ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Trojan.MulDrop8.28757

Added to the Dr.Web virus database: 2018-07-02

Virus description added:

Technical Information

Malicious functions:
To complicate detection of its presence in the operating system,
forces the system hide from view:
  • hidden files
blocks execution of the following system utilities:
  • Windows Task Manager (Taskmgr)
  • Registry Editor (RegEdit)
modifies the following system settings:
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoControlPanel' = '00000001'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoRun' = '00000001'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoDrives' = 'FFFFFFFF'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoViewOnDrive' = 'FFFFFFFF'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFolderOptions' = '00000001'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoDesktop' = '00000001'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoClose' = '00000001'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFind' = '00000001'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFileMenu' = '00000001'
Executes the following:
  • '<SYSTEM32>\taskkill.exe' /f /im 360tray.exe
Modifies file system:
Creates the following files:
  • C:\іМП¦ВЧ.ico
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530045 bdfbdfbdfbdf30453ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004dfb dfb df530453ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530fb dfb dfb dfb04530453ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004dfb df b530453ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004bdfbdfb dfb530453ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004fb df bdfb530453ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530dd fbfb453ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453040 6d4fb db d04530453ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530045f sdf s30453ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453sdfsdf sd453004530453ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453g dfg dfg dfg0453ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530045g dfg dfg 30453ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453 dfg df g0453ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453 dfg dfg df gdf0453ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530045f sdf sdf sdf sdf30453ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530d fbdf bd453ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530045304 bdfgb dfb53ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453045df bdfb dfb df3ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530045 bdfbdfbdfbdf3045thfthf3ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004dfb dfb df530453ghngh th th fthf ht h04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530fb dfb dfb dfb04530453ghngh04th rth rth th 530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530453ghngh0wadwad wad wad wad wad wad 4530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530453ghnghwadwadwad04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530453ghnwdwad wadwadwadwagh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530453ga dwwad adf wad hngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530 adawda453ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453045yagf ycafgdald jpaudpoajdklahda;l dijphwadw3ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530453gbsi kgvisdhvushvsvsoshslvjxvgkhalhsdkgfkjalkabdf hngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530sdj gvsuihdsdos453ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453045j olhsijd hsdioh osdjgfsd3ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530453gm jsdfg pso jfpsdjf jgslhngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453dfb jkdhfb dhklv bjdfl jbdklf004530453ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453045dfbdf vb kdhuikghdfb df3ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453 dfg dfg dfg df0453ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530dd fbfb453ghngh0thfth thf thf th thf 4530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530045g dfg dfg df30453ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004 dfg df530453ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530045d bdf bdfb3045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530045fd3045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300asc a453045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004c ac rvsd53045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530045c acas3045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530045 ac3045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004b dfb dfbd fb53045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530045as as c3045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004c asc as53045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300sc asc acascasca453045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530dascdasc0453045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530awddawd a0453045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300430453045345003d aw53045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530453453453453453345045034530453045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530045as3045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004 dfb dfb df53045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530045df bdfb dfb dfb045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453dfb dfb dfb 045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004dawddf gdf30453ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453 as dad0453ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530gh nghn gh45304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453n ghn gh nj045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530045ghn g3045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530045304n ghnghngh5304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530045304n ghn gh5304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530ghnmgh45304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530045dbdfbb fgnghn gh3045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004dfb dbd53045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530bdfbdfb dfb45304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530045304bdf5304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530f dfb df45304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530045304b dfbd5304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453fb dfb 045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004 dfg dfg dfg dg d530453ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530d fbdf bd453ghngth th fh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530045304 bdfgb dfb53ghngth th htthfth hth04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453045df bdfb dfb df3ghngthf th th th th fth thf h04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004dfb dfb df530453ghnghhhhhhhhhhhhhhhhhhhhhhhhhhhh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530fb dfb dfb dfb04530hhhhhhhhhhhhhhhhhhhhhhhhhhhh453ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530453ghnhhhhhhhhhh0wadwad wad wad wad wad wad 4530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530453ghnghhhhhhhhhwadwhhhhhhhhhhadwad04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530453ghnwdwad wadwadwadwagh045hhhhhhhh30.