ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Trojan.DownLoader26.42580

Added to the Dr.Web virus database: 2018-05-02

Virus description added:

Technical Information

To ensure autorun and distribution:
Modifies the following registry keys:
  • [<HKLM>\SOFTWARE\Classes\padfile\shell\open\command] '' = '"%TEMP%\7ZipSfx.000\P2VPro.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\padxfile\shell\open\command] '' = '"%TEMP%\7ZipSfx.000\P2VPro.exe" "%1"'
Modifies file system:
Creates the following files:
  • %TEMP%\7ZipSfx.000\AQMTV.aqm
  • %TEMP%\7ZipSfx.000\pictures\rim\巴黎风情.png
  • %TEMP%\7ZipSfx.000\pictures\rim\情人节.png
  • %TEMP%\7ZipSfx.000\pictures\rim\粉嫩嫩.png
  • %TEMP%\7ZipSfx.000\pictures\rim\紫色花簇.png
  • %TEMP%\7ZipSfx.000\pictures\rim\绿叶环绕.png
  • %TEMP%\7ZipSfx.000\pictures\rim\绿叶红花.png
  • %TEMP%\7ZipSfx.000\pictures\rim\花园.png
  • %TEMP%\7ZipSfx.000\pictures\rim\花朵与星光.png
  • %TEMP%\7ZipSfx.000\pictures\rim\花草.png
  • %TEMP%\7ZipSfx.000\pictures\rim\蓝色琉璃.png
  • %TEMP%\7ZipSfx.000\pictures\rim\虚化透明-白.png
  • %TEMP%\7ZipSfx.000\pictures\rim\虚化透明-红.png
  • %TEMP%\7ZipSfx.000\pictures\rim\虚化透明-绿.png
  • %TEMP%\7ZipSfx.000\pictures\rim\虚化透明-青.png
  • %TEMP%\7ZipSfx.000\pictures\rim\虚化透明-黄.png
  • %TEMP%\7ZipSfx.000\pictures\rim\虚化透明-黑.png
  • %TEMP%\7ZipSfx.000\pictures\rim\蝶舞.png
  • %TEMP%\7ZipSfx.000\pictures\rim\左右花开.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\霸王龙.png
  • %TEMP%\7ZipSfx.000\pictures\rim\小碎花.png
  • %TEMP%\7ZipSfx.000\pictures\rim\垂花.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\香蕉.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\高跟鞋.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\黄色对话泡泡.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\黑猫.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\黑色云朵泡泡.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\黑边对话框.png
  • %TEMP%\7ZipSfx.000\pictures\blue.jpg
  • %TEMP%\7ZipSfx.000\pictures\green.jpg
  • %TEMP%\7ZipSfx.000\pictures\logo.jpg
  • %TEMP%\7ZipSfx.000\pictures\red.jpg
  • %TEMP%\7ZipSfx.000\pictures\rim\兔子卡通.png
  • %TEMP%\7ZipSfx.000\pictures\rim\冰蓝企鹅.png
  • %TEMP%\7ZipSfx.000\pictures\rim\卡通.png
  • %TEMP%\7ZipSfx.000\pictures\rim\圣诞.png
  • %TEMP%\7ZipSfx.000\pictures\rim\圣诞2.png
  • %TEMP%\7ZipSfx.000\pictures\rim\圣诞3.png
  • %TEMP%\7ZipSfx.000\pictures\rim\圣诞礼物.png
  • %TEMP%\7ZipSfx.000\pictures\rim\小熊.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\青蛙.png
  • %TEMP%\7ZipSfx.000\pictures\rim\蝶舞花丛.png
  • %TEMP%\7ZipSfx.000\pictures\rim\锦绣.png
  • %TEMP%\7ZipSfx.000\Template\T8.gif
  • %TEMP%\7ZipSfx.000\Template\T9.gif
  • %TEMP%\7ZipSfx.000\unins000.dat
  • %TEMP%\7ZipSfx.000\使用必读.url
  • %TEMP%\7ZipSfx.000\绿色先锋下载.url
  • %TEMP%\7ZipSfx.000\Bin\AQdll\avcodec-55.dll
  • %TEMP%\7ZipSfx.000\Bin\AQdll\avdevice-55.dll
  • %TEMP%\7ZipSfx.000\pictures\adorn\瓢虫.png
  • %TEMP%\7ZipSfx.000\Bin\AQdll\avfilter-4.dll
  • %TEMP%\7ZipSfx.000\Bin\AQdll\avutil-52.dll
  • %TEMP%\7ZipSfx.000\Bin\AQdll\MediaInfo.dll
  • %TEMP%\7ZipSfx.000\Bin\AQdll\SDL.dll
  • %TEMP%\7ZipSfx.000\Bin\AQdll\SoundTouch.dll
  • %TEMP%\7ZipSfx.000\Bin\AQdll\swresample-0.dll
  • %TEMP%\7ZipSfx.000\Bin\AQdll\swscale-2.dll
  • %TEMP%\7ZipSfx.000\LrcEditor.exe
  • %TEMP%\7ZipSfx.000\Template\T6.gif
  • %TEMP%\7ZipSfx.000\Template\T7.gif
  • %TEMP%\7ZipSfx.000\pictures\rim\金属时代.png
  • %TEMP%\7ZipSfx.000\pictures\rim\转圈卡通.png
  • %TEMP%\7ZipSfx.000\Template\T3.gif
  • %TEMP%\7ZipSfx.000\pictures\rim\长发妹.png
  • %TEMP%\7ZipSfx.000\pictures\rim\鸽子.png
  • %TEMP%\7ZipSfx.000\pictures\虚化彩色.jpg
  • %TEMP%\7ZipSfx.000\pictures\虚化绿色.jpg
  • %TEMP%\7ZipSfx.000\pictures\虚化蓝色.jpg
  • %TEMP%\7ZipSfx.000\pictures\虚化青色.jpg
  • %TEMP%\7ZipSfx.000\pictures\虚化黑色.jpg
  • %TEMP%\7ZipSfx.000\Settings.aqs
  • %TEMP%\7ZipSfx.000\Template\T0.gif
  • %TEMP%\7ZipSfx.000\Template\T1.gif
  • %TEMP%\7ZipSfx.000\Template\T10.gif
  • %TEMP%\7ZipSfx.000\Template\T11.gif
  • %TEMP%\7ZipSfx.000\Template\T12.gif
  • %TEMP%\7ZipSfx.000\Template\T13.gif
  • %TEMP%\7ZipSfx.000\Template\T2.gif
  • %TEMP%\7ZipSfx.000\Template\T4.gif
  • %TEMP%\7ZipSfx.000\pictures\rim\金色.png
  • %TEMP%\7ZipSfx.000\Template\T5.gif
  • %TEMP%\7ZipSfx.000\pictures\adorn\雪花3.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\雪花2.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\雪花1.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\彩带2.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\彩带4.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\情人节.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\折纸小鸟(1).png
  • %TEMP%\7ZipSfx.000\pictures\adorn\折纸小鸟.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\折纸小鸟3.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\星型标题框.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\松鼠(1).png
  • %TEMP%\7ZipSfx.000\pictures\adorn\松鼠.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\橙.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\橙色恐龙.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\橙色扇形对话框.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\气球1.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\气球2.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\浅蓝的云朵.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\浣熊.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\小鱼.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\海马.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\射中了.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\婚戒.png
