ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Trojan.MulDrop7.9034

Added to the Dr.Web virus database: 2016-12-17

Virus description added:

Technical Information

To ensure autorun and distribution:
Modifies the following registry keys:
  • [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'JLSSTXTOWNBSATXVI' = '<SYSTEM32>\ntoskrnl.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'JLSSTXTOWNBSATXVI' = '<SYSTEM32>\ntoskrnl.exe'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'YLFGYPJQPKBSEA' = '<SYSTEM32>\ntoskrnl.exe'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'JLSSTXTOWNBSATXVI' = '<SYSTEM32>\ntoskrnl.exe'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'FLYIIYTFTLGAPWDM' = '<SYSTEM32>\ntoskrnl.exe'
  • [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'FLYIIYTFTLGAPWDM' = '<SYSTEM32>\ntoskrnl.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'FLYIIYTFTLGAPWDM' = '<SYSTEM32>\ntoskrnl.exe'
  • [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'YLFGYPJQPKBSEA' = '<SYSTEM32>\ntoskrnl.exe'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'REOWOWRACJHDKFQ' = '<SYSTEM32>\ntoskrnl.exe'
  • [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'REOWOWRACJHDKFQ' = '<SYSTEM32>\ntoskrnl.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'REOWOWRACJHDKFQ' = '<SYSTEM32>\ntoskrnl.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'OJYKHFFKUTQ' = '<SYSTEM32>\ntoskrnl.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'YLFGYPJQPKBSEA' = '<SYSTEM32>\ntoskrnl.exe'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'OJYKHFFKUTQ' = '<SYSTEM32>\ntoskrnl.exe'
  • [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'OJYKHFFKUTQ' = '<SYSTEM32>\ntoskrnl.exe'
Creates or modifies the following files:
  • %ALLUSERSPROFILE%\Start Menu\Programs\Startup\Sorry Ya Gan, Kalau Ngak Work - Bercanda.PATRIAyxorpe.exe
  • %ALLUSERSPROFILE%\Start Menu\Programs\Startup\Bolt 4G - 5G - 6G Limit FUP.PATRIA.iph.scr
  • %ALLUSERSPROFILE%\Start Menu\Programs\Startup\FLYIIYTFTLGAPWDM.exe
  • %ALLUSERSPROFILE%\Start Menu\Programs\Startup\JLSSTXTOWNBSATXVI.exe
  • %ALLUSERSPROFILE%\Start Menu\Programs\Startup\REOWOWRACJHDKFQ.exe
  • %HOMEPATH%\Start Menu\Programs\Startup\scvhost.exe
  • %ALLUSERSPROFILE%\Start Menu\Programs\Startup\YLFGYPJQPKBSEA.exe
  • %ALLUSERSPROFILE%\Start Menu\Programs\Startup\OJYKHFFKUTQ.exe
Substitutes the following executable system files:
  • <SYSTEM32>\ntoskrnl.exe with <SYSTEM32>\ntoskrnl.exe
Infects the following executable files:
  • <SYSTEM32>\SET4.tmp
Malicious functions:
To complicate detection of its presence in the operating system,
blocks execution of the following system utilities:
  • Windows Task Manager (Taskmgr)
  • Registry Editor (RegEdit)
modifies the following system settings:
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'DisallowRun' = '00000001'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFolderOptions' = '00000001'
Executes the following:
  • '%WINDIR%\Angel2.0.pif'
  • '%WINDIR%\Demon2.0.pif'
  • '%WINDIR%\PATRIAGEPJ.Tamparan.pif'
  • '%WINDIR%\ΔINJECTGUARD.PATRIAGEPJ.exe'
  • '%WINDIR%\ϧGHOSTERY.PATRIAGNP.scr'
  • '%WINDIR%\ntoskrnl.exe'
Modifies file system:
Creates the following files:
  • C:\Documents and Settings\Default User\Local Settings\<INETFILES>\Content.IE5\YPORKZYZ\Injek Rumah Tangga Ngirit, XL-AJIZ-ISAT Only.PATRIAGEPJ.pif
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\0338E140\Injek POPOK Mbah Tunem, Work Kejut.PATRIAGEPJ.pif
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Dr Watson\Telkomosel Merah Popon Plink Bitvise Bisa Semua.PATRIAIPH.pif
  • C:\Documents and Settings\Default User\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\Senjata ESTEH Plink Sebelah.PATRIAGEPJ.exe
  • C:\Documents and Settings\Default User\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\Bolt Superpedia Pascabayar.PATRIAGNP.exe
  • C:\Documents and Settings\Default User\Local Settings\<INETFILES>\Content.IE5\YPORKZYZ\Injek MAMAMia Lezaaaatoooz OB POPON.PATRIAIPH.exe
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Accessibility\Senjata ESTEH Plink Sebelah.PATRIAGEPJ.exe
  • C:\Documents and Settings\Default User\My Documents\Telkomosel Merah Popon Plink Bitvise Bisa Semua.PATRIAIPH.pif
  • C:\Documents and Settings\Default User\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\Sorry Ya Gan, Kalau Ngak Work - Bercanda.PATRIAyxorpe.exe
  • %ALLUSERSPROFILE%\Application Data\Microsoft\HTML Help\Injek Rumah Tangga Ngirit, XL-AJIZ-ISAT Only.PATRIAGEPJ.pif
  • C:\Documents and Settings\Default User\Local Settings\<INETFILES>\Content.IE5\2VAZY7AN\Naver 123#7#7 123#111 Isat.PATRIAGNP.exe
  • C:\Documents and Settings\Default User\Local Settings\<INETFILES>\Content.IE5\Behind The Scene.PATRIAIPHyxorpeGEPJ.exe
  • %ALLUSERSPROFILE%\Start Menu\Injek Rumah Tangga Ngirit, XL-AJIZ-ISAT Only.PATRIAGEPJ.pif
