FÜR NUTZER

Schließen

Meine Bibliothek
Meine Bibliothek

+ Zur Bibliothek hinzufügen

Suche
Suche

Support
Support 24/7 | Regeln zur Anfragenübermittlung

Schreiben Sie uns

Online-Formular

Telefon

+49 (0) 170 488 40 28

Forum

Ihre Anfragen

Neue Anfrage

Rufen Sie uns an

+7 (495) 789-45-86

Profil

DE

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Schließen
Services
Scanner
Dr.Web vxCube
Testversion
Virenbibliothek
Wissensdatenbank

Technologies

Begriffe

Schulung und Training

Mythen

News

Trojan.MulDrop5.17094

Added to the Dr.Web virus database: 2014-05-02

Virus description added:

Technical Information

To ensure autorun and distribution:
Modifies the following registry keys:
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Ac20570O51598' = '%HOMEPATH%\Sv19646Q59589\Audio.exe'
Malicious functions:
Creates and executes the following:
  • '%HOMEPATH%\Sv19646Q59589\Audio.exe'
Modifies file system :
Creates the following files:
  • %HOMEPATH%\Sv19646Q59589\O27646O1349.RPY
  • %HOMEPATH%\Sv19646Q59589\98396.HNP
  • %HOMEPATH%\Sv19646Q59589\14926.OWC
  • %HOMEPATH%\Sv19646Q59589\X10171S2109.HPV
  • %HOMEPATH%\Sv19646Q59589\4498.LQS
  • %HOMEPATH%\Sv19646Q59589\34951.XOH
  • %HOMEPATH%\Sv19646Q59589\41775.UUB
  • %HOMEPATH%\Sv19646Q59589\46007.LVN
  • %HOMEPATH%\Sv19646Q59589\C8868I48101.EJJ
  • %HOMEPATH%\Sv19646Q59589\93127.NQX
  • %HOMEPATH%\Sv19646Q59589\4007.ADN
  • %HOMEPATH%\Sv19646Q59589\K90037X52952.AEG
  • %HOMEPATH%\Sv19646Q59589\A18592B52745.KER
  • %HOMEPATH%\Sv19646Q59589\S92421H22031.AXV
  • %HOMEPATH%\Sv19646Q59589\Q15063D48674.AMW
  • %HOMEPATH%\Sv19646Q59589\Q40218O84597.MWC
  • %HOMEPATH%\Sv19646Q59589\Z44342T38863.THJ
  • %HOMEPATH%\Sv19646Q59589\Z75548H8601.RZJ
  • %HOMEPATH%\Sv19646Q59589\63430.VHA
  • %HOMEPATH%\Sv19646Q59589\I42727W58767.CKB
  • %HOMEPATH%\Sv19646Q59589\T33664F4659.NLS
  • %HOMEPATH%\Sv19646Q59589\48516.CLA
  • %HOMEPATH%\Sv19646Q59589\U63753H49162.JAO
  • %HOMEPATH%\Sv19646Q59589\V71245Z96843.JJT
  • %HOMEPATH%\Sv19646Q59589\40389.TVP
  • %HOMEPATH%\Sv19646Q59589\P20783E17739.MOF
  • %HOMEPATH%\Sv19646Q59589\U87686T30627.XHR
  • %HOMEPATH%\Sv19646Q59589\Z37219L38321.KLT
  • %HOMEPATH%\Sv19646Q59589\N81458W99127.ATZ
  • %HOMEPATH%\Sv19646Q59589\L64624N88799.NRK
  • %HOMEPATH%\Sv19646Q59589\F93199H34138.SZH
  • %HOMEPATH%\Sv19646Q59589\A65118H35651.GCY
  • %HOMEPATH%\Sv19646Q59589\40972.FHT
  • %HOMEPATH%\Sv19646Q59589\74158.RXX
  • %HOMEPATH%\Sv19646Q59589\68773.WSH
  • %HOMEPATH%\Sv19646Q59589\88287.TGG
  • %HOMEPATH%\Sv19646Q59589\90064.BFR
  • %HOMEPATH%\Sv19646Q59589\A66427I98905.UNM
  • %HOMEPATH%\Sv19646Q59589\20797.XSN
  • %HOMEPATH%\Sv19646Q59589\U7484V14192.WJR
  • %HOMEPATH%\Sv19646Q59589\J70929C20166.VJJ
  • %HOMEPATH%\Sv19646Q59589\71999.ABF
  • %HOMEPATH%\Sv19646Q59589\W23104Z30109.BXX
  • %HOMEPATH%\Sv19646Q59589\55848.DTO
  • %HOMEPATH%\Sv19646Q59589\V99894N2985.OLW
  • %HOMEPATH%\Sv19646Q59589\4982.HJH
  • %HOMEPATH%\Sv19646Q59589\91368.DSG
  • %HOMEPATH%\Sv19646Q59589\N89298J21760.KLC
  • %HOMEPATH%\Sv19646Q59589\19803.EPI
  • %HOMEPATH%\Sv19646Q59589\86301.CFV
  • %HOMEPATH%\Sv19646Q59589\Q1355Z70972.ZRH
  • %HOMEPATH%\Sv19646Q59589\V92219O35110.OAL
  • %HOMEPATH%\Sv19646Q59589\W45897I21862.ZJW
