ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Trojan.DownLoader26.53796

Added to the Dr.Web virus database: 2018-06-25

Virus description added:

Technical Information

To ensure autorun and distribution:
Modifies the following registry keys:
  • [<HKLM>\SOFTWARE\Classes\ChromeHTML\shell\open\command] '' = '"%ProgramFiles%\Google\Chrome\Application\chrome.exe" -- "%1"'
  • [<HKLM>\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command] '' = '"%ProgramFiles%\Google\Chrome\Application\chrome.exe"'
Creates or modifies the following files:
  • %WINDIR%\Tasks\GoogleUpdateTaskMachineCore.job
  • %WINDIR%\Tasks\GoogleUpdateTaskMachineUA.job
Creates the following services:
  • [<HKLM>\SYSTEM\ControlSet001\Services\gupdate] 'Start' = '00000002'
  • [<HKLM>\SYSTEM\ControlSet001\Services\gupdate] 'ImagePath' = '"%ProgramFiles%\Google\Update\GoogleUpdate.exe" /svc'
  • [<HKLM>\SYSTEM\ControlSet001\Services\gupdatem] 'ImagePath' = '"%ProgramFiles%\Google\Update\GoogleUpdate.exe" /medsvc'
Malicious functions:
Injects code into
the following user processes:
Modifies file system:
Creates the following files:
  • %TEMP%\zwjwixls-jekr-00vu-rlhc-9a343to07o69\ChromeStandaloneSetup.exe
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\sr.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\sl.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\sk.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\ru.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\ro.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\resources.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\pt-PT.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\pt-BR.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\pl.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\nl.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\nb.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\ms.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\mr.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\ml.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\lv.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\lt.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\ko.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\kn.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\ja.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\it.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\id.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\sv.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\ta.pak
  • %TEMP%\etilqs_7G2FdqhVe6bWbWB
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\te.pak
  • %TEMP%\etilqs_yt8g9l5buJsD0XB
  • %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
  • %HOMEPATH%\Desktop\Google Chrome.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Google Chrome\Uninstall Google Chrome.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Google Chrome\Google Chrome.lnk
  • %ProgramFiles%\Google\Chrome\Application\22.0.1229.92\Installer\setup.exe
  • %ProgramFiles%\Google\Chrome\Application\chrome.exe
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\VisualElementsManifest.xml
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\VisualElements\splash-620x300.png
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\VisualElements\smalllogo.png
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\secondarytile.png
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\VisualElements\logo.png
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\zh-TW.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\zh-CN.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\vi.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\uk.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\ui_resources_100_percent.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\tr.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\theme_resources_touch_100_percent.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\theme_resources_100_percent.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\th.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\hu.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\sw.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\hr.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Extensions\external_extensions.json
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\nacl64.exe
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\delegate_execute.exe
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\chrome_launcher.exe
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\chrome_frame_helper.exe
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\chrome.exe
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\app_host.exe
