マイライブラリ
マイライブラリ

+ マイライブラリに追加

電話

お問い合わせ履歴

電話(英語)

+7 (495) 789-45-86

Profile

Trojan.Encoder.10161

Added to the Dr.Web virus database: 2017-01-20

Virus description added:

Technical Information

To ensure autorun and distribution:
Modifies the following registry keys:
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'syshelputility.exe' = '%APPDATA%\Microsoft\syshelputility.exe'
Malicious functions:
Executes the following:
  • '<LS_APPDATA>\Microsoft\sysmonutility.exe' <Full path to file>
Modifies file system:
Creates the following files:
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\places\places.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\places\moveBookmarks.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\places\treeView.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\places\tree.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\places\editBookmarkOverlay.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\places\controller.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\places\menu.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\places\history-panel.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\cookies.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\content.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\handlers.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\fonts.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\applicationManager.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\advanced.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\connection.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\applications.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\places\browserPlacesViews.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\bookmarks\sidebarUtils.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\bookmarks\bookmarksPanel.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\feeds\subscribe.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\feeds\subscribe.js.encrypted
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\prefs.js.encrypted
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\pluginreg.dat.encrypted
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\sessionstore.js.encrypted
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\secmod.db.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\pageinfo\permissions.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\pageinfo\pageInfo.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\places\bookmarkProperties.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\pageinfo\security.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\pageinfo\feeds.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\migration\migration.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\pageinfo\pageInfo.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\pageinfo\feeds.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\expander.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\editor.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\findbar.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\filefield.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\colorpicker.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\checkbox.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\dialog.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\datetimepicker.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\notification.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\menulist.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\popup.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\numberbox.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\groupbox.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\general.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\menu.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\listbox.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\button.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\security.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\privacy.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\sync.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\selectBookmark.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\main.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\languages.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\permissionsutils.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\permissions.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\alerts\alert.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\skin\classic\browser\keyhole-forward-mask.svg.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\browser.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\autocomplete.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\safebrowsing\sb-loader.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\tabs.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\search\search.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\search\engineManager.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\crashes.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\contentAreaUtils.