マイライブラリ
マイライブラリ

+ マイライブラリに追加

電話

お問い合わせ履歴

電話(英語)

+7 (495) 789-45-86

Profile

Trojan.Encoder.31670

Added to the Dr.Web virus database: 2020-04-27

Virus description added:

Technical Information

Modifies file system
Creates the following files
  • C:\users\all users\adobe\arm\reader_15.007.20033\readerdcmanifest.msi
  • C:\users\all users\microsoft\windows\start menu\programs\maintenance\remote assistance.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\maintenance\create recovery disc.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\maintenance\backup and restore center.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\k-lite codec pack\uninstall\uninstall k-lite codec pack.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\k-lite codec pack\tools\win7dsfiltertweaker.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\k-lite codec pack\tools\mediainfo.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\k-lite codec pack\tools\haali muxer.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\k-lite codec pack\configuration\lav splitter (x64).lnk
  • C:\users\all users\microsoft\windows\start menu\programs\k-lite codec pack\tools\graphstudionext.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\k-lite codec pack\help\frequently asked questions.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\k-lite codec pack\configuration\xvid vfw.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\k-lite codec pack\configuration\x264 vfw (x86).lnk
  • C:\users\all users\microsoft\windows\start menu\programs\k-lite codec pack\configuration\x264 vfw (x64).lnk
  • C:\users\all users\microsoft\windows\start menu\programs\k-lite codec pack\configuration\reset to recommended settings.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\k-lite codec pack\configuration\lav video.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\k-lite codec pack\configuration\lav video (x64).lnk
  • C:\users\all users\microsoft\windows\start menu\programs\k-lite codec pack\tools\graphstudionext (x64).lnk
  • C:\users\all users\microsoft\windows\start menu\programs\k-lite codec pack\configuration\lav splitter.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\microsoft .net framework sdk v1.1\documentation.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\microsoft office\microsoft publisher 2010.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\mirc\ircintro help.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\microsoft office\microsoft office 2010 tools\microsoft office picture manager.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\microsoft office\microsoft office 2010 tools\microsoft office 2010 upload center.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\microsoft office\microsoft office 2010 tools\microsoft office 2010 language preferences.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\microsoft office\microsoft office 2010 tools\microsoft clip organizer.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\microsoft office\microsoft office 2010 tools\digital certificate for vba projects.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\microsoft office\microsoft word 2010.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\microsoft .net framework sdk v1.1\tools.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\microsoft .net framework sdk v1.1\overview.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\microsoft office\microsoft powerpoint 2010.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\microsoft office\microsoft outlook 2010.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\microsoft office\microsoft onenote 2010.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\microsoft office\microsoft infopath filler 2010.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\microsoft office\microsoft infopath designer 2010.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\microsoft office\microsoft excel 2010.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\microsoft office\microsoft access 2010.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\microsoft office\microsoft sharepoint workspace 2010.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\k-lite codec pack\configuration\lav audio.