ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Trojan.MulDrop4.5548

Added to the Dr.Web virus database: 2012-10-12

Virus description added:

Technical Information

Malicious functions:
Creates and executes the following:
  • %PROGRAM_FILES%\weal\SYSFANS.EXE
  • %TEMP%\НшїЁµШЦ·РЮёД№¤ѕЯk-mac.exe
  • %TEMP%\ґт°ь.exe
Executes the following:
  • <SYSTEM32>\xcopy.exe /y "%PROGRAM_FILES%\weal\Favorites\═╝╞м╨┤╒ц.url" "<Drive name for removable media>:\My Documents\My Pictures"
  • <SYSTEM32>\xcopy.exe /y "%PROGRAM_FILES%\weal\Favorites\╥Ї└╓.url" "<Drive name for removable media>:\My Documents\My Music"
  • <SYSTEM32>\attrib.exe +h "%PROGRAM_FILES%\Internet Explorer\iexplore.exe" /S /D
  • <SYSTEM32>\xcopy.exe /y "%PROGRAM_FILES%\weal\Favorites\╬╥╡─╬─╡╡.url" "<Drive name for removable media>:\My Documents"
  • <SYSTEM32>\xcopy.exe /y "%PROGRAM_FILES%\weal\Favorites\╩╙╞╡.url" "<Drive name for removable media>:\My Documents\My Videos"
  • <SYSTEM32>\xcopy.exe /y "%PROGRAM_FILES%\weal\Favorites\*.*" "<Drive name for removable media>:\My Documents\Favorites"
  • <SYSTEM32>\cmd.exe /c ""%WINDIR%\temp\406000.bat" 程序运行参数"
  • <SYSTEM32>\xcopy.exe /y "%PROGRAM_FILES%\weal\Favorites\*.*" "<Drive name for removable media>:\Favorites"
  • <SYSTEM32>\xcopy.exe /y "%PROGRAM_FILES%\weal\Favorites\*.*" "%HOMEPATH%\Favorites"
Modifies file system :
Creates the following files:
  • %HOMEPATH%\Favorites\¶ЎПгіЙИЛЙзЗш - powered by phpwind.net.url
  • %HOMEPATH%\Favorites\¶ЎПгіЙИЛРЎЛµВЫМі Мм»кВЫМі.url
  • %HOMEPATH%\Favorites\±ЎГ«ГАЙЩЕ®[208MB-rmvb] - Ўх- У°КУЧчЖ· - Яд Яд °® - Mimibb.com - Powered by Discuz!.url
  • %HOMEPATH%\Favorites\[2008-08-14][ЗЧГЬЧјФ­ґґ] [ОЮВл] [AVI-854M] [±ЎГ«ГАЙЩЕ®] РВЗЧГЬ°®ИЛ- УАѕГНшЦ· 21mybbs.com.url
  • %HOMEPATH%\Favorites\°Щ¶ИТ»ПВЈ¬ДгѕНЦЄµА.url
  • %HOMEPATH%\Favorites\ј«У°¶ЇВюBT·ўІјЛчТэ.url
  • %HOMEPATH%\Favorites\ЎѕУ°КУјшЙНСЗЦЮ BT ОЮВлПВФШЎї - АцґєФ·ЗйЙ«ВЫМі - Powered by Discuz!.url
  • %HOMEPATH%\Favorites\іаВгЦР№ъ»¶У­Дъ.url
  • %HOMEPATH%\Favorites\¶цАЗВЫМі -- [їЄ·ЕЧўІбЦР] - Powered by Discuz!.url
