DLA UŻYTKOWNIKÓW

Zamknij

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum
Profile

PL

RU CN DE EN ES FR IT JP KZ UZ PL BY
Zamknij
Support services
Scanners
Dr.Web vxCube
Trial
VCI investigations
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Trojan.Click2.22294

Added to the Dr.Web virus database: 2012-04-27

Virus description added:

Technical Information

To ensure autorun and distribution:
Changes the following executable system files:
  • <SYSTEM32>\kbdmaori.dll
  • <SYSTEM32>\kbdmac.dll
  • <SYSTEM32>\kbdmlt47.dll
  • <SYSTEM32>\kbdne.dll
  • <SYSTEM32>\kbdmlt48.dll
  • <SYSTEM32>\kbdla.dll
  • <SYSTEM32>\kbdinmal.dll
  • <SYSTEM32>\kbdinben.dll
  • <SYSTEM32>\kbdir.dll
  • <SYSTEM32>\kbdit142.dll
  • <SYSTEM32>\kbdit.dll
  • <SYSTEM32>\kbdnec.dll
  • <SYSTEM32>\kbdsp.dll
  • <SYSTEM32>\kbdsmsno.dll
  • <SYSTEM32>\kbdsw.dll
  • <SYSTEM32>\kbdukx.dll
  • <SYSTEM32>\kbduk.dll
  • <SYSTEM32>\kbdsmsfi.dll
  • <SYSTEM32>\kbdno1.dll
  • <SYSTEM32>\kbdno.dll
  • <SYSTEM32>\kbdpo.dll
  • <SYSTEM32>\kbdsg.dll
  • <SYSTEM32>\kbdsf.dll
  • <SYSTEM32>\kbdbr.dll
  • <SYSTEM32>\kbdbene.dll
  • <SYSTEM32>\kbdca.dll
  • <SYSTEM32>\kbdda.dll
  • <SYSTEM32>\kbdcan.dll
  • <SYSTEM32>\kbdbe.dll
  • <SYSTEM32>\jobexec.dll
  • <SYSTEM32>\jgsh400.dll
  • <SYSTEM32>\joy.cpl
  • <SYSTEM32>\jsproxy.dll
  • <SYSTEM32>\jscript.dll
  • <SYSTEM32>\kbddv.dll
  • <SYSTEM32>\kbdgr.dll
  • <SYSTEM32>\kbdgae.dll
  • <SYSTEM32>\kbdgr1.dll
  • <SYSTEM32>\kbdinbe1.dll
  • <SYSTEM32>\kbdic.dll
  • <SYSTEM32>\kbdfr.dll
  • <SYSTEM32>\kbdfc.dll
  • <SYSTEM32>\kbdes.dll
  • <SYSTEM32>\kbdfi.dll
  • <SYSTEM32>\kbdfo.dll
  • <SYSTEM32>\kbdfi1.dll
  • <SYSTEM32>\licwmi.dll
  • <SYSTEM32>\licmgr10.dll
  • <SYSTEM32>\lights.exe
  • <SYSTEM32>\lnkstub.exe
  • <SYSTEM32>\lmrt.dll
  • <SYSTEM32>\licdll.dll
  • <SYSTEM32>\liblwres.dll
  • <SYSTEM32>\libisccfg.dll
  • <SYSTEM32>\libmysql.dll
  • <SYSTEM32>\libxml2.dll
  • <SYSTEM32>\libpq82.dll
  • <SYSTEM32>\loadperf.dll
  • <SYSTEM32>\logoff.exe
  • <SYSTEM32>\logman.exe
  • <SYSTEM32>\logon.scr
  • <SYSTEM32>\lpk.dll
  • <SYSTEM32>\logonui.exe
  • <SYSTEM32>\loghours.dll
  • <SYSTEM32>\localui.dll
  • <SYSTEM32>\localsec.dll
  • <SYSTEM32>\locator.exe
  • <SYSTEM32>\logagent.exe
  • <SYSTEM32>\lodctr.exe
  • <SYSTEM32>\l3codeca.acm
  • <SYSTEM32>\keymgr.dll
  • <SYSTEM32>\l3codecx.ax
  • <SYSTEM32>\langwrbk.dll
  • <SYSTEM32>\label.exe
  • <SYSTEM32>\kdcom.dll
  • <SYSTEM32>\kbdusl.dll
  • <SYSTEM32>\kbdus.dll
  • <SYSTEM32>\kbdusr.dll
  • <SYSTEM32>\kd1394.dll
  • <SYSTEM32>\kbdusx.dll
  • <SYSTEM32>\laprxy.dll
  • <SYSTEM32>\libintl-2.dll
  • <SYSTEM32>\libiconv2.dll
  • <SYSTEM32>\libintl3.dll
  • <SYSTEM32>\libisccc.dll
  • <SYSTEM32>\libisc.dll
  • <SYSTEM32>\libiconv-2.dll
  • <SYSTEM32>\libeay32.dll
  • <SYSTEM32>\libdns.dll
  • <SYSTEM32>\libgcc_s.dll
  • <SYSTEM32>\libgnat-2009.dll
  • <SYSTEM32>\libgnarl-2009.dll
  • <SYSTEM32>\jgsd400.dll
  • <SYSTEM32>\igmpagnt.dll
  • <SYSTEM32>\ifsutil.dll
  • <SYSTEM32>\iissuba.dll
  • <SYSTEM32>\imaadp32.acm
  • <SYSTEM32>\ils.dll
  • <SYSTEM32>\ifmon.dll
  • <SYSTEM32>\iepeers.dll
  • <SYSTEM32>\ieencode.dll
  • <SYSTEM32>\iernonce.dll
  • <SYSTEM32>\iexpress.exe
  • <SYSTEM32>\iesetup.dll
  • <SYSTEM32>\imapi.exe
  • <SYSTEM32>\inetppui.dll
  • <SYSTEM32>\inetmib1.dll
  • <SYSTEM32>\inetres.dll
  • <SYSTEM32>\infocardcpl.cpl
  • <SYSTEM32>\infocardapi.dll
  • <SYSTEM32>\inetcplc.dll
  • <SYSTEM32>\imgutil.dll
  • <SYSTEM32>\imeshare.dll
  • <SYSTEM32>\inetcfg.dll
  • <SYSTEM32>\inetcpl.cpl
  • <SYSTEM32>\inetcomm.dll
  • <SYSTEM32>\icardagt.exe
  • <SYSTEM32>\iassvcs.dll
  • <SYSTEM32>\icardres.dll
  • <SYSTEM32>\iccvid.dll
  • <SYSTEM32>\icardres.dll.mui
  • <SYSTEM32>\iassdo.dll
  • <SYSTEM32>\iaspolcy.dll
  • <SYSTEM32>\iasnap.dll
  • <SYSTEM32>\iasrad.dll
  • <SYSTEM32>\iassam.dll
  • <SYSTEM32>\iasrecst.dll
  • <SYSTEM32>\icfgnt5.dll
  • <SYSTEM32>\ieakeng.dll
  • <SYSTEM32>\ie4uinit.exe
  • <SYSTEM32>\ieaksie.dll
  • <SYSTEM32>\iedkcs32.dll
  • <SYSTEM32>\ieakui.dll
  • <SYSTEM32>\idq.dll
  • <SYSTEM32>\icmp.dll
  • <SYSTEM32>\icm32.dll
  • <SYSTEM32>\icmui.dll
  • <SYSTEM32>\icwphbk.dll
  • <SYSTEM32>\icwdial.dll
  • <SYSTEM32>\ir50_qcx.dll
  • <SYSTEM32>\ir50_qc.dll
  • <SYSTEM32>\irclass.dll
  • <SYSTEM32>\isign32.dll
  • <SYSTEM32>\irprops.cpl
  • <SYSTEM32>\ir50_32.dll
  • <SYSTEM32>\ir32_32.dll
  • <SYSTEM32>\ipxwan.dll
  • <SYSTEM32>\ir41_32.ax
  • <SYSTEM32>\ir41_qcx.dll
  • <SYSTEM32>\ir41_qc.dll
  • <SYSTEM32>\isrdbg32.dll
  • <SYSTEM32>\jgaw400.dll
  • <SYSTEM32>\jet500.dll
  • <SYSTEM32>\jgdw400.dll
  • <SYSTEM32>\jgpl400.dll
  • <SYSTEM32>\jgmd400.dll
  • <SYSTEM32>\iyuv_32.dll