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\zh-TW.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\zh-CN.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\xinput1_3.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\vi.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\uk.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\tr.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\th.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\te.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\ta.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\sw.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\sv.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\sr.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\sl.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\sk.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\ru.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\wow_helper.exe
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\default_apps\external_extensions.json
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\he.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\PepperFlash\manifest.json
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\gu.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\fr.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\fil.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\fi.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\fa.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\et.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\es.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\es-419.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\en-US.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\en-GB.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\el.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\de.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\da.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\cs.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\ca.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\bn.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\bg.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\ar.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\am.pak
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\nacl_irt_x86_64.nexe
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\nacl_irt_x86_32.nexe
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\hi.pak
  • %TEMP%\etilqs_TzFx5wMkzeWc5te
  • <LS_APPDATA>\Google\Chrome\User Data\6.tmp
  • <LS_APPDATA>\Google\Chrome\User Data\7.tmp
  • %TEMP%\scoped_dir_3216_1956\CRX_INSTALL\_locales\lv\messages.json
  • %TEMP%\scoped_dir_3216_1956\CRX_INSTALL\_locales\lt\messages.json
  • %TEMP%\scoped_dir_3216_1953\CRX_INSTALL\_locales\fr\messages.json
  • %TEMP%\scoped_dir_3216_1949\CRX_INSTALL\_locales\hr\messages.json
  • %TEMP%\scoped_dir_3216_1953\CRX_INSTALL\_locales\fil\messages.json
  • %TEMP%\scoped_dir_3216_1956\CRX_INSTALL\_locales\ko\messages.json
  • %TEMP%\scoped_dir_3216_1949\CRX_INSTALL\_locales\hi\messages.json
  • %TEMP%\scoped_dir_3216_1956\CRX_INSTALL\_locales\ja\messages.json
  • %TEMP%\scoped_dir_3216_1953\CRX_INSTALL\_locales\fi\messages.json
  • %TEMP%\scoped_dir_3216_1956\CRX_INSTALL\_locales\it\messages.json
  • %TEMP%\scoped_dir_3216_1953\CRX_INSTALL\_locales\et\messages.json
  • %TEMP%\scoped_dir_3216_1949\CRX_INSTALL\_locales\he\messages.json
  • %TEMP%\scoped_dir_3216_1956\CRX_INSTALL\_locales\id\messages.json
  • %TEMP%\scoped_dir_3216_1953\CRX_INSTALL\_locales\es_419\messages.json
  • %TEMP%\scoped_dir_3216_1949\CRX_INSTALL\_locales\fr\messages.json
  • %TEMP%\scoped_dir_3216_1956\CRX_INSTALL\_locales\hu\messages.json
  • %TEMP%\scoped_dir_3216_1953\CRX_INSTALL\_locales\es\messages.json
  • %TEMP%\scoped_dir_3216_1956\CRX_INSTALL\_locales\hr\messages.json
  • %TEMP%\scoped_dir_3216_1953\CRX_INSTALL\_locales\en_US\messages.json
  • %TEMP%\scoped_dir_3216_1949\CRX_INSTALL\_locales\fil\messages.json
  • %TEMP%\scoped_dir_3216_1956\CRX_INSTALL\_locales\hi\messages.json
  • %TEMP%\scoped_dir_3216_1949\CRX_INSTALL\_locales\fi\messages.json
  • %TEMP%\scoped_dir_3216_1953\CRX_INSTALL\_locales\en_GB\messages.json
  • %TEMP%\scoped_dir_3216_1953\CRX_INSTALL\_locales\he\messages.json
  • %TEMP%\scoped_dir_3216_1949\CRX_INSTALL\_locales\hu\messages.json
  • %TEMP%\scoped_dir_3216_1956\CRX_INSTALL\_locales\sk\messages.json
  • %TEMP%\scoped_dir_3216_1953\CRX_INSTALL\_locales\ko\messages.json
  • %TEMP%\scoped_dir_3216_1956\CRX_INSTALL\_locales\se\messages.json
  • %TEMP%\scoped_dir_3216_1949\CRX_INSTALL\_locales\lt\messages.json
  • %TEMP%\scoped_dir_3216_1953\CRX_INSTALL\_locales\ja\messages.json
  • %TEMP%\scoped_dir_3216_1956\CRX_INSTALL\_locales\ru\messages.json
  • %TEMP%\scoped_dir_3216_1949\CRX_INSTALL\_locales\ko\messages.json
  • %TEMP%\scoped_dir_3216_1953\CRX_INSTALL\_locales\it\messages.json
  • %TEMP%\scoped_dir_3216_1956\CRX_INSTALL\_locales\ro\messages.json
  • %TEMP%\scoped_dir_3216_1953\CRX_INSTALL\_locales\id\messages.json
  • %TEMP%\scoped_dir_3216_1949\CRX_INSTALL\_locales\ja\messages.json
  • %TEMP%\scoped_dir_3216_1949\CRX_INSTALL\_locales\lv\messages.json