  • %HOMEPATH%\Favorites\»ГµЖРг, »ГµЖРг, ·ЦПнПаЖ¬, ґґЧчНјЖ¬, ЧЁУГЅзГ湤ѕЯјЇ.url
  • %HOMEPATH%\Favorites\www.google.cn.url
  • %WINDIR%\Temp\406000.bat
  • %PROGRAM_FILES%\Internet Explorer\ures\Internet Explorer.url
  • %TEMP%\aut2.tmp
  • %PROGRAM_FILES%\weal\Internet Explorer.url
  • %PROGRAM_FILES%\weal\SYSFANS.EXE
  • %HOMEPATH%\Favorites\MSNЦР№ъ,MSN№Щ·ЅПВФШ,ЧоРВMSNПВФШ,MSN±Ј»¤¶Ь,Hotmail,Messenger,Spaces.url
  • %HOMEPATH%\Favorites\RayFile Гв·СНшВзУІЕМ wangzhy1986@qmsw@µкйLНЖЛ] Red Hot Fetish Collection Vol.70 і¬ГАЕ®¶юСЁђћЅ^ Т¶Цѕ·[ іхџoРЮХэ.rmvb.url
  • %HOMEPATH%\Favorites\97ccіЙИЛВЫМі 97cc97sese97іЙИЛ97ccВЫМі97seseіЙИЛ97ВЫМі97ccВЫМіѕНИҐЙ«Й«97cc - Powered by Discuz!.url
  • %PROGRAM_FILES%\Internet Explorer\Internet Explorer.url
  • %HOMEPATH%\Favorites\360¶И СЕ»ўИ«ДЬЛС.url
  • %HOMEPATH%\Favorites\ВхґеРФПўВЫМі(їЄ·ЕЧўІб).url
  • %HOMEPATH%\Favorites\УЧЕ®РґХжwww.jiqing321.cn.url
  • %HOMEPATH%\Favorites\УЧПгµЫ№ъ - Powered by Discuz!.url
  • %HOMEPATH%\Favorites\ТщУыКАјТ ТщУыКАјТЗйЙ«ВЫМіРФРЕПўВтґєѕ­АъБјјТёѕЕ®НЖјцС§П° - Powered by Discuz!.url
  • %HOMEPATH%\Favorites\РВАЛКЧТі.url
  • %HOMEPATH%\Favorites\ТфАЦ.url
  • %ALLUSERSPROFILE%\╫└├ц
  • %ALLUSERSPROFILE%\б╕┐к╩╝б╣▓╦╡е
  • %HOMEPATH%\Favorites\ґєЕЇ»ЁїЄ РФ°ЙУРДг Sex Bar (Sex8.CC) РФ°ЙКЗОТјТ ·ўХ№їїґујТ - Powered by Discuz!.url
  • %HOMEPATH%\Favorites\ЦРС§Йъ¤ОВ㤫ЈїЈЎ З§И~Ф®Ѕ» Ґў©`Ґ«Ґ¤ҐЦ.url
  • %HOMEPATH%\Favorites\ЦР№ъЦРСлµзКУМЁ CCTV.com.url
  • %HOMEPATH%\Favorites\РВ»ЄНш_ґ«ІҐЦР№ъ ±ЁµАКАЅз.url
  • %HOMEPATH%\Favorites\ИЛРФ±ѕЙ« ИЛРФ±ѕЙ«Ф­ґґRVBTУ°КУБЅРФЗйёР - Powered by Discuz!.url
  • %HOMEPATH%\Favorites\КУЖµ.url
  • %HOMEPATH%\Favorites\ИЛГсНш.url
  • %HOMEPATH%\Favorites\ГАЕ®ј¤ЗйРґХжЈ­ЧоХыЅаµДГАУЧНјЖ¬НшХѕ НшХѕКЧТі.url
  • %HOMEPATH%\Favorites\И«ЗтЦРОДіЙИЛФЪПЯ.url
  • %HOMEPATH%\Favorites\НшТЧ.url
  • %HOMEPATH%\Favorites\ОТµДОДµµ.url
  • %HOMEPATH%\Favorites\НјЖ¬РґХж.url
  • %HOMEPATH%\Favorites\ЛСєь-ЦР№ъЧоґуµДГЕ»§НшХѕ.url
  • %HOMEPATH%\Favorites\МЪС¶КЧТі.url
  • %PROGRAM_FILES%\weal\Favorites\¶цАЗВЫМі -- [їЄ·ЕЧўІбЦР] - Powered by Discuz!.url
  • %PROGRAM_FILES%\weal\Favorites\[2008-08-14][ЗЧГЬЧјФ­ґґ] [ОЮВл] [AVI-854M] [±ЎГ«ГАЙЩЕ®] РВЗЧГЬ°®ИЛ- УАѕГНшЦ· 21mybbs.com.url