  • <SYSTEM32>\itss.dll
  • <SYSTEM32>\itircl.dll
  • <SYSTEM32>\iuengine.dll
  • <SYSTEM32>\ixsso.dll
  • <SYSTEM32>\ivfsrc.ax
  • <SYSTEM32>\ipmontr.dll
  • <SYSTEM32>\ipconfig.exe
  • <SYSTEM32>\ippromon.dll
  • <SYSTEM32>\iprtprio.dll
  • <SYSTEM32>\iprop.dll
  • <SYSTEM32>\iologmsg.dll
  • <SYSTEM32>\initpki.dll
  • <SYSTEM32>\infosoft.dll
  • <SYSTEM32>\input.dll
  • <SYSTEM32>\intl.cpl
  • <SYSTEM32>\inseng.dll
  • <SYSTEM32>\iprtrmgr.dll
  • <SYSTEM32>\ipxrip.dll
  • <SYSTEM32>\ipxpromn.dll
  • <SYSTEM32>\ipxroute.exe
  • <SYSTEM32>\ipxsap.dll
  • <SYSTEM32>\ipxrtmgr.dll
  • <SYSTEM32>\ipxmontr.dll
  • <SYSTEM32>\ipsecsnp.dll
  • <SYSTEM32>\ipsec6.exe
  • <SYSTEM32>\ipsmsnap.dll
  • <SYSTEM32>\ipv6mon.dll
  • <SYSTEM32>\ipv6.exe
  • <SYSTEM32>\mscorier.dll
  • <SYSTEM32>\mscoree.dll
  • <SYSTEM32>\mscories.dll
  • <SYSTEM32>\mscpxl32.dLL
  • <SYSTEM32>\mscpx32r.dLL
  • <SYSTEM32>\msconf.dll
  • <SYSTEM32>\msaud32.acm
  • <SYSTEM32>\msapsspc.dll
  • <SYSTEM32>\msaudite.dll
  • <SYSTEM32>\mscms.dll
  • <SYSTEM32>\mscat32.dll
  • <SYSTEM32>\MSCTFIME.IME
  • <SYSTEM32>\msdtcprx.dll
  • <SYSTEM32>\msdtclog.dll
  • <SYSTEM32>\msdtctm.dll
  • <SYSTEM32>\msdxm.ocx
  • <SYSTEM32>\msdtcuiu.dll
  • <SYSTEM32>\msdtc.exe
  • <SYSTEM32>\msdadiag.dll
  • <SYSTEM32>\MSCTFP.dll
  • <SYSTEM32>\msdart.dll
  • <SYSTEM32>\msdmo.dll
  • <SYSTEM32>\msdatsrc.tlb
  • <SYSTEM32>\mqqm.dll
  • <SYSTEM32>\mqperf.dll
  • <SYSTEM32>\mqrt.dll
  • <SYSTEM32>\mqsec.dll
  • <SYSTEM32>\mqrtdep.dll
  • <SYSTEM32>\mqoa20.tlb
  • <SYSTEM32>\mqlogmgr.dll
  • <SYSTEM32>\mqise.dll
  • <SYSTEM32>\mqoa.dll
  • <SYSTEM32>\mqoa10.tlb
  • <SYSTEM32>\mqoa.tlb
  • <SYSTEM32>\mqsnap.dll
  • <SYSTEM32>\msacm32.drv
  • <SYSTEM32>\msaatext.dll
  • <SYSTEM32>\msadds32.ax
  • <SYSTEM32>\msafd.dll
  • <SYSTEM32>\msadp32.acm
  • <SYSTEM32>\mrinfo.exe
  • <SYSTEM32>\mqtgsvc.exe
  • <SYSTEM32>\mqsvc.exe
  • <SYSTEM32>\mqtrig.dll
  • <SYSTEM32>\mqutil.dll
  • <SYSTEM32>\mqupgrd.dll
  • <SYSTEM32>\msjtes40.dll
  • <SYSTEM32>\msjter40.dll
  • <SYSTEM32>\mslbui.dll
  • <SYSTEM32>\msltus40.dll
  • <SYSTEM32>\msls31.dll
  • <SYSTEM32>\msjint40.dll
  • <SYSTEM32>\MSIMTF.dll
  • <SYSTEM32>\msimsg.dll
  • <SYSTEM32>\msisip.dll
  • <SYSTEM32>\msjetoledb40.dll
  • <SYSTEM32>\msjet40.dll
  • <SYSTEM32>\msnetobj.dll
  • <SYSTEM32>\mspatcha.dll
  • <SYSTEM32>\mspaint.exe
  • <SYSTEM32>\mspbde40.dll
  • <SYSTEM32>\mspmsp.dll
  • <SYSTEM32>\mspmsnsv.dll
  • <SYSTEM32>\msorcl32.dll
  • <SYSTEM32>\msobjs.dll
  • <SYSTEM32>\msnsspc.dll
  • <SYSTEM32>\msoeacct.dll
  • <SYSTEM32>\msorc32r.dll
  • <SYSTEM32>\msoert2.dll
  • <SYSTEM32>\msg723.acm
  • <SYSTEM32>\msg711.acm
  • <SYSTEM32>\msgsm32.acm
  • <SYSTEM32>\msh261.drv
  • <SYSTEM32>\msgsvc.dll
  • <SYSTEM32>\msg.exe
  • <SYSTEM32>\msencode.dll
  • <SYSTEM32>\msdxmlc.dll
  • <SYSTEM32>\msexch40.dll
  • <SYSTEM32>\msftedit.dll
  • <SYSTEM32>\msexcl40.dll
  • <SYSTEM32>\msh263.drv
  • <SYSTEM32>\msidntld.dll
  • <SYSTEM32>\msident.dll
  • <SYSTEM32>\msieftp.dll
  • <SYSTEM32>\msihnd.dll
  • <SYSTEM32>\msiexec.exe
  • <SYSTEM32>\mshtmler.dll
  • <SYSTEM32>\mshta.exe
  • <SYSTEM32>\mshearts.exe
  • <SYSTEM32>\mshtml.dll
  • <SYSTEM32>\mshtmled.dll
  • <SYSTEM32>\mshtml.tlb
  • <SYSTEM32>\mqgentr.dll
  • <SYSTEM32>\mfc100esn.dll
  • <SYSTEM32>\mfc100enu.dll
  • <SYSTEM32>\mfc100fra.dll
  • <SYSTEM32>\mfc100jpn.dll
  • <SYSTEM32>\mfc100ita.dll
  • <SYSTEM32>\mfc100deu.dll
  • <SYSTEM32>\mfc100.dll
  • <SYSTEM32>\mf3216.dll
  • <SYSTEM32>\mfc100chs.dll
  • <SYSTEM32>\mfc100d.dll
  • <SYSTEM32>\mfc100cht.dll
  • <SYSTEM32>\mfc100kor.dll
  • <SYSTEM32>\mfc71u.dll
  • <SYSTEM32>\mfc71.dll
  • <SYSTEM32>\mfcm100.dll
  • <SYSTEM32>\mfcm100u.dll
  • <SYSTEM32>\mfcm100d.dll
  • <SYSTEM32>\mfc42u.dll
  • <SYSTEM32>\mfc100u.dll
  • <SYSTEM32>\mfc100rus.dll
  • <SYSTEM32>\mfc100ud.dll
  • <SYSTEM32>\mfc40u.dll
  • <SYSTEM32>\mfc40.dll
  • <SYSTEM32>\makecab.exe
  • <SYSTEM32>\main.cpl
  • <SYSTEM32>\mapi32.dll
  • <SYSTEM32>\mcastmib.dll
  • <SYSTEM32>\mapistub.dll
  • <SYSTEM32>\mag_hook.dll
  • <SYSTEM32>\lpr.exe
  • <SYSTEM32>\lpq.exe
  • <SYSTEM32>\lprhelp.dll
  • <SYSTEM32>\magnify.exe
  • <SYSTEM32>\lprmonui.dll
  • <SYSTEM32>\mcd32.dll
  • <SYSTEM32>\mciwave.dll
  • <SYSTEM32>\mciseq.dll
  • <SYSTEM32>\mdhcp.dll
  • <SYSTEM32>\mdwmdmsp.dll
  • <SYSTEM32>\mdminst.dll
  • <SYSTEM32>\mciqtz32.dll
  • <SYSTEM32>\mchgrcoi.dll
  • <SYSTEM32>\mcdsrv32.dll
  • <SYSTEM32>\mciavi32.dll
  • <SYSTEM32>\mciole32.dll
  • <SYSTEM32>\mcicda.dll
  • <SYSTEM32>\mountvol.exe
  • <SYSTEM32>\moricons.dll
  • <SYSTEM32>\mp43dmod.dll
  • <SYSTEM32>\mpeg2data.ax
  • <SYSTEM32>\mp4sdmod.dll
  • <SYSTEM32>\more.com