  • %TEMP%\scoped_dir_3216_1953\CRX_INSTALL\_locales\hu\messages.json
  • %TEMP%\scoped_dir_3216_1956\CRX_INSTALL\_locales\pt_BR\messages.json
  • %TEMP%\scoped_dir_3216_1949\CRX_INSTALL\_locales\it\messages.json
  • %TEMP%\scoped_dir_3216_1956\CRX_INSTALL\_locales\pl\messages.json
  • %TEMP%\scoped_dir_3216_1953\CRX_INSTALL\_locales\hr\messages.json
  • %TEMP%\scoped_dir_3216_1956\CRX_INSTALL\_locales\no\messages.json
  • %TEMP%\scoped_dir_3216_1949\CRX_INSTALL\_locales\id\messages.json
  • %TEMP%\scoped_dir_3216_1953\CRX_INSTALL\_locales\hi\messages.json
  • %TEMP%\scoped_dir_3216_1956\CRX_INSTALL\_locales\nl\messages.json
  • <LS_APPDATA>\Google\Chrome\User Data\19.tmp
  • %TEMP%\scoped_dir_3216_1956\CRX_INSTALL\_locales\fr\messages.json
  • %TEMP%\scoped_dir_3216_1953\CRX_INSTALL\_locales\en\messages.json
  • %TEMP%\scoped_dir_3216_1956\CRX_INSTALL\_locales\fil\messages.json
  • %TEMP%\scoped_dir_3216_1953\CRX_INSTALL\48.png
  • %TEMP%\scoped_dir_3216_1953\CRX_INSTALL\32.png
  • %TEMP%\scoped_dir_3216_1953\CRX_INSTALL\16.png
  • %TEMP%\scoped_dir_3216_1953\CRX_INSTALL\128.png
  • %TEMP%\scoped_dir_3216_1949\CRX_INSTALL\_locales\ar\messages.json
  • %TEMP%\scoped_dir_3216_1956\CRX_INSTALL\128.png
  • %TEMP%\scoped_dir_3216_1949\CRX_INSTALL\128.png
  • %TEMP%\scoped_dir_3216_1956\gmail.crx
  • %TEMP%\14.tmp
  • %TEMP%\etilqs_Xbl9IOzjD7LZQmd
  • %TEMP%\scoped_dir_3216_1953\search.crx
  • %TEMP%\12.tmp
  • %TEMP%\scoped_dir_3216_1949\youtube.crx
  • %TEMP%\10.tmp
  • <LS_APPDATA>\Google\Chrome\User Data\First Run
  • %TEMP%\etilqs_gcm66XnuRWowdpb
  • %TEMP%\etilqs_2zT02qq3QYFEcb9
  • <LS_APPDATA>\Google\Chrome\User Data\8.tmp
  • %TEMP%\etilqs_9x80qbn458ims1i
  • %TEMP%\etilqs_mlP5IKuwmb3c0hd
  • %TEMP%\scoped_dir_3216_1956\CRX_INSTALL\_locales\ar\messages.json
  • %TEMP%\scoped_dir_3216_1953\CRX_INSTALL\manifest.json
  • %TEMP%\scoped_dir_3216_1949\CRX_INSTALL\_locales\bg\messages.json
  • <LS_APPDATA>\Google\Chrome\User Data\17.tmp
  • %TEMP%\scoped_dir_3216_1949\CRX_INSTALL\_locales\es\messages.json
  • %TEMP%\scoped_dir_3216_1956\CRX_INSTALL\_locales\bg\messages.json
  • %TEMP%\scoped_dir_3216_1953\CRX_INSTALL\_locales\el\messages.json
  • %TEMP%\scoped_dir_3216_1956\CRX_INSTALL\_locales\fi\messages.json
  • %TEMP%\scoped_dir_3216_1953\CRX_INSTALL\_locales\de\messages.json
  • %TEMP%\scoped_dir_3216_1949\CRX_INSTALL\_locales\en\messages.json
  • %TEMP%\scoped_dir_3216_1956\CRX_INSTALL\_locales\es\messages.json
  • %TEMP%\scoped_dir_3216_1953\CRX_INSTALL\_locales\da\messages.json
  • %TEMP%\scoped_dir_3216_1949\CRX_INSTALL\_locales\el\messages.json
  • %TEMP%\scoped_dir_3216_1956\CRX_INSTALL\_locales\en\messages.json
  • %TEMP%\scoped_dir_3216_1956\CRX_INSTALL\_locales\el\messages.json
  • %TEMP%\scoped_dir_3216_1949\CRX_INSTALL\_locales\de\messages.json
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\ro.dll
  • %TEMP%\scoped_dir_3216_1956\CRX_INSTALL\_locales\de\messages.json
  • %TEMP%\scoped_dir_3216_1953\CRX_INSTALL\_locales\ca\messages.json
  • %TEMP%\scoped_dir_3216_1949\CRX_INSTALL\_locales\da\messages.json
  • %TEMP%\scoped_dir_3216_1956\CRX_INSTALL\_locales\da\messages.json
  • %TEMP%\scoped_dir_3216_1953\CRX_INSTALL\_locales\bg\messages.json
  • %TEMP%\scoped_dir_3216_1956\CRX_INSTALL\_locales\cs\messages.json
  • %TEMP%\scoped_dir_3216_1949\CRX_INSTALL\_locales\cs\messages.json
  • %TEMP%\scoped_dir_3216_1953\CRX_INSTALL\_locales\ar\messages.json
  • %TEMP%\scoped_dir_3216_1956\CRX_INSTALL\_locales\ca\messages.json
  • %TEMP%\scoped_dir_3216_1949\CRX_INSTALL\_locales\ca\messages.json
  • %TEMP%\scoped_dir_3216_1953\CRX_INSTALL\_locales\cs\messages.json
  • %TEMP%\scoped_dir_3216_1956\CRX_INSTALL\_locales\pt_PT\messages.json
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\pt-PT.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\lv.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdate.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\GoogleUpdate.exe
  • %ProgramFiles%\GUM1.tmp\GoogleUpdateSetup.exe
  • %ProgramFiles%\GUM1.tmp\OfflineManifest.gup
  • %ProgramFiles%\GUM1.tmp\22.0.1229.92_chrome_installer.exe.{8A69D345-D564-463c-AFF1-A69D9E530F96}
  • %ProgramFiles%\GUM1.tmp\goopdateres_zh-TW.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_zh-CN.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_vi.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_ur.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_uk.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_tr.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_th.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_te.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_ta.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_sw.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_sv.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_sr.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_sl.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_sk.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_ru.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_ro.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\GoogleCrashHandler.exe