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\k-lite codec pack\configuration\ffdshow vfw interface.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\mirc\mirc.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\accessories\windows powershell\windows powershell.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\administrative tools\memory diagnostics tool.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\administrative tools\iscsi initiator.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\administrative tools\event viewer.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\administrative tools\data sources (odbc).lnk
  • C:\users\all users\microsoft\windows\start menu\programs\administrative tools\computer management.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\administrative tools\component services.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\administrative tools\print management.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\administrative tools\performance monitor.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\administrative tools\microsoft .net framework 1.1 configuration.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\accessories\windows powershell\windows powershell (x86).lnk
  • C:\users\all users\microsoft\windows\start menu\programs\accessories\tablet pc\windows journal.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\accessories\tablet pc\tabtip.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\accessories\tablet pc\shapecollector.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\accessories\system tools\windows easy transfer.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\accessories\system tools\windows easy transfer reports.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\accessories\windows powershell\windows powershell ise (x86).lnk
  • C:\users\all users\microsoft\windows\start menu\programs\administrative tools\security configuration management.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\k-lite codec pack\configuration\ffdshow vfw interface (x64).lnk
  • C:\users\all users\microsoft\windows\start menu\programs\mirc\mirc help.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\administrative tools\microsoft .net framework 1.1 wizards.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\k-lite codec pack\configuration\directvobsub.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\k-lite codec pack\configuration\directvobsub (x64).lnk
  • C:\users\all users\microsoft\windows\start menu\programs\k-lite codec pack\media player classic.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\k-lite codec pack\codec tweak tool.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\java\visit java.com.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\java\get help.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\java\configure java.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\java\check for updates.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\java\about java.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\google chrome\google chrome.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\games\gameexplorer.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\administrative tools\windows powershell modules.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\administrative tools\windows firewall with advanced security.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\administrative tools\task scheduler.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\administrative tools\system configuration.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\administrative tools\services.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\k-lite codec pack\configuration\lav audio (x64).lnk
  • C:\users\all users\microsoft\windows\ringtones\ringtone 01.wma
  • C:\users\all users\microsoft\windows\start menu\programs\mirc\readme.txt.lnk
  • C:\users\all users\package cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\vc_redist.x86.exe
  • C:\users\all users\package cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm
  • C:\users\all users\package cache\{6c95b50e-cb5a-4a1f-a7b4-8a6004f8dd6a}\vcredist_x86.exe