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530453ga dwwad hhhhhhhhhhhhhhadf wad hngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530dd fbfb45hhhhhhhhhhhhhhhhhhh3ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530045 bdfbdfbhhhhhhhhdfbdf30453ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530453gbsi kgvisdhvushvsvsoshslhhhhhhhhhhhhhvjxvgkhalhsdkgfkjalkabdf hngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530sdj gvsuihdsdos453ghnghhhhhhhhhhhhhhhhhhhhhhhhhhhh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453045j olhsijd hsdioh osdjh hhhhhhhhgfsd3ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530453gm jsdfg pso jfpsdjf jgslffffffffffhngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453dfb jkdhfb dhklv bjdfl jbdklf0045ffffffffffffffff30453ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453045dfbdf vb kdfffffffffffhuikghdfb df3ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530 adawda45hhhhhhh3ghngh04530.txt
  • <Current directory>\3.bmp
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530d fbdfkkkkkkkk bd453ghngh04530.txt
  • \Device\FileDisk\FileDisk0
  • <Current directory>\2.bmp
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530453ghngh0wadwad wllllllllllllllllllllllad wad wad wad wad 4530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530453ghnghwadwadwallllllld04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530453ghnwdwad wadwadwadllllllllllllllllwagh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530453ga dwwallllllllllld adf wad hngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530 adawda4llllllllll53ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453045yagf ycafgdald jpaudpoajdkkkkkkkkkkkkkklahda;l dijphwadw3ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530453gbsi kgvkkkkkkkkkkkkkisdhvushvsvsoshslvjxvgkhalhsdkgfkjalkabdf hngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530sdj gvkkkkkkkkksuihdsdos453ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453045j olhsijd hsdioh osdjgfskkkkkkkkkkkkkkkkkd3ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530453gm jsdfg pso jfpsdjf jgkkkkkkkkkkkkkkkkkkslhngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453dfb jkdhfb dhklv bjdfl jbdklf00kkkkkkkkkkkkkkkkkk4530453ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453045dfbdf vb kdhuikghdfb kkkkkkkkkkkkdf3ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453045df bdfb dfb df3ghngkkkkkkkkkkkkkkkkkkkkkh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453045df bdfffffffffffffb dfb df3ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453045yagf ycahhhhhhhhhhhfgdald jpaudpoajdklahda;l dijphwadw3ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530045304 bdfgb dfb53ghnghffffffffffffffffff04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530d fbdf bd453ghngh04ffffffff30.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530dd fbfb45ffffffffffffffffffffffffff3ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530 adawda453ghngh04ffffffffffffffffffff530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004dfb dfb df530453ghngh04530fffffffffffffff.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530fb dfb dfb dfb04530453ghngh045ffffffffffff30.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530453ghngh0wadwfffffffffffd wad wad wad wad wad 4530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530453ghnghwafffffffffffffdwadwad04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530453ghnwdwad ffffffffadwadwadwffffffffagh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530453ga dwwad adf wad hngh04ffffffffff530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453045yagf ycafgffffffffffdald jpaudpoajdklahda;l dijphwadw3ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530dd fbfb45ffffffffffff3ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530453gbsi kfffffffffffgvisdhvushvsvsoshslvjxvgkhalhsdkgfkjalkabdf hngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530sdj gvsuffffffihdsdos45fffffffff3ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453045j olhsijd hsdioh osdjgfsdffffffffffffffffffffffffff3ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530453gm jsdfg pso jfpsdjf jgslthf thf thf th h ffffffffffffffffhngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453dfb jkdhfb dhklv bjdfl jbdklf00th fth fth th th fthf 4530453ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453045dfbdf vb kdhuikghdfbthf thf th thf thf th htthf th f df3ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453045345334545345345345345304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530045304 bdfgb dfb53ffffffffffffffffffffghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530d fbdf bd4ffffffffffffffffffff53ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453045dfbdf vb kdhuikghdfb dfffffffffff3ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530045 bdfbdfbdfbdf3045ffffffffffffffffffffffffffffff3ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530045 bdfbdfbfffffffffffffffffffffffffffbdf30453ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004dfb dfb df530453ffffffhngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530fb dfb dfb dfb04530453ghffffffgh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530453ghngh0wadwad wad ffffffffwad wad wad wad 4530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530453ghnghwadwadwad045ffffff30.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530453ghnwdwad wadwadfffffffwadwagh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530453ga dwwad ffffffffadf wad hngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530 adawda453gfffffffhngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453045yagf ycaffffffffffgdald jpaudpoajdklahda;l dijphwadw3ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530453gbsi kgvisdhvusffffffffffhvsvsoshslvjxvgkhalhsdkgfkjalkabdf hngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530sdj gvsuihdsdofffffffffffffffffffffffs453ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453045j olhsijffffffffffd hsdioh osdjgfsd3ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530453gm jsdfgffffffffffff pso jfpsdjf jgslhngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453dfb jkdhfb dhklv bjdfl jbdkfffffffffflf004530453ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453045df bdfb dfb df3ffffffffffghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530045304 bdfgb dfbkkkkkkkkkkkkk53ghngh04530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300445345304530453045345345345353045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300000000000000000000000000453045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ3045304534534503453.3txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ30453045.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453045.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ30450.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ34503.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ648.6.48.