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\customizeToolbar.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\customizeCharset.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\config.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\commonDialog.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\consoleBindings.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\console.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\globalOverlay.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\findUtils.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\notfound.wav.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\inlineSpellCheckUI.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\editMenuOverlay.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\dialogOverlay.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\finddialog.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\filepicker.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\charsetOverlay.js.encrypted
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\password.js.encrypted
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\formsigning.js.encrypted
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\pref-crlupdate.js.encrypted
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\pippki.js.encrypted
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\editcerts.js.encrypted
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\downloadcert.js.encrypted
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\exceptionDialog.js.encrypted
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\escrowWarn.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\aboutMemory.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\cookie\cookieAcceptDialog.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\appPicker.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\aboutSupport.js.encrypted
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\resetpassword.js.encrypted
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\protectedAuth.js.encrypted
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\viewCertDetails.js.encrypted
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\serverCrlNextupdate.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\passwordmgr\passwordManagerCommon.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\passwordmgr\passwordManager.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\satchel\formSubmitListener.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\passwordmgr\passwordManagerExceptions.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\viewSourceUtils.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\viewSource.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\XPCNativeWrapper.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\viewZoomOverlay.js.encrypted
  • %CommonProgramFiles%\SpeechEngines\Microsoft\TTS\1033\sam.sdf.new
  • %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\Client.xml.encrypted
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\key3.db.encrypted
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\cert8.db.encrypted
  • %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\xbl-marquee\xbl-marquee.xml.encrypted
  • %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml.encrypted
  • %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList\Client.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\viewPartialSource.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\printPageSetup.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\printdialog.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\printPreviewProgress.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\printPreviewBindings.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\nsDragAndDrop.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\nsClipboard.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\platformHTMLBindings.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\nsUserSettings.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\tabprompts.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\strres.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\test-ipcbrowser-content.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\test-ipcbrowser-chrome.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\printUtils.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\printProgress.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\selectDialog.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\remote-test-ipc.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\splitter\grip-top.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\splitter\grip-right.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\tree\columnpicker.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\toolbar\chevron.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\scrollbar\slider.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\radio\radio-check.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\splitter\grip-left.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\splitter\grip-bottom.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-lft-dis.