  • <SYSTEM32>\mobsync.exe
  • <SYSTEM32>\mobsync.dll
  • <SYSTEM32>\mode.com
  • <SYSTEM32>\modex.dll
  • <SYSTEM32>\modemui.dll
  • <SYSTEM32>\mpg2splt.ax
  • <SYSTEM32>\mqad.dll
  • <SYSTEM32>\mprmsg.dll
  • <SYSTEM32>\mqbkup.exe
  • <SYSTEM32>\mqdscli.dll
  • <SYSTEM32>\mqcertui.dll
  • <SYSTEM32>\mprdim.dll
  • <SYSTEM32>\mpg4ds32.ax
  • <SYSTEM32>\mpg4dmod.dll
  • <SYSTEM32>\mplay32.exe
  • <SYSTEM32>\mprddm.dll
  • <SYSTEM32>\mpnotify.exe
  • <SYSTEM32>\mimefilt.dll
  • <SYSTEM32>\milcore.dll
  • <SYSTEM32>\mingwm10.dll
  • <SYSTEM32>\mll_hp.dll
  • <SYSTEM32>\mlang.dll
  • <SYSTEM32>\migpwd.exe
  • <SYSTEM32>\mfcsubs.dll
  • <SYSTEM32>\mfcm100ud.dll
  • <SYSTEM32>\mgmtapi.dll
  • <SYSTEM32>\miglibnt.dll
  • <SYSTEM32>\midimap.dll
  • <SYSTEM32>\mll_mtf.dll
  • <SYSTEM32>\mmsys.cpl
  • <SYSTEM32>\mmfutil.dll
  • <SYSTEM32>\mmutilse.dll
  • <SYSTEM32>\mnmsrvc.exe
  • <SYSTEM32>\mnmdd.dll
  • <SYSTEM32>\mmdrv.dll
  • <SYSTEM32>\mmc.exe
  • <SYSTEM32>\mll_qic.dll
  • <SYSTEM32>\mmcbase.dll
  • <SYSTEM32>\mmcshext.dll
  • <SYSTEM32>\mmcndmgr.dll
  • <SYSTEM32>\iashlpr.dll
  • <SYSTEM32>\cliconfg.dll
  • <SYSTEM32>\cleanmgr.exe
  • <SYSTEM32>\cliconfg.exe
  • <SYSTEM32>\clipbrd.exe
  • <SYSTEM32>\cliconfg.rll
  • <SYSTEM32>\clbcatex.dll
  • <SYSTEM32>\cipher.exe
  • <SYSTEM32>\ciodm.dll
  • <SYSTEM32>\cisvc.exe
  • <SYSTEM32>\clb.dll
  • <SYSTEM32>\ckcnv.exe
  • <SYSTEM32>\clipsrv.exe
  • <SYSTEM32>\cmstp.exe
  • <SYSTEM32>\cmsetACL.dll
  • <SYSTEM32>\cmutil.dll
  • <SYSTEM32>\cnvfat.dll
  • <SYSTEM32>\cnetcfg.dll
  • <SYSTEM32>\cmprops.dll
  • <SYSTEM32>\cmdial32.dll
  • <SYSTEM32>\cmcfg32.dll
  • <SYSTEM32>\cmdl32.exe
  • <SYSTEM32>\cmpbk32.dll
  • <SYSTEM32>\cmmon32.exe
  • <SYSTEM32>\ccfgnt.dll
  • <SYSTEM32>\cc3290mt.dll
  • <SYSTEM32>\cdfview.dll
  • <SYSTEM32>\cdmodem.dll
  • <SYSTEM32>\cdm.dll
  • <SYSTEM32>\cc3290.dll
  • <SYSTEM32>\cc3270.dll
  • <SYSTEM32>\cc3260mt.dll
  • <SYSTEM32>\cc3270mt.dll
  • <SYSTEM32>\cc3280mt.dll
  • <SYSTEM32>\cc3280.dll
  • <SYSTEM32>\cdosys.dll
  • <SYSTEM32>\chkntfs.exe
  • <SYSTEM32>\chkdsk.exe
  • <SYSTEM32>\ciadmin.dll
  • <SYSTEM32>\cidaemon.exe
  • <SYSTEM32>\cic.dll
  • <SYSTEM32>\chcp.com
  • <SYSTEM32>\cewmdm.dll
  • <SYSTEM32>\certmgr.dll
  • <SYSTEM32>\cfgbkend.dll
  • <SYSTEM32>\charmap.exe
  • <SYSTEM32>\cfgmgr32.dll
  • <SYSTEM32>\d3dxof.dll
  • <SYSTEM32>\d3drm.dll
  • <SYSTEM32>\danim.dll
  • <SYSTEM32>\datime.dll
  • <SYSTEM32>\dataclen.dll
  • <SYSTEM32>\d3dramp.dll
  • <SYSTEM32>\d3d9.dll
  • <SYSTEM32>\d3d8thk.dll
  • <SYSTEM32>\d3dim.dll
  • <SYSTEM32>\d3dpmesh.dll
  • <SYSTEM32>\d3dim700.dll
  • <SYSTEM32>\daxctle.ocx
  • <SYSTEM32>\ddraw.dll
  • <SYSTEM32>\ddeshare.exe
  • <SYSTEM32>\ddrawex.dll
  • <SYSTEM32>\desk.cpl
  • <SYSTEM32>\defrag.exe
  • <SYSTEM32>\dcomcnfg.exe
  • <SYSTEM32>\dbmsrpcn.dll
  • <SYSTEM32>\dbgeng.dll
  • <SYSTEM32>\dbnetlib.dll
  • <SYSTEM32>\dciman32.dll
  • <SYSTEM32>\dbnmpntw.dll
  • <SYSTEM32>\comsnap.dll
  • <SYSTEM32>\comrepl.dll
  • <SYSTEM32>\comuid.dll
  • <SYSTEM32>\conime.exe
  • <SYSTEM32>\confmsp.dll
  • <SYSTEM32>\compstui.dll
  • <SYSTEM32>\comcat.dll
  • <SYSTEM32>\comaddin.dll
  • <SYSTEM32>\comp.exe
  • <SYSTEM32>\compatUI.dll
  • <SYSTEM32>\compact.exe
  • <SYSTEM32>\console.dll
  • <SYSTEM32>\csseqchk.dll
  • <SYSTEM32>\cryptnet.dll
  • <SYSTEM32>\ctl3d32.dll
  • <SYSTEM32>\d3d8.dll
  • <SYSTEM32>\cygwin1.dll
  • <SYSTEM32>\cryptext.dll
  • <SYSTEM32>\convert.exe
  • <SYSTEM32>\control.exe
  • <SYSTEM32>\corpol.dll
  • <SYSTEM32>\cryptdlg.dll
  • <SYSTEM32>\crtdll.dll
  • <SYSTEM32>\cc3260.dll
  • <SYSTEM32>\alrsvc.dll
  • <SYSTEM32>\ahui.exe
  • <SYSTEM32>\amstream.dll
  • <SYSTEM32>\appmgmts.dll
  • <SYSTEM32>\apcups.dll
  • <SYSTEM32>\advpack.dll
  • <SYSTEM32>\adsmsext.dll
  • <SYSTEM32>\adsldp.dll
  • <SYSTEM32>\adsnds.dll
  • <SYSTEM32>\adsnw.dll
  • <SYSTEM32>\adsnt.dll
  • <SYSTEM32>\appmgr.dll
  • <SYSTEM32>\asr_pfu.exe
  • <SYSTEM32>\asr_ldm.exe
  • <SYSTEM32>\asycfilt.dll
  • <SYSTEM32>\atkctrs.dll
  • <SYSTEM32>\at.exe
  • <SYSTEM32>\asr_fmt.exe
  • <SYSTEM32>\arp.exe
  • <SYSTEM32>\appwiz.cpl
  • <SYSTEM32>\asctrls.ocx
  • <SYSTEM32>\aspnet_counters.dll
  • <SYSTEM32>\asferror.dll
  • %WINDIR%\twunk_32.exe
  • %WINDIR%\twain_32.dll
  • %WINDIR%\vmmreg32.dll
  • %WINDIR%\system\WINSPOOL.DRV
  • %WINDIR%\winhlp32.exe
  • %WINDIR%\TASKMAN.EXE
  • %WINDIR%\NOTEPAD.EXE
  • %WINDIR%\hh.exe
  • %WINDIR%\regedit.exe
  • %WINDIR%\sleep.exe
  • %WINDIR%\sfk.exe
  • <SYSTEM32>\6to4svc.dll
  • <SYSTEM32>\activeds.tlb
  • <SYSTEM32>\aclui.dll
  • <SYSTEM32>\actmovie.exe
  • <SYSTEM32>\adptif.dll
  • <SYSTEM32>\admparse.dll
  • <SYSTEM32>\acledit.dll