  • %PROGRAM_FILES%\weal\Favorites\ЎѕУ°КУјшЙНСЗЦЮ BT ОЮВлПВФШЎї - АцґєФ·ЗйЙ«ВЫМі - Powered by Discuz!.url
  • %PROGRAM_FILES%\weal\Favorites\www.google.cn.url
  • %PROGRAM_FILES%\weal\Favorites\MSNЦР№ъ,MSN№Щ·ЅПВФШ,ЧоРВMSNПВФШ,MSN±Ј»¤¶Ь,Hotmail,Messenger,Spaces.url
  • %PROGRAM_FILES%\weal\Favorites\RayFile Гв·СНшВзУІЕМ wangzhy1986@qmsw@µкйLНЖЛ] Red Hot Fetish Collection Vol.70 і¬ГАЕ®¶юСЁђћЅ^ Т¶Цѕ·[ іхџoРЮХэ.rmvb.url
  • %PROGRAM_FILES%\weal\Favorites\ЦРС§Йъ¤ОВ㤫ЈїЈЎ З§И~Ф®Ѕ» Ґў©`Ґ«Ґ¤ҐЦ.url
  • %PROGRAM_FILES%\weal\Favorites\ИЛРФ±ѕЙ« ИЛРФ±ѕЙ«Ф­ґґRVBTУ°КУБЅРФЗйёР - Powered by Discuz!.url
  • %PROGRAM_FILES%\weal\Favorites\ЦР№ъЦРСлµзКУМЁ CCTV.com.url
  • %PROGRAM_FILES%\weal\Favorites\¶ЎПгіЙИЛРЎЛµВЫМі Мм»кВЫМі.url
  • %PROGRAM_FILES%\weal\Favorites\¶ЎПгіЙИЛЙзЗш - powered by phpwind.net.url
  • %PROGRAM_FILES%\weal\Favorites\97ccіЙИЛВЫМі 97cc97sese97іЙИЛ97ccВЫМі97seseіЙИЛ97ВЫМі97ccВЫМіѕНИҐЙ«Й«97cc - Powered by Discuz!.url
  • %TEMP%\20120924200312140~YingInstall-Language.ini
  • %TEMP%\20120924200312140~YingInstall-TopFramePicture.bmp
  • %TEMP%\YingInstall20120924200312140.xml
  • %TEMP%\ґт°ь.exe
  • %TEMP%\НшїЁµШЦ·РЮёД№¤ѕЯk-mac.exe
  • <SYSTEM32>\YingInstall\409.ini
  • %PROGRAM_FILES%\weal\Favorites\360¶И СЕ»ўИ«ДЬЛС.url
  • %WINDIR%\Ying-UnInstall.exe
  • %TEMP%\20120924200312140~YingInstall-WelcomeWndPicture.bmp
  • %TEMP%\20120924200312140~YingInstall-SoftDoc.HTM
  • %PROGRAM_FILES%\weal\Favorites\ИЛГсНш.url
  • %PROGRAM_FILES%\weal\Favorites\ГАЕ®ј¤ЗйРґХжЈ­ЧоХыЅаµДГАУЧНјЖ¬НшХѕ НшХѕКЧТі.url
  • %PROGRAM_FILES%\weal\Favorites\МЪС¶КЧТі.url
  • %PROGRAM_FILES%\weal\Favorites\НшТЧ.url
  • %PROGRAM_FILES%\weal\Favorites\ТщУыКАјТ ТщУыКАјТЗйЙ«ВЫМіРФРЕПўВтґєѕ­АъБјјТёѕЕ®НЖјцС§П° - Powered by Discuz!.url
  • %PROGRAM_FILES%\weal\Favorites\°Щ¶ИТ»ПВЈ¬ДгѕНЦЄµА.url
  • %PROGRAM_FILES%\weal\Favorites\ВхґеРФПўВЫМі(їЄ·ЕЧўІб).url
  • %PROGRAM_FILES%\weal\Favorites\ТфАЦ.url
  • %PROGRAM_FILES%\weal\Favorites\іаВгЦР№ъ»¶У­Дъ.url
  • %PROGRAM_FILES%\weal\Favorites\±ЎГ«ГАЙЩЕ®[208MB-rmvb] - Ўх- У°КУЧчЖ· - Яд Яд °® - Mimibb.com - Powered by Discuz!.url