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-dn.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-lft-sharp-end.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-lft-hov.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-dn-dis.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\mozapps\extensions\extensions.svg.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-dn-sharp.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-dn-hov.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\radio\radio-check-dis.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-up-sharp.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-up-hov.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\arrow\panelarrow-horizontal.svg.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-up.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-rit-sharp.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-rit-sharp-end.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-up-dis.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-rit.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\icons\Close.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\console\console-error-dash.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\icons\Restore.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\icons\Minimize.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\checkbox\cbox-check-dis.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\arrow\panelarrow-vertical.svg.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\console\console-error-caret.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\checkbox\cbox-check.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\scrollbar\slider.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\radio\radio-check.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\splitter\grip-left.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\splitter\grip-bottom.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\icons\Minimize.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\icons\Close.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\radio\radio-check-dis.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\icons\Restore.gif.encrypted
  • %APPDATA%\System32Work\EncryptedFileList.txt
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\mozapps\extensions\extensions.svg.encrypted
  • %APPDATA%\System32Work\dr
  • %APPDATA%\System32Work\Address.txt
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\splitter\grip-top.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\splitter\grip-right.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\tree\columnpicker.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\toolbar\chevron.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\console\console-error-dash.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-rit-sharp.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-rit-sharp-end.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-up-dis.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-rit.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-lft.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-lft-sharp.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-rit-hov.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-rit-dis.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\checkbox\cbox-check-dis.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\panelarrow-vertical.svg.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\console\console-error-caret.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\checkbox\cbox-check.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-up-sharp.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-up-hov.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\panelarrow-horizontal.svg.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-up.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\downloads\DownloadProgressListener.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\downloads\download.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\downloads\helperApps.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\downloads\downloads.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\wizard.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\videocontrols.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\xml\XMLPrettyPrint.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\svg\svgBindings.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\extensions\extensions.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\extensions\extensions-content.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\extensions\list.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\extensions\extensions.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\extensions\blocklist.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\extensions\about.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\extensions\eula.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\extensions\blocklist.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\tree.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\scale.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\richlistbox.