ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Trojan.Inject1.23100

Added to the Dr.Web virus database: 2013-06-02

Virus description added:

Technical Information

Malicious functions:
Executes the following:
  • '<SYSTEM32>\net1.exe' /pid=2492
  • '<SYSTEM32>\net1.exe' user admin16wd /add
  • '<SYSTEM32>\net1.exe' /pid=788
  • '<SYSTEM32>\net1.exe' user admin17d /add
  • '<SYSTEM32>\net1.exe' /pid=248
  • '<SYSTEM32>\net1.exe' user admi14ef /add
  • '<SYSTEM32>\net1.exe' /pid=1408
  • '<SYSTEM32>\net1.exe' user admin15dwq /add
  • '<SYSTEM32>\net1.exe' /pid=1804
  • '<SYSTEM32>\net1.exe' user admin225235w /add
  • '<SYSTEM32>\net1.exe' user admin223525w /add
  • '<SYSTEM32>\net1.exe' user admin246325w /add
  • '<SYSTEM32>\net1.exe' user admin262325w /add
  • '<SYSTEM32>\net1.exe' user admin19w /add
  • '<SYSTEM32>\net1.exe' user admin18w /add
  • '<SYSTEM32>\net1.exe' user admin223425w /add
  • '<SYSTEM32>\net1.exe' user admin20q /add
  • '<SYSTEM32>\net1.exe' /pid=4040
  • '<SYSTEM32>\net1.exe' /pid=3652
  • '<SYSTEM32>\net1.exe' user admin7e /add
  • '<SYSTEM32>\net1.exe' /pid=3720
  • '<SYSTEM32>\net1.exe' user admin8wt /add
  • '<SYSTEM32>\net1.exe' /pid=2888
  • '<SYSTEM32>\net1.exe' user admin5rt /add
  • '<SYSTEM32>\net1.exe' /pid=3588
  • '<SYSTEM32>\net1.exe' user admin6rt /add
  • '<SYSTEM32>\net1.exe' user admin9r /add
  • '<SYSTEM32>\net1.exe' user admin12efq /add
  • '<SYSTEM32>\net1.exe' /pid=3908
  • '<SYSTEM32>\net1.exe' user admin13w /add
  • '<SYSTEM32>\net1.exe' /pid=3972
  • '<SYSTEM32>\net1.exe' user admin10tg /add
  • '<SYSTEM32>\net1.exe' /pid=3780
  • '<SYSTEM32>\net1.exe' user admin11efw /add
  • '<SYSTEM32>\net1.exe' /pid=3844
  • '<SYSTEM32>\net1.exe' /pid=2948
  • '<SYSTEM32>\net1.exe' user admin2w365725 /add
  • '<SYSTEM32>\net1.exe' user admin25w6425 /add
  • '<SYSTEM32>\net1.exe' user admin2w6573425 /add
  • '<SYSTEM32>\net1.exe' /pid=2688
  • '<SYSTEM32>\net1.exe' user admin22w5675 /add
  • '<SYSTEM32>\net1.exe' /pid=2808
  • '<SYSTEM32>\net1.exe' user admin2w546325 /add
  • '<SYSTEM32>\net1.exe' /pid=3304
  • '<SYSTEM32>\net1.exe' /pid=3176
  • '<SYSTEM32>\net1.exe' user admin2w53225 /add
  • '<SYSTEM32>\net1.exe' user admin2w876825 /add
  • '<SYSTEM32>\net1.exe' user adminw22755 /add
  • '<SYSTEM32>\net1.exe' /pid=728
  • '<SYSTEM32>\net1.exe' user admin2w25725 /add
  • '<SYSTEM32>\net1.exe' user admin2w22435 /add
  • '<SYSTEM32>\net1.exe' user admin2w2765765 /add
  • '<SYSTEM32>\net1.exe' user admin24w77425 /add
  • '<SYSTEM32>\net1.exe' user admin24w5225 /add
  • '<SYSTEM32>\net1.exe' user admin22w5645 /add
  • '<SYSTEM32>\net1.exe' /pid=3696
  • '<SYSTEM32>\net1.exe' user admin26w3425 /add
  • '<SYSTEM32>\net1.exe' user admin273w425 /add
  • '<SYSTEM32>\net1.exe' user admin23462w5 /add
  • '<SYSTEM32>\net1.exe' user admin24w3525 /add
  • '<SYSTEM32>\net1.exe' user admin224w375 /add
  • '<SYSTEM32>\net1.exe' user admin23w5645625 /add
  • '<SYSTEM32>\net1.exe' user admin25w464525 /add
  • '<SYSTEM32>\net1.exe' user admin22w8975 /add
  • '<SYSTEM32>\net1.exe' user admin27w6425 /add
  • '<SYSTEM32>\net1.exe' user admin24w655425 /add
  • '<SYSTEM32>\net1.exe' user admin28w7825 /add
  • '<SYSTEM32>\net1.exe' user admin22w34625 /add
  • '<SYSTEM32>\net1.exe' user admin29w625 /add
  • '<SYSTEM32>\net1.exe' user admin26w825 /add
  • '<SYSTEM32>\net1.exe' user admineyr /add
  • '<SYSTEM32>\net1.exe' user admin225235 /add