  • %HOMEPATH%\Sv19646Q59589\C54217P32601.OSP
  • %HOMEPATH%\Sv19646Q59589\93977.USS
  • %HOMEPATH%\Sv19646Q59589\73789.LMW
  • %HOMEPATH%\Sv19646Q59589\H97298C10914.NAJ
  • %HOMEPATH%\Sv19646Q59589\75830.ITI
  • %HOMEPATH%\Sv19646Q59589\W33448I50499.CZS
  • %HOMEPATH%\Sv19646Q59589\8018.HJB
  • %HOMEPATH%\Sv19646Q59589\S57297N8364.ZSR
  • %HOMEPATH%\Sv19646Q59589\57429.YRX
  • %HOMEPATH%\Sv19646Q59589\L30044J27120.TDX
  • %HOMEPATH%\Sv19646Q59589\21111.AXB
  • %HOMEPATH%\Sv19646Q59589\98263.SJQ
  • %HOMEPATH%\Sv19646Q59589\72341.UUT
  • %HOMEPATH%\Sv19646Q59589\66517.TXV
  • %HOMEPATH%\Sv19646Q59589\44140.XKK
  • %HOMEPATH%\Sv19646Q59589\L8419Z83399.IMT
  • %HOMEPATH%\Sv19646Q59589\Y27572K55047.NGN
  • %HOMEPATH%\Sv19646Q59589\30963.UTA
  • %HOMEPATH%\Sv19646Q59589\92169.VYJ
  • %HOMEPATH%\Sv19646Q59589\82473.RQF
  • %HOMEPATH%\Sv19646Q59589\X13363P90621.XCB
  • %HOMEPATH%\Sv19646Q59589\M48691U97759.OVO
  • %HOMEPATH%\Sv19646Q59589\H65100P78852.LHP
  • %HOMEPATH%\Sv19646Q59589\K64784V32425.OEL
  • %HOMEPATH%\Sv19646Q59589\M40038B28229.OTO
  • %HOMEPATH%\Sv19646Q59589\Q70480N52315.XGY
  • %HOMEPATH%\Sv19646Q59589\49652.ZBO
  • %HOMEPATH%\Sv19646Q59589\R54849J74570.ZSH
  • %HOMEPATH%\Sv19646Q59589\I53131M48541.KQN
  • %HOMEPATH%\Sv19646Q59589\B47963K73389.FZG
  • %HOMEPATH%\Sv19646Q59589\73046.PVP
  • %HOMEPATH%\Sv19646Q59589\76930.CAU
  • %HOMEPATH%\Sv19646Q59589\13506.LLL
  • %HOMEPATH%\Sv19646Q59589\28490.JFF
  • %HOMEPATH%\Sv19646Q59589\97506.XNP
  • %HOMEPATH%\Sv19646Q59589\81542.EZS
  • %HOMEPATH%\Sv19646Q59589\54039.LJO
  • %HOMEPATH%\Sv19646Q59589\V66116F91448.WUO
  • %HOMEPATH%\Sv19646Q59589\T87525B5857.VFI
  • %HOMEPATH%\Sv19646Q59589\W34703R53306.BPU
  • %HOMEPATH%\Sv19646Q59589\K78021A81736.RNS
  • %HOMEPATH%\Sv19646Q59589\34791.WMN
  • %HOMEPATH%\Sv19646Q59589\H98169P13255.EDV
  • %HOMEPATH%\Sv19646Q59589\65998.VII
  • %HOMEPATH%\Sv19646Q59589\24740.PYE
  • %HOMEPATH%\Sv19646Q59589\94923.VXE
  • %HOMEPATH%\Sv19646Q59589\52899.DQO
  • %HOMEPATH%\Sv19646Q59589\9549.CZG
  • %HOMEPATH%\Sv19646Q59589\G5793Q53631.GKS
  • %HOMEPATH%\Sv19646Q59589\A22781B41414.XUL
  • %HOMEPATH%\Sv19646Q59589\R96994R32383.UUZ
  • %HOMEPATH%\Sv19646Q59589\96706.HBD
  • %HOMEPATH%\Sv19646Q59589\A92635C56430.SAY
  • %HOMEPATH%\Sv19646Q59589\H37719R99152.KFK
  • %HOMEPATH%\Sv19646Q59589\39572.KZZ
  • %HOMEPATH%\Sv19646Q59589\52030.HIB
  • %HOMEPATH%\Sv19646Q59589\N92219D12209.OCP
  • %HOMEPATH%\Sv19646Q59589\21497.NRL
  • %HOMEPATH%\Sv19646Q59589\95676.BWO
  • %HOMEPATH%\Sv19646Q59589\O98651Y40443.TZV
  • %HOMEPATH%\Sv19646Q59589\79328.QPF
  • %HOMEPATH%\Sv19646Q59589\U1505S96573.EYB
  • %HOMEPATH%\Sv19646Q59589\30592.LAF
  • %HOMEPATH%\Sv19646Q59589\89866.NFU
  • %HOMEPATH%\Sv19646Q59589\2371.PVT
  • %HOMEPATH%\Sv19646Q59589\87726.DET
  • %HOMEPATH%\Sv19646Q59589\38977.OCO
  • %HOMEPATH%\Sv19646Q59589\D45763O35871.QCY
  • %HOMEPATH%\Sv19646Q59589\G42075K22100.ALT
  • %HOMEPATH%\Sv19646Q59589\79998.DVS
  • %HOMEPATH%\Sv19646Q59589\68655.RNW
  • %HOMEPATH%\Sv19646Q59589\H16282A78115.AUQ
  • %HOMEPATH%\Sv19646Q59589\8993.MBI
  • %HOMEPATH%\Sv19646Q59589\H46874A78037.EXP
  • %HOMEPATH%\Sv19646Q59589\26984.AUI
  • %HOMEPATH%\Sv19646Q59589\K16700O55829.VZK
  • %HOMEPATH%\Sv19646Q59589\42135.OCX