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\scrollbox.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\scrollbar.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\progressmeter.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\preferences.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\resizer.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\radio.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\textbox.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\text.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\toolbarbutton.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\toolbar.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\splitter.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\spinbuttons.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\tabbox.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\stringbundle.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-dn-dis.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\globalBindings.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-dn-sharp.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-dn-hov.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\xpinstall\xpinstallItem.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\xpinstall\xpinstallConfirm.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\skin\classic\aero\browser\keyhole-forward-mask.svg.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\globalBindings.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-lft.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-lft-sharp.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-rit-hov.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-rit-dis.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-lft-dis.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-dn.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-lft-sharp-end.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-lft-hov.gif.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\update\updates.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\plugins\pluginInstallerWizard.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\plugins\pluginInstallerService.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\preferences\changemp.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\plugins\pluginProblem.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\handling\dialog.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\extensions\update.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\plugins\pluginInstallerDatasource.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\handling\handler.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\update\history.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\profile\profileSelection.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\update\updates.js.encrypted
  • <SYSTEM32>\dllcache\sam.sdf.new
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\preferences\ocsp.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\preferences\fontbuilder.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\profile\createProfileWizard.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\preferences\removemp.js.encrypted
  • %ProgramFiles%\FireFox\components\nsLoginInfo.js.encrypted
  • %ProgramFiles%\FireFox\components\nsLivemarkService.js.encrypted
  • %ProgramFiles%\FireFox\components\nsLoginManagerPrompter.js.encrypted
  • %ProgramFiles%\FireFox\components\nsLoginManager.js.encrypted
  • %ProgramFiles%\FireFox\components\nsHelperAppDlg.js.encrypted
  • %ProgramFiles%\FireFox\components\nsHandlerService.js.encrypted
  • %ProgramFiles%\FireFox\components\nsInputListAutoComplete.js.encrypted
  • %ProgramFiles%\FireFox\components\nsINIProcessor.js.encrypted
  • %ProgramFiles%\FireFox\components\nsProxyAutoConfig.js.encrypted
  • %ProgramFiles%\FireFox\components\nsPrompter.js.encrypted
  • %ProgramFiles%\FireFox\components\nsSearchService.js.encrypted
  • %ProgramFiles%\FireFox\components\nsSafebrowsingApplication.js.encrypted
  • %ProgramFiles%\FireFox\components\nsPlacesAutoComplete.js.encrypted
  • %ProgramFiles%\FireFox\components\nsMicrosummaryService.js.encrypted
  • %ProgramFiles%\FireFox\components\nsPrivateBrowsingService.js.encrypted
  • %ProgramFiles%\FireFox\components\nsPlacesExpiration.js.encrypted
  • %ProgramFiles%\FireFox\components\nsFormHistory.js.encrypted
  • %ProgramFiles%\FireFox\components\messageWakeupService.js.encrypted
  • %ProgramFiles%\FireFox\components\jsconsole-clhandler.js.encrypted
  • %ProgramFiles%\FireFox\components\nsBadCertHandler.js.encrypted
  • %ProgramFiles%\FireFox\components\NetworkGeolocationProvider.js.encrypted
  • %ProgramFiles%\FireFox\components\FeedWriter.js.encrypted
  • %ProgramFiles%\FireFox\components\FeedProcessor.js.encrypted
  • %ProgramFiles%\FireFox\components\GPSDGeolocationProvider.js.encrypted
  • %ProgramFiles%\FireFox\components\fuelApplication.js.encrypted
  • %ProgramFiles%\FireFox\components\nsDefaultCLH.js.encrypted
  • %ProgramFiles%\FireFox\components\nsContentPrefService.js.encrypted
  • %ProgramFiles%\FireFox\components\nsFormAutoComplete.js.encrypted