  • C:\users\all users\package cache\{6c95b50e-cb5a-4a1f-a7b4-8a6004f8dd6a}\state.rsm
  • C:\users\all users\package cache\{615bc16d-60f5-482e-91b3-b51d8130963b}\vcredist_x86.exe
  • C:\users\all users\package cache\{615bc16d-60f5-482e-91b3-b51d8130963b}\state.rsm
  • C:\users\all users\package cache\{51adbf11-493f-431c-a862-967a0fae2944}\vcredist_x64.exe
  • C:\users\all users\package cache\{a2199617-3609-410f-a8e8-e8806c73545b}\state.rsm
  • C:\users\all users\package cache\{51adbf11-493f-431c-a862-967a0fae2944}\state.rsm
  • C:\users\all users\package cache\{35459b22-19a6-44ec-8d34-27eb3131acac}\state.rsm
  • C:\users\all users\package cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
  • C:\users\all users\package cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
  • C:\users\all users\package cache\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\vcredist_x86.exe
  • C:\users\all users\package cache\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\state.rsm
  • C:\users\all users\package cache\{0d3e9e15-de7a-300b-96f1-b4af12b96488}v14.0.23026\packages\vcruntimeminimum_amd64\vc_runtimeminimum_x64.msi
  • C:\users\all users\package cache\{0d3e9e15-de7a-300b-96f1-b4af12b96488}v14.0.23026\packages\vcruntimeminimum_amd64\cab1.cab
  • C:\users\all users\package cache\{35459b22-19a6-44ec-8d34-27eb3131acac}\vcredist_x64.exe
  • C:\users\all users\package cache\{a2199617-3609-410f-a8e8-e8806c73545b}\vcredist_x64.exe
  • C:\users\all users\package cache\{a2563e55-3bec-3828-8d67-e5e8b9e8b675}v14.0.23026\packages\vcruntimeminimum_x86\cab1.cab
  • C:\users\all users\package cache\{a2563e55-3bec-3828-8d67-e5e8b9e8b675}v14.0.23026\packages\vcruntimeminimum_x86\vc_runtimeminimum_x86.msi
  • C:\users\all users\sun\java\java update\jaureglist.xml
  • C:\users\all users\package cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
  • C:\users\all users\package cache\{f65db027-aff3-4070-886a-0d87064aabb1}\state.rsm
  • C:\users\all users\package cache\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}\vcredist_x86.exe
  • C:\users\all users\package cache\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}\state.rsm
  • C:\users\all users\package cache\{e46eca4f-393b-40df-9f49-076faf788d83}\vc_redist.x64.exe
  • C:\users\all users\package cache\{e46eca4f-393b-40df-9f49-076faf788d83}\state.rsm
  • C:\users\all users\package cache\{dde2682b-961a-41ea-8d44-6005991b7947}\vcredist_x64.exe
  • C:\users\all users\package cache\{dde2682b-961a-41ea-8d44-6005991b7947}\state.rsm
  • C:\users\all users\package cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
  • C:\users\all users\package cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\state.rsm
  • C:\users\all users\package cache\{be960c1c-7bad-3de6-8b1a-2616fe532845}v14.0.23026\packages\vcruntimeadditional_x86\vc_runtimeadditional_x86.msi
  • C:\users\all users\package cache\{be960c1c-7bad-3de6-8b1a-2616fe532845}v14.0.23026\packages\vcruntimeadditional_x86\cab1.cab
  • C:\users\all users\package cache\{bc958bd2-5dac-3862-bb1a-c1be0790438d}v14.0.23026\packages\vcruntimeadditional_amd64\vc_runtimeadditional_x64.msi
  • C:\users\all users\package cache\{bc958bd2-5dac-3862-bb1a-c1be0790438d}v14.0.23026\packages\vcruntimeadditional_amd64\cab1.cab
  • C:\users\all users\package cache\{b55f7208-e02b-4828-ac78-59c73ddf5bc7}\vcredist_x86.exe
  • C:\users\all users\package cache\{b55f7208-e02b-4828-ac78-59c73ddf5bc7}\state.rsm
  • C:\users\all users\package cache\{0f12c81f-93ef-46ec-bc94-d952c1a775d4}\vcredist_x64.exe
  • C:\users\all users\microsoft\windows\start menu\programs\accessories\system tools\task scheduler.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\accessories\windows powershell\windows powershell ise.lnk
  • C:\users\all users\package cache\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\state.rsm
  • C:\users\all users\microsoft\windows\wer\reportqueue\appcrash_autokms.exe_efd62e343880604c4145a2e4462f8c532327bc70_099489dd\report.wer
  • C:\users\all users\microsoft\windows\wer\reportqueue\appcrash_autokms.exe_efd62e343880604c4145a2e4462f8c532327bc70_088cc9f7\report.wer
