ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Trojan.MulDrop11.23979

Added to the Dr.Web virus database: 2019-10-20

Virus description added:

Technical Information

To ensure autorun and distribution
Modifies the following registry keys
  • [<HKCU>\Software\Classes\BSPlayerFile.WMV\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayer\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.ASF\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayer\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.ASX\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayer\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.AVI\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayer\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.BSB\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayer\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.DIVX\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayer\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.FLAC\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayer\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.FLV\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayer\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.M2TS\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayer\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.M2V\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayer\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.MKV\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayer\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.MP3\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayer\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.MP4\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayer\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.MPE\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayer\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.MPEG\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayer\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.MPG\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayer\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.MTS\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayer\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.OGG\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayer\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.OGM\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayer\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.PLS\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayer\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.SWF\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayer\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.VOB\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayer\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.WAV\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayer\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.WMA\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayer\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.APE\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayer\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.3GP\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayer\bsplayer.exe "%L"'
Modifies file system
Creates the following files
  • %APPDATA%\doctor\bs\doctor.exe
  • %ProgramFiles(x86)%\webteh\bsplayer\sdk\plugins\c\sample\sample_plugin.dsp
  • %ProgramFiles(x86)%\webteh\bsplayer\sdk\plugins\c\sample\sample_plugin.dsw
  • %ProgramFiles(x86)%\webteh\bsplayer\sdk\plugins\c\sample\sampleplugin.c
  • %ProgramFiles(x86)%\webteh\bsplayer\sdk\plugins\c\sample_subtitles\sample_sub.c
  • %ProgramFiles(x86)%\webteh\bsplayer\sdk\plugins\c\sample_subtitles\sample_sub.def
  • %ProgramFiles(x86)%\webteh\bsplayer\sdk\plugins\c\sample_subtitles\sample_subtitles.dsp
  • %APPDATA%\bsplayer\bsplayer.xml
  • %ProgramFiles(x86)%\webteh\bsplayer\sdk\plugins\c\sample_subtitles\sample_subtitles.dsw
  • %ProgramFiles(x86)%\webteh\bsplayer\plugins\oldskin.dll
  • %ProgramFiles(x86)%\webteh\bsplayer\sdk\plugins\c\sample\sample_plugin.def
  • %ProgramFiles(x86)%\webteh\bsplayer\sdk\plugins\bspplg.h
  • %ProgramFiles(x86)%\webteh\bsplayer\sdk\plugins\bspplg.pas
  • %ProgramFiles(x86)%\webteh\bsplayer\sdk\bsp.h
  • %ProgramFiles(x86)%\webteh\bsplayer\sdk\bsp.pas
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\arr2n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\arr2u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\arrn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\arru.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\sdk\plugins\delphi\sample\sample_plugin.dpr
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\japanese.lng
  • %ProgramFiles(x86)%\webteh\bsplayer\media\umek - posing as me clip.mp3
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\latvian.lng
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\lithuanian.lng
  • %APPDATA%\bsplayer\bslib\bspmlib2.dat
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\macedonian.lng
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\norwegian.lng
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\polish.lng
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\portuguese.lng
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\portuguese_brazilian.lng
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\romanian.lng
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\russian.lng
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\serbian (cyrillic).lng
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\serbian (latin).lng
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\slovak.lng
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\slovenian.lng
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\spanish.lng
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\swedish.lng
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\turkish.lng
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\ukrainian.lng
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\uzbek.lng
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\audiosec.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\sdk\plugins\delphi\sample_subtitles\sample_sub.dpr
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\valenciГ .lng
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\lang_changes.txt
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\bottomsec.ini
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\btnshufa.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\btnrefresha.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\btnrefreshn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\btnrepa.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\btnrepn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\btnrestd.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\btnrestn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\btnrestu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\btnplayu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\btnprevn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\btnprevd.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\ctrlsimg.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\dvdsec.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\dvdsec_big.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\edb.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\ede.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\img_bar1.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\ltbm.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\busy.mng
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\btnplayn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\btnaddn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\bgmedia.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\btnprevu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\btnaddpln.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\btnclosed.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\btnclosen.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\btncloseu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\btnmaxd.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\btnmaxn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\btnmaxu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\btnmind.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\btnminn.bmp
  • %APPDATA%\bsplayer pro\eq.xml