  • '<SYSTEM32>\net1.exe' user admin223525 /add
  • '<SYSTEM32>\net1.exe' user admin246325 /add
  • '<SYSTEM32>\net1.exe' user admin262325 /add
  • '<SYSTEM32>\net1.exe' user admin19 /add
  • '<SYSTEM32>\net1.exe' user admin18 /add
  • '<SYSTEM32>\net1.exe' user admin223425 /add
  • '<SYSTEM32>\net1.exe' user admin20 /add
  • '<SYSTEM32>\net1.exe' user admin234625 /add
  • '<SYSTEM32>\net1.exe' user admin245225 /add
  • '<SYSTEM32>\net1.exe' user admin225645 /add
  • '<SYSTEM32>\net1.exe' user admin263425 /add
  • '<SYSTEM32>\net1.exe' user admin234525 /add
  • '<SYSTEM32>\net1.exe' user admin224375 /add
  • '<SYSTEM32>\net1.exe' user admin273425 /add
  • '<SYSTEM32>\net1.exe' user admin2256545 /add
  • '<SYSTEM32>\net1.exe' user admin243525 /add
  • '<SYSTEM32>\net1.exe' user admin17 /add
  • '<SYSTEM32>\net1.exe' user admin5 /add
  • '<SYSTEM32>\net1.exe' user admin4 /add
  • '<SYSTEM32>\net1.exe' user admin7 /add
  • '<SYSTEM32>\net1.exe' user admin6 /add
  • '<SYSTEM32>\net1.exe' user admin1 /add
  • '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\1.bat" "
  • '<SYSTEM32>\net1.exe' user admin3 /add
  • '<SYSTEM32>\net1.exe' user admin2 /add
  • '<SYSTEM32>\net1.exe' user admin8 /add
  • '<SYSTEM32>\net1.exe' user admi14 /add
  • '<SYSTEM32>\net1.exe' user admin13 /add
  • '<SYSTEM32>\net1.exe' user admin16 /add
  • '<SYSTEM32>\net1.exe' user admin15/add
  • '<SYSTEM32>\net1.exe' user admin10 /add
  • '<SYSTEM32>\net1.exe' user admin9 /add
  • '<SYSTEM32>\net1.exe' user admin12 /add
  • '<SYSTEM32>\net1.exe' user admin11 /add
  • '<SYSTEM32>\net1.exe' user admin245665325 /add
  • '<SYSTEM32>\net1.exe' user admin2876825 /add
  • '<SYSTEM32>\net1.exe' /pid=3044
  • '<SYSTEM32>\net1.exe' user admin245625 /add
  • '<SYSTEM32>\net1.exe' user admin253225 /add
  • '<SYSTEM32>\net1.exe' user admin222435 /add
  • '<SYSTEM32>\net1.exe' user admin22755 /add
  • '<SYSTEM32>\net1.exe' user admin2286785 /add
  • '<SYSTEM32>\net1.exe' user admin25647925 /add
  • '<SYSTEM32>\net1.exe' user admine4t /add
  • '<SYSTEM32>\net1.exe' /pid=3236
  • '<SYSTEM32>\net1.exe' user adminteye /add
  • '<SYSTEM32>\net1.exe' /pid=3332
  • '<SYSTEM32>\net1.exe' user admin209725 /add
  • '<SYSTEM32>\net1.exe' /pid=3108
  • '<SYSTEM32>\net1.exe' user admin229896785 /add
  • '<SYSTEM32>\net1.exe' /pid=3172
  • '<SYSTEM32>\net1.exe' user admin22765765 /add
  • '<SYSTEM32>\net1.exe' user admin228975 /add
  • '<SYSTEM32>\net1.exe' user admin29625 /add
  • '<SYSTEM32>\net1.exe' user admin24655425 /add
  • '<SYSTEM32>\net1.exe' user admin25464525 /add
  • '<SYSTEM32>\net1.exe' user admin2234625 /add
  • '<SYSTEM32>\net1.exe' user admin235645625 /add
  • '<SYSTEM32>\net1.exe' user admin26825 /add
  • '<SYSTEM32>\net1.exe' user admin287825 /add
  • '<SYSTEM32>\net1.exe' user admin276425 /add
  • '<SYSTEM32>\net1.exe' user admin22356355 /add
  • '<SYSTEM32>\net1.exe' user admin26573425 /add
  • '<SYSTEM32>\net1.exe' user admin225725 /add
  • '<SYSTEM32>\net1.exe' user admin256425 /add
  • '<SYSTEM32>\net1.exe' user admin225675 /add
  • '<SYSTEM32>\net1.exe' user admin2477425 /add
  • '<SYSTEM32>\net1.exe' user admin2365725 /add
  • '<SYSTEM32>\net1.exe' user admin2546325 /add
Injects code into
the following system processes:
  • <SYSTEM32>\net.exe
Modifies file system :
Creates the following files:
  • %TEMP%\1.tmp\1.bat

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play