  • %ALLUSERSPROFILE%\Favorites\Injek POPOK Mbah Tunem, Work Kejut.PATRIAGEPJ.pif
  • C:\Documents and Settings\Default User\Local Settings\<INETFILES>\Content.IE5\OPOK Telkomsel Bangkit , Ngak Work Rugi.PATRIAGNP.scr
  • C:\Documents and Settings\Default User\Local Settings\<INETFILES>\Content.IE5\2VAZY7AN\Axis 4G Work Opok.‮ihe.scr
  • %ALLUSERSPROFILE%\Start Menu\Programs\Sempak Terbang - Aduuuuuuuuuuuuuuhhhhhhai.PATRIAyxorpe.exe
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\Santet Online - Mbah Sudah Kemari.PATRIAGEPJ.exe
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\S-1-5-18\Bolt 4G - 5G - 6G Limit FUP.PATRIA.iph.scr
  • C:\Documents and Settings\Default User\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\FPI JAGO KANDANG DOANG,CARI DUIT AJA LEWAT ISLAM.PATRIAGEPJ.scr
  • C:\Documents and Settings\Default User\Start Menu\FPI JAGO KANDANG DOANG,CARI DUIT AJA LEWAT ISLAM.PATRIAGEPJ.scr
  • C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Axis 4G Work Opok.‮ihe.scr
  • C:\Documents and Settings\Default User\Start Menu\Programs\Telkomosel Merah Popon Plink Bitvise Bisa Semua.PATRIAIPH.pif
  • C:\Documents and Settings\Default User\Recent\Facebook Kopdar - September 2016.PATRIAGEPJ.exe
  • C:\Documents and Settings\Default User\Start Menu\OPOK Telkomsel Bangkit , Ngak Work Rugi.PATRIAGNP.scr
  • %ALLUSERSPROFILE%\Application Data\Tsel Sususrf Work Lagi - Popon Boleh.PATRIAIPH.exe
  • C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Entertainment\Bolt Superpedia Pascabayar.PATRIAGNP.exe
  • C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\XL Axis Sata Ata Windows10 Ready - OBOR Malam.PATRIAGEPJ.scr
  • C:\Documents and Settings\Default User\Start Menu\Programs\BLITAR KOTA PATRIA - WALKOTNYA BUKAN PATRIA.PATRIAIPH.exe
  • C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\Three OPOK - Popon Juga Bisa.PATRIAGEPJ.scr
  • C:\Documents and Settings\Default User\NetHood\Sempak Terbang - Aduuuuuuuuuuuuuuhhhhhhai.PATRIAyxorpe.exe
  • C:\Documents and Settings\Injek MAMAMia Lezaaaatoooz OB POPON.PATRIAIPH.exe
  • C:\Documents and Settings\Default User\PrintHood\Sorry Ya Gan, Kalau Ngak Work - Bercanda.PATRIAyxorpe.exe
  • C:\Documents and Settings\Default User\NetHood\FRONT MISSION THREE.PATRIAGEPJ.exe
  • C:\Documents and Settings\Default User\My Documents\SmartPret 4G - I Hate SLOOOOOW.PATRIAIHE.pif
  • %ALLUSERSPROFILE%\XL Axis Sata Ata Windows10 Ready - OBOR Malam.PATRIAGEPJ.scr
  • C:\Documents and Settings\Default User\SendTo\Behind The Scene.PATRIAIPHyxorpeGEPJ.exe
  • C:\Documents and Settings\Default User\PrintHood\Inject Tetangga Sebelah - Multi Opsel.PATRIAXPP.pif
  • C:\Documents and Settings\Default User\Recent\FPI JAGO KANDANG DOANG,CARI DUIT AJA LEWAT ISLAM.PATRIAGEPJ.scr
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Communications\Indosat Kuning - Popon dan Plink Online[Ngapusi].PATRIAXPP.exe
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Music\XL Axis Sata Ata Windows10 Ready - OBOR Malam.PATRIAGEPJ.scr
  • C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Sorry Ya Gan, Kalau Ngak Work - Bercanda.PATRIAyxorpe.exe
  • C:\Documents and Settings\Default User\Local Settings\Application Data\Santet Online - Mbah Sudah Kemari.PATRIAGEPJ.exe
  • C:\Documents and Settings\Default User\Local Settings\SmartPret 4G - I Hate SLOOOOOW.PATRIAIHE.pif
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\0338E140\BLITAR KOTA PATRIA - WALKOTNYA BUKAN PATRIA.PATRIAIPH.exe
  • C:\Documents and Settings\Default User\Local Settings\Application Data\Sorry Ya Gan, Kalau Ngak Work - Bercanda.PATRIAyxorpe.exe
  • C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\SmartPret 4G - I Hate SLOOOOOW.PATRIAIHE.pif
  • %ALLUSERSPROFILE%\Documents\My Pictures\SmartPret 4G - I Hate SLOOOOOW.PATRIAIHE.pif
  • C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Media Player\FPI JAGO KANDANG DOANG,CARI DUIT AJA LEWAT ISLAM.PATRIAGEPJ.scr
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\DSS\Sempak Terbang - Aduuuuuuuuuuuuuuhhhhhhai.PATRIAyxorpe.exe
  • %ALLUSERSPROFILE%\Documents\Facebook Kopdar - September 2016.PATRIAGEPJ.exe
  • C:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CTLs\SmartPret 4G - I Hate SLOOOOOW.PATRIAIHE.pif
  • C:\Documents and Settings\Default User\Desktop\Telkomosel Merah Popon Plink Bitvise Bisa Semua.PATRIAIPH.pif
  • C:\Documents and Settings\Default User\Cookies\Obat Bintang Tujoe Xl-AJIZ-TSEL-BOLT.PATRIAIHE.scr
  • C:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CTLs\Tsel Sususrf Work Lagi - Popon Boleh.PATRIAIPH.exe
  • C:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CRLs\FPI JAGO KANDANG DOANG,CARI DUIT AJA LEWAT ISLAM.PATRIAGEPJ.scr
  • C:\Documents and Settings\Default User\Local Settings\Telkomosel Merah Popon Plink Bitvise Bisa Semua.PATRIAIPH.pif