  • C:\users\all users\microsoft\windows\start menu\programs\winrar\winrar.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\winrar\winrar help.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\winrar\what is new in the latest version.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\winrar\console rar manual.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\winamp\winamp.lnk
  • C:\users\all users\microsoft\windows\wer\reportqueue\noncritical_x64_5d5d8b7c1982ab7c66cf747e7b18b39e2441a_cab_073d8027\report.wer
  • C:\users\all users\microsoft\windows\start menu\programs\winamp\winamp (safe mode).lnk
  • C:\users\all users\microsoft\windows\start menu\programs\winamp\uninstall winamp.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\steam\steam.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\steam\steam support center.url
  • C:\users\all users\microsoft\windows\start menu\programs\sharepoint\microsoft sharepoint workspace 2010.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\qip 2012\uninstall qip 2012.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\qip 2012\qip 2012.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\qip 2012\qip 2012 on the web.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\winamp\what's new.lnk
  • C:\users\all users\microsoft\windows\wer\reportqueue\noncritical_x64_d473a376adfb18a7b165c5e3c26de43cd8bccb_cab_079d8596\dmi8538.tmp.log.xml
  • C:\users\all users\microsoft\windows\wer\reportqueue\noncritical_x64_d473a376adfb18a7b165c5e3c26de43cd8bccb_cab_079d8596\report.wer
  • C:\users\all users\microsoft\windows\wer\reportqueue\noncritical_x64_4a8ed64bf1962bf234c1a7153259451034e674_cab_0731c4f1\report.wer
  • C:\users\all users\oracle\java\javapath\javaw.exe
  • C:\users\all users\oracle\java\javapath\javaws.exe
  • C:\users\all users\oracle\java\javapath\java.exe
  • C:\users\all users\package cache\42d5bec7ddfbd49e76467529cbc2868987bf8460\packages\patch\x64\windows6.1-kb2999226-x64.msu
  • C:\users\all users\oracle\java\installcache_x64\baseimagefam8
  • C:\users\all users\mozilla\logs\maintenanceservice-uninstall.log
  • C:\users\all users\mozilla\logs\maintenanceservice-install.log
  • C:\users\all users\microsoft toolkit\settings.xml
  • C:\users\all users\microsoft\windows defender\support\mplog-07132009-221054.log
  • C:\users\all users\microsoft\windows defender\definition updates\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\mpengine.dll
  • C:\users\all users\microsoft\windows\wer\reportqueue\appcrash_autokms.exe_efd62e343880604c4145a2e4462f8c532327bc70_cab_0841821b\wer5cc2.tmp.werinternalmetadata.xml
  • C:\users\all users\microsoft\windows\wer\reportqueue\appcrash_autokms.exe_efd62e343880604c4145a2e4462f8c532327bc70_cab_0841821b\report.wer
  • C:\users\all users\microsoft\windows\wer\reportqueue\appcrash_autokms.exe_efd62e343880604c4145a2e4462f8c532327bc70_cab_0841821b\wer7f7e.tmp.mdmp
  • C:\users\all users\microsoft\windows\wer\reportqueue\appcrash_autokms.exe_efd62e343880604c4145a2e4462f8c532327bc70_cab_0841821b\wer5cd2.tmp.hdmp
  • C:\users\all users\microsoft\windows\wer\reportqueue\appcrash_autokms.exe_efd62e343880604c4145a2e4462f8c532327bc70_cab_0841821b\wer5c82.tmp.appcompat.txt
  • C:\users\all users\microsoft\windows defender\definition updates\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\mpasdlta.vdm
  • C:\users\all users\microsoft\windows defender\definition updates\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\mpasbase.vdm
  • C:\users\all users\package cache\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\vcredist_x86.exe
  • C:\users\all users\microsoft\windows\start menu\programs\mirc\versions.txt.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\accessories\system tools\system restore.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\accessories\system tools\disk cleanup.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\accessories\system tools\system information.lnk
  • C:\users\all users\microsoft\office\uicaptions\1036\ppintl.dll.trx_dll
  • C:\users\all users\microsoft\office\uicaptions\1036\sgres.dll.trx_dll
  • C:\users\all users\microsoft\office\uicaptions\1036\visbrres.dll.trx_dll
  • C:\users\all users\microsoft\office\uicaptions\1036\pubwzint.rest.trx_dll
  • C:\users\all users\microsoft\office\uicaptions\1036\pub6intl.rest.trx_dll
  • C:\users\all users\microsoft\office\uicaptions\1036\pub6intl.dll.trx_dll
