRAM_FILES%\RCP\is-PFJIJ.tmp
  • %PROGRAM_FILES%\RCP\is-1BHEL.tmp
  • %PROGRAM_FILES%\RCP\is-U9K1J.tmp
  • %PROGRAM_FILES%\RCP\is-C3847.tmp
  • %PROGRAM_FILES%\RCP\is-041IP.tmp
  • %PROGRAM_FILES%\RCP\is-AN0LP.tmp
  • %PROGRAM_FILES%\RCP\is-F9FDD.tmp
  • %PROGRAM_FILES%\RCP\is-QF345.tmp
  • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\Uninstall RegClean Pro.lnk
  • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\Register RegClean Pro.lnk
  • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\RegClean Pro.lnk
  • %PROGRAM_FILES%\RCP\is-SCT4C.tmp
  • %PROGRAM_FILES%\RCP\is-HP4GR.tmp
  • %PROGRAM_FILES%\RCP\is-1NU86.tmp
  • %PROGRAM_FILES%\RCP\is-R4UF9.tmp
  • %PROGRAM_FILES%\RCP\is-7TEK6.tmp
  • %PROGRAM_FILES%\RCP\is-9O0JD.tmp
  • %PROGRAM_FILES%\RCP\is-8OCK3.tmp
  • %PROGRAM_FILES%\RCP\is-UEC3R.tmp
  • %PROGRAM_FILES%\RCP\is-USD9G.tmp
  • %PROGRAM_FILES%\RCP\is-HFN78.tmp
  • %PROGRAM_FILES%\RCP\is-4PBFL.tmp
  • %PROGRAM_FILES%\RCP\is-J0CHU.tmp
  • %PROGRAM_FILES%\RCP\is-SBJGQ.tmp
  • %PROGRAM_FILES%\RCP\is-84OO4.tmp
  • %PROGRAM_FILES%\RCP\is-FG5EE.tmp
  • %TEMP%\is-RVHRM.tmp\_isetup\_iscrypt.dll
  • %TEMP%\is-RVHRM.tmp\_isetup\_shfoldr.dll
  • %TEMP%\is-NJKCG.tmp\<Virus name>.tmp
  • %PROGRAM_FILES%\RCP\is-FAHP5.tmp
  • %PROGRAM_FILES%\RCP\is-UU27J.tmp
  • %PROGRAM_FILES%\RCP\is-ST2GR.tmp
  • %PROGRAM_FILES%\RCP\is-HRFFN.tmp
  • %PROGRAM_FILES%\RCP\is-JUJ9R.tmp
  • %PROGRAM_FILES%\RCP\is-2T3N7.tmp
  • %PROGRAM_FILES%\RCP\is-5TJEB.tmp
  • %PROGRAM_FILES%\RCP\is-I8066.tmp
  • %PROGRAM_FILES%\RCP\is-RR5B6.tmp
  • %PROGRAM_FILES%\RCP\is-T2AET.tmp
  • %PROGRAM_FILES%\RCP\is-983G3.tmp
  • %PROGRAM_FILES%\RCP\is-LBJV2.tmp
  • %PROGRAM_FILES%\RCP\is-9IQR7.tmp
  • %PROGRAM_FILES%\RCP\is-4T4LG.tmp
  • %PROGRAM_FILES%\RCP\is-RKCMH.tmp
  • %PROGRAM_FILES%\RCP\is-8A9CR.tmp
  • %PROGRAM_FILES%\RCP\is-926VP.tmp
  • %PROGRAM_FILES%\RCP\is-NCO11.tmp
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\Purchase_now_down[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\Purchase_now_hover[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\Purchase_now_normal[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\texts[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\btn_registryScan_hover[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\btn_registryScan_normal[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\tick_icon[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\jquery[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\RCP[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\alttxt[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\RCP[2]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\Gray_down[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\Gray_hover[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\Gray_normal[1]
  • %APPDATA%\Roaming\Opera Software\Opera Stable\8D8F.tmp
  • %TEMP%\etilqs_O0HnBGGdJwY5TIj
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\arrow_icon[1]
  • %APPDATA%\Roaming\Opera Software\Opera Stable\History Provider Cache
  • %TEMP%\etilqs_nRFzSvysw0rNh7i
  • %HOMEPATH%\Downloads\B55B.tmp
  • %HOMEPATH%\Downloads\AAFE.tmp
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\btn_Upgrade_full_version_hover[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\btn_Upgrade_full_version_normal[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\btn_registryScan_down[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\btn_Upgrade_full_version_down[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\middle_green_d[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\middle_green_h[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\middle_green_n[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\btn_blue_middle_d[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\446[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\444[1]