  • %PROGRAM_FILES%\weal\Favorites\КУЖµ.url
  • %PROGRAM_FILES%\weal\Favorites\ј«У°¶ЇВюBT·ўІјЛчТэ.url
  • %PROGRAM_FILES%\weal\Favorites\УЧЕ®РґХжwww.jiqing321.cn.url
  • %PROGRAM_FILES%\weal\Favorites\УЧПгµЫ№ъ - Powered by Discuz!.url
  • %PROGRAM_FILES%\weal\Favorites\»ГµЖРг, »ГµЖРг, ·ЦПнПаЖ¬, ґґЧчНјЖ¬, ЧЁУГЅзГ湤ѕЯјЇ.url
  • %PROGRAM_FILES%\weal\Favorites\И«ЗтЦРОДіЙИЛФЪПЯ.url
  • %PROGRAM_FILES%\weal\Favorites\НјЖ¬РґХж.url
  • %PROGRAM_FILES%\weal\Favorites\РВАЛКЧТі.url
  • %PROGRAM_FILES%\weal\Favorites\ґєЕЇ»ЁїЄ РФ°ЙУРДг Sex Bar (Sex8.CC) РФ°ЙКЗОТјТ ·ўХ№їїґујТ - Powered by Discuz!.url
  • %PROGRAM_FILES%\weal\Favorites\РВ»ЄНш_ґ«ІҐЦР№ъ ±ЁµАКАЅз.url
  • %PROGRAM_FILES%\weal\Favorites\ОТµДОДµµ.url
  • %PROGRAM_FILES%\weal\Favorites\ЛСєь-ЦР№ъЧоґуµДГЕ»§НшХѕ.url
Deletes the following files:
  • %PROGRAM_FILES%\weal\Favorites\¶ЎПгіЙИЛЙзЗш - powered by phpwind.net.url
  • %PROGRAM_FILES%\weal\Favorites\¶ЎПгіЙИЛРЎЛµВЫМі Мм»кВЫМі.url
  • %PROGRAM_FILES%\weal\Favorites\°Щ¶ИТ»ПВЈ¬ДгѕНЦЄµА.url
  • %PROGRAM_FILES%\weal\Favorites\±ЎГ«ГАЙЩЕ®[208MB-rmvb] - Ўх- У°КУЧчЖ· - Яд Яд °® - Mimibb.com - Powered by Discuz!.url
  • %PROGRAM_FILES%\weal\Favorites\¶цАЗВЫМі -- [їЄ·ЕЧўІбЦР] - Powered by Discuz!.url
  • %PROGRAM_FILES%\weal\Favorites\ЎѕУ°КУјшЙНСЗЦЮ BT ОЮВлПВФШЎї - АцґєФ·ЗйЙ«ВЫМі - Powered by Discuz!.url
  • %PROGRAM_FILES%\weal\Favorites\ВхґеРФПўВЫМі(їЄ·ЕЧўІб).url
  • %PROGRAM_FILES%\weal\Favorites\іаВгЦР№ъ»¶У­Дъ.url
  • %PROGRAM_FILES%\weal\Favorites\ј«У°¶ЇВюBT·ўІјЛчТэ.url
  • %PROGRAM_FILES%\weal\Favorites\[2008-08-14][ЗЧГЬЧјФ­ґґ] [ОЮВл] [AVI-854M] [±ЎГ«ГАЙЩЕ®] РВЗЧГЬ°®ИЛ- УАѕГНшЦ· 21mybbs.com.url
  • %PROGRAM_FILES%\weal\Internet Explorer.url
  • %PROGRAM_FILES%\weal\SYSFANS.EXE
  • %HOMEPATH%\Favorites\ЦР№ъЦРСлµзКУМЁ CCTV.com.url
  • %HOMEPATH%\Favorites\ґєЕЇ»ЁїЄ РФ°ЙУРДг Sex Bar (Sex8.CC) РФ°ЙКЗОТјТ ·ўХ№їїґујТ - Powered by Discuz!.url
  • %PROGRAM_FILES%\weal\Favorites\360¶И СЕ»ўИ«ДЬЛС.url
  • %PROGRAM_FILES%\weal\Favorites\RayFile Гв·СНшВзУІЕМ wangzhy1986@qmsw@µкйLНЖЛ] Red Hot Fetish Collection Vol.70 і¬ГАЕ®¶юСЁђћЅ^ Т¶Цѕ·[ іхџoРЮХэ.rmvb.url