  • C:\users\all users\microsoft\office\uicaptions\1036\ppintl.rest.trx_dll
  • C:\users\all users\microsoft\office\uicaptions\1036\wwintl.rest.trx_dll
  • C:\users\all users\microsoft\office\uicaptions\1036\xlintl32.rest.trx_dll
  • C:\users\all users\microsoft\office\uicaptions\1036\visintl.dll.trx_dll
  • C:\users\all users\microsoft\search\data\applications\windows\gatherlogs\systemindex\systemindex.1.crwl
  • C:\users\all users\microsoft\office\uicaptions\1036\xlintl32.dll.trx_dll
  • C:\users\all users\microsoft\office\uicaptions\1036\xlslicer.dll.trx_dll
  • C:\users\all users\microsoft\search\data\applications\windows\windows.edb
  • C:\users\all users\microsoft\search\data\applications\windows\mssres00002.jrs
  • C:\users\all users\microsoft\search\data\applications\windows\mssres00001.jrs
  • C:\users\all users\microsoft\office\uicaptions\1036\outllibr.rest.trx_dll
  • C:\users\all users\microsoft\office\uicaptions\1036\wwintl.dll.trx_dll
  • C:\users\all users\microsoft\office\uicaptions\3082\xlintl32.dll.trx_dll
  • C:\users\all users\microsoft\search\data\applications\windows\mss00002.log
  • C:\users\all users\microsoft\search\data\applications\windows\mss.chk
  • C:\users\all users\microsoft\office\uicaptions\3082\xlintl32.rest.trx_dll
  • C:\users\all users\microsoft\office\uicaptions\3082\xlslicer.dll.trx_dll
  • C:\users\all users\microsoft\office\uicaptions\3082\grintl32.rest.trx_dll
  • C:\users\all users\microsoft\office\uicaptions\3082\msointl.rest.trx_dll
  • C:\users\all users\microsoft\office\uicaptions\3082\stintl.dll.trx_dll
  • C:\users\all users\microsoft\user account pictures\user.dat
  • C:\users\all users\microsoft\user account pictures\user.bmp
  • C:\users\all users\microsoft\user account pictures\guest.bmp
  • C:\users\all users\microsoft\search\data\applications\windows\projects\systemindex\secstore\cist0000.002
  • C:\users\all users\microsoft\search\data\applications\windows\projects\systemindex\secstore\cist0000.001
  • C:\users\all users\microsoft\search\data\applications\windows\projects\systemindex\secstore\cist0000.000
  • C:\users\all users\microsoft\rac\statedata\racwmidatabookmarks.dat
  • C:\users\all users\microsoft\rac\statedata\racdatabase.sdf
  • C:\users\all users\microsoft\rac\statedata\racwmieventdata.dat
  • C:\users\all users\microsoft\rac\statedata\racmetadata.dat
  • C:\users\all users\microsoft\search\data\applications\windows\gatherlogs\systemindex\systemindex.1.gthr
  • C:\users\all users\microsoft\office\uicaptions\1036\outlwvw.dll.trx_dll
  • %LOCALAPPDATA%\google\chrome\user data\default\web applications\_crx_aohghmighlieiainnegkcijnfilokake\документы google.ico
  • C:\users\all users\microsoft\office\uicaptions\3082\wwintl.rest.trx_dll
  • C:\users\all users\microsoft\rac\publisheddata\racwmidatabase.sdf
  • C:\users\all users\microsoft\ilscache\ilrcache.xml
  • C:\users\all users\microsoft\ilscache\imcrcache.xml
  • C:\users\all users\microsoft\identitycrl\ppcrlui.dll
  • C:\users\all users\microsoft\identitycrl\ppcrlconfig.dll
  • C:\users\all users\microsoft\mf\pending.grl
  • C:\users\all users\microsoft\mf\active.grl
  • C:\users\all users\microsoft\network\downloader\qmgr1.dat
  • C:\users\all users\adobe\setup\{ac76ba86-7ad7-1033-7b44-ac0f074e4100}\setup.ini
  • C:\users\all users\adobe\setup\{ac76ba86-7ad7-1033-7b44-ac0f074e4100}\acrordrdcupd1500820082.msp
  • C:\users\all users\adobe\setup\{ac76ba86-7ad7-1033-7b44-ac0f074e4100}\data1.cab
  • C:\users\all users\adobe\setup\{ac76ba86-7ad7-1033-7b44-ac0f074e4100}\acroread.msi
  • C:\users\all users\adobe\setup\{ac76ba86-7ad7-1033-7b44-ac0f074e4100}\setup.exe
  • C:\users\all users\adobe\arm\s\armmanifest.msi
  • C:\users\all users\adobe\arm\s\10428\adobearmhelper.exe
  • C:\users\all users\adobe\arm\reader_15.007.20033\acrordrdcupd1500920077.msp
  • C:\users\all users\adobe\setup\{ac76ba86-7ad7-1033-7b44-ac0f074e4100}\abcpy.ini
  • C:\users\all users\microsoft\office\documentrepository.ico
  • C:\users\all users\microsoft\network\downloader\qmgr0.dat
  • C:\users\all users\microsoft\office\assetlibrary.ico
  • C:\users\all users\microsoft\officesoftwareprotectionplatform\cache\cache.dat
  • C:\users\all users\microsoft\office\uicaptions\1036\msointl.rest.trx_dll