  • C:\Documents and Settings\Default User\Favorites\Injek POPOK Mbah Tunem, Work Kejut.PATRIAGEPJ.pif
  • C:\Documents and Settings\Default User\Desktop\Senjata ESTEH Plink Sebelah.PATRIAGEPJ.exe
  • C:\Documents and Settings\Default User\Cookies\FRONT MISSION THREE.PATRIAGEPJ.exe
  • C:\Documents and Settings\Default User\Favorites\Bolt Superpedia Pascabayar.PATRIAGNP.exe
  • C:\Documents and Settings\Default User\Local Settings\History\Sorry Ya Gan, Kalau Ngak Work - Bercanda.PATRIAyxorpe.exe
  • %ALLUSERSPROFILE%\DRM\Sorry Ya Gan, Kalau Ngak Work - Bercanda.PATRIAyxorpe.exe
  • C:\Documents and Settings\Default User\Local Settings\History\History.IE5\Bolt Superpedia Pascabayar.PATRIAGNP.exe
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\Sempak Terbang - Aduuuuuuuuuuuuuuhhhhhhai.PATRIAyxorpe.exe
  • %ALLUSERSPROFILE%\Documents\My Music\My Playlists\Tsel Sususrf Work Lagi - Popon Boleh.PATRIAIPH.exe
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\MachineKeys\FRONT MISSION THREE.PATRIAGEPJ.exe
  • C:\Documents and Settings\Default User\Local Settings\Temp\File Mainan - Tapi Cukup Nyebelin - Sorry Ya !!!! Ok !!!.PATRIAGEPJ.exe
  • C:\Documents and Settings\Default User\Local Settings\<INETFILES>\Indosat Mentari Senja 4G Untuk Semua [Ngapusi].PATRIAIPH.exe
  • C:\Documents and Settings\Default User\Local Settings\Temp\Behind The Scene.PATRIAIPHyxorpeGEPJ.exe
  • C:\Documents and Settings\Default User\Local Settings\History\History.IE5\Sempak Terbang - Aduuuuuuuuuuuuuuhhhhhhai.PATRIAyxorpe.exe
  • %ALLUSERSPROFILE%\Documents\My Music\Behind The Scene.PATRIAIPHyxorpeGEPJ.exe
  • %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Injek POPOK Mbah Tunem, Work Kejut.PATRIAGEPJ.pif
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\DSS\MachineKeys\Three Open VPN Bad VPN.PATRIAGNP.pif
  • C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows Media\Tsel Sususrf Work Lagi - Popon Boleh.PATRIAIPH.exe
  • C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Media Player\Doaku Bersamamu........ !!!!!!@@@@#####$$$$%%%%.PATRIAGEPJ.scr
  • C:\Documents and Settings\Default User\Local Settings\History\Axis 4G Work Opok.‮ihe.scr
  • C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows Media\9.0\Tsel Sususrf Work Lagi - Popon Boleh.PATRIAIPH.exe
  • %ALLUSERSPROFILE%\Documents\My Videos\Behind The Scene.PATRIAIPHyxorpeGEPJ.exe
  • C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows Media\9.0\Injek POPOK Mbah Tunem, Work Kejut.PATRIAGEPJ.pif
  • C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows Media\Sempak Terbang - Aduuuuuuuuuuuuuuhhhhhhai.PATRIAyxorpe.exe
  • C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\File Mainan - Tapi Cukup Nyebelin - Sorry Ya !!!! Ok !!!.PATRIAGEPJ.exe
  • C:\Documents and Settings\LocalService\Local Settings\<INETFILES>\Content.IE5\BGGTYMH1\Inject Tetangga Sebelah - Multi Opsel.PATRIAXPP.pif
  • C:\Documents and Settings\Indosat Kuning - Popon dan Plink Online[Ngapusi].PATRIAXPP.exe
  • <SYSTEM32>\ntoskrnl.exe.new
  • <Current directory>\Axis 4G Work Opok.‮ihe.scr
  • C:\Documents and Settings\LocalService\Local Settings\<INETFILES>\Obat Bintang Tujoe Xl-AJIZ-TSEL-BOLT.PATRIAIHE.scr
  • %ALLUSERSPROFILE%\Bolt Superpedia Pascabayar.PATRIAGNP.exe
  • C:\Documents and Settings\LocalService\Local Settings\<INETFILES>\Content.IE5\LBMMC3H3\Inject Tetangga Sebelah - Multi Opsel.PATRIAXPP.pif
  • C:\Documents and Settings\LocalService\Local Settings\<INETFILES>\Content.IE5\BGGTYMH1\Behind The Scene.PATRIAIPHyxorpeGEPJ.exe
  • C:\Documents and Settings\LocalService\Local Settings\<INETFILES>\Content.IE5\Indosat Mentari Senja 4G Untuk Semua [Ngapusi].PATRIAIPH.exe
  • C:\Documents and Settings\LocalService\Local Settings\<INETFILES>\Content.IE5\CJCTQ25G\Sorry Ya Gan, Kalau Ngak Work - Bercanda.PATRIAyxorpe.exe
  • C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\FRONT MISSION THREE.PATRIAGEPJ.exe
  • C:\Documents and Settings\LocalService\Local Settings\History\Facebook Kopdar - September 2016.PATRIAGEPJ.exe
  • C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\Naver 123#7#7 123#111 Isat.PATRIAGNP.exe
  • C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Credentials\S-1-5-19\BLITAR KOTA PATRIA - WALKOTNYA BUKAN PATRIA.PATRIAIPH.exe
  • C:\Documents and Settings\LocalService\Local Settings\History\Three OPOK - Popon Juga Bisa.PATRIAGEPJ.scr
  • C:\Documents and Settings\LocalService\Local Settings\Temp\Indosat Kuning - Popon dan Plink Online[Ngapusi].PATRIAXPP.exe
  • C:\Documents and Settings\LocalService\Local Settings\<INETFILES>\Content.IE5\Obat Bintang Tujoe Xl-AJIZ-TSEL-BOLT.PATRIAIHE.scr
  • C:\Documents and Settings\LocalService\Local Settings\<INETFILES>\Indosat Kuning - Popon dan Plink Online[Ngapusi].PATRIAXPP.exe
  • C:\Documents and Settings\LocalService\Local Settings\Temp\Axis 4G Work Opok.‮ihe.scr