  • <SYSTEM32>\access.cpl
  • <SYSTEM32>\aaaamon.dll
  • <SYSTEM32>\acctres.dll
  • <SYSTEM32>\acelpdec.ax
  • <SYSTEM32>\accwiz.exe
  • <SYSTEM32>\browsewm.dll
  • <SYSTEM32>\browselc.dll
  • <SYSTEM32>\bthci.dll
  • <SYSTEM32>\bthserv.dll
  • <SYSTEM32>\bthprops.cpl
  • <SYSTEM32>\borlndmm.dll
  • <SYSTEM32>\bootcfg.exe
  • <SYSTEM32>\blastcln.exe
  • <SYSTEM32>\bootok.exe
  • <SYSTEM32>\bootvrfy.exe
  • <SYSTEM32>\bootvid.dll
  • <SYSTEM32>\btpanui.dll
  • <SYSTEM32>\catsrvps.dll
  • <SYSTEM32>\catsrv.dll
  • <SYSTEM32>\catsrvut.dll
  • <SYSTEM32>\cc3250mt.dll
  • <SYSTEM32>\cc3250.dll
  • <SYSTEM32>\cards.dll
  • <SYSTEM32>\cacls.exe
  • <SYSTEM32>\cabview.dll
  • <SYSTEM32>\calc.exe
  • <SYSTEM32>\capesnpn.dll
  • <SYSTEM32>\camocx.dll
  • <SYSTEM32>\auditusr.exe
  • <SYSTEM32>\audiosrv.dll
  • <SYSTEM32>\autochk.exe
  • <SYSTEM32>\autodisc.dll
  • <SYSTEM32>\autoconv.exe
  • <SYSTEM32>\attrib.exe
  • <SYSTEM32>\atmadm.exe
  • <SYSTEM32>\atl100.dll
  • <SYSTEM32>\atmlib.dll
  • <SYSTEM32>\atrace.dll
  • <SYSTEM32>\atmpvcno.dll
  • <SYSTEM32>\autofmt.exe
  • <SYSTEM32>\bidispl.dll
  • <SYSTEM32>\batt.dll
  • <SYSTEM32>\bitsprx2.dll
  • <SYSTEM32>\blackbox.dll
  • <SYSTEM32>\bitsprx3.dll
  • <SYSTEM32>\avwav.dll
  • <SYSTEM32>\avicap32.dll
  • <SYSTEM32>\autolfn.exe
  • <SYSTEM32>\avifil32.dll
  • <SYSTEM32>\avtapi.dll
  • <SYSTEM32>\avmeter.dll
  • <SYSTEM32>\faultrep.dll
  • <SYSTEM32>\exts.dll
  • <SYSTEM32>\fc.exe
  • <SYSTEM32>\fdeploy.dll
  • <SYSTEM32>\fde.dll
  • <SYSTEM32>\extrac32.exe
  • <SYSTEM32>\evr.dll
  • <SYSTEM32>\eventvwr.exe
  • <SYSTEM32>\expand.exe
  • <SYSTEM32>\extmgr.dll
  • <SYSTEM32>\expsrv.dll
  • <SYSTEM32>\feclient.dll
  • <SYSTEM32>\fltlib.dll
  • <SYSTEM32>\fldrclnr.dll
  • <SYSTEM32>\fltMc.exe
  • <SYSTEM32>\fontext.dll
  • <SYSTEM32>\fmifs.dll
  • <SYSTEM32>\fixmapi.exe
  • <SYSTEM32>\find.exe
  • <SYSTEM32>\filemgmt.dll
  • <SYSTEM32>\findstr.exe
  • <SYSTEM32>\firewall.cpl
  • <SYSTEM32>\finger.exe
  • <SYSTEM32>\dxmasf.dll
  • <SYSTEM32>\dxdiagn.dll
  • <SYSTEM32>\dxtmsft.dll
  • <SYSTEM32>\dxva2.dll
  • <SYSTEM32>\dxtrans.dll
  • <SYSTEM32>\dxdiag.exe
  • <SYSTEM32>\dvdupgrd.exe
  • <SYSTEM32>\dvdplay.exe
  • <SYSTEM32>\dwwin.exe
  • <SYSTEM32>\dx8vb.dll
  • <SYSTEM32>\dx7vb.dll
  • <SYSTEM32>\efsadu.dll
  • <SYSTEM32>\eudcedit.exe
  • <SYSTEM32>\esentutl.exe
  • <SYSTEM32>\eventcls.dll
  • <SYSTEM32>\eventtriggers.exe
  • <SYSTEM32>\eventcreate.exe
  • <SYSTEM32>\esentprf.dll
  • <SYSTEM32>\encapi.dll
  • <SYSTEM32>\els.dll
  • <SYSTEM32>\encdec.dll
  • <SYSTEM32>\esent97.dll
  • <SYSTEM32>\EqnClass.Dll
  • <SYSTEM32>\help.exe
  • <SYSTEM32>\hdwwiz.cpl
  • <SYSTEM32>\hhctrl.ocx
  • <SYSTEM32>\hlink.dll
  • <SYSTEM32>\hhsetup.dll
  • <SYSTEM32>\hal.dll
  • <SYSTEM32>\gpupdate.exe
  • <SYSTEM32>\gptext.dll
  • <SYSTEM32>\graftabl.com
  • <SYSTEM32>\h323msp.dll
  • <SYSTEM32>\grpconv.exe
  • <SYSTEM32>\hnetmon.dll
  • <SYSTEM32>\hypertrm.dll
  • <SYSTEM32>\htui.dll
  • <SYSTEM32>\iac25_32.ax
  • <SYSTEM32>\iasads.dll
  • <SYSTEM32>\iasacct.dll
  • <SYSTEM32>\httpapi.dll
  • <SYSTEM32>\hostname.exe
  • <SYSTEM32>\hnetwiz.dll
  • <SYSTEM32>\hotplug.dll
  • <SYSTEM32>\html.iec
  • <SYSTEM32>\hticons.dll
  • <SYSTEM32>\fsusd.dll
  • <SYSTEM32>\fsquirt.exe
  • <SYSTEM32>\fsutil.exe
  • <SYSTEM32>\ftsrch.dll
  • <SYSTEM32>\ftp.exe
  • <SYSTEM32>\freecell.exe
  • <SYSTEM32>\fontview.exe
  • <SYSTEM32>\fontsub.dll
  • <SYSTEM32>\forcedos.exe
  • <SYSTEM32>\framebuf.dll
  • <SYSTEM32>\format.com
  • <SYSTEM32>\fwcfg.dll
  • <SYSTEM32>\gpedit.dll
  • <SYSTEM32>\glu32.dll
  • <SYSTEM32>\gpkcsp.dll
  • <SYSTEM32>\gpresult.exe
  • <SYSTEM32>\gpkrsrc.dll
  • <SYSTEM32>\glmf32.dll
  • <SYSTEM32>\gcdef.dll
  • <SYSTEM32>\g711codc.ax
  • <SYSTEM32>\gdiplus.dll
  • <SYSTEM32>\getuname.dll
  • <SYSTEM32>\getmac.exe
  • <SYSTEM32>\duser.dll
  • <SYSTEM32>\dllhst3g.exe
  • <SYSTEM32>\dllhost.exe
  • <SYSTEM32>\dmadmin.exe
  • <SYSTEM32>\dmcompos.dll
  • <SYSTEM32>\dmband.dll
  • <SYSTEM32>\dispex.dll
  • <SYSTEM32>\diskcopy.com
  • <SYSTEM32>\diskcomp.com
  • <SYSTEM32>\diskcopy.dll
  • <SYSTEM32>\diskperf.exe
  • <SYSTEM32>\diskpart.exe
  • <SYSTEM32>\dmconfig.dll
  • <SYSTEM32>\dmremote.exe
  • <SYSTEM32>\dmocx.dll
  • <SYSTEM32>\dmscript.dll
  • <SYSTEM32>\dmsynth.dll
  • <SYSTEM32>\dmstyle.dll
  • <SYSTEM32>\dmloader.dll
  • <SYSTEM32>\dmdskmgr.dll
  • <SYSTEM32>\dmdlgs.dll
  • <SYSTEM32>\dmdskres.dll
  • <SYSTEM32>\dmintf.dll
  • <SYSTEM32>\dmime.dll
  • <SYSTEM32>\dfrgres.dll
  • <SYSTEM32>\dfrgntfs.exe
  • <SYSTEM32>\dfrgsnap.dll
  • <SYSTEM32>\dfshim.dll
  • <SYSTEM32>\dfrgui.dll
  • <SYSTEM32>\dfrgfat.exe
  • <SYSTEM32>\deskmon.dll