  • %TEMP%\7ZipSfx.000\Languages\LRC_CHS.lang
  • %TEMP%\7ZipSfx.000\Languages\P2V_CHS.lang
  • %TEMP%\7ZipSfx.000\Music\邓丽君 - 月亮代表我的心.lrc
  • %TEMP%\7ZipSfx.000\Music\邓丽君 - 月亮代表我的心.mp3
  • %TEMP%\7ZipSfx.000\pictures\adorn\一支玫瑰.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\中国瓶子.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\卡通小鸟.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\原始人.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\双喜.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\可爱小花.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\可爱小鸟.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\向日葵.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\圣诞树1.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\圣诞花环.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\圣诞花环2.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\圣诞铃铛.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\圣诞驯鹿.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\婚戒2.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\深红飞溅对话框.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\彩带1.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\爱心.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\绿恐龙.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\花束.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\花瓶.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\花骨朵.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\苹果.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\莲花.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\蓝恐龙.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\蓝绿渐变思想泡泡.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\蓝色对话泡泡.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\蓝色小鱼.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\蜡烛1.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\蜡烛2.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\蝴蝶.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\西瓜.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\角恐龙.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\金色小鱼.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\红莲花.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\粉红思想泡泡.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\花朵2.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\红色小鱼.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\米老鼠.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\爱心1.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\爱心中箭.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\爱心礼物.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\爱心糖.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\狗狗.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\狮子.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\玫瑰(1).png
  • %TEMP%\7ZipSfx.000\pictures\adorn\玫瑰.png
  • %TEMP%\7ZipSfx.000\P2VPro.exe
  • %TEMP%\7ZipSfx.000\Bin\AQdll\avformat-55.dll
  • %TEMP%\7ZipSfx.000\pictures\adorn\玫瑰和珍珠.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\生日蛋糕1.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\生日蛋糕2.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\白鸽.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\盆花.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\礼物盒.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\礼物盒2.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\笑脸.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\爱心三朵.png
  • %TEMP%\7ZipSfx.000\pictures\adorn\生日小狗1.png
  • %TEMP%\7ZipSfx.000\unins000.exe
Network activity:
Connects to:
  • 'ai###oft.com':80
  • 'localhost':1041
  • 'cl####.aiqisoft.com':80
  • 'cl####.aiqisoft.cn':80
TCP:
HTTP GET requests:
  • http://www.ai###oft.com/myad/product.php?so######################################################################################## via ai###oft.com
  • http://www.ai###oft.com/install/?id###################################################################################### via ai###oft.com
  • http://cl####.aiqisoft.com/update/getnewver.php?id###################################################################################################
  • http://cl####.aiqisoft.cn/update/getnewver.php?id###################################################################################################
UDP:
  • DNS ASK www.ai###oft.com
  • DNS ASK cl####.aiqisoft.com
  • DNS ASK cl####.aiqisoft.cn
Miscellaneous:
Searches for the following windows:
  • ClassName: '' WindowName: ''
  • ClassName: 'IEFrame' WindowName: ''
  • ClassName: 'MS_AutodialMonitor' WindowName: ''
  • ClassName: 'MS_WebcheckMonitor' WindowName: ''
Creates and executes the following:
  • '%TEMP%\7ZipSfx.000\P2VPro.exe'
Executes the following:
  • '%ProgramFiles%\Internet Explorer\IEXPLORE.EXE' -nohome

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play