  • C:\users\all users\microsoft\office\uicaptions\3082\envelopr.dll.trx_dll
  • C:\users\all users\microsoft\office\uicaptions\3082\grintl32.dll.trx_dll
  • C:\users\all users\microsoft\office\uicaptions\1036\outllibr.dll.trx_dll
  • C:\users\all users\microsoft\office\uicaptions\1036\onintl.rest.trx_dll
  • C:\users\all users\microsoft\office\uicaptions\1036\omsintl.dll.trx_dll
  • C:\users\all users\microsoft\office\uicaptions\1036\onintl.dll.trx_dll
  • C:\users\all users\microsoft\office\uicaptions\1036\msointl.dll.trx_dll
  • C:\users\all users\microsoft\office\uicaptions\1036\mor6int.rest.trx_dll
  • C:\users\all users\microsoft\office\sharepointportalsite.ico
  • C:\users\all users\microsoft\office\uicaptions\1036\mapir.dll.trx_dll
  • C:\users\all users\microsoft\office\uicaptions\1036\grintl32.rest.trx_dll
  • C:\users\all users\microsoft\office\uicaptions\1036\grintl32.dll.trx_dll
  • C:\users\all users\microsoft\office\uicaptions\1036\envelopr.dll.trx_dll
  • C:\users\all users\microsoft\office\sharepointteamsite.ico
  • C:\users\all users\microsoft\office\mysite.ico
  • C:\users\all users\microsoft\office\mysharepoints.ico
  • C:\users\all users\microsoft\search\data\applications\windows\mss.log
  • C:\users\all users\package cache\{0f12c81f-93ef-46ec-bc94-d952c1a775d4}\state.rsm
  • C:\users\all users\microsoft\office\uicaptions\3082\wwintl.dll.trx_dll
  • C:\users\all users\microsoft\office\uicaptions\3082\sgres.dll.trx_dll
  • C:\users\all users\microsoft\windows\start menu\programs\windows dvd maker.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\sidebar.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\pidgin.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\opera.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\mozilla thunderbird.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\mozilla firefox.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\media center.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\windows fax and scan.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\acrobat reader dc.lnk
  • C:\users\all users\microsoft\windows\start menu\default programs.lnk
  • C:\users\all users\microsoft\windows\ringtones\ringtone 10.wma
  • C:\users\all users\microsoft\windows\ringtones\ringtone 09.wma
  • C:\users\all users\microsoft\windows\ringtones\ringtone 08.wma
  • C:\users\all users\microsoft\windows\ringtones\ringtone 02.wma
  • C:\users\all users\microsoft\windows\ringtones\ringtone 05.wma
  • C:\users\all users\microsoft\windows\ringtones\ringtone 04.wma
  • C:\users\all users\microsoft\windows\start menu\windows update.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\windows media player.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\xps viewer.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\accessories\calculator.lnk
  • C:\users\all users\microsoft\office\uicaptions\3082\visintl.dll.trx_dll
  • C:\users\all users\microsoft\windows\start menu\programs\accessories\system tools\resource monitor.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\accessories\system tools\dfrgui.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\accessories\system tools\character map.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\accessories\accessibility\speech recognition.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\accessories\wordpad.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\accessories\welcome center.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\accessories\sync center.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\accessories\sticky notes.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\accessories\sound recorder.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\accessories\snipping tool.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\accessories\remote desktop connection.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\accessories\paint.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\accessories\networkprojection.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\accessories\mobility center.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\accessories\math input panel.lnk
  • C:\users\all users\microsoft\windows\start menu\programs\accessories\displayswitch.lnk