  • %ProgramFiles%\FireFox\components\nsDownloadManagerUI.js.encrypted
  • %ProgramFiles%\FireFox\components\nsBrowserContentHandler.js.encrypted
  • %ProgramFiles%\FireFox\components\nsBlocklistService.js.encrypted
  • %ProgramFiles%\FireFox\components\nsContentDispatchChooser.js.encrypted
  • %ProgramFiles%\FireFox\components\nsBrowserGlue.js.encrypted
  • %ProgramFiles%\FireFox\modules\distribution.js.encrypted
  • %ProgramFiles%\FireFox\modules\debug.js.encrypted
  • %ProgramFiles%\FireFox\modules\SpatialNavigation.js.encrypted
  • %ProgramFiles%\FireFox\modules\Microformats.js.encrypted
  • %ProgramFiles%\FireFox\components\txEXSLTRegExFunctions.js.encrypted
  • %ProgramFiles%\FireFox\components\storage-mozStorage.js.encrypted
  • %ProgramFiles%\FireFox\components\WebContentConverter.js.encrypted
  • %ProgramFiles%\FireFox\components\Weave.js.encrypted
  • %ProgramFiles%\FireFox\res\table-add-column-before-active.gif.encrypted
  • %ProgramFiles%\FireFox\res\table-add-column-after.gif.encrypted
  • %ProgramFiles%\FireFox\res\table-add-column-before.gif.encrypted
  • %ProgramFiles%\FireFox\res\table-add-column-before-hover.gif.encrypted
  • %ProgramFiles%\FireFox\res\grabber.gif.encrypted
  • %ProgramFiles%\FireFox\modules\utils.js.encrypted
  • %ProgramFiles%\FireFox\res\table-add-column-after-hover.gif.encrypted
  • %ProgramFiles%\FireFox\res\table-add-column-after-active.gif.encrypted
  • %ProgramFiles%\FireFox\components\storage-Legacy.js.encrypted
  • %ProgramFiles%\FireFox\components\nsTaggingService.js.encrypted
  • %ProgramFiles%\FireFox\components\nsSidebar.js.encrypted
  • %ProgramFiles%\FireFox\components\nsUpdateService.js.encrypted
  • %ProgramFiles%\FireFox\components\nsTryToClose.js.encrypted
  • %ProgramFiles%\FireFox\components\nsSessionStartup.js.encrypted
  • %ProgramFiles%\FireFox\components\nsSearchSuggestions.js.encrypted
  • %ProgramFiles%\FireFox\components\nsSetDefaultBrowser.js.encrypted
  • %ProgramFiles%\FireFox\components\nsSessionStore.js.encrypted
  • %ProgramFiles%\FireFox\components\nsWebHandlerApp.js.encrypted
  • %ProgramFiles%\FireFox\components\nsURLFormatter.js.encrypted
  • %ProgramFiles%\FireFox\components\PlacesProtocolHandler.js.encrypted
  • %ProgramFiles%\FireFox\components\PlacesCategoriesStarter.js.encrypted
  • %ProgramFiles%\FireFox\components\nsUpdateTimerManager.js.encrypted
  • %ProgramFiles%\FireFox\components\nsUpdateServiceStub.js.encrypted
  • %ProgramFiles%\FireFox\components\nsUrlClassifierListManager.js.encrypted
  • %ProgramFiles%\FireFox\components\nsUrlClassifierLib.js.encrypted
  • %ProgramFiles%\Outlook Express\msoe.txt.encrypted
  • %ProgramFiles%\NetMeeting\TestSnd.wav.encrypted
  • C:\Documents and Settings\Default User\Templates\excel.xls.encrypted
  • C:\Documents and Settings\Default User\Cookies\index.dat.encrypted
  • %ProgramFiles%\Messenger\online.wav.encrypted
  • %ProgramFiles%\Messenger\newemail.wav.encrypted
  • %ProgramFiles%\NetMeeting\Blip.wav.encrypted
  • %ProgramFiles%\Messenger\type.wav.encrypted
  • %HOMEPATH%\Cookies\index.dat.encrypted
  • C:\Documents and Settings\Default User\Templates\winword2.doc.encrypted
  • %HOMEPATH%\Templates\excel4.xls.encrypted
  • %HOMEPATH%\Templates\excel.xls.encrypted
  • C:\Documents and Settings\Default User\Templates\powerpnt.ppt.encrypted
  • C:\Documents and Settings\Default User\Templates\excel4.xls.encrypted
  • C:\Documents and Settings\Default User\Templates\winword.doc.encrypted
  • C:\Documents and Settings\Default User\Templates\sndrec.wav.encrypted
  • %ProgramFiles%\Messenger\newalert.wav.encrypted
  • <STUBS_DIR>\proc_banks.txt.encrypted
  • <STUBS_DIR>\proc_av.txt.encrypted
  • <STUBS_DIR>\proc_fake.txt.encrypted
  • <STUBS_DIR>\proc_browsers.txt.encrypted
  • <LS_APPDATA>\Microsoft\sysmonutility.exe
  • %APPDATA%\Microsoft\syshelputility.exe
  • <STUBS_DIR>\list_short.txt.encrypted
  • <STUBS_DIR>\list_full.txt.encrypted
  • %ProgramFiles%\FireFox\README.txt.encrypted
  • %ProgramFiles%\FireFox\greprefs.js.encrypted
  • %ProgramFiles%\Messenger\lvback.gif.encrypted
  • %ProgramFiles%\Messenger\logowin.gif.encrypted
  • <STUBS_DIR>\proc_im.txt.encrypted
  • <STUBS_DIR>\proc_games.txt.encrypted
  • %ProgramFiles%\FireFox\blocklist.xml.encrypted
  • <STUBS_DIR>\proc_tools.txt.encrypted
  • %CommonProgramFiles%\Services\bigfoot.bmp.encrypted
  • C:\Far2\Plugins\FTP\Notes_rus.txt.encrypted
  • %CommonProgramFiles%\Services\whowhere.bmp.encrypted
  • %CommonProgramFiles%\Services\verisign.bmp.encrypted
  • C:\Far2\Plugins\FTP\FtpCmds.txt.encrypted
  • C:\Far2\Plugins\Colorer\catalog.xml.encrypted
  • C:\Far2\Plugins\FTP\Notes.txt.encrypted
  • C:\Far2\Plugins\FTP\FtpCmds_rus.txt.encrypted
  • %ProgramFiles%\FireFox\components\contentSecurityPolicy.js.encrypted
  • %ProgramFiles%\FireFox\components\contentAreaDropListener.js.encrypted
  • %ProgramFiles%\FireFox\components\FeedConverter.js.encrypted
  • %ProgramFiles%\FireFox\components\crypto-SDR.js.encrypted
  • %ProgramFiles%\FireFox\components\amContentHandler.js.encrypted
  • %ProgramFiles%\FireFox\components\addonManager.js.encrypted
  • %ProgramFiles%\FireFox\components\ConsoleAPI.js.encrypted
  • %ProgramFiles%\FireFox\components\amWebInstallListener.js.encrypted