  • %APPDATA%\Roaming\Systweak\RegClean Pro\Version 6.1\log_09-05-2014.log
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\445[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\448[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\447[1]
  • <SYSTEM32>\Tasks\RegClean Pro
  • %PROGRAM_FILES%\RCP\unins000.dat
  • %PROGRAM_FILES%\RCP\unins000.msg
  • C:\Users\Public\Desktop\RegClean Pro.lnk
  • %TEMP%\is-RVHRM.tmp\roboot.exe
  • %APPDATA%\Roaming\Systweak\RegClean Pro\Version 6.1\backup4.bin
  • %APPDATA%\Roaming\Systweak\RegClean Pro\Version 6.1\backup6.bin
  • <SYSTEM32>\roboot.exe
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\RCP[1]
  • %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\LOG
  • %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\000002.dbtmp
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\alttxt[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\btn_blue_middle_h[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\btn_blue_middle_n[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\RCP[1]
  • %APPDATA%\Roaming\Systweak\RegClean Pro\Version 6.1\eng_rcp.dat
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\440[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\441[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\alttxt[1]
  • %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\MANIFEST-000002
  • %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\000001.dbtmp
  • %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\MANIFEST-000001
Deletes the following files:
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\alttxt[1]
  • %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F2C6.tmp~RF6f324.TMP
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\Last_Scan_icon[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\Small_level_6[1]
  • %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F031.tmp~RF6f102.TMP
  • %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\EFA2.tmp~RF6f018.TMP
  • %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F1F9.tmp~RF6f2a7.TMP
  • %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F11D.tmp~RF6f1bd.TMP
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\Heading-BG[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\info[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\btn_bgnew[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\Small_level_6[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\plus[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\tickaso[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\downloadNow_btn[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\banner1[1]
  • %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\MANIFEST-000001
  • %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT~RF564bb.TMP
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\RCP[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\alttxt[1]
  • %TEMP%\is-RVHRM.tmp\_isetup\_iscrypt.dll
  • %TEMP%\is-RVHRM.tmp\roboot.exe
  • %TEMP%\is-NJKCG.tmp\<Virus name>.tmp
  • %TEMP%\is-RVHRM.tmp\_isetup\_shfoldr.dll
  • %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\MANIFEST-000001
  • %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT~RF6a553.TMP
  • %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\EE2A.tmp~RF6ef3e.TMP
  • %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\ED7C.tmp~RF6ede6.TMP
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\RCP[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\alttxt[1]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\RCP[2]
  • <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\RCP[1]
Moves the following files:
  • from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\000001.dbtmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT
  • from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\000002.dbtmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT
  • from %PROGRAM_FILES%\RCP\is-041IP.tmp to %PROGRAM_FILES%\RCP\xmllite.dll
  • from %PROGRAM_FILES%\RCP\is-QF345.tmp to %PROGRAM_FILES%\RCP\TPS.ico
  • from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT~RF564bb.TMP
  • from %HOMEPATH%\Downloads\B55B.tmp to %HOMEPATH%\Downloads\afterinstall.asp.opdownload
  • from %HOMEPATH%\Downloads\en.opdownload to %HOMEPATH%\Downloads\en
  • from %APPDATA%\Roaming\Opera Software\Opera Stable\8D8F.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Preferences
  • from %HOMEPATH%\Downloads\AAFE.tmp to %HOMEPATH%\Downloads\en.opdownload
  • from %PROGRAM_FILES%\RCP\is-AN0LP.tmp to %PROGRAM_FILES%\RCP\Turkish_uninst_tr.ini
  • from %PROGRAM_FILES%\RCP\is-HP4GR.tmp to %PROGRAM_FILES%\RCP\polish_uninst_pl.ini
  • from %PROGRAM_FILES%\RCP\is-SCT4C.tmp to %PROGRAM_FILES%\RCP\portugese_uninst_pt.ini
  • from %PROGRAM_FILES%\RCP\is-VRUV3.tmp to %PROGRAM_FILES%\RCP\korean_uninst_ko.ini
  • from %PROGRAM_FILES%\RCP\is-1NU86.tmp to %PROGRAM_FILES%\RCP\Norwegian_uninst.ini
  • from %PROGRAM_FILES%\RCP\is-R4UF9.tmp to %PROGRAM_FILES%\RCP\Portuguese_uninst.ini
  • from %PROGRAM_FILES%\RCP\is-7TEK6.tmp to %PROGRAM_FILES%\RCP\swedish_uninst.ini
  • from %PROGRAM_FILES%\RCP\is-F9FDD.tmp to %PROGRAM_FILES%\RCP\traditionalcn_uninst_zh-tw.ini
  • from %PROGRAM_FILES%\RCP\is-8OCK3.tmp to %PROGRAM_FILES%\RCP\russian_uninst_ru.ini
  • from %PROGRAM_FILES%\RCP\is-9O0JD.tmp to %PROGRAM_FILES%\RCP\spanish_uninst.ini
  • from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\000001.dbtmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT
  • from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F11D.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F11D.tmp~RF6f1bd.TMP
  • from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F20A.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F1F9.tmp
  • from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F031.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F031.tmp~RF6f102.TMP
  • from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F14C.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F11D.tmp
  • from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F1F9.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F1F9.tmp~RF6f2a7.TMP
  • from %APPDATA%\Roaming\Microsoft\Windows\Recent\CustomDestinations\6C2TI9WJI8973BMX9J0V.temp to %APPDATA%\Roaming\Microsoft\Windows\Recent\CustomDestinations\8548f632abe97aa3.customDestinations-ms
  • from %APPDATA%\Roaming\Opera Software\Opera Stable\FB6F.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Local State
  • from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F2D6.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F2C6.tmp
  • from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F2C6.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F2C6.tmp~RF6f324.TMP
  • from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F060.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F031.tmp
  • from %HOMEPATH%\Downloads\afterinstall.asp.opdownload to %HOMEPATH%\Downloads\afterinstall.asp
  • from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\ED7D.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\ED7C.tmp
  • from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\000002.dbtmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT
  • from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT~RF6a553.TMP
  • from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\ED7C.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\ED7C.tmp~RF6ede6.TMP