  • C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\SmartPret 4G - I Hate SLOOOOOW.PATRIAIHE.pif
  • C:\Documents and Settings\NetworkService\Application Data\Microsoft\Credentials\S-1-5-20\Doaku Bersamamu........ !!!!!!@@@@#####$$$$%%%%.PATRIAGEPJ.scr
  • C:\Documents and Settings\NetworkService\Application Data\Microsoft\Media Player\Three Open VPN Bad VPN.PATRIAGNP.pif
  • C:\Documents and Settings\NetworkService\Application Data\Microsoft\Internet Explorer\Three OPOK - Popon Juga Bisa.PATRIAGEPJ.scr
  • C:\Documents and Settings\NetworkService\Application Data\Microsoft\Credentials\S-1-5-20\Axis 4G Work Opok.‮ihe.scr
  • C:\Documents and Settings\NetworkService\Application Data\Microsoft\Credentials\Bolt 4G - 5G - 6G Limit FUP.PATRIA.iph.scr
  • C:\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\Three Open VPN Bad VPN.PATRIAGNP.pif
  • C:\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\Inject Tetangga Sebelah - Multi Opsel.PATRIAXPP.pif
  • C:\Documents and Settings\NetworkService\Application Data\Microsoft\Media Player\Naver 123#7#7 123#111 Isat.PATRIAGNP.exe
  • C:\Documents and Settings\NetworkService\Application Data\Microsoft\Internet Explorer\Behind The Scene.PATRIAIPHyxorpeGEPJ.exe
  • C:\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\Bolt 4G - 5G - 6G Limit FUP.PATRIA.iph.scr
  • C:\Documents and Settings\NetworkService\Inject Tetangga Sebelah - Multi Opsel.PATRIAXPP.pif
  • C:\Documents and Settings\NetworkService\Application Data\Sorry Ya Gan, Kalau Ngak Work - Bercanda.PATRIAyxorpe.exe
  • C:\Documents and Settings\LocalService\Local Settings\<INETFILES>\Content.IE5\LBMMC3H3\BLITAR KOTA PATRIA - WALKOTNYA BUKAN PATRIA.PATRIAIPH.exe
  • C:\Documents and Settings\LocalService\Local Settings\<INETFILES>\Content.IE5\CJCTQ25G\Facebook Kopdar - September 2016.PATRIAGEPJ.exe
  • C:\Documents and Settings\LocalService\Local Settings\<INETFILES>\Content.IE5\MOE00UY1\Injek POPOK Mbah Tunem, Work Kejut.PATRIAGEPJ.pif
  • C:\Documents and Settings\NetworkService\Application Data\Microsoft\Credentials\Sempak Terbang - Aduuuuuuuuuuuuuuhhhhhhai.PATRIAyxorpe.exe
  • C:\Documents and Settings\NetworkService\Application Data\Microsoft\SmartPret 4G - I Hate SLOOOOOW.PATRIAIHE.pif
  • C:\Documents and Settings\NetworkService\Application Data\Three Open VPN Bad VPN.PATRIAGNP.pif
  • C:\Documents and Settings\NetworkService\Injek POPOK Mbah Tunem, Work Kejut.PATRIAGEPJ.pif
  • C:\Documents and Settings\NetworkService\Application Data\Microsoft\Senjata ESTEH Plink Sebelah.PATRIAGEPJ.exe
  • C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\Behind The Scene.PATRIAIPHyxorpeGEPJ.exe
  • C:\Documents and Settings\LocalService\Application Data\Microsoft\Credentials\Inject Tetangga Sebelah - Multi Opsel.PATRIAXPP.pif
  • C:\Documents and Settings\LocalService\Application Data\Microsoft\Internet Explorer\Serangan Fajar - MULTI OPSEL.PATRIAyxorpe.pif
  • C:\Documents and Settings\LocalService\Application Data\Microsoft\Credentials\S-1-5-19\Axis 4G Work Opok.‮ihe.scr
  • C:\Documents and Settings\LocalService\Application Data\Microsoft\Credentials\File Mainan - Tapi Cukup Nyebelin - Sorry Ya !!!! Ok !!!.PATRIAGEPJ.exe
  • C:\Documents and Settings\LocalService\Application Data\Microsoft\SmartPret 4G - I Hate SLOOOOOW.PATRIAIHE.pif
  • C:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\BLITAR KOTA PATRIA - WALKOTNYA BUKAN PATRIA.PATRIAIPH.exe
  • C:\Documents and Settings\LocalService\Application Data\Microsoft\Media Player\Doaku Bersamamu........ !!!!!!@@@@#####$$$$%%%%.PATRIAGEPJ.scr
  • C:\Documents and Settings\LocalService\Application Data\Microsoft\Internet Explorer\Tsel Sususrf Work Lagi - Popon Boleh.PATRIAIPH.exe
  • C:\Documents and Settings\LocalService\Application Data\Microsoft\Credentials\S-1-5-19\Senjata ESTEH Plink Sebelah.PATRIAGEPJ.exe
  • C:\Documents and Settings\LocalService\Application Data\Microsoft\Media Player\Injek POPOK Mbah Tunem, Work Kejut.PATRIAGEPJ.pif
  • C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Telkomosel Merah Popon Plink Bitvise Bisa Semua.PATRIAIPH.pif
  • C:\Documents and Settings\LocalService\Injek Rumah Tangga Ngirit, XL-AJIZ-ISAT Only.PATRIAGEPJ.pif
  • C:\Documents and Settings\Default User\Templates\Behind The Scene.PATRIAIPHyxorpeGEPJ.exe
  • C:\Documents and Settings\Default User\Start Menu\Programs\Startup\OpOk Popon Plink Online, Bitvise Gagap.PATRIAyxorpe.pif
  • C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Entertainment\Inject Tetangga Sebelah - Multi Opsel.PATRIAXPP.pif
  • C:\Documents and Settings\LocalService\Application Data\Microsoft\Tsel Sususrf Work Lagi - Popon Boleh.PATRIAIPH.exe
  • C:\Documents and Settings\LocalService\Application Data\Bolt Superpedia Pascabayar.PATRIAGNP.exe
  • C:\Documents and Settings\LocalService\Naver 123#7#7 123#111 Isat.PATRIAGNP.exe