  • <SYSTEM32>\deskadp.dll
  • <SYSTEM32>\deskperf.dll
  • <SYSTEM32>\devmgr.dll
  • <SYSTEM32>\devenum.dll
  • <SYSTEM32>\dfsshlex.dll
  • <SYSTEM32>\digest.dll
  • <SYSTEM32>\diantz.exe
  • <SYSTEM32>\dimap.dll
  • <SYSTEM32>\dinput8.dll
  • <SYSTEM32>\dinput.dll
  • <SYSTEM32>\diactfrm.dll
  • <SYSTEM32>\dgrpsetu.dll
  • <SYSTEM32>\dgnet.dll
  • <SYSTEM32>\dgsetup.dll
  • <SYSTEM32>\dhcpsapi.dll
  • <SYSTEM32>\dhcpmon.dll
  • <SYSTEM32>\drwtsn32.exe
  • <SYSTEM32>\drmv2clt.dll
  • <SYSTEM32>\ds32gt.dll
  • <SYSTEM32>\dsdmo.dll
  • <SYSTEM32>\dsauth.dll
  • <SYSTEM32>\drmstor.dll
  • <SYSTEM32>\dpwsock.dll
  • <SYSTEM32>\dpvvox.dll
  • <SYSTEM32>\dpwsockx.dll
  • <SYSTEM32>\drmclien.dll
  • <SYSTEM32>\driverquery.exe
  • <SYSTEM32>\dsdmoprp.dll
  • <SYSTEM32>\dssec.dll
  • <SYSTEM32>\dsquery.dll
  • <SYSTEM32>\dsuiext.dll
  • <SYSTEM32>\dumprep.exe
  • <SYSTEM32>\dswave.dll
  • <SYSTEM32>\dsprpres.dll
  • <SYSTEM32>\dskquoui.dll
  • <SYSTEM32>\dskquota.dll
  • <SYSTEM32>\dsound.dll
  • <SYSTEM32>\dsprop.dll
  • <SYSTEM32>\dsound3d.dll
  • <SYSTEM32>\dplay.dll
  • <SYSTEM32>\dpcdll.dll
  • <SYSTEM32>\dplaysvr.exe
  • <SYSTEM32>\dpmodemx.dll
  • <SYSTEM32>\dplayx.dll
  • <SYSTEM32>\doskey.exe
  • <SYSTEM32>\dmutil.dll
  • <SYSTEM32>\dmusic.dll
  • <SYSTEM32>\dmview.ocx
  • <SYSTEM32>\docprop2.dll
  • <SYSTEM32>\docprop.dll
  • <SYSTEM32>\dpnaddr.dll
  • <SYSTEM32>\dpserial.dll
  • <SYSTEM32>\dpnwsock.dll
  • <SYSTEM32>\dpvacm.dll
  • <SYSTEM32>\dpvsetup.exe
  • <SYSTEM32>\dpvoice.dll
  • <SYSTEM32>\dpnsvr.exe
  • <SYSTEM32>\dpnhpast.dll
  • <SYSTEM32>\dpnet.dll
  • <SYSTEM32>\dpnhupnp.dll
  • <SYSTEM32>\dpnmodem.dll
  • <SYSTEM32>\dpnlobby.dll
Substitutes the following executable system files:
  • <SYSTEM32>\charmap.exe with <SYSTEM32>\charmap.exe.new
  • <SYSTEM32>\cfgmgr32.dll with <SYSTEM32>\cfgmgr32.dll.new
  • <SYSTEM32>\chkntfs.exe with <SYSTEM32>\chkntfs.exe.new
  • <SYSTEM32>\chkdsk.exe with <SYSTEM32>\chkdsk.exe.new
  • <SYSTEM32>\cfgbkend.dll with <SYSTEM32>\cfgbkend.dll.new
  • <SYSTEM32>\certmgr.dll with <SYSTEM32>\certmgr.dll.new
  • <SYSTEM32>\cdosys.dll with <SYSTEM32>\cdosys.dll.new
  • <SYSTEM32>\cewmdm.dll with <SYSTEM32>\cewmdm.dll.new
  • <SYSTEM32>\dllcache\vmmreg32.dll with <SYSTEM32>\dllcache\vmmreg32.dll.new
  • <SYSTEM32>\cisvc.exe with <SYSTEM32>\cisvc.exe.new
  • <SYSTEM32>\cipher.exe with <SYSTEM32>\cipher.exe.new
  • <SYSTEM32>\clb.dll with <SYSTEM32>\clb.dll.new
  • <SYSTEM32>\ckcnv.exe with <SYSTEM32>\ckcnv.exe.new
  • <SYSTEM32>\ciodm.dll with <SYSTEM32>\ciodm.dll.new
  • <SYSTEM32>\ciadmin.dll with <SYSTEM32>\ciadmin.dll.new
  • <SYSTEM32>\dllcache\winhlp32.exe with <SYSTEM32>\dllcache\winhlp32.exe.new
  • <SYSTEM32>\cidaemon.exe with <SYSTEM32>\cidaemon.exe.new
  • <SYSTEM32>\cic.dll with <SYSTEM32>\cic.dll.new
  • <SYSTEM32>\catsrvps.dll with <SYSTEM32>\catsrvps.dll.new
  • <SYSTEM32>\catsrv.dll with <SYSTEM32>\catsrv.dll.new
  • <SYSTEM32>\dllcache\hh.exe with <SYSTEM32>\dllcache\hh.exe.new
  • <SYSTEM32>\catsrvut.dll with <SYSTEM32>\catsrvut.dll.new
  • <SYSTEM32>\cards.dll with <SYSTEM32>\cards.dll.new
  • <SYSTEM32>\calc.exe with <SYSTEM32>\calc.exe.new
  • <SYSTEM32>\cacls.exe with <SYSTEM32>\cacls.exe.new
  • <SYSTEM32>\capesnpn.dll with <SYSTEM32>\capesnpn.dll.new
  • <SYSTEM32>\camocx.dll with <SYSTEM32>\camocx.dll.new
  • <SYSTEM32>\cdm.dll with <SYSTEM32>\cdm.dll.new
  • <SYSTEM32>\cdfview.dll with <SYSTEM32>\cdfview.dll.new
  • <SYSTEM32>\dllcache\twunk_32.exe with <SYSTEM32>\dllcache\twunk_32.exe.new
  • <SYSTEM32>\cdmodem.dll with <SYSTEM32>\cdmodem.dll.new
  • <SYSTEM32>\ccfgnt.dll with <SYSTEM32>\ccfgnt.dll.new
  • <SYSTEM32>\dllcache\regedit.exe with <SYSTEM32>\dllcache\regedit.exe.new
  • <SYSTEM32>\dllcache\notepad.exe with <SYSTEM32>\dllcache\notepad.exe.new
  • <SYSTEM32>\dllcache\twain_32.dll with <SYSTEM32>\dllcache\twain_32.dll.new
  • <SYSTEM32>\dllcache\taskman.exe with <SYSTEM32>\dllcache\taskman.exe.new
  • <SYSTEM32>\confmsp.dll with <SYSTEM32>\confmsp.dll.new
  • <SYSTEM32>\comuid.dll with <SYSTEM32>\comuid.dll.new
  • <SYSTEM32>\console.dll with <SYSTEM32>\console.dll.new
  • <SYSTEM32>\conime.exe with <SYSTEM32>\conime.exe.new
  • <SYSTEM32>\comsnap.dll with <SYSTEM32>\comsnap.dll.new
  • <SYSTEM32>\compatUI.dll with <SYSTEM32>\compatui.dll.new
  • <SYSTEM32>\compact.exe with <SYSTEM32>\compact.exe.new
  • <SYSTEM32>\comrepl.dll with <SYSTEM32>\comrepl.dll.new
  • <SYSTEM32>\compstui.dll with <SYSTEM32>\compstui.dll.new
  • <SYSTEM32>\cryptnet.dll with <SYSTEM32>\cryptnet.dll.new
  • <SYSTEM32>\cryptext.dll with <SYSTEM32>\cryptext.dll.new
  • <SYSTEM32>\ctl3d32.dll with <SYSTEM32>\ctl3d32.dll.new