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_am.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_is.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_ar.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_id.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_hu.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_hr.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_hi.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_gu.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_fr.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_fil.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_fi.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_fa.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_et.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_es-419.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_es.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_en-GB.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_en.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_el.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_de.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_da.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_cs.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_ca.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_bn.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_bg.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_pt-PT.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\GoogleCrashHandler64.exe
  • %ProgramFiles%\GUM1.tmp\goopdateres_pt-BR.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_es.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_en.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_el.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_de.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_da.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_cs.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_ca.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_bn.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_bg.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_ar.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_am.dll
  • %ProgramFiles%\GUM1.tmp\GoogleCrashHandler64.exe
  • %ProgramFiles%\GUM1.tmp\psuser.dll
  • %ProgramFiles%\GUM1.tmp\psmachine.dll
  • %ProgramFiles%\GUM1.tmp\GoogleUpdateOnDemand.exe
  • %ProgramFiles%\GUM1.tmp\GoogleUpdateBroker.exe
  • %ProgramFiles%\GUM1.tmp\GoogleUpdateHelper.msi
  • %ProgramFiles%\GUM1.tmp\npGoogleUpdate3.dll
  • %ProgramFiles%\GUM1.tmp\goopdate.dll
  • %ProgramFiles%\GUM1.tmp\GoogleCrashHandler.exe
  • %ProgramFiles%\GUM1.tmp\GoogleUpdate.exe
  • %ProgramFiles%\GUT2.tmp
  • %ProgramFiles%\GUM1.tmp\goopdateres_en-GB.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_es-419.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_no.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_et.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_nl.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_ms.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_mr.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_ml.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_lv.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_lt.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_ko.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_kn.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_ja.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_iw.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_it.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_is.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_id.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_hu.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_hr.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_hi.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_gu.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_fr.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_fil.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_fi.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_fa.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_pl.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_it.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_iw.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_ja.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\gu.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\fr.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\fil.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\fi.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\fa.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\et.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\es.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\es-419.