  • C:\Documents and Settings\Default User\Templates\Tsel Sususrf Work Lagi - Popon Boleh.PATRIAIPH.exe
  • C:\Documents and Settings\LocalService\Application Data\Naver 123#7#7 123#111 Isat.PATRIAGNP.exe
  • C:\Documents and Settings\LocalService\Local Settings\Senjata ESTEH Plink Sebelah.PATRIAGEPJ.exe
  • C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\FRONT MISSION THREE.PATRIAGEPJ.exe
  • C:\Documents and Settings\LocalService\Local Settings\Application Data\FRONT MISSION THREE.PATRIAGEPJ.exe
  • C:\Documents and Settings\LocalService\Local Settings\Sorry Ya Gan, Kalau Ngak Work - Bercanda.PATRIAyxorpe.exe
  • C:\Documents and Settings\LocalService\Cookies\Indosat Kuning - Popon dan Plink Online[Ngapusi].PATRIAXPP.exe
  • C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Credentials\S-1-5-19\Bolt Superpedia Pascabayar.PATRIAGNP.exe
  • C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Credentials\Serangan Fajar - MULTI OPSEL.PATRIAyxorpe.pif
  • C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\OPOK Telkomsel Bangkit , Ngak Work Rugi.PATRIAGNP.scr
  • C:\Documents and Settings\LocalService\Local Settings\Application Data\OpOk Popon Plink Online, Bitvise Gagap.PATRIAyxorpe.pif
  • C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Credentials\SmartPret 4G - I Hate SLOOOOOW.PATRIAIHE.pif
  • C:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\Indosat Kuning - Popon dan Plink Online[Ngapusi].PATRIAXPP.exe
  • C:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CRLs\Serangan Fajar - MULTI OPSEL.PATRIAyxorpe.pif
  • C:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\Certificates\Tsel Sususrf Work Lagi - Popon Boleh.PATRIAIPH.exe
  • C:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\Behind The Scene.PATRIAIPHyxorpeGEPJ.exe
  • C:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\FRONT MISSION THREE.PATRIAGEPJ.exe
  • C:\Documents and Settings\LocalService\Cookies\Injek MAMAMia Lezaaaatoooz OB POPON.PATRIAIPH.exe
  • C:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CTLs\Senjata ESTEH Plink Sebelah.PATRIAGEPJ.exe
  • C:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CRLs\Injek MAMAMia Lezaaaatoooz OB POPON.PATRIAIPH.exe
  • C:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\Certificates\Bolt 4G - 5G - 6G Limit FUP.PATRIA.iph.scr
  • C:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CTLs\Three OPOK - Popon Juga Bisa.PATRIAGEPJ.scr
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\Axis 4G Work Opok.‮ihe.scr
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Network\Connections\Three Open VPN Bad VPN.PATRIAGNP.pif
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Media Player\Sorry Ya Gan, Kalau Ngak Work - Bercanda.PATRIAyxorpe.exe
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Media Index\Sempak Terbang - Aduuuuuuuuuuuuuuhhhhhhai.PATRIAyxorpe.exe
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Network\Bolt Superpedia Pascabayar.PATRIAGNP.exe
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Network\Connections\Doaku Bersamamu........ !!!!!!@@@@#####$$$$%%%%.PATRIAGEPJ.scr
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\DSS\Injek MAMAMia Lezaaaatoooz OB POPON.PATRIAIPH.exe
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Network\Connections\Cm\XL Axis Sata Ata Windows10 Ready - OBOR Malam.PATRIAGEPJ.scr
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\Naver 123#7#7 123#111 Isat.PATRIAGNP.exe
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Network\Telkomosel Merah Popon Plink Bitvise Bisa Semua.PATRIAIPH.pif
  • <SYSTEM32>\dllcache\ntkrnlmp.exe.new
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Dr Watson\XL Axis Sata Ata Windows10 Ready - OBOR Malam.PATRIAGEPJ.scr
  • %ALLUSERSPROFILE%\Application Data\Microsoft\HTML Help\Three OPOK - Popon Juga Bisa.PATRIAGEPJ.scr
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Dr Watson\Senjata ESTEH Plink Sebelah.PATRIAGEPJ.exe
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\DSS\Doaku Bersamamu........ !!!!!!@@@@#####$$$$%%%%.PATRIAGEPJ.scr
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\DSS\MachineKeys\OpOk Popon Plink Online, Bitvise Gagap.PATRIAyxorpe.pif
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Media Player\Injek Rumah Tangga Ngirit, XL-AJIZ-ISAT Only.PATRIAGEPJ.pif
  • %ALLUSERSPROFILE%\Application Data\Microsoft\HTML Help\Doaku Bersamamu........ !!!!!!@@@@#####$$$$%%%%.PATRIAGEPJ.scr
  • %ALLUSERSPROFILE%\Application Data\Inject Tetangga Sebelah - Multi Opsel.PATRIAXPP.pif
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Media Index\SmartPret 4G - I Hate SLOOOOOW.PATRIAIHE.pif
  • %ALLUSERSPROFILE%\Application Data\Microsoft\HTML Help\BLITAR KOTA PATRIA - WALKOTNYA BUKAN PATRIA.PATRIAIPH.exe
  • %ALLUSERSPROFILE%\Documents\Santet Online - Mbah Sudah Kemari.PATRIAGEPJ.exe
