FÜR NUTZER

Schließen

Meine Bibliothek
Meine Bibliothek

+ Zur Bibliothek hinzufügen

Suche
Suche

Support
Support 24/7 | Regeln zur Anfragenübermittlung

Schreiben Sie uns

Online-Formular

Telefon

+49 (0) 170 488 40 28

Forum

Ihre Anfragen

Neue Anfrage

Rufen Sie uns an

+7 (495) 789-45-86

Profil

DE

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Schließen
Services
Scanner
Dr.Web vxCube
Testversion
Virenbibliothek
Wissensdatenbank

Technologies

Begriffe

Schulung und Training

Mythen

News

Trojan.KillProc2.29842

Added to the Dr.Web virus database: 2025-07-17

Virus description added:

Technical Information

Malicious functions
Terminates or attempts to terminate
the following system processes:
  • %WINDIR%\explorer.exe
  • <SYSTEM32>\taskhost.exe
  • <SYSTEM32>\dwm.exe
the following user processes:
  • iexplore.exe
  • firefox.exe
Modifies file system
Creates the following files
  • %WINDIR%y1s2fctrp3
  • %ProgramFiles%\dvd maker\shared\bd1l5ir horse uncut zn3tvn (dehod0,sarah).zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\z9z7rwe horse lpcu5ai3 ihthd33 40+ .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\z9z7rwe horse sperm big glans .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\nom72kl uncut cock ejn547rbxhd1 (jade).mpg.exe
  • %ProgramFiles%\microsoft office\templates\gzn4ud7e cum nom72kl ihthd33 40+ .mpg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\horse bq4kno cock 779mipj (y8oxsqa).mpeg.exe
  • %ProgramFiles%\windows journal\templates\eq7k2xcxt 7nd83wovj lpcu5ai3 ihthd33 .mpg.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\f1i7cm h93bklf yzw1afy [free] (dxocjwba).mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\8r3baiec wep6b08 horse apv53deiq9fw hole fw58kpr41ob1w (sarah).rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\sperm [milf] mg9fvb2xk9 .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\gay [free] hole .zip.exe
  • %CommonProgramFiles(x86)%\microsoft shared\sperm [bangbus] glans .mpg.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\upfgetx xakmpl mnho9y54 ihthd33 gh5b6gd7wrv .avi.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\sperm nom72kl (sarah).rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\f07qtt 8ok6yf sperm [free] hole b37oavmx289 (y8oxsqa).avi.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\upfgetx cum yzw1afy [milf] titts sm .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\beast [free] (cy4xpd).rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\horse [free] feet .avi.exe
  • %ALLUSERSPROFILE%\templates\horse epyxwn boots .rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\z9z7rwe horse beast apv53deiq9fw glans (36mho73,cy4xpd).rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\8r3baiec ddqayq nom72kl uncut cock 8bgkvshe1 .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\f1i7cm porn mzwpstr8n nom72kl glans .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\nom72kl apv53deiq9fw glans .mpeg.exe
  • %ALLUSERSPROFILE%\templates\f07qtt w6csjja14n1 sperm vjq39c1gwy hotel .avi.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\sperm epyxwn hole .zip.exe
  • C:\users\default\appdata\local\temp\8r3baiec h93bklf xxx uncut (sarah).mpeg.exe
  • C:\users\default\appdata\local\<INETFILES>\eq7k2xcxt bd1l5ir lpcu5ai3 uncut titts 50+ .zip.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\f1i7cm ddqayq mnho9y54 uncut .mpg.exe
  • C:\users\default\templates\horse bq4kno .mpeg.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\gzn4ud7e cum beast ihthd33 (2hbt8wr).avi.exe
  • %TEMP%\nom72kl girls cock ejn547rbxhd1 .avi.exe
  • %LOCALAPPDATA%\<INETFILES>\s2fkave xakmpl yzw1afy [bangbus] ae2sd7u4xh .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\gay vjq39c1gwy hole sgoibhh .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\sperm l9hwcs7vvnphd9 feet .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\z9z7rwe cum mzwpstr8n big lady .rar.exe
  • %APPDATA%\microsoft\templates\s2fkave w6csjja14n1 mnho9y54 sgu4m7oc titts .rar.exe
  • %APPDATA%\microsoft\windows\templates\z9z7rwe w6csjja14n1 gay epyxwn cock hairy .mpg.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\xxx l9hwcs7vvnphd9 cock girly (jade).rar.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\f1i7cm porn lpcu5ai3 [milf] sweet (dehod0,2hbt8wr).mpeg.exe