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\en-US.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\en-GB.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\el.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\de.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\da.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\d3dx9_43.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\d3dcompiler_43.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\cs.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\chrome_frame_helper.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\chrome.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\ca.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\bn.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\bg.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\avformat-54.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\avutil-51.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\he.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\hi.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\pl.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\PepperFlash\pepflashplayer.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\pdf.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\npchrome_frame.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\nl.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\nb.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\ms.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\mr.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\ml.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\metro_driver.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\lt.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\ppgooglenaclpluginchrome.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\libglesv2.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\libegl.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\ko.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\kn.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\ja.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\it.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\id.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\icudt.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\hu.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\hr.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\avcodec-54.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\ar.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\am.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_ta.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_sw.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_sv.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_sr.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_sl.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_sk.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_ru.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_ro.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_pt-PT.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_pt-BR.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_pl.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_no.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_nl.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_ms.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_mr.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_ml.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_lv.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_lt.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_ko.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_kn.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_th.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_tr.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_te.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_uk.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\default_apps\youtube.crx
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_ur.dll
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\default_apps\search.crx
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\default_apps\gmail.crx
  • %ProgramFiles%\Google\Chrome\Temp\chrome.7z
  • %TEMP%\CR_5DE00.tmp\setup.exe
  • %TEMP%\CR_5DE00.tmp\SETUP.EX_
  • %TEMP%\CR_5DE00.tmp\CHROME.PACKED.7Z
  • %ProgramFiles%\Google\Update\Install\{ECBCE2ED-F6AC-495C-8125-01F55D123A4D}\chrome_installer.exe
  • %ProgramFiles%\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\22.0.1229.92\chrome_installer.exe
  • %ProgramFiles%\Google\Update\Offline\{6020AFD7-9146-484E-9030-07245CA558F8}\{8A69D345-D564-463C-AFF1-A69D9E530F96}\22.0.1229.92_chrome_installer.exe
  • %ProgramFiles%\Google\Update\1.3.21.115\GoogleUpdateOnDemand.exe
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\22.0.1229.92\Locales\pt-BR.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\GoogleUpdateBroker.exe