  • %PROGRAM_FILES%\weal\Favorites\www.google.cn.url
  • %PROGRAM_FILES%\weal\Favorites\97ccіЙИЛВЫМі 97cc97sese97іЙИЛ97ccВЫМі97seseіЙИЛ97ВЫМі97ccВЫМіѕНИҐЙ«Й«97cc - Powered by Discuz!.url
  • %PROGRAM_FILES%\weal\Favorites\MSNЦР№ъ,MSN№Щ·ЅПВФШ,ЧоРВMSNПВФШ,MSN±Ј»¤¶Ь,Hotmail,Messenger,Spaces.url
  • %PROGRAM_FILES%\weal\Favorites\ТфАЦ.url
  • %PROGRAM_FILES%\weal\Favorites\ТщУыКАјТ ТщУыКАјТЗйЙ«ВЫМіРФРЕПўВтґєѕ­АъБјјТёѕЕ®НЖјцС§П° - Powered by Discuz!.url
  • %PROGRAM_FILES%\weal\Favorites\РВ»ЄНш_ґ«ІҐЦР№ъ ±ЁµАКАЅз.url
  • %PROGRAM_FILES%\weal\Favorites\РВАЛКЧТі.url
  • %PROGRAM_FILES%\weal\Favorites\УЧЕ®РґХжwww.jiqing321.cn.url
  • %PROGRAM_FILES%\weal\Favorites\ЦР№ъЦРСлµзКУМЁ CCTV.com.url
  • %PROGRAM_FILES%\weal\Favorites\ґєЕЇ»ЁїЄ РФ°ЙУРДг Sex Bar (Sex8.CC) РФ°ЙКЗОТјТ ·ўХ№їїґујТ - Powered by Discuz!.url
  • %PROGRAM_FILES%\weal\Favorites\УЧПгµЫ№ъ - Powered by Discuz!.url
  • %PROGRAM_FILES%\weal\Favorites\ЦРС§Йъ¤ОВ㤫ЈїЈЎ З§И~Ф®Ѕ» Ґў©`Ґ«Ґ¤ҐЦ.url
  • %PROGRAM_FILES%\weal\Favorites\ОТµДОДµµ.url
  • %PROGRAM_FILES%\weal\Favorites\ИЛГсНш.url
  • %PROGRAM_FILES%\weal\Favorites\ИЛРФ±ѕЙ« ИЛРФ±ѕЙ«Ф­ґґRVBTУ°КУБЅРФЗйёР - Powered by Discuz!.url
  • %PROGRAM_FILES%\weal\Favorites\ГАЕ®ј¤ЗйРґХжЈ­ЧоХыЅаµДГАУЧНјЖ¬НшХѕ НшХѕКЧТі.url
  • %PROGRAM_FILES%\weal\Favorites\И«ЗтЦРОДіЙИЛФЪПЯ.url
  • %PROGRAM_FILES%\weal\Favorites\КУЖµ.url
  • %PROGRAM_FILES%\weal\Favorites\НјЖ¬РґХж.url
  • %PROGRAM_FILES%\weal\Favorites\НшТЧ.url
  • %PROGRAM_FILES%\weal\Favorites\ЛСєь-ЦР№ъЧоґуµДГЕ»§НшХѕ.url
  • %PROGRAM_FILES%\weal\Favorites\МЪС¶КЧТі.url
  • %HOMEPATH%\Favorites\°Щ¶ИТ»ПВЈ¬ДгѕНЦЄµА.url
  • %HOMEPATH%\Favorites\±ЎГ«ГАЙЩЕ®[208MB-rmvb] - Ўх- У°КУЧчЖ· - Яд Яд °® - Mimibb.com - Powered by Discuz!.url
  • %HOMEPATH%\Favorites\www.google.cn.url
  • %HOMEPATH%\Favorites\[2008-08-14][ЗЧГЬЧјФ­ґґ] [ОЮВл] [AVI-854M] [±ЎГ«ГАЙЩЕ®] РВЗЧГЬ°®ИЛ- УАѕГНшЦ· 21mybbs.com.url
  • %HOMEPATH%\Favorites\¶ЎПгіЙИЛЙзЗш - powered by phpwind.net.url
  • %HOMEPATH%\Favorites\іаВгЦР№ъ»¶У­Дъ.url
  • %HOMEPATH%\Favorites\ј«У°¶ЇВюBT·ўІјЛчТэ.url
  • %HOMEPATH%\Favorites\¶ЎПгіЙИЛРЎЛµВЫМі Мм»кВЫМі.url