  • from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\EFB3.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\EFA2.tmp
  • from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\EFA2.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\EFA2.tmp~RF6f018.TMP
  • from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\EE5A.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\EE2A.tmp
  • from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\EE2A.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\EE2A.tmp~RF6ef3e.TMP
  • from %PROGRAM_FILES%\RCP\is-9IQR7.tmp to %PROGRAM_FILES%\RCP\German_rcp.ini
  • from %PROGRAM_FILES%\RCP\is-LBJV2.tmp to %PROGRAM_FILES%\RCP\Italian_rcp.ini
  • from %PROGRAM_FILES%\RCP\is-SBJGQ.tmp to %PROGRAM_FILES%\RCP\eng_rcp.ini
  • from %PROGRAM_FILES%\RCP\is-4T4LG.tmp to %PROGRAM_FILES%\RCP\French_rcp.ini
  • from %PROGRAM_FILES%\RCP\is-RKCMH.tmp to %PROGRAM_FILES%\RCP\Japanese_rcp.ini
  • from %PROGRAM_FILES%\RCP\is-8A9CR.tmp to %PROGRAM_FILES%\RCP\Spanish_rcp.ini
  • from %PROGRAM_FILES%\RCP\is-5TJEB.tmp to %PROGRAM_FILES%\RCP\Swedish_rcp.ini
  • from %PROGRAM_FILES%\RCP\is-NCO11.tmp to %PROGRAM_FILES%\RCP\Norwegian_rcp.ini
  • from %PROGRAM_FILES%\RCP\is-926VP.tmp to %PROGRAM_FILES%\RCP\Portuguese_rcp.ini
  • from %PROGRAM_FILES%\RCP\is-84OO4.tmp to %PROGRAM_FILES%\RCP\Dutch_rcp.ini
  • from %PROGRAM_FILES%\RCP\is-ST2GR.tmp to %PROGRAM_FILES%\RCP\install_left_image.bmp
  • from %PROGRAM_FILES%\RCP\is-UU27J.tmp to %PROGRAM_FILES%\RCP\LicMgr.dll
  • from %PROGRAM_FILES%\RCP\is-FAHP5.tmp to %PROGRAM_FILES%\RCP\unins000.exe
  • from %PROGRAM_FILES%\RCP\is-HRFFN.tmp to %PROGRAM_FILES%\RCP\RegCleanPro.exe
  • from %PROGRAM_FILES%\RCP\is-4PBFL.tmp to %PROGRAM_FILES%\RCP\isxdl.dll
  • from %PROGRAM_FILES%\RCP\is-J0CHU.tmp to %PROGRAM_FILES%\RCP\Chinese_rcp.ini
  • from %PROGRAM_FILES%\RCP\is-FG5EE.tmp to %PROGRAM_FILES%\RCP\Danish_rcp.ini
  • from %PROGRAM_FILES%\RCP\is-HFN78.tmp to %PROGRAM_FILES%\RCP\CleanSchedule.exe
  • from %PROGRAM_FILES%\RCP\is-USD9G.tmp to %PROGRAM_FILES%\RCP\RCPUninstall.exe
  • from %PROGRAM_FILES%\RCP\is-2T3N7.tmp to %PROGRAM_FILES%\RCP\Finnish_rcp_fi.ini
  • from %PROGRAM_FILES%\RCP\is-1BHEL.tmp to %PROGRAM_FILES%\RCP\eng_uninst.ini
  • from %PROGRAM_FILES%\RCP\is-P1LJ6.tmp to %PROGRAM_FILES%\RCP\Finnish_uninst_fi.ini
  • from %PROGRAM_FILES%\RCP\is-C3847.tmp to %PROGRAM_FILES%\RCP\Danish_uninst.ini
  • from %PROGRAM_FILES%\RCP\is-U9K1J.tmp to %PROGRAM_FILES%\RCP\Dutch_uninst.ini
  • from %PROGRAM_FILES%\RCP\is-1Q7Q4.tmp to %PROGRAM_FILES%\RCP\French_uninst.ini
  • from %PROGRAM_FILES%\RCP\is-TUFQB.tmp to %PROGRAM_FILES%\RCP\Italian_uninst.ini
  • from %PROGRAM_FILES%\RCP\is-Q830U.tmp to %PROGRAM_FILES%\RCP\Japanese_uninst.ini
  • from %PROGRAM_FILES%\RCP\is-QUUE4.tmp to %PROGRAM_FILES%\RCP\German_uninst.ini
  • from %PROGRAM_FILES%\RCP\is-S1189.tmp to %PROGRAM_FILES%\RCP\greek_uninst_el.ini
  • from %PROGRAM_FILES%\RCP\is-PFJIJ.tmp to %PROGRAM_FILES%\RCP\Chinese_uninst.ini
  • from %PROGRAM_FILES%\RCP\is-983G3.tmp to %PROGRAM_FILES%\RCP\greek_rcp_el.ini
  • from %PROGRAM_FILES%\RCP\is-T2AET.tmp to %PROGRAM_FILES%\RCP\turkish_rcp_tr.ini
  • from %PROGRAM_FILES%\RCP\is-JUJ9R.tmp to %PROGRAM_FILES%\RCP\portugese_rcp_pt.ini
  • from %PROGRAM_FILES%\RCP\is-I8066.tmp to %PROGRAM_FILES%\RCP\russian_rcp_ru.ini
  • from %PROGRAM_FILES%\RCP\is-RR5B6.tmp to %PROGRAM_FILES%\RCP\polish_rcp_pl.ini
  • from %PROGRAM_FILES%\RCP\is-DKAIP.tmp to %PROGRAM_FILES%\RCP\FileList.rcp
  • from %PROGRAM_FILES%\RCP\is-SICPH.tmp to %PROGRAM_FILES%\RCP\RegList.rcp
  • from %PROGRAM_FILES%\RCP\is-UEC3R.tmp to %PROGRAM_FILES%\RCP\korean_rcp_ko.ini
  • from %PROGRAM_FILES%\RCP\is-MKNNF.tmp to %PROGRAM_FILES%\RCP\TraditionalCn_rcp_zh-tw.ini
Network activity:
Connects to:
  • '93.##8.134.11':80
  • 'www.go##le.ru':80
  • 'ap#.###sys.opera.com':443