  • %HOMEPATH%\Sv19646Q59589\U55926P54855.BOC
  • %HOMEPATH%\Sv19646Q59589\52871.DZO
  • %HOMEPATH%\Sv19646Q59589\O65547I92522.VBQ
  • %HOMEPATH%\Sv19646Q59589\J76961X30389.FIP
  • %HOMEPATH%\Sv19646Q59589\T59311I27724.TMY
  • %HOMEPATH%\Sv19646Q59589\X27093V3863.EMU
  • %HOMEPATH%\Sv19646Q59589\96941.IUN
  • %HOMEPATH%\Sv19646Q59589\99719.DDJ
  • %HOMEPATH%\Sv19646Q59589\78560.CRX
  • %HOMEPATH%\Sv19646Q59589\68795.MNE
  • %HOMEPATH%\Sv19646Q59589\B8268H86083.ZHH
  • %HOMEPATH%\Sv19646Q59589\W63155Z79782.UOF
  • %HOMEPATH%\Sv19646Q59589\W5569H19597.NHX
  • %HOMEPATH%\Sv19646Q59589\17533.RGL
  • %HOMEPATH%\Sv19646Q59589\O82970K62639.UCF
  • %HOMEPATH%\Sv19646Q59589\53251.FEY
  • %HOMEPATH%\Sv19646Q59589\43485.XCS
  • %HOMEPATH%\Sv19646Q59589\I48358C74027.CIZ
  • %HOMEPATH%\Sv19646Q59589\83590.WXN
  • %HOMEPATH%\Sv19646Q59589\E72592R37533.WIX
  • %HOMEPATH%\Sv19646Q59589\C96835I65418.WST
  • %HOMEPATH%\Sv19646Q59589\4015.OOY
  • %HOMEPATH%\Sv19646Q59589\A85837O89553.VGW
  • %HOMEPATH%\Sv19646Q59589\2866.JAD
  • %HOMEPATH%\Sv19646Q59589\77704.DXJ
  • %HOMEPATH%\Sv19646Q59589\B14897Y80631.HYP
  • %HOMEPATH%\Sv19646Q59589\41431.IMK
  • %HOMEPATH%\Sv19646Q59589\91921.LVM
  • %HOMEPATH%\Sv19646Q59589\55082.MAV
  • %HOMEPATH%\Sv19646Q59589\89655.KRG
  • %HOMEPATH%\Sv19646Q59589\90874.CLQ
  • %HOMEPATH%\Sv19646Q59589\Y67677Q4935.VGH
  • %HOMEPATH%\Sv19646Q59589\E32226H57819.AAS
  • %HOMEPATH%\Sv19646Q59589\21183.FLS
  • %HOMEPATH%\Sv19646Q59589\5502.XCG
  • %HOMEPATH%\Sv19646Q59589\14097.FNP
  • %HOMEPATH%\Sv19646Q59589\E11906W2000.DIP
  • %HOMEPATH%\Sv19646Q59589\38735.BVH
  • %HOMEPATH%\Sv19646Q59589\P20638W82384.ZAU
  • %HOMEPATH%\Sv19646Q59589\5958.WOV
  • %HOMEPATH%\Sv19646Q59589\T32859N41846.WBO
  • %HOMEPATH%\Sv19646Q59589\2456.DQF
  • %HOMEPATH%\Sv19646Q59589\P49933J97214.KLN
  • %HOMEPATH%\Sv19646Q59589\83147.UFZ
  • %HOMEPATH%\Sv19646Q59589\38454.IZO
  • %HOMEPATH%\Sv19646Q59589\32544.PNC
  • %HOMEPATH%\Sv19646Q59589\G32069L83559.RDS
  • %HOMEPATH%\Sv19646Q59589\90596.QXH
  • %HOMEPATH%\Sv19646Q59589\Q51488N55233.EKL
  • %HOMEPATH%\Sv19646Q59589\80097.WDW
  • %HOMEPATH%\Sv19646Q59589\W56647J4386.YNA
  • %HOMEPATH%\Sv19646Q59589\P48063X79596.DWX
  • %HOMEPATH%\Sv19646Q59589\90675.SGS
  • %HOMEPATH%\Sv19646Q59589\W14886E75448.UQL
  • %HOMEPATH%\Sv19646Q59589\94416.EXK
  • %HOMEPATH%\Sv19646Q59589\25049.KHW
  • %HOMEPATH%\Sv19646Q59589\17295.ACH
  • %HOMEPATH%\Sv19646Q59589\68165.RVP
  • %HOMEPATH%\Sv19646Q59589\O45487N68547.WHK
  • %HOMEPATH%\Sv19646Q59589\24582.FUS
  • %HOMEPATH%\Eb42574P50722.txt
  • %HOMEPATH%\Sv19646Q59589\XL.HEJ
  • %HOMEPATH%\Ak83884T87797.AV9
  • %TEMP%\aut1.tmp
  • %HOMEPATH%\Sv19646Q59589\22167.JEG
  • %HOMEPATH%\Sv19646Q59589\W47209F58839.OLO
  • %HOMEPATH%\Sv19646Q59589\I14426K14717.NKX
  • %HOMEPATH%\Sv19646Q59589\U32012E14343.TRP
  • %HOMEPATH%\Sv19646Q59589\14572.FQF
  • %HOMEPATH%\Sv19646Q59589\I77194T80103.SHC
  • %HOMEPATH%\Sv19646Q59589\P55021J92627.VHL
  • %HOMEPATH%\Sv19646Q59589\A71857O12032.MXQ
  • %HOMEPATH%\Sv19646Q59589\60848.UNO
  • %HOMEPATH%\Sv19646Q59589\M31974W32484.FOX
  • %HOMEPATH%\Sv19646Q59589\P33260P6924.NHF
  • %HOMEPATH%\Sv19646Q59589\L54608G55483.IFF
  • %HOMEPATH%\Sv19646Q59589\7465.UTU