  • <SYSTEM32>\csseqchk.dll with <SYSTEM32>\csseqchk.dll.new
  • <SYSTEM32>\cryptdlg.dll with <SYSTEM32>\cryptdlg.dll.new
  • <SYSTEM32>\convert.exe with <SYSTEM32>\convert.exe.new
  • <SYSTEM32>\control.exe with <SYSTEM32>\control.exe.new
  • <SYSTEM32>\crtdll.dll with <SYSTEM32>\crtdll.dll.new
  • <SYSTEM32>\corpol.dll with <SYSTEM32>\corpol.dll.new
  • <SYSTEM32>\cmdl32.exe with <SYSTEM32>\cmdl32.exe.new
  • <SYSTEM32>\cmdial32.dll with <SYSTEM32>\cmdial32.dll.new
  • <SYSTEM32>\cmpbk32.dll with <SYSTEM32>\cmpbk32.dll.new
  • <SYSTEM32>\cmmon32.exe with <SYSTEM32>\cmmon32.exe.new
  • <SYSTEM32>\cmcfg32.dll with <SYSTEM32>\cmcfg32.dll.new
  • <SYSTEM32>\cleanmgr.exe with <SYSTEM32>\cleanmgr.exe.new
  • <SYSTEM32>\clbcatex.dll with <SYSTEM32>\clbcatex.dll.new
  • <SYSTEM32>\clipsrv.exe with <SYSTEM32>\clipsrv.exe.new
  • <SYSTEM32>\clipbrd.exe with <SYSTEM32>\clipbrd.exe.new
  • <SYSTEM32>\comaddin.dll with <SYSTEM32>\comaddin.dll.new
  • <SYSTEM32>\cnvfat.dll with <SYSTEM32>\cnvfat.dll.new
  • <SYSTEM32>\comp.exe with <SYSTEM32>\comp.exe.new
  • <SYSTEM32>\comcat.dll with <SYSTEM32>\comcat.dll.new
  • <SYSTEM32>\cnetcfg.dll with <SYSTEM32>\cnetcfg.dll.new
  • <SYSTEM32>\cmsetACL.dll with <SYSTEM32>\cmsetacl.dll.new
  • <SYSTEM32>\cmprops.dll with <SYSTEM32>\cmprops.dll.new
  • <SYSTEM32>\cmutil.dll with <SYSTEM32>\cmutil.dll.new
  • <SYSTEM32>\cmstp.exe with <SYSTEM32>\cmstp.exe.new
  • <SYSTEM32>\cabview.dll with <SYSTEM32>\cabview.dll.new
  • <SYSTEM32>\adsnw.dll with <SYSTEM32>\adsnw.dll.new
  • <SYSTEM32>\adsnt.dll with <SYSTEM32>\adsnt.dll.new
  • <SYSTEM32>\ahui.exe with <SYSTEM32>\ahui.exe.new
  • <SYSTEM32>\advpack.dll with <SYSTEM32>\advpack.dll.new
  • <SYSTEM32>\adsnds.dll with <SYSTEM32>\adsnds.dll.new
  • <SYSTEM32>\adptif.dll with <SYSTEM32>\adptif.dll.new
  • <SYSTEM32>\admparse.dll with <SYSTEM32>\admparse.dll.new
  • <SYSTEM32>\adsmsext.dll with <SYSTEM32>\adsmsext.dll.new
  • <SYSTEM32>\adsldp.dll with <SYSTEM32>\adsldp.dll.new
  • <SYSTEM32>\arp.exe with <SYSTEM32>\arp.exe.new
  • <SYSTEM32>\appwiz.cpl with <SYSTEM32>\appwiz.cpl.new
  • <SYSTEM32>\asferror.dll with <SYSTEM32>\asferror.dll.new
  • <SYSTEM32>\asctrls.ocx with <SYSTEM32>\asctrls.ocx.new
  • <SYSTEM32>\appmgr.dll with <SYSTEM32>\appmgr.dll.new
  • <SYSTEM32>\amstream.dll with <SYSTEM32>\amstream.dll.new
  • <SYSTEM32>\alrsvc.dll with <SYSTEM32>\alrsvc.dll.new
  • <SYSTEM32>\appmgmts.dll with <SYSTEM32>\appmgmts.dll.new
  • <SYSTEM32>\apcups.dll with <SYSTEM32>\apcups.dll.new
  • %WINDIR%\vmmreg32.dll with %WINDIR%\vmmreg32.dll.new
  • %WINDIR%\twunk_32.exe with %WINDIR%\twunk_32.exe.new
  • %WINDIR%\system\WINSPOOL.DRV with %WINDIR%\system\winspool.drv.new
  • %WINDIR%\winhlp32.exe with %WINDIR%\winhlp32.exe.new
  • %WINDIR%\twain_32.dll with %WINDIR%\twain_32.dll.new
  • %WINDIR%\NOTEPAD.EXE with %WINDIR%\notepad.exe.new
  • %WINDIR%\hh.exe with %WINDIR%\hh.exe.new
  • %WINDIR%\TASKMAN.EXE with %WINDIR%\taskman.exe.new
  • %WINDIR%\regedit.exe with %WINDIR%\regedit.exe.new
  • <SYSTEM32>\aclui.dll with <SYSTEM32>\aclui.dll.new
  • <SYSTEM32>\acledit.dll with <SYSTEM32>\acledit.dll.new
  • <SYSTEM32>\actmovie.exe with <SYSTEM32>\actmovie.exe.new
  • <SYSTEM32>\activeds.tlb with <SYSTEM32>\activeds.tlb.new
  • <SYSTEM32>\accwiz.exe with <SYSTEM32>\accwiz.exe.new
  • <SYSTEM32>\aaaamon.dll with <SYSTEM32>\aaaamon.dll.new
  • <SYSTEM32>\6to4svc.dll with <SYSTEM32>\6to4svc.dll.new
  • <SYSTEM32>\acctres.dll with <SYSTEM32>\acctres.dll.new
  • <SYSTEM32>\access.cpl with <SYSTEM32>\access.cpl.new
  • <SYSTEM32>\bidispl.dll with <SYSTEM32>\bidispl.dll.new
  • <SYSTEM32>\batt.dll with <SYSTEM32>\batt.dll.new
  • <SYSTEM32>\bitsprx3.dll with <SYSTEM32>\bitsprx3.dll.new
  • <SYSTEM32>\bitsprx2.dll with <SYSTEM32>\bitsprx2.dll.new
  • <SYSTEM32>\avwav.dll with <SYSTEM32>\avwav.dll.new
  • <SYSTEM32>\avifil32.dll with <SYSTEM32>\avifil32.dll.new
  • <SYSTEM32>\avicap32.dll with <SYSTEM32>\avicap32.dll.new
  • <SYSTEM32>\avtapi.dll with <SYSTEM32>\avtapi.dll.new
  • <SYSTEM32>\avmeter.dll with <SYSTEM32>\avmeter.dll.new
  • <SYSTEM32>\browselc.dll with <SYSTEM32>\browselc.dll.new
  • <SYSTEM32>\bootvrfy.exe with <SYSTEM32>\bootvrfy.exe.new
  • <SYSTEM32>\btpanui.dll with <SYSTEM32>\btpanui.dll.new
  • <SYSTEM32>\browsewm.dll with <SYSTEM32>\browsewm.dll.new
  • <SYSTEM32>\bootvid.dll with <SYSTEM32>\bootvid.dll.new
  • <SYSTEM32>\blastcln.exe with <SYSTEM32>\blastcln.exe.new
  • <SYSTEM32>\blackbox.dll with <SYSTEM32>\blackbox.dll.new
  • <SYSTEM32>\bootok.exe with <SYSTEM32>\bootok.exe.new
  • <SYSTEM32>\bootcfg.exe with <SYSTEM32>\bootcfg.exe.new
  • <SYSTEM32>\atmadm.exe with <SYSTEM32>\atmadm.exe.new
