ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Trojan.MulDrop11.25438

Added to the Dr.Web virus database: 2019-10-24

Virus description added:

Technical Information

Malicious functions
To complicate detection of its presence in the operating system,
deletes volume shadow copies.
Executes the following
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "IMAGENAME eq veeam*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "IMAGENAME eq ntrtscan*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "SERVICES eq pdvf*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "SERVICES eq pop3*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "SERVICES eq msdts*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "SERVICES eq acronis*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "SERVICES eq sacsvr*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "IMAGENAME eq tbirdconfig*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "SERVICES eq sepmaster*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "SERVICES eq monitor*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "SERVICES eq smcinst*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "SERVICES eq smcservice*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "SERVICES eq smtp*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "SERVICES eq ui0detect*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "SERVICES eq xchange*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "SERVICES eq ccsf*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "SERVICES eq truekey*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "SERVICES eq swi_*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "SERVICES eq tmlisten*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "SERVICES eq snac*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "SERVICES eq w3s*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "SERVICES eq wrsvc*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "SERVICES eq klnagent*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "SERVICES eq report*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "SERVICES eq resvc*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "IMAGENAME eq xfssvccon*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "IMAGENAME eq visio*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "IMAGENAME eq tmlisten*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "SERVICES eq netmsmq*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "SERVICES eq sdrsvc*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "IMAGENAME eq ocautoupds*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "IMAGENAME eq backup*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "IMAGENAME eq zoolz*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "IMAGENAME eq sql*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "IMAGENAME eq excel*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "IMAGENAME eq encsvc*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "IMAGENAME eq xchange*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "IMAGENAME eq ocomm*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "IMAGENAME eq firefoxconfig*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "IMAGENAME eq infopath*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "IMAGENAME eq msaccess*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "IMAGENAME eq mspub*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "IMAGENAME eq ocssd*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "IMAGENAME eq onenote*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "IMAGENAME eq pccntmon*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "IMAGENAME eq mydesktop*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "IMAGENAME eq oracle*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "SERVICES eq ntrt*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "IMAGENAME eq synctime*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "IMAGENAME eq powerpnt*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "IMAGENAME eq outlook*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "IMAGENAME eq winword*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "SERVICES eq exchange*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "IMAGENAME eq cntaosmgr*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "IMAGENAME eq thebat*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "IMAGENAME eq thunderbird*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "SERVICES eq wbengine*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "SERVICES eq savadmin*"
  • '%WINDIR%\syswow64\taskkill.exe' /f /fi "IMAGENAME eq sqbcoreservice*"
Modifies file system
Creates the following files
  • C:\users\public\documents\1.bat
  • D:\readmeandcontact.txt
Miscellaneous
Searches for the following windows
  • ClassName: '' WindowName: ''
Creates and executes the following
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq veeam*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq msdts*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq acronis*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq pop3*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq pdvf*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq ntrt*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq resvc*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq report*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq sdrsvc*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq savadmin*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq sacsvr*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq swi_*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq xchange*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq exchange*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq snac*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq smcinst*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq monitor*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq sepmaster*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq tmlisten*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq truekey*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq ccsf*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq ui0detect*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq netmsmq*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq wrsvc*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq w3s*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq klnagent*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq smtp*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq smcservice*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq winword*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq xfssvccon*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq tmlisten*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq xchange*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq sql*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq zoolz*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq encsvc*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq excel*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq firefoxconfig*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq infopath*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq msaccess*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq mspub*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq mydesktop*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq ocautoupds*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq ocomm*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq backup*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq ocssd*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq oracle*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq outlook*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq powerpnt*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq sqbcoreservice*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq synctime*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq tbirdconfig*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq thunderbird*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq thebat*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq visio*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq ntrtscan*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq cntaosmgr*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq pccntmon*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq onenote*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq wbengine*"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c C:\Users\Public\Documents\1.bat' (with hidden window)
Executes the following
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq veeam*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq truekey*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq tmlisten*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq sepmaster*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq monitor*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq smcinst*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq smcservice*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq ccsf*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq smtp*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq swi_*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq sacsvr*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq savadmin*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq sdrsvc*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq report*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq resvc*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq snac*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq ui0detect*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq netmsmq*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq wrsvc*"
  • '%WINDIR%\syswow64\vssadmin.exe' resize shadowstorage /for=g: /on=g: /maxsize=unbounded
  • '%WINDIR%\syswow64\vssadmin.exe' resize shadowstorage /for=g: /on=g: /maxsize=401MB
  • '%WINDIR%\syswow64\vssadmin.exe' resize shadowstorage /for=f: /on=f: /maxsize=unbounded
  • '%WINDIR%\syswow64\vssadmin.exe' resize shadowstorage /for=f: /on=f: /maxsize=401MB
  • '%WINDIR%\syswow64\vssadmin.exe' resize shadowstorage /for=e: /on=e: /maxsize=unbounded
  • '%WINDIR%\syswow64\vssadmin.exe' resize shadowstorage /for=e: /on=e: /maxsize=401MB
  • '%WINDIR%\syswow64\vssadmin.exe' resize shadowstorage /for=d: /on=d: /maxsize=unbounded
  • '%WINDIR%\syswow64\vssadmin.exe' resize shadowstorage /for=d: /on=d: /maxsize=401MB
  • '%WINDIR%\syswow64\vssadmin.exe' resize shadowstorage /for=c: /on=c: /maxsize=unbounded
  • '%WINDIR%\syswow64\vssadmin.exe' resize shadowstorage /for=c: /on=c: /maxsize=401MB
  • '<SYSTEM32>\vssvc.exe'
  • '%WINDIR%\syswow64\cmd.exe' /c C:\Users\Public\Documents\1.bat
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq wbengine*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq klnagent*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq w3s*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq ntrt*"
  • '%WINDIR%\syswow64\vssadmin.exe' resize shadowstorage /for=h: /on=h: /maxsize=401MB
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq pdvf*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq acronis*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq ocssd*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq ocomm*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq ocautoupds*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq mydesktop*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq mspub*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq msaccess*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq onenote*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq infopath*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq excel*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq encsvc*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq zoolz*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq sql*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq xchange*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq backup*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq firefoxconfig*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq oracle*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq outlook*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq powerpnt*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq msdts*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq exchange*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq xchange*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq winword*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq xfssvccon*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq tmlisten*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq pccntmon*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq cntaosmgr*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq ntrtscan*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq visio*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq thebat*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq thunderbird*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq tbirdconfig*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq synctime*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "IMAGENAME eq sqbcoreservice*"
  • '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /fi "SERVICES eq pop3*"
  • '%WINDIR%\syswow64\vssadmin.exe' resize shadowstorage /for=h: /on=h: /maxsize=unbounded

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play