  • %HOMEPATH%\Sv19646Q59589\38353.NMB
  • %HOMEPATH%\Sv19646Q59589\73022.MXN
  • %HOMEPATH%\Sv19646Q59589\99081.HIM
  • %HOMEPATH%\Sv19646Q59589\Y57018K60584.HZY
  • %HOMEPATH%\Sv19646Q59589\R8841J38613.DTM
  • %HOMEPATH%\Sv19646Q59589\80863.AIE
  • %HOMEPATH%\Sv19646Q59589\P45703R72300.GXA
  • %HOMEPATH%\Sv19646Q59589\B2341D84076.FMY
  • %HOMEPATH%\Sv19646Q59589\U8199W47398.MHA
  • %HOMEPATH%\Sv19646Q59589\95755.XCJ
  • %HOMEPATH%\Sv19646Q59589\35820.MRX
  • %HOMEPATH%\Sv19646Q59589\S20873F39381.BPP
  • %HOMEPATH%\Sv19646Q59589\R74018V75686.IMO
  • %HOMEPATH%\Sv19646Q59589\T54318A38487.UFN
  • %HOMEPATH%\Sv19646Q59589\B91456P13015.LPH
  • %HOMEPATH%\Sv19646Q59589\84016.KXM
  • %HOMEPATH%\Sv19646Q59589\62433.CZK
  • %HOMEPATH%\Sv19646Q59589\Y79607Y76292.INJ
  • %HOMEPATH%\Sv19646Q59589\98728.OLY
  • %HOMEPATH%\Sv19646Q59589\S93796I34606.IZW
  • %HOMEPATH%\Sv19646Q59589\N8026O35690.WVJ
  • %HOMEPATH%\Sv19646Q59589\W65775I24143.VYN
  • %HOMEPATH%\Sv19646Q59589\R92959B31050.QXR
  • %HOMEPATH%\Sv19646Q59589\D31507R46467.JZL
  • %HOMEPATH%\Sv19646Q59589\W22650S66534.CIG
  • %HOMEPATH%\Sv19646Q59589\C72477Z20840.PLQ
  • %HOMEPATH%\Sv19646Q59589\23166.AZA
  • %HOMEPATH%\Sv19646Q59589\23457.FAS
  • %HOMEPATH%\Sv19646Q59589\10442.KER
  • %HOMEPATH%\Sv19646Q59589\F46422O2903.YIR
  • %HOMEPATH%\Sv19646Q59589\95009.LUK
  • %HOMEPATH%\Sv19646Q59589\S74432E59674.DNU
  • %HOMEPATH%\Sv19646Q59589\50454.RVU
  • %HOMEPATH%\Sv19646Q59589\29287.YNP
  • %HOMEPATH%\Sv19646Q59589\95207.HBT
  • %HOMEPATH%\Sv19646Q59589\80860.HXZ
  • %HOMEPATH%\Sv19646Q59589\C35456T40765.COP
  • %HOMEPATH%\Sv19646Q59589\U21292S46965.REG
  • %HOMEPATH%\Sv19646Q59589\T21618O3416.VAI
  • %HOMEPATH%\Sv19646Q59589\B61348S27698.FNI
  • %HOMEPATH%\Sv19646Q59589\90124.SWE
  • %HOMEPATH%\Sv19646Q59589\K22151U16135.EAQ
  • %HOMEPATH%\Sv19646Q59589\30827.YYC
  • %HOMEPATH%\Sv19646Q59589\17024.TTT
  • %HOMEPATH%\Sv19646Q59589\G41033O90725.GDR
  • %HOMEPATH%\Sv19646Q59589\9332.DAX
  • %HOMEPATH%\Sv19646Q59589\W98581Z23320.WCZ
  • %HOMEPATH%\Sv19646Q59589\74179.XPY
  • %HOMEPATH%\Sv19646Q59589\P49566C50160.WZP
  • %HOMEPATH%\Sv19646Q59589\45613.ZBJ
  • %HOMEPATH%\Sv19646Q59589\77006.DXH
  • %HOMEPATH%\Sv19646Q59589\80355.QJQ
  • %HOMEPATH%\Sv19646Q59589\82083.YZL
  • %HOMEPATH%\Sv19646Q59589\M38621M89412.QTJ
  • %HOMEPATH%\Sv19646Q59589\21337.JKZ
  • %HOMEPATH%\Sv19646Q59589\B94284H28391.GLS
  • %HOMEPATH%\Sv19646Q59589\H93003E72993.PJY
  • %HOMEPATH%\Sv19646Q59589\X1182W70663.SNL
  • %HOMEPATH%\Sv19646Q59589\82607.VPU
  • %HOMEPATH%\Sv19646Q59589\U62132W43811.BKS
  • %HOMEPATH%\Sv19646Q59589\10606.XPR
  • %HOMEPATH%\Sv19646Q59589\44558.JJA
  • %HOMEPATH%\Sv19646Q59589\35772.GRX
  • %HOMEPATH%\Sv19646Q59589\D1945G33882.VNS
  • %HOMEPATH%\Sv19646Q59589\77895.XQZ
  • %HOMEPATH%\Sv19646Q59589\2053.TTV
  • %HOMEPATH%\Sv19646Q59589\10905.HFT
  • %HOMEPATH%\Sv19646Q59589\82849.FNW
  • %HOMEPATH%\Sv19646Q59589\89319.AZH
  • %HOMEPATH%\Sv19646Q59589\P83827J81159.TMC
  • %HOMEPATH%\Sv19646Q59589\43871.HKV
  • %HOMEPATH%\Sv19646Q59589\O20801B14188.TCX
  • %HOMEPATH%\Sv19646Q59589\Y58941Z37877.DCS
  • %HOMEPATH%\Sv19646Q59589\8004.OEH
  • %HOMEPATH%\Sv19646Q59589\20684.HGM
  • %HOMEPATH%\Sv19646Q59589\40448.XMT