  • %ProgramFiles%\Google\Update\1.3.21.115\npGoogleUpdate3.dll
  • %ProgramFiles%\Google\Update\GoogleUpdate.exe
  • %ProgramFiles%\Google\Update\1.3.21.115\psmachine.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\psuser.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\GoogleUpdateSetup.exe
  • %ProgramFiles%\Google\Update\1.3.21.115\GoogleUpdateHelper.msi
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_zh-TW.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_zh-CN.dll
  • %ProgramFiles%\Google\Update\1.3.21.115\goopdateres_vi.dll
  • %ProgramFiles%\Google\Update\Offline\{6020AFD7-9146-484E-9030-07245CA558F8}\OfflineManifest.gup
  • %TEMP%\scoped_dir_3216_1953\CRX_INSTALL\_locales\lt\messages.json
Deletes the following files:
  • %ProgramFiles%\Google\Update\Offline\{6020AFD7-9146-484E-9030-07245CA558F8}\OfflineManifest.gup
  • %ProgramFiles%\GUM1.tmp\goopdateres_sr.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_sl.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_sk.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_ru.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_ro.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_pt-PT.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_pt-BR.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_pl.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_no.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_nl.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_ms.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_mr.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_ml.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_lv.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_lt.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_ko.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_kn.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_iw.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_ja.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_sv.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_sw.dll
  • %TEMP%\14.tmp
  • %TEMP%\12.tmp
  • %TEMP%\10.tmp
  • <LS_APPDATA>\Google\Chrome\User Data\Local State~RF38108.TMP
  • <LS_APPDATA>\Google\Chrome\User Data\Local State~RF37aee.TMP
  • %ProgramFiles%\GUM1.tmp\GoogleUpdateSetup.exe
  • %ProgramFiles%\GUT2.tmp
  • %ProgramFiles%\GUM1.tmp\OfflineManifest.gup
  • %ProgramFiles%\GUM1.tmp\goopdateres_zh-TW.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_es-419.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_zh-CN.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_vi.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_ur.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_uk.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_tr.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_th.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_te.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_ta.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_it.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_is.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_id.dll
  • %ProgramFiles%\GUM1.tmp\psuser.dll
  • %ProgramFiles%\GUM1.tmp\psmachine.dll
  • %ProgramFiles%\GUM1.tmp\GoogleUpdateOnDemand.exe
  • %ProgramFiles%\GUM1.tmp\GoogleUpdateBroker.exe
  • %ProgramFiles%\GUM1.tmp\GoogleUpdateHelper.msi
  • %ProgramFiles%\GUM1.tmp\npGoogleUpdate3.dll
  • %ProgramFiles%\GUM1.tmp\goopdate.dll
  • %ProgramFiles%\GUM1.tmp\GoogleCrashHandler.exe
  • %ProgramFiles%\GUM1.tmp\GoogleUpdate.exe
  • %TEMP%\CR_5DE00.tmp\setup.exe
  • %TEMP%\CR_5DE00.tmp\CHROME.PACKED.7Z
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\wow_helper.exe
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\chrome.exe
  • %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\app_host.exe
  • %TEMP%\CR_5DE00.tmp\SETUP.EX_
  • %ProgramFiles%\Google\Update\Offline\{6020AFD7-9146-484E-9030-07245CA558F8}\{8A69D345-D564-463C-AFF1-A69D9E530F96}\22.0.1229.92_chrome_installer.exe
  • %ProgramFiles%\GUM1.tmp\goopdateres_am.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_ar.dll
  • %ProgramFiles%\GUM1.tmp\GoogleCrashHandler64.exe
  • %ProgramFiles%\GUM1.tmp\goopdateres_bg.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_hu.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_bn.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_hr.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_hi.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_gu.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_fr.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_fil.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_fi.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_fa.dll
  • %ProgramFiles%\GUM1.tmp\22.0.1229.92_chrome_installer.exe.{8A69D345-D564-463c-AFF1-A69D9E530F96}
  • <LS_APPDATA>\Google\Chrome\User Data\Local State~RF3b670.TMP