  • %HOMEPATH%\templates\z9z7rwe 7nd83wovj gay hot (!) girly .rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\f1i7cm ddqayq sperm [free] titts ejn547rbxhd1 (cy4xpd).avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\nom72kl bq4kno boots .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\8r3baiec 8ok6yf nom72kl [milf] (c4w8hqa).mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\beast sgu4m7oc (y8oxsqa).rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\eq7k2xcxt cum tsomq34 [milf] .mpeg.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\f1i7cm 7nd83wovj horse ihthd33 feet balls .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\yzw1afy ihthd33 glans ejn547rbxhd1 (2hbt8wr).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\nom72kl uncut 779mipj .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\8r3baiec w6csjja14n1 xxx [bangbus] fishy .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\eq7k2xcxt porn sperm [milf] 779mipj .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\z9z7rwe xakmpl sperm uncut .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\eq7k2xcxt wep6b08 mzwpstr8n uncut lzxyhb7k .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\mzwpstr8n big glans nmibe2 .mpg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\mzwpstr8n nom72kl sm .mpeg.exe
  • %WINDIR%\assembly\temp\tsomq34 vjq39c1gwy titts (sonja,cy4xpd).mpg.exe
  • %WINDIR%\assembly\tmp\ sgu4m7oc feet 8pfmdyy (liz).mpeg.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\gzn4ud7e cum tsomq34 [free] hole ejn547rbxhd1 .zip.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\gzn4ud7e h93bklf beast vjq39c1gwy .rar.exe
  • %WINDIR%\pla\templates\mnho9y54 bq4kno .mpeg.exe
  • %WINDIR%\security\templates\upfgetx bd1l5ir lpcu5ai3 apv53deiq9fw girly (hyo87il,karin).mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\tsomq34 [bangbus] titts .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\fac71w2 h93bklf xxx epyxwn .mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\f1i7cm nude horse l9hwcs7vvnphd9 titts .mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\8r3baiec bd1l5ir nom72kl hot (!) .rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\black ddqayq nom72kl uncut hole .zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\f1i7cm w6csjja14n1 mzwpstr8n vjq39c1gwy titts fishy (y8oxsqa).avi.exe
  • %WINDIR%\syswow64\config\systemprofile\gzn4ud7e xakmpl sperm ihthd33 titts .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\f07qtt h93bklf xxx girls gh5b6gd7wrv (dehod0,karin).avi.exe
  • %WINDIR%\syswow64\fxstmp\viaz50 lpcu5ai3 girls sweet .rar.exe
  • %WINDIR%\syswow64\ime\shared\black 7nd83wovj tsomq34 7vepaqjm (cy4xpd).rar.exe
  • %WINDIR%\syswow64\config\systemprofile\f1i7cm h93bklf yzw1afy hot (!) fishy .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\eq7k2xcxt cum lpcu5ai3 sgu4m7oc titts .avi.exe
  • %WINDIR%\syswow64\fxstmp\fac71w2 w6csjja14n1 mnho9y54 nom72kl cock balls (liz).zip.exe
  • %WINDIR%\syswow64\ime\shared\ apv53deiq9fw hairy (sonja,jade).avi.exe
  • %WINDIR%\temp\eq7k2xcxt porn uncut shoes .mpg.exe
  • %WINDIR%\winsxs\installtemp\eq7k2xcxt h93bklf mzwpstr8n ihthd33 fw58kpr41ob1w .avi.exe
  • <Current directory>\sqjaed7r1vnw
  • %CommonProgramFiles%\microsoft shared\mzwpstr8n [milf] hairy (sonja,g6u8n4r).mpeg.exe
  • %ProgramFiles%\dvd maker\shared\z9z7rwe 8ok6yf [bangbus] glans 6tl9zg0uqa (liz).mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\fac71w2 w6csjja14n1 gay l9hwcs7vvnphd9 feet qq6w54yfhtqrbwcslg .rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\nom72kl apv53deiq9fw hairy .zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\mzwpstr8n hot (!) young .mpeg.exe
  • %ProgramFiles%\microsoft office\templates\mnho9y54 girls hairy .zip.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\eq7k2xcxt w6csjja14n1 sperm sgu4m7oc feet .zip.exe
  • %ProgramFiles%\windows journal\templates\black bd1l5ir nom72kl sgu4m7oc .zip.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\mnho9y54 [milf] feet girly .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\eq7k2xcxt bd1l5ir lpcu5ai3 epyxwn (g6u8n4r).mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\s2fkave wep6b08 sperm nom72kl qx2j1b5 (36mho73,cy4xpd).mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\xxx uncut .mpg.exe
  • %CommonProgramFiles(x86)%\microsoft shared\black h93bklf tsomq34 uncut zn3tvn (haj1oyikd,y8oxsqa).mpeg.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\gzn4ud7e ddqayq yzw1afy l9hwcs7vvnphd9 zmc8ujp .rar.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\black cum lpcu5ai3 sgu4m7oc .zip.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\sperm uncut glans ash (c4w8hqa).zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\upfgetx xakmpl lpcu5ai3 7vepaqjm (cy4xpd).rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\fac71w2 cum beast [bangbus] feet nrb42wq .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\horse [free] qq6w54yfhtqrbwcslg .avi.exe
  • %ALLUSERSPROFILE%\templates\mnho9y54 sgu4m7oc latex .avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\eq7k2xcxt 8ok6yf nom72kl l9hwcs7vvnphd9 titts .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\yzw1afy epyxwn glans .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\yzw1afy apv53deiq9fw (liz).avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\z9z7rwe horse gay sgu4m7oc young .rar.exe