  • C:\Far2\Plugins\7-Zip\far7z.txt.encrypted
  • C:\Far2\Documentation\eng\Bug.Report.txt.encrypted
  • C:\Far2\Documentation\eng\Arc.Support.txt.encrypted
  • C:\Far2\Documentation\eng\Plugins.Install.txt.encrypted
  • C:\Far2\Documentation\eng\Far.FAQ.txt.encrypted
  • %HOMEPATH%\Templates\sndrec.wav.encrypted
  • %HOMEPATH%\Templates\powerpnt.ppt.encrypted
  • %HOMEPATH%\Templates\winword2.doc.encrypted
  • %HOMEPATH%\Templates\winword.doc.encrypted
  • C:\Far2\Documentation\rus\Plugins.Install.txt.encrypted
  • C:\Far2\Documentation\rus\Far.FAQ.txt.encrypted
  • C:\Far2\Documentation\rus\TechInfo.txt.encrypted
  • C:\Far2\Documentation\rus\Plugins.Review.txt.encrypted
  • C:\Far2\Documentation\eng\TechInfo.txt.encrypted
  • C:\Far2\Documentation\eng\Plugins.Review.txt.encrypted
  • C:\Far2\Documentation\rus\Bug.Report.txt.encrypted
  • C:\Far2\Documentation\rus\Arc.Support.txt.encrypted
  • %ProgramFiles%\FireFox\modules\services-sync\engines\passwords.js.encrypted
  • %ProgramFiles%\FireFox\modules\services-sync\engines\history.js.encrypted
  • %ProgramFiles%\FireFox\modules\services-sync\engines\tabs.js.encrypted
  • %ProgramFiles%\FireFox\modules\services-sync\engines\prefs.js.encrypted
  • %ProgramFiles%\FireFox\modules\services-sync\engines\bookmarks.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\res\arrowd.gif.encrypted
  • %ProgramFiles%\FireFox\modules\services-sync\engines\forms.js.encrypted
  • %ProgramFiles%\FireFox\modules\services-sync\engines\clients.js.encrypted
  • C:\Far2\Plugins\Colorer\hrc\auto\types\auto.jar.encrypted
  • %HOMEPATH%\Local Settings\History\History.IE5\MSHist012011111020111111\index.dat.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\aboutDialog.js.encrypted
  • %CommonProgramFiles%\SpeechEngines\Microsoft\TTS\1033\sam.sdf.encrypted
  • %ProgramFiles%\FireFox\modules\services-sync\ext\Preferences.js.encrypted
  • %ProgramFiles%\FireFox\modules\services-sync\ext\Observers.js.encrypted
  • %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml.encrypted
  • %ProgramFiles%\FireFox\modules\services-sync\ext\StringBundle.js.encrypted
  • %ProgramFiles%\FireFox\chrome\toolkit\res\arrow.gif.encrypted
  • %ProgramFiles%\Movie Maker\Shared\Profiles\Blank.txt.encrypted
  • %ProgramFiles%\FireFox\modules\services-sync\util.js.encrypted
  • %ProgramFiles%\MSN\MSNCoreFiles\Install\xfp.xml.encrypted
  • %ProgramFiles%\MSN\MSNCoreFiles\Install\cinfo.xml.encrypted
  • %ProgramFiles%\FireFox\modules\services-sync\resource.js.encrypted
  • %ProgramFiles%\FireFox\modules\services-sync\record.js.encrypted
  • %ProgramFiles%\FireFox\modules\services-sync\status.js.encrypted
  • %ProgramFiles%\FireFox\modules\services-sync\service.js.encrypted
  • %APPDATA%\Microsoft\Internet Explorer\brndlog.txt.encrypted
  • C:\Documents and Settings\Default User\Local Settings\<INETFILES>\Content.IE5\index.dat.encrypted
  • %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\index.dat.encrypted
  • %HOMEPATH%\Local Settings\History\History.IE5\index.dat.encrypted
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.encrypted
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.encrypted
  • C:\Documents and Settings\Default User\Local Settings\History\History.IE5\index.dat.encrypted
  • C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.txt.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\web-panels.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\utilityOverlay.js.encrypted
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\certManager.js.encrypted
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\certerror.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\tabbrowser.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\syncUtils.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\urlbarBindings.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\tabview.js.encrypted
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\crlManager.js.encrypted
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\crlImportDialog.js.encrypted
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\device_manager.js.encrypted
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\deletecert.js.encrypted
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\choosetoken.js.encrypted
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\certpicker.js.encrypted
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\createCertInfo.js.encrypted
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\clientauthask.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\syncSetup.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\browser.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\browser-tabPreviews.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\openLocation.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\nsContextMenu.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\aboutSessionRestore.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\aboutHome.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\aboutSyncTabs.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\aboutSyncTabs-bindings.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\syncGenericChange.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\syncAddDevice.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\syncQuota.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\syncNotification.xml.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\sanitize.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\safeMode.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\setDesktopBackground.js.encrypted