  • %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\Bolt Superpedia Pascabayar.PATRIAGNP.exe
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\MachineKeys\Santet Online - Mbah Sudah Kemari.PATRIAGEPJ.exe
  • %ALLUSERSPROFILE%\Desktop\Inject Tetangga Sebelah - Multi Opsel.PATRIAXPP.pif
  • %ALLUSERSPROFILE%\Documents\OPOK Telkomsel Bangkit , Ngak Work Rugi.PATRIAGNP.scr
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Media Index\Indosat Kuning - Popon dan Plink Online[Ngapusi].PATRIAXPP.exe
  • %ALLUSERSPROFILE%\Documents\My Music\Injek MAMAMia Lezaaaatoooz OB POPON.PATRIAIPH.exe
  • %ALLUSERSPROFILE%\Desktop\SmartPret 4G - I Hate SLOOOOOW.PATRIAIHE.pif
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\S-1-5-18\Senjata ESTEH Plink Sebelah.PATRIAGEPJ.exe
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\DSS\MachineKeys\XL Axis Sata Ata Windows10 Ready - OBOR Malam.PATRIAGEPJ.scr
  • %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Bolt 4G - 5G - 6G Limit FUP.PATRIA.iph.scr
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\MachineKeys\Behind The Scene.PATRIAIPHyxorpeGEPJ.exe
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Network\Connections\Pbk\Bolt 4G - 5G - 6G Limit FUP.PATRIA.iph.scr
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Network\Connections\Cm\OPOK Telkomsel Bangkit , Ngak Work Rugi.PATRIAGNP.scr
  • %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Bolt Superpedia Pascabayar.PATRIAGNP.exe
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Dr Watson\Injek Rumah Tangga Ngirit, XL-AJIZ-ISAT Only.PATRIAGEPJ.pif
  • %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\SmartPret 4G - I Hate SLOOOOOW.PATRIAIHE.pif
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Network\Connections\Pbk\FRONT MISSION THREE.PATRIAGEPJ.exe
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\S-1-5-18\OpOk Popon Plink Online, Bitvise Gagap.PATRIAyxorpe.pif
  • %ALLUSERSPROFILE%\Santet Online - Mbah Sudah Kemari.PATRIAGEPJ.exe
  • <Current directory>\Bolt Superpedia Pascabayar.PATRIAGNP.exe
  • C:\Documents and Settings\OpOk Popon Plink Online, Bitvise Gagap.PATRIAyxorpe.pif
  • %ALLUSERSPROFILE%\Three Open VPN Bad VPN.PATRIAGNP.pif
  • %WINDIR%\LastGood\TMP2.tmp
  • <SYSTEM32>\SET4.tmp
  • %ALLUSERSPROFILE%\Application Data\Three Open VPN Bad VPN.PATRIAGNP.pif
  • %ALLUSERSPROFILE%\Injek POPOK Mbah Tunem, Work Kejut.PATRIAGEPJ.pif
  • C:\Documents and Settings\Inject Tetangga Sebelah - Multi Opsel.PATRIAXPP.pif
  • <Current directory>\Injek MAMAMia Lezaaaatoooz OB POPON.PATRIAIPH.exe
  • %ALLUSERSPROFILE%\OPOK Telkomsel Bangkit , Ngak Work Rugi.PATRIAGNP.scr
  • %WINDIR%\Demon2.0.pif
  • %WINDIR%\ΔINJECTGUARD.PATRIAGEPJ.exe
  • %WINDIR%\Angel2.0.pif
  • %WINDIR%\ϧGHOSTERY.PATRIAGNP.scr
  • %WINDIR%\ntoskrnl.exe
  • <SYSTEM32>\SET1.tmp
  • C:\Documents and Settings\Three Open VPN Bad VPN.PATRIAGNP.pif
  • <Current directory>\File Mainan - Tapi Cukup Nyebelin - Sorry Ya !!!! Ok !!!.PATRIAGEPJ.exe
  • %WINDIR%\PATRIAGEPJ.Tamparan.pif
  • C:\Information\Operation Protocol.log
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\DSS\MachineKeys\Axis 4G Work Opok.‮ihe.scr
  • <Current directory>\Sempak Terbang - Aduuuuuuuuuuuuuuhhhhhhai.PATRIAyxorpe.exe
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\Injek POPOK Mbah Tunem, Work Kejut.PATRIAGEPJ.pif
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\DSS\MachineKeys\Injek MAMAMia Lezaaaatoooz OB POPON.PATRIAIPH.exe
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\DSS\BLITAR KOTA PATRIA - WALKOTNYA BUKAN PATRIA.PATRIAIPH.exe
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\S-1-5-18\Sempak Terbang - Aduuuuuuuuuuuuuuhhhhhhai.PATRIAyxorpe.exe
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\MachineKeys\Facebook Kopdar - September 2016.PATRIAGEPJ.exe
  • C:\Documents and Settings\Indosat Mentari Senja 4G Untuk Semua [Ngapusi].PATRIAIPH.exe
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\BLITAR KOTA PATRIA - WALKOTNYA BUKAN PATRIA.PATRIAIPH.exe
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\MachineKeys\Doaku Bersamamu........ !!!!!!@@@@#####$$$$%%%%.PATRIAGEPJ.scr
  • <SYSTEM32>\SET5.tmp
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\Telkomosel Merah Popon Plink Bitvise Bisa Semua.PATRIAIPH.pif
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Sempak Terbang - Aduuuuuuuuuuuuuuhhhhhhai.PATRIAyxorpe.exe
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Three Open VPN Bad VPN.PATRIAGNP.pif
  • %ALLUSERSPROFILE%\Application Data\BLITAR KOTA PATRIA - WALKOTNYA BUKAN PATRIA.PATRIAIPH.exe
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\DSS\Injek POPOK Mbah Tunem, Work Kejut.PATRIAGEPJ.pif
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\Obat Bintang Tujoe Xl-AJIZ-TSEL-BOLT.PATRIAIHE.scr