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ530453.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ6486.486..txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ6486486486486489489.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ6486.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ648648648.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ864864.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ86486.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ86486486486.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ648.46.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ34534534503453045304.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4530453045304530453.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ034504530453.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ34050450.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ3045045045034.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ304530453045304.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ30453045034.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ340503453045304.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45034530453.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45303045304530453.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ045304504530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ30453045630.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ43053045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ30453045304530450.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ3045045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453045304530453453453453.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45304530450.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ345345304530453.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ486486.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ04530453045.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ6486486.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ648.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ513153.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ153415.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ153.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ31531.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ5313.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ315.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ153131.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ3531.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ3.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ2.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ1.txt
  • %WINDIR%\іМП¦ВЧ.bat
  • %WINDIR%\reg.reg
  • %HOMEPATH%\Desktop\іМП¦ВЧ6.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ350453453013.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ314530453053.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ315345045304533.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4646464.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ46464.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4645304530464646.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ6464530453453.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ646445345304530646.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ646453453045345346.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ446453464.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ445304530444.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ3154534534533.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ3545313.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ1453045304530533.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ1545345345345333.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ31453453450453453053.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ3145353.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ31545303.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ646464.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45304530453045.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ045304530453.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ450345304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300000000000000000453045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534530000000000000000045300453045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300000000000000453045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534000000005345300453045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345340000000000000530045000000000000000000000000000000000003045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530040000000000000000000000000000000000000000053045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345340000000000000000005300453045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453045300000000000000000004530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530453453000000000045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530453453453453000000045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300445345345345345345353045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453453453453453453453453045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453453453453453045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453053453453453453543445304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530040000000000000000000000000000053045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530045304530453045304530453045345300000000045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530000000000000000000000453045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453304530453045304530445303454534530304045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453034530453045345034045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530000000000034530453045453045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300450453450000000000000000000000000003045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004453045304530453045304530453053045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345045304530453045304530453453045304444444444345300453045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530400000000000000000000000000005304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530045304045304545303454530453005304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453000000000000000000000045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530400005304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453000000000000000000000000045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530045300000000000000000000045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453000000000000000045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004453045304530453053045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004000000045303450534053045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004535345304530453453453045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453000000000000000000045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453045345345345345304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453045345345345345345345345304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453045304530453453453545304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ156406541f6s.