  • %HOMEPATH%\Sv19646Q59589\V81587J87016.ZFU
  • %HOMEPATH%\Sv19646Q59589\C72091N3124.STN
  • %HOMEPATH%\Sv19646Q59589\47562.DCY
  • %HOMEPATH%\Sv19646Q59589\Z64613G39833.YCA
  • %HOMEPATH%\Sv19646Q59589\55101.DHX
  • %HOMEPATH%\Sv19646Q59589\Z70411M54825.ELT
  • %HOMEPATH%\Sv19646Q59589\X63596M58486.XIJ
  • %HOMEPATH%\Sv19646Q59589\52763.KYK
  • %HOMEPATH%\Sv19646Q59589\L10226L29272.AGP
  • %HOMEPATH%\Sv19646Q59589\17720.YDW
  • %HOMEPATH%\Sv19646Q59589\29087.IAE
  • %HOMEPATH%\Sv19646Q59589\G49737Y12999.TSE
  • %HOMEPATH%\Sv19646Q59589\P8765Y48261.UON
  • %HOMEPATH%\Sv19646Q59589\G88005G53196.EHK
  • %HOMEPATH%\Sv19646Q59589\20156.LPP
  • %HOMEPATH%\Sv19646Q59589\D42554Y67237.HLE
  • %HOMEPATH%\Sv19646Q59589\U48244U2605.ELF
  • %HOMEPATH%\Sv19646Q59589\B34495V91802.VLH
  • %HOMEPATH%\Sv19646Q59589\V96130K34724.FZB
  • %HOMEPATH%\Sv19646Q59589\31088.UXZ
  • %HOMEPATH%\Sv19646Q59589\M70188C25407.NQC
  • %HOMEPATH%\Sv19646Q59589\V6813J54943.GFN
  • %HOMEPATH%\Sv19646Q59589\89905.MPN
  • %HOMEPATH%\Sv19646Q59589\K99868V88895.CGI
  • %HOMEPATH%\Sv19646Q59589\P40059C30159.IJL
  • %HOMEPATH%\Sv19646Q59589\12035.JXA
  • %HOMEPATH%\Sv19646Q59589\R15910X70270.ERM
  • %HOMEPATH%\Sv19646Q59589\76037.KWY
  • %HOMEPATH%\Sv19646Q59589\W7917D37269.ULC
  • %HOMEPATH%\Sv19646Q59589\W29124F94689.PJS
  • %HOMEPATH%\Sv19646Q59589\V17433S75392.UGP
  • %HOMEPATH%\Sv19646Q59589\58524.IHJ
  • %HOMEPATH%\Sv19646Q59589\P26484I4736.HIM
  • %HOMEPATH%\Sv19646Q59589\45819.PSZ
  • %HOMEPATH%\Sv19646Q59589\62743.JLV
  • %HOMEPATH%\Sv19646Q59589\H8192F46777.DQB
  • %HOMEPATH%\Sv19646Q59589\92856.MLU
  • %HOMEPATH%\Sv19646Q59589\1539.WST
  • %HOMEPATH%\Sv19646Q59589\28286.LEA
  • %HOMEPATH%\Sv19646Q59589\2694.PZF
  • %HOMEPATH%\Sv19646Q59589\S7430K37732.RTB
  • %HOMEPATH%\Sv19646Q59589\W37859R22292.MJQ
  • %HOMEPATH%\Sv19646Q59589\98058.GHV
  • %HOMEPATH%\Sv19646Q59589\Y15818W85815.TYU
  • %HOMEPATH%\Sv19646Q59589\Q67881V5583.JFB
  • %HOMEPATH%\Sv19646Q59589\M77395K48736.JLV
  • %HOMEPATH%\Sv19646Q59589\C13006Q80673.ONK
  • %HOMEPATH%\Sv19646Q59589\40752.OCJ
  • %HOMEPATH%\Sv19646Q59589\O26978I38437.NPB
  • %HOMEPATH%\Sv19646Q59589\56701.UJR
  • %HOMEPATH%\Sv19646Q59589\26688.ITS
  • %HOMEPATH%\Sv19646Q59589\B70130T69538.TFM
  • %HOMEPATH%\Sv19646Q59589\R96853J54948.ZID
  • %HOMEPATH%\Sv19646Q59589\Z63185X12371.VJP
  • %HOMEPATH%\Sv19646Q59589\F33797I74939.PJK
  • %HOMEPATH%\Sv19646Q59589\T27444Y16858.BOZ
  • %HOMEPATH%\Sv19646Q59589\46684.ZYY
  • %HOMEPATH%\Sv19646Q59589\L98282D88933.PSD
  • %HOMEPATH%\Sv19646Q59589\F6951W41680.CPO
  • %HOMEPATH%\Sv19646Q59589\72750.HUR
  • %HOMEPATH%\Sv19646Q59589\M4871E34381.IZX
  • %HOMEPATH%\Sv19646Q59589\T97642X4218.TYN
  • %HOMEPATH%\Sv19646Q59589\C12783L59709.FED
  • %HOMEPATH%\Sv19646Q59589\22492.YGN
  • %HOMEPATH%\Sv19646Q59589\X20697V96838.QMY
  • %HOMEPATH%\Sv19646Q59589\22378.LBC
  • %HOMEPATH%\Sv19646Q59589\G26949T25047.WJL
  • %HOMEPATH%\Sv19646Q59589\79264.FSD
  • %HOMEPATH%\Sv19646Q59589\18037.LRJ
  • %HOMEPATH%\Sv19646Q59589\Q30927V66032.ZSN
  • %HOMEPATH%\Sv19646Q59589\90141.FXU
  • %HOMEPATH%\Sv19646Q59589\L13221F4685.ILD
  • %HOMEPATH%\Sv19646Q59589\R92764J93226.ENK
  • %HOMEPATH%\Sv19646Q59589\34617.TAN
  • %HOMEPATH%\Sv19646Q59589\M70943J70365.MAD