  • <SYSTEM32>\SET7.tmp
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Doaku Bersamamu........ !!!!!!@@@@#####$$$$%%%%.PATRIAGEPJ.scr
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\Behind The Scene.PATRIAIPHyxorpeGEPJ.exe
  • %ALLUSERSPROFILE%\Documents\My Music\My Playlists\OpOk Popon Plink Online, Bitvise Gagap.PATRIAyxorpe.pif
  • C:\Documents and Settings\Naver 123#7#7 123#111 Isat.PATRIAGNP.exe
  • C:\Documents and Settings\Default User\Obat Bintang Tujoe Xl-AJIZ-TSEL-BOLT.PATRIAIHE.scr
  • %ALLUSERSPROFILE%\Templates\Injek MAMAMia Lezaaaatoooz OB POPON.PATRIAIPH.exe
  • %ALLUSERSPROFILE%\Start Menu\Programs\Games\File Mainan - Tapi Cukup Nyebelin - Sorry Ya !!!! Ok !!!.PATRIAGEPJ.exe
  • <Current directory>\OPOK Telkomsel Bangkit , Ngak Work Rugi.PATRIAGNP.scr
  • C:\Documents and Settings\Default User\Doaku Bersamamu........ !!!!!!@@@@#####$$$$%%%%.PATRIAGEPJ.scr
  • C:\Documents and Settings\Default User\Application Data\Microsoft\Three Open VPN Bad VPN.PATRIAGNP.pif
  • C:\Documents and Settings\Default User\Application Data\Facebook Kopdar - September 2016.PATRIAGEPJ.exe
  • %ALLUSERSPROFILE%\Templates\FPI JAGO KANDANG DOANG,CARI DUIT AJA LEWAT ISLAM.PATRIAGEPJ.scr
  • %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Telkomosel Merah Popon Plink Bitvise Bisa Semua.PATRIAIPH.pif
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Entertainment\SmartPret 4G - I Hate SLOOOOOW.PATRIAIHE.pif
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Network\Connections\Pbk\Telkomosel Merah Popon Plink Bitvise Bisa Semua.PATRIAIPH.pif
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\System Tools\Tsel Sususrf Work Lagi - Popon Boleh.PATRIAIPH.exe
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Communications\Facebook Kopdar - September 2016.PATRIAGEPJ.exe
  • %ALLUSERSPROFILE%\Desktop\Injek MAMAMia Lezaaaatoooz OB POPON.PATRIAIPH.exe
  • %ALLUSERSPROFILE%\Start Menu\Programs\Games\Obat Bintang Tujoe Xl-AJIZ-TSEL-BOLT.PATRIAIHE.scr
  • %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools\Injek MAMAMia Lezaaaatoooz OB POPON.PATRIAIPH.exe
  • %ALLUSERSPROFILE%\Documents\BLITAR KOTA PATRIA - WALKOTNYA BUKAN PATRIA.PATRIAIPH.exe
  • %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools\SmartPret 4G - I Hate SLOOOOOW.PATRIAIHE.pif
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\System Tools\Facebook Kopdar - September 2016.PATRIAGEPJ.exe
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\Sempak Terbang - Aduuuuuuuuuuuuuuhhhhhhai.PATRIAyxorpe.exe
  • C:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates\Bolt Superpedia Pascabayar.PATRIAGNP.exe
  • C:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\File Mainan - Tapi Cukup Nyebelin - Sorry Ya !!!! Ok !!!.PATRIAGEPJ.exe
  • %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\Telkomosel Merah Popon Plink Bitvise Bisa Semua.PATRIAIPH.pif
  • C:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Facebook Kopdar - September 2016.PATRIAGEPJ.exe
  • %ALLUSERSPROFILE%\Desktop\FPI JAGO KANDANG DOANG,CARI DUIT AJA LEWAT ISLAM.PATRIAGEPJ.scr
  • C:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates\Inject Tetangga Sebelah - Multi Opsel.PATRIAXPP.pif
  • C:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CRLs\Naver 123#7#7 123#111 Isat.PATRIAGNP.exe
  • C:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Injek POPOK Mbah Tunem, Work Kejut.PATRIAGEPJ.pif
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\FPI JAGO KANDANG DOANG,CARI DUIT AJA LEWAT ISLAM.PATRIAGEPJ.scr
  • C:\Documents and Settings\Default User\Application Data\Microsoft\OpOk Popon Plink Online, Bitvise Gagap.PATRIAyxorpe.pif
  • %ALLUSERSPROFILE%\Documents\My Music\My Playlists\BLITAR KOTA PATRIA - WALKOTNYA BUKAN PATRIA.PATRIAIPH.exe
  • C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Three OPOK - Popon Juga Bisa.PATRIAGEPJ.scr
  • C:\Documents and Settings\Default User\Application Data\Bolt 4G - 5G - 6G Limit FUP.PATRIA.iph.scr
  • %ALLUSERSPROFILE%\Application Data\FPI JAGO KANDANG DOANG,CARI DUIT AJA LEWAT ISLAM.PATRIAGEPJ.scr
  • C:\Documents and Settings\Default User\Application Data\Microsoft\Media Player\XL Axis Sata Ata Windows10 Ready - OBOR Malam.PATRIAGEPJ.scr
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Indosat Mentari Senja 4G Untuk Semua [Ngapusi].PATRIAIPH.exe
  • C:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\OpOk Popon Plink Online, Bitvise Gagap.PATRIAyxorpe.pif
  • C:\Documents and Settings\Default User\Application Data\Microsoft\Media Player\Santet Online - Mbah Sudah Kemari.PATRIAGEPJ.exe
  • C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\FRONT MISSION THREE.PATRIAGEPJ.exe
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Entertainment\Injek Rumah Tangga Ngirit, XL-AJIZ-ISAT Only.PATRIAGEPJ.pif