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45045304.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45304530453.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ304530453453045.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4530453045.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4034034530453.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ40646564.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ3045304530455641056.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ5304534534.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ53453453045.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ3453453.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ30453045343453.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ3045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4530450450.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ30453045304530453453.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453453045304530453045304530453045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4530453045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453045304530453.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ04530453.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004530453045345345345345345353445304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453453045345345304530453453045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300453453453453453453453045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530045453453045304533045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300454530453045303045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300445304530453034504530453053045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345345300430453045304553045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004453453045345345304534553045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453004545334504533045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534534530045250445303045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ453453453045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4534530453045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45345304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ45045304530.txt
  • %HOMEPATH%\Desktop\іМП¦ВЧ4350345304545304530.txt
  • <Current directory>\4.bmp
Sets the 'hidden' attribute to the following files:
  • <Current directory>\2.bmp
  • <Current directory>\3.bmp
  • <Current directory>\4.bmp
Network activity:
Connects to:
  • 'localhost':1039
  • 'wx#.#inaimg.cn':80
TCP:
HTTP GET requests:
  • http://wx#.#inaimg.cn/mw690/0060lm7Tly1frofid1l3wj30m80got9g.jpg
UDP:
  • DNS ASK wx#.#inaimg.cn
Miscellaneous:
Searches for the following windows:
  • ClassName: 'RegEdit_RegEdit' WindowName: ''
  • ClassName: '' WindowName: 'Microsoft Internet Explorer'
  • ClassName: '' WindowName: ''
  • ClassName: 'IEFrame' WindowName: ''
  • ClassName: 'MS_AutodialMonitor' WindowName: ''
  • ClassName: 'MS_WebcheckMonitor' WindowName: ''
  • ClassName: '' WindowName: 'taskmgr.exe'
Executes the following:
  • '<SYSTEM32>\cmd.exe' /c %WINDIR%\іМП¦ВЧ.bat
  • '<SYSTEM32>\cmd.exe' /c format s: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\format.com' l: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\cmd.exe' /c format t : /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\format.com' o: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\format.com' n: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\cmd.exe' /c format u: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\format.com' r: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\cmd.exe' /c format v: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\format.com' p: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\cmd.exe' /c format w: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\cmd.exe' /c format x: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\format.com' e: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\format.com' u: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\cmd.exe' /c format y : /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\format.com' v: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\format.com' s: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\format.com' w: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\format.com' t : /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\cmd.exe' /c format z: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\cmd.exe' /c format f: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\format.com' x: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\cmd.exe' /c format h : /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\format.com' y : /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\format.com' z: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\cmd.exe' /c format q: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\cmd.exe' /c format r: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\format.com' m: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\cmd.exe' /c format p: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\format.com' k : /q /x /v: /fs:ntfs /y
  • '%ProgramFiles%\Internet Explorer\IEXPLORE.EXE' -nohome
  • '%WINDIR%\explorer.exe' /n,
  • '<SYSTEM32>\cmd.exe' /c format a: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\cmd.exe' /c format b: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\cmd.exe' /c format d: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\format.com' b: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\cmd.exe' /c format e: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\format.com' a: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\cmd.exe' /c format f : /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\format.com' d: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\format.com' f : /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\format.com' h : /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\format.com' q: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\cmd.exe' /c format g: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\format.com' g: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\cmd.exe' /c format i: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\cmd.exe' /c format j: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\format.com' h: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\format.com' i: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\cmd.exe' /c format k : /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\cmd.exe' /c format l: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\cmd.exe' /c format m: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\cmd.exe' /c format n: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\format.com' j: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\cmd.exe' /c format o: /q /x /v: /fs:ntfs /y
  • '%WINDIR%\regedit.exe' /s reg.reg
  • '<SYSTEM32>\cmd.exe' /c format h: /q /x /v: /fs:ntfs /y
  • '<SYSTEM32>\format.com' f: /q /x /v: /fs:ntfs /y

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play