  • %HOMEPATH%\Sv19646Q59589\Q15400B29008.CNR
  • %HOMEPATH%\Sv19646Q59589\80520.UAA
  • %HOMEPATH%\Sv19646Q59589\28625.NFK
  • %HOMEPATH%\Sv19646Q59589\16360.TFW
  • %HOMEPATH%\Sv19646Q59589\J27578Z25919.SXU
  • %HOMEPATH%\Sv19646Q59589\67174.NXP
  • %HOMEPATH%\Sv19646Q59589\E31656L13384.JER
  • %HOMEPATH%\Sv19646Q59589\21712.KHE
  • %HOMEPATH%\Sv19646Q59589\94041.TEP
  • %HOMEPATH%\Sv19646Q59589\26558.ZJW
  • %HOMEPATH%\Sv19646Q59589\Q19335F73018.JRW
  • %HOMEPATH%\Sv19646Q59589\36527.CHD
  • %HOMEPATH%\Sv19646Q59589\L72629J54665.UCO
  • %HOMEPATH%\Sv19646Q59589\H70894Q72805.TDA
  • %HOMEPATH%\Sv19646Q59589\61956.XRM
  • %HOMEPATH%\Sv19646Q59589\66652.KAR
  • %HOMEPATH%\Sv19646Q59589\8813.XYG
  • %HOMEPATH%\Sv19646Q59589\P81300G95640.BHU
  • %HOMEPATH%\Sv19646Q59589\R80112I47017.VDQ
  • %HOMEPATH%\Sv19646Q59589\N32848Z69748.FAZ
  • %HOMEPATH%\Sv19646Q59589\C36671Z34720.CVS
  • %HOMEPATH%\Sv19646Q59589\31062.UCB
  • %HOMEPATH%\Sv19646Q59589\39266.IQF
  • %HOMEPATH%\Sv19646Q59589\P74720I12186.AWR
  • %HOMEPATH%\Sv19646Q59589\L3036S12454.OYW
  • %HOMEPATH%\Sv19646Q59589\47461.KRS
  • %HOMEPATH%\Sv19646Q59589\99314.TNK
  • %HOMEPATH%\Sv19646Q59589\7091.OSC
  • %HOMEPATH%\Sv19646Q59589\Audio.exe
  • %HOMEPATH%\Sv19646Q59589\Y51776K23294.KPF
  • %HOMEPATH%\Sv19646Q59589\23556.UNQ
  • %HOMEPATH%\Sv19646Q59589\42613.EKR
  • %HOMEPATH%\Sv19646Q59589\Z8616E35976.HFY
  • %HOMEPATH%\Sv19646Q59589\71835.MUK
  • %HOMEPATH%\Sv19646Q59589\B24974O17811.VXV
  • %HOMEPATH%\Sv19646Q59589\55457.JAK
  • %HOMEPATH%\Sv19646Q59589\5424.XRF
  • %HOMEPATH%\Sv19646Q59589\R60610A78319.DCY
  • %HOMEPATH%\Sv19646Q59589\22503.ONB
  • %HOMEPATH%\Sv19646Q59589\76544.LYV
  • %HOMEPATH%\Sv19646Q59589\38298.XMD
  • %HOMEPATH%\Sv19646Q59589\C85115B63292.ZUV
  • %HOMEPATH%\Sv19646Q59589\32648.FBW
  • %HOMEPATH%\Sv19646Q59589\12931.SOH
  • %HOMEPATH%\Sv19646Q59589\78242.JHK
  • %HOMEPATH%\Sv19646Q59589\Y9695H95919.CJH
  • %HOMEPATH%\Sv19646Q59589\W8464B56501.EDB
  • %HOMEPATH%\Sv19646Q59589\49975.QWT
  • %HOMEPATH%\Sv19646Q59589\97721.RJC
  • %HOMEPATH%\Sv19646Q59589\B55182U66511.LDI
  • %HOMEPATH%\Sv19646Q59589\94872.KUR
  • %HOMEPATH%\Sv19646Q59589\O11484E20535.UFD
  • %HOMEPATH%\Sv19646Q59589\R8688D8137.POS
  • %HOMEPATH%\Sv19646Q59589\52745.BEC
  • %HOMEPATH%\Sv19646Q59589\59398.TMZ
  • %HOMEPATH%\Sv19646Q59589\96877.WTJ
  • %HOMEPATH%\Sv19646Q59589\17306.OCE
  • %HOMEPATH%\Sv19646Q59589\L45304H26795.CDI
  • %HOMEPATH%\Sv19646Q59589\67228.FLO
  • %HOMEPATH%\Sv19646Q59589\69745.MHE
  • %HOMEPATH%\Sv19646Q59589\8406.GRN
  • %HOMEPATH%\Sv19646Q59589\C45493Q97892.MLQ
  • %HOMEPATH%\Sv19646Q59589\86881.STK
  • %HOMEPATH%\Sv19646Q59589\C95994W59275.NKO
  • %HOMEPATH%\Sv19646Q59589\H64361T54663.WNG
  • %HOMEPATH%\Sv19646Q59589\32172.MXF
  • %HOMEPATH%\Sv19646Q59589\L94502L11586.RYZ
  • %HOMEPATH%\Sv19646Q59589\I1525V22218.YWC
  • %HOMEPATH%\Sv19646Q59589\5541.BAZ
  • %HOMEPATH%\Sv19646Q59589\M8545I10980.DDU
  • %HOMEPATH%\Sv19646Q59589\M54447P51880.EZJ
  • %HOMEPATH%\Sv19646Q59589\67343.RXA
  • %HOMEPATH%\Sv19646Q59589\B50598K55308.CMD
  • %HOMEPATH%\Sv19646Q59589\D79637M70754.NAD
  • %HOMEPATH%\Sv19646Q59589\98126.GFI
  • %HOMEPATH%\Sv19646Q59589\66573.WMD
  • %HOMEPATH%\Sv19646Q59589\32055.WKS