  • <SYSTEM32>\atkctrs.dll with <SYSTEM32>\atkctrs.dll.new
  • <SYSTEM32>\atmpvcno.dll with <SYSTEM32>\atmpvcno.dll.new
  • <SYSTEM32>\atmlib.dll with <SYSTEM32>\atmlib.dll.new
  • <SYSTEM32>\at.exe with <SYSTEM32>\at.exe.new
  • <SYSTEM32>\asr_ldm.exe with <SYSTEM32>\asr_ldm.exe.new
  • <SYSTEM32>\asr_fmt.exe with <SYSTEM32>\asr_fmt.exe.new
  • <SYSTEM32>\asycfilt.dll with <SYSTEM32>\asycfilt.dll.new
  • <SYSTEM32>\asr_pfu.exe with <SYSTEM32>\asr_pfu.exe.new
  • <SYSTEM32>\autodisc.dll with <SYSTEM32>\autodisc.dll.new
  • <SYSTEM32>\autoconv.exe with <SYSTEM32>\autoconv.exe.new
  • <SYSTEM32>\autolfn.exe with <SYSTEM32>\autolfn.exe.new
  • <SYSTEM32>\autofmt.exe with <SYSTEM32>\autofmt.exe.new
  • <SYSTEM32>\autochk.exe with <SYSTEM32>\autochk.exe.new
  • <SYSTEM32>\attrib.exe with <SYSTEM32>\attrib.exe.new
  • <SYSTEM32>\atrace.dll with <SYSTEM32>\atrace.dll.new
  • <SYSTEM32>\auditusr.exe with <SYSTEM32>\auditusr.exe.new
  • <SYSTEM32>\audiosrv.dll with <SYSTEM32>\audiosrv.dll.new
Infects the following executable files:
  • <SYSTEM32>\ciadmin.dll.new
  • <SYSTEM32>\kbdir.dll
  • <SYSTEM32>\kbdinmal.dll
  • <SYSTEM32>\kbdla.dll
  • <SYSTEM32>\kbdit142.dll
  • <SYSTEM32>\kbdit.dll
  • <SYSTEM32>\kbdinben.dll
  • <SYSTEM32>\kbdgr1.dll
  • <SYSTEM32>\kbdgr.dll
  • <SYSTEM32>\chkntfs.exe.new
  • <SYSTEM32>\dllcache\winhlp32.exe.new
  • <SYSTEM32>\kbdinbe1.dll
  • <SYSTEM32>\kbdic.dll
  • <SYSTEM32>\cic.dll.new
  • <SYSTEM32>\kbdpo.dll
  • <SYSTEM32>\kbdno1.dll
  • <SYSTEM32>\kbdno.dll
  • <SYSTEM32>\kbdsmsfi.dll
  • <SYSTEM32>\kbdsg.dll
  • <SYSTEM32>\kbdsf.dll
  • <SYSTEM32>\kbdnec.dll
  • <SYSTEM32>\kbdmlt47.dll
  • <SYSTEM32>\kbdmaori.dll
  • <SYSTEM32>\kbdmac.dll
  • <SYSTEM32>\kbdne.dll
  • <SYSTEM32>\kbdmlt48.dll
  • <SYSTEM32>\cidaemon.exe.new
  • <SYSTEM32>\kbdgae.dll
  • <SYSTEM32>\jsproxy.dll
  • <SYSTEM32>\jscript.dll
  • <SYSTEM32>\joy.cpl
  • <SYSTEM32>\cfgmgr32.dll.new
  • <SYSTEM32>\kbdbe.dll
  • <SYSTEM32>\cfgbkend.dll.new
  • <SYSTEM32>\cewmdm.dll.new
  • <SYSTEM32>\dllcache\vmmreg32.dll.new
  • <SYSTEM32>\jgpl400.dll
  • <SYSTEM32>\jgmd400.dll
  • <SYSTEM32>\jobexec.dll
  • <SYSTEM32>\jgsh400.dll
  • <SYSTEM32>\jgsd400.dll
  • <SYSTEM32>\kbdbene.dll
  • <SYSTEM32>\kbdfi1.dll
  • <SYSTEM32>\kbdfi.dll
  • <SYSTEM32>\charmap.exe.new
  • <SYSTEM32>\kbdfr.dll
  • <SYSTEM32>\kbdfo.dll
  • <SYSTEM32>\chkdsk.exe.new
  • <SYSTEM32>\kbdfc.dll
  • <SYSTEM32>\kbdcan.dll
  • <SYSTEM32>\kbdca.dll
  • <SYSTEM32>\kbdbr.dll
  • <SYSTEM32>\kbdes.dll
  • <SYSTEM32>\kbddv.dll
  • <SYSTEM32>\kbdda.dll
  • <SYSTEM32>\libmysql.dll
  • <SYSTEM32>\liblwres.dll
  • <SYSTEM32>\libisccfg.dll
  • <SYSTEM32>\libxml2.dll
  • <SYSTEM32>\libpq82.dll
  • <SYSTEM32>\clipbrd.exe.new
  • <SYSTEM32>\libisccc.dll
  • <SYSTEM32>\libiconv2.dll
  • <SYSTEM32>\cleanmgr.exe.new
  • <SYSTEM32>\libiconv-2.dll
  • <SYSTEM32>\libisc.dll
  • <SYSTEM32>\libintl3.dll
  • <SYSTEM32>\libintl-2.dll
  • <SYSTEM32>\clipsrv.exe.new
  • <SYSTEM32>\locator.exe
  • <SYSTEM32>\localui.dll
  • <SYSTEM32>\localsec.dll
  • <SYSTEM32>\logagent.exe
  • <SYSTEM32>\cmcfg32.dll.new
  • <SYSTEM32>\lodctr.exe
  • <SYSTEM32>\loadperf.dll
  • <SYSTEM32>\licwmi.dll
  • <SYSTEM32>\licmgr10.dll
  • <SYSTEM32>\licdll.dll
  • <SYSTEM32>\lnkstub.exe
  • <SYSTEM32>\lmrt.dll
  • <SYSTEM32>\lights.exe
  • <SYSTEM32>\clbcatex.dll.new
  • <SYSTEM32>\ciodm.dll.new
  • <SYSTEM32>\kbdusx.dll
  • <SYSTEM32>\kbdusr.dll
  • <SYSTEM32>\cipher.exe.new
  • <SYSTEM32>\kdcom.dll
  • <SYSTEM32>\kd1394.dll
  • <SYSTEM32>\kbdusl.dll
  • <SYSTEM32>\kbdsw.dll
  • <SYSTEM32>\kbdsp.dll
  • <SYSTEM32>\kbdsmsno.dll
  • <SYSTEM32>\kbdus.dll
  • <SYSTEM32>\kbdukx.dll
  • <SYSTEM32>\kbduk.dll
  • <SYSTEM32>\keymgr.dll
  • <SYSTEM32>\libgcc_s.dll
  • <SYSTEM32>\libeay32.dll
  • <SYSTEM32>\libdns.dll
  • <SYSTEM32>\libgnat-2009.dll
  • <SYSTEM32>\clb.dll.new
  • <SYSTEM32>\libgnarl-2009.dll
  • <SYSTEM32>\laprxy.dll
  • <SYSTEM32>\l3codecx.ax
  • <SYSTEM32>\l3codeca.acm
  • <SYSTEM32>\cisvc.exe.new
  • <SYSTEM32>\ckcnv.exe.new
  • <SYSTEM32>\langwrbk.dll
  • <SYSTEM32>\label.exe
  • <SYSTEM32>\jgdw400.dll
  • <SYSTEM32>\iesetup.dll
  • <SYSTEM32>\dllcache\notepad.exe.new
  • <SYSTEM32>\iernonce.dll
  • <SYSTEM32>\ifsutil.dll
  • <SYSTEM32>\ifmon.dll
  • <SYSTEM32>\iexpress.exe
  • <SYSTEM32>\iepeers.dll
  • <SYSTEM32>\dllcache\hh.exe.new
  • <SYSTEM32>\ieaksie.dll
  • <SYSTEM32>\ieakeng.dll
  • <SYSTEM32>\ieencode.dll
  • <SYSTEM32>\iedkcs32.dll
  • <SYSTEM32>\ieakui.dll
  • <SYSTEM32>\igmpagnt.dll
  • <SYSTEM32>\inetcpl.cpl
  • <SYSTEM32>\inetcomm.dll
  • <SYSTEM32>\inetcfg.dll
  • <SYSTEM32>\dllcache\taskman.exe.new
  • <SYSTEM32>\inetmib1.dll