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\sanitizeDialog.js.encrypted
  • C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat.encrypted
  • %ProgramFiles%\Movie Maker\Shared\Filters.xml.encrypted
  • C:\Far2\Plugins\Colorer\hrc\changes.txt.encrypted
  • <LS_APPDATA>\IconCache.db.encrypted
  • %ProgramFiles%\Microsoft.NET\RedistList\AssemblyList_4_client.xml.encrypted
  • %ProgramFiles%\FireFox\searchplugins\yahoo.xml.encrypted
  • %ProgramFiles%\Movie Maker\Shared\Empty.txt.encrypted
  • %ProgramFiles%\Microsoft.NET\RedistList\AssemblyList_4_extended.xml.encrypted
  • C:\Far2\Plugins\ExtSearch\sources\ExtClipBoard.cpp.encrypted
  • C:\Far2\Plugins\ExtSearch\sources\ExtChCase.cpp.encrypted
  • C:\Far2\Plugins\ExtSearch\sources\ExtRegExp.cpp.encrypted
  • C:\Far2\Plugins\ExtSearch\sources\ExtMenu.cpp.encrypted
  • C:\Far2\Plugins\Colorer\hrd\catalog-console.xml.encrypted
  • C:\Far2\Plugins\Colorer\hrc\common.jar.encrypted
  • C:\Far2\Plugins\Colorer\hrd\catalog-text.xml.encrypted
  • C:\Far2\Plugins\Colorer\hrd\catalog-rgb.xml.encrypted
  • %ProgramFiles%\FireFox\searchplugins\wikipedia.xml.encrypted
  • %ProgramFiles%\FireFox\res\table-add-row-before.gif.encrypted
  • %ProgramFiles%\FireFox\res\table-add-row-before-hover.gif.encrypted
  • %ProgramFiles%\FireFox\res\table-remove-column-hover.gif.encrypted
  • %ProgramFiles%\FireFox\res\table-remove-column-active.gif.encrypted
  • %ProgramFiles%\FireFox\res\table-add-row-after-hover.gif.encrypted
  • %ProgramFiles%\FireFox\res\table-add-row-after-active.gif.encrypted
  • %ProgramFiles%\FireFox\res\table-add-row-before-active.gif.encrypted
  • %ProgramFiles%\FireFox\res\table-add-row-after.gif.encrypted
  • %ProgramFiles%\FireFox\searchplugins\bing.xml.encrypted
  • %ProgramFiles%\FireFox\searchplugins\amazondotcom.xml.encrypted
  • %ProgramFiles%\FireFox\searchplugins\google.xml.encrypted
  • %ProgramFiles%\FireFox\searchplugins\eBay.xml.encrypted
  • %ProgramFiles%\FireFox\res\table-remove-row-active.gif.encrypted
  • %ProgramFiles%\FireFox\res\table-remove-column.gif.encrypted
  • %ProgramFiles%\FireFox\res\table-remove-row.gif.encrypted
  • %ProgramFiles%\FireFox\res\table-remove-row-hover.gif.encrypted
  • %ProgramFiles%\FireFox\defaults\pref\firefox.js.encrypted
  • %ProgramFiles%\FireFox\defaults\pref\firefox-l10n.js.encrypted
  • %ProgramFiles%\FireFox\defaults\profile\prefs.js.encrypted
  • %ProgramFiles%\FireFox\defaults\pref\services-sync.js.encrypted
  • %ProgramFiles%\FireFox\defaults\autoconfig\prefcalls.js.encrypted
  • %ProgramFiles%\FireFox\defaults\autoconfig\platform.js.encrypted
  • %ProgramFiles%\FireFox\defaults\pref\firefox-branding.js.encrypted
  • %ProgramFiles%\FireFox\defaults\pref\channel-prefs.js.encrypted
  • %ProgramFiles%\FireFox\modules\services-sync\log4moz.js.encrypted
  • %ProgramFiles%\FireFox\modules\services-sync\jpakeclient.js.encrypted
  • %ProgramFiles%\FireFox\modules\services-sync\notifications.js.encrypted
  • %ProgramFiles%\FireFox\modules\services-sync\main.js.encrypted
  • %ProgramFiles%\FireFox\modules\services-sync\constants.js.encrypted
  • %ProgramFiles%\FireFox\modules\services-crypto\WeaveCrypto.js.encrypted
  • %ProgramFiles%\FireFox\modules\services-sync\identity.js.encrypted
  • %ProgramFiles%\FireFox\modules\services-sync\engines.js.encrypted
  • %CommonProgramFiles%\Microsoft Shared\Stationery\tech.gif.encrypted
  • %CommonProgramFiles%\Microsoft Shared\Stationery\anabnr2.gif.encrypted
  • %CommonProgramFiles%\Microsoft Shared\Stationery\amaizrul.gif.encrypted
  • %CommonProgramFiles%\Microsoft Shared\Stationery\Blank Bkgrd.gif.encrypted
  • %CommonProgramFiles%\Microsoft Shared\Stationery\aswrule.gif.encrypted
  • C:\Far2\Plugins\ExtSearch\sources\ExtSearchMix.cpp.encrypted
  • C:\Far2\Plugins\ExtSearch\sources\ExtSearch.cpp.encrypted
  • %CommonProgramFiles%\Microsoft Shared\Stationery\aleabanr.gif.encrypted
  • C:\Far2\Plugins\ExtSearch\sources\ExtSearchReg.cpp.encrypted
  • %CommonProgramFiles%\Microsoft Shared\Stationery\Network Blitz Bkgrd.gif.encrypted
  • %CommonProgramFiles%\Microsoft Shared\Stationery\Ivy.gif.encrypted
  • %CommonProgramFiles%\Microsoft Shared\Stationery\Sweets Bkgrd.gif.encrypted
  • %CommonProgramFiles%\Microsoft Shared\Stationery\sunbannA.gif.encrypted
  • %CommonProgramFiles%\Microsoft Shared\Stationery\citbannA.gif.encrypted
  • %CommonProgramFiles%\Microsoft Shared\Stationery\Btzhsepa.gif.encrypted
  • %CommonProgramFiles%\Microsoft Shared\Stationery\fieruled.gif.encrypted
  • %CommonProgramFiles%\Microsoft Shared\Stationery\Citrus Punch Bkgrd.gif.encrypted
Changes user data files extensions (Trojan.Encoder).
Miscellaneous:
Searches for the following windows:
  • ClassName: 'Shell_TrayWnd' WindowName: ''

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android