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\btnminu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\btnnextd.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\btnnextn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\btnnextu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\btnpaused.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\btnpausen.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\btnpauseu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\btnplayd.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\audiosec_big.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\btngrp1bg.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\italian.lng
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\sm_mind.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\sm_minn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\sm_minu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\smenud.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\smenun.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\smenuu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\stopd.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\stopn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\sm_maxu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\sm_maxd.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\stopu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\voldu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\volud.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\volume.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\volun.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\voluu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\bat lite.bsz
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\bsplayer.v1.bsz
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\voldd.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\voldn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\hungarian.lng
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\sm_closeu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\paused.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\pausen.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\pauseu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\playd.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\playn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\playu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\plist.ini
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\prevd.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\prevn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\prevu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\rgn.dat
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\rgnfs.dat
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\seek.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\seeku.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\skin.ini
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\skinfs.ini
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\sm_closed.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\sm_closen.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\mediabox v-1.bsz
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\mediabox v-2.bsz
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\sm_maxn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\bplay.exe
  • %ProgramFiles(x86)%\webteh\bsplayer\bspadmin.exe
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\breton.lng
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\esperanto.lng
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\catalan.lng
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\chinese_simplified.lng
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\chinese_traditional.lng
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\croatian.lng
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\czech.lng
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\danish.lng
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\dutch.lng
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\english.lng
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\estonian.lng
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\main.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\finnish.lng
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\french.lng
  • %APPDATA%\bsplayer\bslib\bspmlib.dat
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\galician.lng
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\german.lng
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\greek.lng
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\hebrew.lng
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\bosnian.lng
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\belarusian.lng
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\btnshufn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\arabic.lng
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\arabic2.lng
  • %ProgramFiles(x86)%\webteh\bsplayer\lang\bulgarian.lng
  • %ProgramFiles(x86)%\webteh\bsplayer\bsplay.exe
  • %ProgramFiles(x86)%\webteh\bsplayer\bsplayer.exe
  • %ProgramFiles(x86)%\webteh\bsplayer\bsplayer.exe.manifest
  • %ProgramFiles(x86)%\webteh\bsplayer\bsrendv2.dll
  • %ProgramFiles(x86)%\webteh\bsplayer\changes.txt
  • %ProgramFiles(x86)%\webteh\bsplayer\codecmanager.exe
  • %ProgramFiles(x86)%\webteh\bsplayer\mmkeybsupp.dll
  • %ProgramFiles(x86)%\webteh\bsplayer\uninstall.exe
  • %APPDATA%\microsoft\windows\start menu\bs.player.lnk
  • %APPDATA%\microsoft\windows\start menu\programs\bs.player\bs.player.lnk
  • %APPDATA%\microsoft\windows\start menu\programs\bs.player\uninstall bs.player.lnk
  • %ProgramFiles(x86)%\webteh\bsplayer\bslib\bslib.dll
  • %ProgramFiles(x86)%\webteh\bsplayer\doc\cmdline.txt
  • %ProgramFiles(x86)%\webteh\bsplayer\doc\ini_files.html
  • %ProgramFiles(x86)%\webteh\bsplayer\insfiles\bspmlib.dat
  • %ProgramFiles(x86)%\webteh\bsplayer\insfiles\bspmlib2.dat
  • %HOMEPATH%\desktop\bs.player.lnk
  • %ProgramFiles(x86)%\webteh\bsplayer\insfiles\eq.xml
  • %ProgramFiles(x86)%\webteh\bsplayer\bspfilters.sam
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\media_tv_sep_top.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\ml_adddn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\ml_adddu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exvideoa.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exvbtn5u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exvbtn6n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exvbtn6u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exvbtn7n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exvbtn7u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exvbtn8n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exvbtn8u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exvbtn3u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exvbtn4u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exvbtn4n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\fsactbg.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\fsb1d.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\fsb1n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\fsb1u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\fsb2d.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\fsb2n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\fsb2u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exvideou.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exvbtn3n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exdbtn3u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\fsb3d.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\fsb3u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exdbtn4n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exdbtn4u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exdvda.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exdvdn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exdvdu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exitn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exitu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exradioa.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exradion.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exradiou.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\extbg.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\extva.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\extvn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\extvu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exvbtn1a.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exvbtn1n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exvbtn2n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exvbtn2u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exvideon.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\fsb3n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\fsb4d.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\fsprevn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\mutea.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\fsstopd.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\fsstopn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\fsstopu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\fsu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\grp2.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\main.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\minimizen.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\minimizeu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\muted.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\fsseek.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\muten.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\muteu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\nextd.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\nextn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\nextu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\opend.bmp