  • %HOMEPATH%\Sv19646Q59589\Z58990D32107.VWQ
  • %HOMEPATH%\Sv19646Q59589\99339.LGB
  • %HOMEPATH%\Sv19646Q59589\K67832U63198.ZSF
  • %HOMEPATH%\Sv19646Q59589\E51980A59093.ELS
  • %HOMEPATH%\Sv19646Q59589\J40286F86785.RMY
  • %HOMEPATH%\Sv19646Q59589\14363.MYR
  • %HOMEPATH%\Sv19646Q59589\42516.UPH
  • %HOMEPATH%\Sv19646Q59589\89158.FCY
  • %HOMEPATH%\Sv19646Q59589\1328.ETV
  • %HOMEPATH%\Sv19646Q59589\57478.JCS
  • %HOMEPATH%\Sv19646Q59589\85370.HFY
  • %HOMEPATH%\Sv19646Q59589\45723.VYK
  • %HOMEPATH%\Sv19646Q59589\P15201J52517.HIC
  • %HOMEPATH%\Sv19646Q59589\37346.YJP
  • %HOMEPATH%\Sv19646Q59589\V89306V1382.EBM
  • %HOMEPATH%\Sv19646Q59589\28285.EKJ
  • %HOMEPATH%\Sv19646Q59589\R77955P18600.IBS
  • %HOMEPATH%\Sv19646Q59589\15096.RVK
  • %HOMEPATH%\Sv19646Q59589\89617.GVQ
  • %HOMEPATH%\Sv19646Q59589\P63688L32335.PQY
  • %HOMEPATH%\Sv19646Q59589\G15824K45618.RBS
  • %HOMEPATH%\Sv19646Q59589\44129.QYF
  • %HOMEPATH%\Sv19646Q59589\76002.JAA
  • %HOMEPATH%\Sv19646Q59589\41039.JGS
  • %HOMEPATH%\Sv19646Q59589\I84947M42860.OTS
  • %HOMEPATH%\Sv19646Q59589\1471.UJN
  • %HOMEPATH%\Sv19646Q59589\76211.NAO
  • %HOMEPATH%\Sv19646Q59589\R75621R37131.ROJ
  • %HOMEPATH%\Sv19646Q59589\K74996A33835.SWE
  • %HOMEPATH%\Sv19646Q59589\25635.WUR
  • %HOMEPATH%\Sv19646Q59589\K15521B53243.BNF
  • %HOMEPATH%\Sv19646Q59589\31202.CUD
  • %HOMEPATH%\Sv19646Q59589\76072.JQB
  • %HOMEPATH%\Sv19646Q59589\F48722T84509.KXO
  • %HOMEPATH%\Sv19646Q59589\K56677M45880.WDR
  • %HOMEPATH%\Sv19646Q59589\W95727P41266.VUZ
  • %HOMEPATH%\Sv19646Q59589\T3009Z28319.XTH
  • %HOMEPATH%\Sv19646Q59589\30516.EVU
  • %HOMEPATH%\Sv19646Q59589\T17759P28277.ZGE
  • %HOMEPATH%\Sv19646Q59589\92505.SCQ
  • %HOMEPATH%\Sv19646Q59589\K98967E48776.XIZ
  • %HOMEPATH%\Sv19646Q59589\S74790W64024.WYW
  • %HOMEPATH%\Sv19646Q59589\86767.GNC
  • %HOMEPATH%\Sv19646Q59589\E68060J45916.TGK
  • %HOMEPATH%\Sv19646Q59589\M49390N22484.ZJK
  • %HOMEPATH%\Sv19646Q59589\G98611Y8342.ESS
  • %HOMEPATH%\Sv19646Q59589\G27206F11781.VPR
  • %HOMEPATH%\Sv19646Q59589\58123.XPO
  • %HOMEPATH%\Sv19646Q59589\U39666M83619.TQX
  • %HOMEPATH%\Sv19646Q59589\F44341I23754.QJS
  • %HOMEPATH%\Sv19646Q59589\71755.EYS
  • %HOMEPATH%\Sv19646Q59589\10790.ZMY
  • %HOMEPATH%\Sv19646Q59589\27595.HRG
  • %HOMEPATH%\Sv19646Q59589\77270.GYL
  • %HOMEPATH%\Sv19646Q59589\E64541D30199.FKO
  • %HOMEPATH%\Sv19646Q59589\V49044N61385.VQU
  • %HOMEPATH%\Sv19646Q59589\38382.BAO
  • %HOMEPATH%\Sv19646Q59589\16254.SZR
  • %HOMEPATH%\Sv19646Q59589\28709.SME
  • %HOMEPATH%\Sv19646Q59589\84593.UVE
  • %HOMEPATH%\Sv19646Q59589\K36898H3761.WDI
  • %HOMEPATH%\Sv19646Q59589\A39673E89794.FVO
  • %HOMEPATH%\Sv19646Q59589\19431.LGC
  • %HOMEPATH%\Sv19646Q59589\10252.UEO
  • %HOMEPATH%\Sv19646Q59589\P95472V94165.PPV
  • %HOMEPATH%\Sv19646Q59589\O33150Y68805.IBO
  • %HOMEPATH%\Sv19646Q59589\S33274Q54793.CEY
  • %HOMEPATH%\Sv19646Q59589\S33541W17775.QSY
  • %HOMEPATH%\Sv19646Q59589\94448.TVU
  • %HOMEPATH%\Sv19646Q59589\7014.BIY
  • %HOMEPATH%\Sv19646Q59589\98793.FXA
  • %HOMEPATH%\Sv19646Q59589\99823.PBW
  • %HOMEPATH%\Sv19646Q59589\H90216H15977.KQD
  • %HOMEPATH%\Sv19646Q59589\K1429U36281.HMC
  • %HOMEPATH%\Sv19646Q59589\74961.WSA
  • %HOMEPATH%\Sv19646Q59589\31825.JUE
  • %HOMEPATH%\Sv19646Q59589\H84618U48864.ALM