  • 'au######te.geo.opera.com':443
  • 'i.##0.ru':80
  • 'www.sy###eak.com':80
  • 'www.ic#.com':80
  • 'bi##.#ikimedia.org':80
  • 'si#####ck2.opera.com':80
TCP:
HTTP GET requests:
  • 93.##8.134.11/favicon.ico
  • www.go##le.ru/favicon.ico
  • www.ic#.com/en
  • www.sy###eak.com/registryCleaner/afterinstall.asp?ne###############################################################################################################################
  • si#####ck2.opera.com/?ho######################################################
  • si#####ck2.opera.com/?ho###############################################
  • i.##0.ru/2011/icons/rambler.ico
  • bi##.#ikimedia.org/favicon/wikipedia.ico
UDP:
  • DNS ASK sl####i.yandex.ru
  • DNS ASK www.go##le.ru
  • DNS ASK au######te.geo.opera.com
  • DNS ASK ap#.###sys.opera.com
  • DNS ASK dn#.##ftncsi.com
  • DNS ASK i.##0.ru
  • DNS ASK www.ic#.com
  • DNS ASK www.google.com
  • DNS ASK www.sy###eak.com
  • DNS ASK bi##.#ikimedia.org
  • DNS ASK si#####ck2.opera.com
Miscellaneous:
Searches for the following windows:
  • ClassName: 'MS_WebCheckMonitor' WindowName: ''
  • ClassName: 'Opera_MessageWindow' WindowName: '%APPDATA%\Roaming\Opera Software\Opera Stable'
  • ClassName: 'Shell_TrayWnd' WindowName: ''
  • ClassName: 'MS_AutodialMonitor' WindowName: ''

Рекомендации по лечению

  1. В случае если операционная система способна загрузиться (в штатном режиме или режиме защиты от сбоев), скачайте лечащую утилиту Dr.Web CureIt! и выполните с ее помощью полную проверку вашего компьютера, а также используемых вами переносных носителей информации.
  2. Если загрузка операционной системы невозможна, измените настройки BIOS вашего компьютера, чтобы обеспечить возможность загрузки ПК с компакт-диска или USB-накопителя. Скачайте образ аварийного диска восстановления системы Dr.Web® LiveDisk или утилиту записи Dr.Web® LiveDisk на USB-накопитель, подготовьте соответствующий носитель. Загрузив компьютер с использованием данного носителя, выполните его полную проверку и лечение обнаруженных угроз.
Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Выполните полную проверку системы с использованием Антивируса Dr.Web Light для macOS. Данный продукт можно загрузить с официального сайта Apple App Store.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Скачать Dr.Web с Apple Store

На загруженной ОС выполните полную проверку всех дисковых разделов с использованием продукта Антивирус Dr.Web для Linux.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

  1. Если мобильное устройство функционирует в штатном режиме, загрузите и установите на него бесплатный антивирусный продукт Dr.Web для Android Light. Выполните полную проверку системы и используйте рекомендации по нейтрализации обнаруженных угроз.
  2. Если мобильное устройство заблокировано троянцем-вымогателем семейства Android.Locker (на экране отображается обвинение в нарушении закона, требование выплаты определенной денежной суммы или иное сообщение, мешающее нормальной работе с устройством), выполните следующие действия:
    • загрузите свой смартфон или планшет в безопасном режиме (в зависимости от версии операционной системы и особенностей конкретного мобильного устройства эта процедура может быть выполнена различными способами; обратитесь за уточнением к инструкции, поставляемой вместе с приобретенным аппаратом, или напрямую к его производителю);
    • после активации безопасного режима установите на зараженное устройство бесплатный антивирусный продукт Dr.Web для Android Light и произведите полную проверку системы, выполнив рекомендации по нейтрализации обнаруженных угроз;
    • выключите устройство и включите его в обычном режиме.

Подробнее о Dr.Web для Android

Демо бесплатно на 14 дней

Выдаётся при установке

Скачать с сайта
Скачать с Google Play