  • %HOMEPATH%\Favorites\¶цАЗВЫМі -- [їЄ·ЕЧўІбЦР] - Powered by Discuz!.url
  • %HOMEPATH%\Favorites\RayFile Гв·СНшВзУІЕМ wangzhy1986@qmsw@µкйLНЖЛ] Red Hot Fetish Collection Vol.70 і¬ГАЕ®¶юСЁђћЅ^ Т¶Цѕ·[ іхџoРЮХэ.rmvb.url
  • %TEMP%\20120924200312140~YingInstall-Language.ini
  • %TEMP%\20120924200312140~YingInstall-TopFramePicture.bmp
  • %TEMP%\aut2.tmp
  • %TEMP%\YingInstall20120924200312140.xml
  • %TEMP%\20120924200312140~YingInstall-WelcomeWndPicture.bmp
  • %HOMEPATH%\Favorites\97ccіЙИЛВЫМі 97cc97sese97іЙИЛ97ccВЫМі97seseіЙИЛ97ВЫМі97ccВЫМіѕНИҐЙ«Й«97cc - Powered by Discuz!.url
  • %HOMEPATH%\Favorites\MSNЦР№ъ,MSN№Щ·ЅПВФШ,ЧоРВMSNПВФШ,MSN±Ј»¤¶Ь,Hotmail,Messenger,Spaces.url
  • %TEMP%\20120924200312140~YingInstall-SoftDoc.HTM
  • %HOMEPATH%\Favorites\360¶И СЕ»ўИ«ДЬЛС.url
  • %HOMEPATH%\Favorites\РВ»ЄНш_ґ«ІҐЦР№ъ ±ЁµАКАЅз.url
  • %HOMEPATH%\Favorites\РВАЛКЧТі.url
  • %HOMEPATH%\Favorites\НшТЧ.url
  • %HOMEPATH%\Favorites\ОТµДОДµµ.url
  • %HOMEPATH%\Favorites\ТфАЦ.url
  • %HOMEPATH%\Favorites\УЧПгµЫ№ъ - Powered by Discuz!.url
  • %HOMEPATH%\Favorites\ЦРС§Йъ¤ОВ㤫ЈїЈЎ З§И~Ф®Ѕ» Ґў©`Ґ«Ґ¤ҐЦ.url
  • %HOMEPATH%\Favorites\ТщУыКАјТ ТщУыКАјТЗйЙ«ВЫМіРФРЕПўВтґєѕ­АъБјјТёѕЕ®НЖјцС§П° - Powered by Discuz!.url
  • %HOMEPATH%\Favorites\УЧЕ®РґХжwww.jiqing321.cn.url
  • %HOMEPATH%\Favorites\НјЖ¬РґХж.url
  • %HOMEPATH%\Favorites\ГАЕ®ј¤ЗйРґХжЈ­ЧоХыЅаµДГАУЧНјЖ¬НшХѕ НшХѕКЧТі.url
  • %HOMEPATH%\Favorites\И«ЗтЦРОДіЙИЛФЪПЯ.url
  • %HOMEPATH%\Favorites\ЎѕУ°КУјшЙНСЗЦЮ BT ОЮВлПВФШЎї - АцґєФ·ЗйЙ«ВЫМі - Powered by Discuz!.url
  • %HOMEPATH%\Favorites\ВхґеРФПўВЫМі(їЄ·ЕЧўІб).url
  • %HOMEPATH%\Favorites\ИЛГсНш.url
  • %HOMEPATH%\Favorites\ЛСєь-ЦР№ъЧоґуµДГЕ»§НшХѕ.url
  • %HOMEPATH%\Favorites\МЪС¶КЧТі.url
  • %HOMEPATH%\Favorites\ИЛРФ±ѕЙ« ИЛРФ±ѕЙ«Ф­ґґRVBTУ°КУБЅРФЗйёР - Powered by Discuz!.url
  • %HOMEPATH%\Favorites\КУЖµ.url
Miscellaneous:
Searches for the following windows:
  • ClassName: 'MS_WebcheckMonitor' WindowName: ''
  • ClassName: 'MS_AutodialMonitor' WindowName: ''
  • ClassName: 'Shell_TrayWnd' WindowName: ''

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play