  • %HOMEPATH%\Sv19646Q59589\66396.XSF
  • %HOMEPATH%\Sv19646Q59589\7712.JCI
  • %HOMEPATH%\Sv19646Q59589\20725.JUF
  • %HOMEPATH%\Sv19646Q59589\38469.OQG
  • %HOMEPATH%\Sv19646Q59589\E82082F1264.SCB
  • %HOMEPATH%\Sv19646Q59589\34971.DEY
  • %HOMEPATH%\Sv19646Q59589\J65500X85696.WDL
  • %HOMEPATH%\Sv19646Q59589\Y82759Y77607.BRP
  • %HOMEPATH%\Sv19646Q59589\85995.KZK
  • %HOMEPATH%\Sv19646Q59589\28527.EWA
  • %HOMEPATH%\Sv19646Q59589\63257.TLC
  • %HOMEPATH%\Sv19646Q59589\S37027I4955.XJZ
  • %HOMEPATH%\Sv19646Q59589\49767.LJI
  • %HOMEPATH%\Sv19646Q59589\73246.POE
  • %HOMEPATH%\Sv19646Q59589\V14212Z59649.IRL
  • %HOMEPATH%\Sv19646Q59589\57449.BKS
  • %HOMEPATH%\Sv19646Q59589\V58510E86281.ZQW
  • %HOMEPATH%\Sv19646Q59589\Y49502P23735.PDI
  • %HOMEPATH%\Sv19646Q59589\80581.FLZ
  • %HOMEPATH%\Sv19646Q59589\M55472B47820.NSH
  • %HOMEPATH%\Sv19646Q59589\26464.KYW
  • %HOMEPATH%\Sv19646Q59589\87349.NUU
  • %HOMEPATH%\Sv19646Q59589\50181.DQF
  • %HOMEPATH%\Sv19646Q59589\81243.ELW
  • %HOMEPATH%\Sv19646Q59589\Q37852H46835.TPP
  • %HOMEPATH%\Sv19646Q59589\I52770T94899.EXR
  • %HOMEPATH%\Sv19646Q59589\61984.JOX
  • %HOMEPATH%\Sv19646Q59589\T29056L67145.SXM
  • %HOMEPATH%\Sv19646Q59589\X24935Q34551.VQG
  • %HOMEPATH%\Sv19646Q59589\89933.IBY
  • %HOMEPATH%\Sv19646Q59589\15936.OUD
  • %HOMEPATH%\Sv19646Q59589\F51493K41418.XQY
  • %HOMEPATH%\Sv19646Q59589\V26677D72607.XJU
  • %HOMEPATH%\Sv19646Q59589\W49588V7074.LWY
  • %HOMEPATH%\Sv19646Q59589\Z30033Y17429.QGC
  • %HOMEPATH%\Sv19646Q59589\61888.EFA
  • %HOMEPATH%\Sv19646Q59589\89549.IZW
  • %HOMEPATH%\Sv19646Q59589\L75088C40940.GWJ
  • %HOMEPATH%\Sv19646Q59589\P46864O47199.KQM
  • %HOMEPATH%\Sv19646Q59589\57991.BVA
  • %HOMEPATH%\Sv19646Q59589\S44041K14211.DSX
  • %HOMEPATH%\Sv19646Q59589\30053.XLM
  • %HOMEPATH%\Sv19646Q59589\83494.TFG
  • %HOMEPATH%\Sv19646Q59589\37125.KAE
  • %HOMEPATH%\Sv19646Q59589\56733.RDU
  • %HOMEPATH%\Sv19646Q59589\X42732J36805.QPW
  • %HOMEPATH%\Sv19646Q59589\O19842X79045.LKS
  • %HOMEPATH%\Sv19646Q59589\82395.ZDD
  • %HOMEPATH%\Sv19646Q59589\Q33138G29769.IQN
  • %HOMEPATH%\Sv19646Q59589\14696.UKR
  • %HOMEPATH%\Sv19646Q59589\6120.LHK
  • %HOMEPATH%\Sv19646Q59589\44226.YMA
  • %HOMEPATH%\Sv19646Q59589\C82937E39280.QBX
  • %HOMEPATH%\Sv19646Q59589\2417.AQK
  • %HOMEPATH%\Sv19646Q59589\9483.BXB
  • %HOMEPATH%\Sv19646Q59589\12415.ZWN
  • %HOMEPATH%\Sv19646Q59589\68803.UIC
  • %HOMEPATH%\Sv19646Q59589\C67173U53597.HHS
  • %HOMEPATH%\Sv19646Q59589\72435.SBQ
  • %HOMEPATH%\Sv19646Q59589\H63302E28855.EZA
  • %HOMEPATH%\Sv19646Q59589\13600.JRS
  • %HOMEPATH%\Sv19646Q59589\19959.LQC
  • %HOMEPATH%\Sv19646Q59589\20320.CND
  • %HOMEPATH%\Sv19646Q59589\21678.YJG
  • %HOMEPATH%\Sv19646Q59589\97572.ZUO
  • %HOMEPATH%\Sv19646Q59589\96864.XVI
  • %HOMEPATH%\Sv19646Q59589\T92513Q56340.ETC
Sets the 'hidden' attribute to the following files:
  • %HOMEPATH%\Ak83884T87797.AV9
  • %HOMEPATH%\Eb42574P50722.txt
Deletes the following files:
  • %TEMP%\aut1.tmp
Miscellaneous:
Searches for the following windows:
  • ClassName: 'Indicator' WindowName: '(null)'
  • ClassName: 'Shell_TrayWnd' WindowName: '(null)'
  • ClassName: 'EDIT' WindowName: '(null)'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play