  • %ProgramFiles%\GUM1.tmp\goopdateres_es.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_en-GB.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_en.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_el.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_de.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_da.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_cs.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_ca.dll
  • %ProgramFiles%\GUM1.tmp\goopdateres_et.dll
  • <LS_APPDATA>\Google\Chrome\User Data\Local State~RF3f492.TMP
Moves the following files:
  • from %ProgramFiles%\Google\Chrome\Temp\source\Chrome-bin\VisualElementsManifest.xml to %ProgramFiles%\Google\Chrome\Application\VisualElementsManifest.xml
  • from %ProgramFiles%\Google\Chrome\Temp\chrome.7z to %ProgramFiles%\Google\Chrome\Application\22.0.1229.92\Installer\chrome.7z
  • from <LS_APPDATA>\Google\Chrome\User Data\6.tmp to <LS_APPDATA>\Google\Chrome\User Data\Local State
  • from <LS_APPDATA>\Google\Chrome\User Data\7.tmp to <LS_APPDATA>\Google\Chrome\User Data\Local State
  • from <LS_APPDATA>\Google\Chrome\User Data\Local State to <LS_APPDATA>\Google\Chrome\User Data\Local State~RF37aee.TMP
  • from <LS_APPDATA>\Google\Chrome\User Data\8.tmp to <LS_APPDATA>\Google\Chrome\User Data\Local State
  • from <LS_APPDATA>\Google\Chrome\User Data\Local State to <LS_APPDATA>\Google\Chrome\User Data\Local State~RF38108.TMP
  • from <LS_APPDATA>\Google\Chrome\User Data\17.tmp to <LS_APPDATA>\Google\Chrome\User Data\Local State
  • from <LS_APPDATA>\Google\Chrome\User Data\Local State to <LS_APPDATA>\Google\Chrome\User Data\Local State~RF3b670.TMP
  • from <LS_APPDATA>\Google\Chrome\User Data\19.tmp to <LS_APPDATA>\Google\Chrome\User Data\Local State
  • from <LS_APPDATA>\Google\Chrome\User Data\Local State to <LS_APPDATA>\Google\Chrome\User Data\Local State~RF3f492.TMP
Substitutes the following files:
  • <LS_APPDATA>\Google\Chrome\User Data\Local State
Network activity:
Connects to:
  • 'wp#d':80
  • 'localhost':1038
  • '74.##5.232.51':80
  • 'localhost':1040
  • 'localhost':1043
TCP:
HTTP GET requests:
  • http://11#.#11.111.1/wpad.dat via wp#d
HTTP POST requests:
  • http://tools.google.com/service/update2 via 74.##5.232.51
UDP:
  • DNS ASK wp#d
  • DNS ASK tools.google.com
  • DNS ASK www.google.com
  • DNS ASK clients3.google.com
  • DNS ASK ss#.#static.com
  • DNS ASK clients4.google.com
  • DNS ASK tr######e.googleapis.com
  • DNS ASK linkhelp.clients.google.com
Miscellaneous:
Searches for the following windows:
  • ClassName: 'Chrome_MessageWindow' WindowName: '<LS_APPDATA>\Google\Chrome\User Data'
Creates and executes the following:
  • '%TEMP%\zwjwixls-jekr-00vu-rlhc-9a343to07o69\ChromeStandaloneSetup.exe'
  • '%ProgramFiles%\GUM1.tmp\GoogleUpdate.exe' /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={6876093C-35C2-AA61-9C4F-DBB87EDDADA7}&lang=en&browser=2&usagestats=0&appname=Google%20Chrome&needsadmin=pre...
  • '%ProgramFiles%\Google\Update\GoogleUpdate.exe' /regsvc
  • '%ProgramFiles%\Google\Update\GoogleUpdate.exe' /regserver
  • '%ProgramFiles%\Google\Update\GoogleUpdate.exe' /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB2ZXJzaW9uPSIxLjMuMjEuMTE1IiBzaGVsbF92ZXJzaW9uPSIxLjMuMjEuMTAzIiBpc21hY2hpbmU9IjEiIHNlc3Npb25pZD0ie0UwNUY...
  • '%ProgramFiles%\Google\Update\GoogleUpdate.exe' /handoff "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={6876093C-35C2-AA61-9C4F-DBB87EDDADA7}&lang=en&browser=2&usagestats=0&appname=Google%20Chrome&needsadmin=prefers" /installsource off...
  • '%ProgramFiles%\Google\Update\GoogleUpdate.exe' /svc
  • '%ProgramFiles%\Google\Update\Install\{ECBCE2ED-F6AC-495C-8125-01F55D123A4D}\chrome_installer.exe' --do-not-launch-chrome --multi-install --chrome --system-level
  • '%TEMP%\CR_5DE00.tmp\setup.exe' --install-archive="%TEMP%\CR_5DE00.tmp\CHROME.PACKED.7Z" --do-not-launch-chrome --multi-install --chrome --system-level
  • '%ProgramFiles%\Google\Chrome\Application\chrome.exe'
  • '%ProgramFiles%\Google\Chrome\Application\chrome.exe' --lang=en-US --import=0@49@0 --disable-background-networking
  • '%ProgramFiles%\Google\Chrome\Application\chrome.exe' --type=gpu-process --channel="3404.0.1579992598\1658413567" --gpu-vendor-id=0x15ad --gpu-device-id=0x0405 --gpu-driver-vendor="XXware, Inc." --gpu-driver-version=11.6.0.13 --ignored=" --type=re...
  • '%ProgramFiles%\Google\Chrome\Application\chrome.exe' --type=renderer --lang=en-US --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/blacklisted/GlobalSdch...
  • '%ProgramFiles%\Google\Chrome\Application\chrome.exe' --type=utility --channel="3216.2.428059662\2057615585" --lang=en-US --ignored=" --type=renderer " /prefetch:7
  • '%ProgramFiles%\Google\Chrome\Application\chrome.exe' --type=utility --channel="3216.3.1896243403\620688070" --lang=en-US --ignored=" --type=renderer " /prefetch:7
  • '%ProgramFiles%\Google\Chrome\Application\chrome.exe' --type=utility --channel="3216.4.440141102\1718236802" --lang=en-US --ignored=" --type=renderer " /prefetch:7

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play