  • %ALLUSERSPROFILE%\templates\tsomq34 girls (liz).mpg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\mnho9y54 sgu4m7oc hole b37oavmx289 (dxocjwba).avi.exe
  • C:\users\default\appdata\local\temp\gzn4ud7e porn beast sgu4m7oc girly .zip.exe
  • C:\users\default\appdata\local\<INETFILES>\upfgetx bd1l5ir xxx uncut feet 6tl9zg0uqa (sarah).rar.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\f1i7cm nude horse uncut ol6p1tua (hyo87il,jade).zip.exe
  • C:\users\default\templates\gay uncut feet .mpeg.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\upfgetx w6csjja14n1 nom72kl apv53deiq9fw sweet .rar.exe
  • %TEMP%\xxx big glans .rar.exe
  • %LOCALAPPDATA%\<INETFILES>\black 7nd83wovj sperm l9hwcs7vvnphd9 hole 8pfmdyy .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\eq7k2xcxt ddqayq nom72kl feet (sonja,dxocjwba).mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\horse uncut (sarah).mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\f1i7cm horse tsomq34 big 6tl9zg0uqa .avi.exe
  • %APPDATA%\microsoft\templates\lpcu5ai3 [free] sweet .rar.exe
  • %APPDATA%\microsoft\windows\templates\upfgetx w6csjja14n1 yzw1afy uncut zmc8ujp .avi.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\sperm bq4kno titts qq6w54yfhtqrbwcslg .avi.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\8r3baiec w6csjja14n1 nom72kl [bangbus] cock qq6w54yfhtqrbwcslg .avi.exe
  • %HOMEPATH%\templates\upfgetx nude xxx [bangbus] fw58kpr41ob1w .avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\mzwpstr8n girls hairy .rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\f07qtt 7nd83wovj xxx girls cock gsva2xn .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\f1i7cm nude nom72kl l9hwcs7vvnphd9 titts shoes (jade).mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\z9z7rwe horse beast uncut feet .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\gzn4ud7e w6csjja14n1 nom72kl sgu4m7oc titts young (sarah).rar.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\black horse lpcu5ai3 nom72kl feet girly (y8oxsqa).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\f1i7cm w6csjja14n1 lpcu5ai3 girls cock girly (2hbt8wr).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\yzw1afy apv53deiq9fw (c4w8hqa).mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\yzw1afy uncut js80j73 .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\black h93bklf horse epyxwn titts sgoibhh .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\ epyxwn hole .avi.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\fac71w2 ddqayq [bangbus] (jade).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\s2fkave 8ok6yf gay sgu4m7oc (cy4xpd).mpeg.exe
  • %WINDIR%\assembly\temp\eq7k2xcxt bd1l5ir nom72kl uncut glans ejn547rbxhd1 .avi.exe
  • %WINDIR%\assembly\tmp\f07qtt nude gay [milf] glans .mpg.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\fac71w2 xakmpl horse l9hwcs7vvnphd9 (g6u8n4r).rar.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\yzw1afy epyxwn hole young .rar.exe
  • %WINDIR%\pla\templates\tsomq34 nom72kl glans young .mpeg.exe
  • %WINDIR%\security\templates\yzw1afy girls (jade).mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\sperm girls cock sgoibhh (2hbt8wr).rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\xxx girls .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\f1i7cm bd1l5ir gay nom72kl .mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\8r3baiec 8ok6yf beast [bangbus] (g6u8n4r).zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\z9z7rwe 8ok6yf l9hwcs7vvnphd9 qq6w54yfhtqrbwcslg .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\ [bangbus] cock .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\fac71w2 w6csjja14n1 gay apv53deiq9fw gsva2xn .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\s2fkave porn 7vepaqjm glans mg9fvb2xk9 .mpg.exe
  • %WINDIR%\syswow64\fxstmp\xakmpl mnho9y54 bq4kno .mpeg.exe
  • %WINDIR%\syswow64\ime\shared\tsomq34 hot (!) titts 40+ .avi.exe
  • %WINDIR%\syswow64\config\systemprofile\upfgetx horse nom72kl bq4kno .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\upfgetx wep6b08 sperm big gh5b6gd7wrv .avi.exe
  • %WINDIR%\syswow64\fxstmp\sperm [bangbus] cock sm (2hbt8wr).mpeg.exe
  • %WINDIR%\syswow64\ime\shared\lpcu5ai3 uncut glans zn3tvn .zip.exe
  • %WINDIR%\temp\f07qtt nude sperm uncut glans (36mho73,sarah).rar.exe
  • %WINDIR%\winsxs\installtemp\jxaglwti lpcu5ai3 7vepaqjm 40+ .zip.exe
Miscellaneous
Searches for the following windows
  • ClassName: 'Progman' WindowName: ''
  • ClassName: 'Proxy Desktop' WindowName: ''
Restarts the analyzed sample
Executes the following
  • '%WINDIR%\explorer.exe'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play