  • C:\users\all users\microsoft\windows\ringtones\ringtone 03.wma
  • C:\users\all users\microsoft\office\uicaptions\3082\visbrres.dll.trx_dll
  • C:\users\all users\microsoft\windows\ringtones\ringtone 06.wma
  • C:\users\all users\microsoft\office\uicaptions\1036\stintl.dll.trx_dll
  • C:\users\all users\microsoft\search\data\applications\windows\projects\systemindex\propmap\cipt0000.002
  • C:\users\all users\microsoft\search\data\applications\windows\projects\systemindex\propmap\cipt0000.001
  • C:\users\all users\microsoft\office\uicaptions\3082\mapir.dll.trx_dll
  • C:\users\all users\microsoft\office\uicaptions\3082\mor6int.rest.trx_dll
  • C:\users\all users\microsoft\office\uicaptions\3082\msointl.dll.trx_dll
  • C:\users\all users\microsoft\office\uicaptions\3082\omsintl.dll.trx_dll
  • C:\users\all users\microsoft\office\uicaptions\3082\onintl.dll.trx_dll
  • C:\users\all users\microsoft\search\data\applications\windows\projects\systemindex\propmap\cipt0000.000
  • C:\users\all users\microsoft\office\uicaptions\3082\onintl.rest.trx_dll
  • C:\users\all users\microsoft\office\uicaptions\3082\outllibr.rest.trx_dll
  • C:\users\all users\microsoft\office\uicaptions\3082\outlwvw.dll.trx_dll
  • C:\users\all users\microsoft\office\uicaptions\3082\ppintl.dll.trx_dll
  • C:\users\all users\microsoft\office\uicaptions\3082\ppintl.rest.trx_dll
  • C:\users\all users\microsoft\office\uicaptions\3082\pub6intl.dll.trx_dll
  • C:\users\all users\microsoft\office\uicaptions\3082\pub6intl.rest.trx_dll
  • C:\users\all users\microsoft\office\uicaptions\3082\pubwzint.rest.trx_dll
  • C:\users\all users\microsoft\office\uicaptions\3082\outllibr.dll.trx_dll
  • C:\users\all users\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\00010003.wid
  • C:\users\all users\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\00010003.dir
  • C:\users\all users\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\00010003.ci
  • C:\users\all users\microsoft\windows\caches\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db
  • C:\users\all users\microsoft\windows\caches\{4e4260a4-7e39-442e-bc22-7ff751d1c161}.2.ver0x0000000000000002.db
  • C:\users\all users\microsoft\windows\caches\{1e8814b6-8f2d-4b97-87f6-9370f7eb40b7}.2.ver0x0000000000000001.db
  • C:\users\all users\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\ciab0001.002
  • C:\users\all users\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\ciab0002.000
  • C:\users\all users\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\ciab0002.001
  • C:\users\all users\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\ciab0002.002
  • C:\users\all users\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\00010003.wsb
  • C:\users\all users\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\ciab0001.000
  • C:\users\all users\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\ciab0001.001
  • C:\users\all users\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\ciad0002.000
  • C:\users\all users\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\ciad0002.001
  • C:\users\all users\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\ciad0002.002
  • C:\users\all users\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\index.000
  • C:\users\all users\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\index.001
  • C:\users\all users\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\index.002
  • C:\users\all users\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\settings.dia
  • C:\users\all users\microsoft\windows\ringtones\ringtone 07.wma
  • %LOCALAPPDATA%\google\chrome\user data\default\web applications\_crx_aohghmighlieiainnegkcijnfilokake\документы google.ico.md5
Deletes itself.
Modifies user data files (Trojan.Encoder).
Miscellaneous
Creates and executes the following
  • '<SYSTEM32>\cmd.exe' /C choice /C Y /N /D Y /T 3 & Del <Full path to file>' (with hidden window)
Executes the following
  • '%WINDIR%\microsoft.net\framework64\v2.0.50727\dw20.exe' -x -s 1080
  • '<SYSTEM32>\cmd.exe' /C choice /C Y /N /D Y /T 3 & Del <Full path to file>
  • '<SYSTEM32>\choice.exe' /C Y /N /D Y /T 3

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android