  • %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Injek MAMAMia Lezaaaatoooz OB POPON.PATRIAIPH.exe
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Network\Connections\Serangan Fajar - MULTI OPSEL.PATRIAyxorpe.pif
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\0338E140\Sorry Ya Gan, Kalau Ngak Work - Bercanda.PATRIAyxorpe.exe
  • %ALLUSERSPROFILE%\Documents\My Pictures\Behind The Scene.PATRIAIPHyxorpeGEPJ.exe
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Network\Behind The Scene.PATRIAIPHyxorpeGEPJ.exe
  • %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Senjata ESTEH Plink Sebelah.PATRIAGEPJ.exe
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Network\Connections\Cm\Senjata ESTEH Plink Sebelah.PATRIAGEPJ.exe
  • %ALLUSERSPROFILE%\Documents\My Videos\Indosat Mentari Senja 4G Untuk Semua [Ngapusi].PATRIAIPH.exe
  • %ALLUSERSPROFILE%\Documents\My Pictures\Indosat Mentari Senja 4G Untuk Semua [Ngapusi].PATRIAIPH.exe
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Media Index\Santet Online - Mbah Sudah Kemari.PATRIAGEPJ.exe
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Dr Watson\FPI JAGO KANDANG DOANG,CARI DUIT AJA LEWAT ISLAM.PATRIAGEPJ.scr
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\Three Open VPN Bad VPN.PATRIAGNP.pif
  • %ALLUSERSPROFILE%\Documents\My Music\My Playlists\SmartPret 4G - I Hate SLOOOOOW.PATRIAIHE.pif
  • %ALLUSERSPROFILE%\Documents\My Music\Obat Bintang Tujoe Xl-AJIZ-TSEL-BOLT.PATRIAIHE.scr
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Senjata ESTEH Plink Sebelah.PATRIAGEPJ.exe
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\Indosat Mentari Senja 4G Untuk Semua [Ngapusi].PATRIAIPH.exe
  • %ALLUSERSPROFILE%\Application Data\Microsoft\HTML Help\Obat Bintang Tujoe Xl-AJIZ-TSEL-BOLT.PATRIAIHE.scr
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\0338E140\File Mainan - Tapi Cukup Nyebelin - Sorry Ya !!!! Ok !!!.PATRIAGEPJ.exe
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Naver 123#7#7 123#111 Isat.PATRIAGNP.exe
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Media Player\SmartPret 4G - I Hate SLOOOOOW.PATRIAIHE.pif
  • %ALLUSERSPROFILE%\Start Menu\Programs\Behind The Scene.PATRIAIPHyxorpeGEPJ.exe
  • %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\Naver 123#7#7 123#111 Isat.PATRIAGNP.exe
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Senjata ESTEH Plink Sebelah.PATRIAGEPJ.exe
  • %ALLUSERSPROFILE%\Start Menu\Programs\OPOK Telkomsel Bangkit , Ngak Work Rugi.PATRIAGNP.scr
  • %ALLUSERSPROFILE%\Start Menu\Indosat Kuning - Popon dan Plink Online[Ngapusi].PATRIAXPP.exe
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Accessibility\FRONT MISSION THREE.PATRIAGEPJ.exe
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Network\Connections\Cm\Behind The Scene.PATRIAIPHyxorpeGEPJ.exe
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Communications\FPI JAGO KANDANG DOANG,CARI DUIT AJA LEWAT ISLAM.PATRIAGEPJ.scr
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Accessibility\Bolt Superpedia Pascabayar.PATRIAGNP.exe
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Three Open VPN Bad VPN.PATRIAGNP.pif
  • %ALLUSERSPROFILE%\Favorites\Tsel Sususrf Work Lagi - Popon Boleh.PATRIAIPH.exe
  • %ALLUSERSPROFILE%\DRM\Bolt 4G - 5G - 6G Limit FUP.PATRIA.iph.scr
  • %ALLUSERSPROFILE%\Documents\My Videos\Obat Bintang Tujoe Xl-AJIZ-TSEL-BOLT.PATRIAIHE.scr
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Media Player\Indosat Kuning - Popon dan Plink Online[Ngapusi].PATRIAXPP.exe
  • %ALLUSERSPROFILE%\DRM\OPOK Telkomsel Bangkit , Ngak Work Rugi.PATRIAGNP.scr
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Network\Connections\Santet Online - Mbah Sudah Kemari.PATRIAGEPJ.exe
  • %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Sempak Terbang - Aduuuuuuuuuuuuuuhhhhhhai.PATRIAyxorpe.exe
  • %ALLUSERSPROFILE%\Favorites\Santet Online - Mbah Sudah Kemari.PATRIAGEPJ.exe
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Network\Injek POPOK Mbah Tunem, Work Kejut.PATRIAGEPJ.pif
  • %ALLUSERSPROFILE%\Start Menu\FRONT MISSION THREE.PATRIAGEPJ.exe
Deletes the following files:
  • %WINDIR%\ΔINJECTGUARD.PATRIAGEPJ.exe
  • %WINDIR%\Demon2.0.pif
  • <SYSTEM32>\SET5.tmp
  • %HOMEPATH%\Start Menu\Programs\Startup\scvhost.exe
  • %WINDIR%\Angel2.0.pif
  • <SYSTEM32>\SET1.tmp
  • <SYSTEM32>\ntoskrnl.exe
  • %WINDIR%\ntoskrnl.exe
  • %WINDIR%\ϧGHOSTERY.PATRIAGNP.scr
Moves the following files:
  • from %WINDIR%\PATRIAGEPJ.Tamparan.pif to %WINDIR%\PATRIAGEPJ.Tamparan.pif
  • from <SYSTEM32>\ntoskrnl.exe to <SYSTEM32>\OLD6.tmp
  • from %WINDIR%\LastGood\TMP2.tmp to %WINDIR%\LastGood\system32\ntoskrnl.exe
  • from <SYSTEM32>\ntoskrnl.exe to <SYSTEM32>\OLD3.tmp
Miscellaneous:
Searches for the following windows:
  • ClassName: 'Shell_TrayWnd' WindowName: ''

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play