  • %APPDATA%\doctor\bs\xx.msi
  • %APPDATA%\doctor\bs\x.cmd
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exdbtn3n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\openn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\fsprevu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\fsplayu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\fsseeku.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\fsb4n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\fsb4u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\fsb5d.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\fsb5n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\fsb5u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\fsmain.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\fsn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\fsnextd.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\fsnextn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\fsnextu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\fsopend.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\fsopenn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\fsopenu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\fspaused.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\fspausen.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\fspauseu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\fsplayd.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\fsplayn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\fsprevd.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\openu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exdbtn2u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exdbtn1n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\seek.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\seekbtnd.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\seekbtnn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\seekbtnu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\skin.ini
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\thumbaudio.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\thumbbg.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\thumbbga.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exvbtn5n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\tvsec.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\tvsec_big.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\videosec_big.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\volume.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\actaspbg.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\actsubbg.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\actsubpbg.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\actvolbg.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\b1n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\seekbg.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\searchbtn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\ml_addfln.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\b2n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\radiosec_big.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\ml_addflu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\ml_addfn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\ml_addfu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\ml_addln.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\ml_addlu.bmp
  • %APPDATA%\microsoft\internet explorer\quick launch\bs.player.lnk
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\ml_pausen.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\ml_pauseu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\ml_playn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\ml_playu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\ml_refrn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\ml_refru.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\ml_video_defaultbg.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\othersec.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\pic_place.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\podsec.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\podsec_big.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\radiosec.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\b1u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\medialib\videosec.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\b2u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\b3a.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exdbtn2n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exabtn2n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\eqbtn1a.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\eqbtn1n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\eqbtn2n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\eqbtn2u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\eqbtnn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\eqmain.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exabtn1n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exabtn1u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exabtn2u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\btnmenuu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exabtn3n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exabtn3u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exabtn4n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exabtn4u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exaudioa.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exaudion.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exaudiou.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\btnmenun.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\exdbtn1u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\btncolorn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\btn_rn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\b3d.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\eq.ini
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\b3n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\b3u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\b4a.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\b4d.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\b4n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\b4u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\b5a.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\b5d.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\b5n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\b5u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\b6n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\b7n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\b8.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\b8n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\balbtnn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\btn_dn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\btn_ln.bmp
  • %ProgramFiles(x86)%\webteh\bsplayer\skins\base\btn_un.bmp
  • %APPDATA%\microsoft\installer\{97897001-682f-4aa4-9794-8f47056ae155}\mainicon
Deletes the following files
  • %APPDATA%\doctor\bs\xx.msi
  • %APPDATA%\doctor\bs\doctor.exe
  • %APPDATA%\doctor\bs\x.cmd
Miscellaneous
Creates and executes the following
  • '%APPDATA%\doctor\bs\doctor.exe'
  • '%WINDIR%\syswow64\cmd.exe' /c ""%APPDATA%\doctor\bs\x.cmd" "' (with hidden window)
Executes the following
  • '%WINDIR%\syswow64\cmd.exe' /c ""%APPDATA%\doctor\bs\x.cmd" "
  • '%WINDIR%\syswow64\msiexec.exe' /i xx.msi /qn /norestart

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play