  • <SYSTEM32>\inetcplc.dll
  • <SYSTEM32>\dllcache\regedit.exe.new
  • <SYSTEM32>\imaadp32.acm
  • <SYSTEM32>\ils.dll
  • <SYSTEM32>\iissuba.dll
  • <SYSTEM32>\imgutil.dll
  • <SYSTEM32>\imeshare.dll
  • <SYSTEM32>\imapi.exe
  • <SYSTEM32>\ie4uinit.exe
  • <SYSTEM32>\cards.dll.new
  • <SYSTEM32>\iasrecst.dll
  • <SYSTEM32>\iasrad.dll
  • <SYSTEM32>\iassvcs.dll
  • <SYSTEM32>\iassdo.dll
  • <SYSTEM32>\iassam.dll
  • <SYSTEM32>\iaspolcy.dll
  • <SYSTEM32>\iasads.dll
  • <SYSTEM32>\iasacct.dll
  • <SYSTEM32>\iac25_32.ax
  • <SYSTEM32>\iasnap.dll
  • <SYSTEM32>\iashlpr.dll
  • <SYSTEM32>\capesnpn.dll.new
  • <SYSTEM32>\catsrv.dll.new
  • <SYSTEM32>\icwdial.dll
  • <SYSTEM32>\icmui.dll
  • <SYSTEM32>\icmp.dll
  • <SYSTEM32>\idq.dll
  • <SYSTEM32>\icwphbk.dll
  • <SYSTEM32>\catsrvut.dll.new
  • <SYSTEM32>\icm32.dll
  • <SYSTEM32>\icardres.dll.mui
  • <SYSTEM32>\icardres.dll
  • <SYSTEM32>\icardagt.exe
  • <SYSTEM32>\icfgnt5.dll
  • <SYSTEM32>\catsrvps.dll.new
  • <SYSTEM32>\iccvid.dll
  • <SYSTEM32>\ir50_qc.dll
  • <SYSTEM32>\ir50_32.dll
  • <SYSTEM32>\ir41_qcx.dll
  • <SYSTEM32>\cdmodem.dll.new
  • <SYSTEM32>\irclass.dll
  • <SYSTEM32>\ir50_qcx.dll
  • <SYSTEM32>\cdm.dll.new
  • <SYSTEM32>\ipxwan.dll
  • <SYSTEM32>\ipxsap.dll
  • <SYSTEM32>\ipxrtmgr.dll
  • <SYSTEM32>\ir41_qc.dll
  • <SYSTEM32>\ir41_32.ax
  • <SYSTEM32>\ir32_32.dll
  • <SYSTEM32>\irprops.cpl
  • <SYSTEM32>\iyuv_32.dll
  • <SYSTEM32>\ixsso.dll
  • <SYSTEM32>\cdosys.dll.new
  • <SYSTEM32>\jgaw400.dll
  • <SYSTEM32>\jet500.dll
  • <SYSTEM32>\certmgr.dll.new
  • <SYSTEM32>\ivfsrc.ax
  • <SYSTEM32>\dllcache\twunk_32.exe.new
  • <SYSTEM32>\isrdbg32.dll
  • <SYSTEM32>\isign32.dll
  • <SYSTEM32>\iuengine.dll
  • <SYSTEM32>\itss.dll
  • <SYSTEM32>\itircl.dll
  • <SYSTEM32>\ipxroute.exe
  • <SYSTEM32>\iologmsg.dll
  • <SYSTEM32>\intl.cpl
  • <SYSTEM32>\inseng.dll
  • <SYSTEM32>\ippromon.dll
  • <SYSTEM32>\ipmontr.dll
  • <SYSTEM32>\ipconfig.exe
  • <SYSTEM32>\input.dll
  • <SYSTEM32>\infocardapi.dll
  • <SYSTEM32>\inetres.dll
  • <SYSTEM32>\inetppui.dll
  • <SYSTEM32>\initpki.dll
  • <SYSTEM32>\infosoft.dll
  • <SYSTEM32>\infocardcpl.cpl
  • <SYSTEM32>\dllcache\twain_32.dll.new
  • <SYSTEM32>\ipxmontr.dll
  • <SYSTEM32>\ipv6mon.dll
  • <SYSTEM32>\ipv6.exe
  • <SYSTEM32>\ipxrip.dll
  • <SYSTEM32>\ipxpromn.dll
  • <SYSTEM32>\cdfview.dll.new
  • <SYSTEM32>\ipsmsnap.dll
  • <SYSTEM32>\iprtrmgr.dll
  • <SYSTEM32>\iprtprio.dll
  • <SYSTEM32>\iprop.dll
  • <SYSTEM32>\ccfgnt.dll.new
  • <SYSTEM32>\ipsecsnp.dll
  • <SYSTEM32>\ipsec6.exe
  • <SYSTEM32>\loghours.dll
  • <SYSTEM32>\msaudite.dll
  • <SYSTEM32>\msaud32.acm
  • <SYSTEM32>\msapsspc.dll
  • <SYSTEM32>\msconf.dll
  • <SYSTEM32>\mscms.dll
  • <SYSTEM32>\mscat32.dll
  • <SYSTEM32>\msafd.dll
  • <SYSTEM32>\msaatext.dll
  • <SYSTEM32>\mrinfo.exe
  • <SYSTEM32>\corpol.dll.new
  • <SYSTEM32>\msadp32.acm
  • <SYSTEM32>\msadds32.ax
  • <SYSTEM32>\msacm32.drv
  • <SYSTEM32>\mscoree.dll
  • <SYSTEM32>\msdart.dll
  • <SYSTEM32>\msdadiag.dll
  • <SYSTEM32>\cryptdlg.dll.new
  • <SYSTEM32>\msdtc.exe
  • <SYSTEM32>\msdmo.dll
  • <SYSTEM32>\msdatsrc.tlb
  • <SYSTEM32>\MSCTFP.dll
  • <SYSTEM32>\mscpx32r.dLL
  • <SYSTEM32>\mscories.dll
  • <SYSTEM32>\mscorier.dll
  • <SYSTEM32>\MSCTFIME.IME
  • <SYSTEM32>\mscpxl32.dLL
  • <SYSTEM32>\crtdll.dll.new
  • <SYSTEM32>\mqutil.dll
  • <SYSTEM32>\mqlogmgr.dll
  • <SYSTEM32>\mqise.dll
  • <SYSTEM32>\mqgentr.dll
  • <SYSTEM32>\mqoa10.tlb
  • <SYSTEM32>\mqoa.tlb
  • <SYSTEM32>\mqoa.dll
  • <SYSTEM32>\mqdscli.dll
  • <SYSTEM32>\mprmsg.dll
  • <SYSTEM32>\conime.exe.new
  • <SYSTEM32>\mprdim.dll
  • <SYSTEM32>\mqcertui.dll
  • <SYSTEM32>\mqbkup.exe
  • <SYSTEM32>\mqad.dll
  • <SYSTEM32>\mqoa20.tlb
  • <SYSTEM32>\convert.exe.new
  • <SYSTEM32>\mqsvc.exe
  • <SYSTEM32>\mqsnap.dll
  • <SYSTEM32>\mqupgrd.dll
  • <SYSTEM32>\mqtrig.dll
  • <SYSTEM32>\mqtgsvc.exe
  • <SYSTEM32>\mqsec.dll
  • <SYSTEM32>\mqqm.dll
  • <SYSTEM32>\console.dll.new
  • <SYSTEM32>\mqperf.dll
  • <SYSTEM32>\mqrtdep.dll
  • <SYSTEM32>\control.exe.new
  • <SYSTEM32>\mqrt.dll
  • <SYSTEM32>\msjint40.dll
  • <SYSTEM32>\msjetoledb40.dll
  • <SYSTEM32>\msjet40.dll
  • <SYSTEM32>\mslbui.dll
  • <SYSTEM32>\msjtes40.dll
  • <SYSTEM32>\msjter40.dll
  • <SYSTEM32>\msisip.dll
  • <SYSTEM32>\msiexec.exe
  • <SYSTEM32>\msieftp.dll
  • <SYSTEM32>\msidntld.dll
  • <SYSTEM32>\MSIMTF.dll
  • <SYSTEM32>\msimsg.dll
  • <SYSTEM32>\msihnd.dll
  • <SYSTEM32>\msls31.dll
  • <SYSTEM32>\mspatcha.dll
  • <SYSTEM32>\mspaint.exe
  • <SYSTEM32>\msorcl32.dll
  • <SYSTEM32>\mspmsp.dll
  • <SYSTEM32>\mspmsnsv.dll
  • <SYSTEM32>\mspbde40.dll
  • <SYSTEM32>\msorc32r.dll
  • <SYSTEM32>\msnsspc.dll
  • <SYSTEM32>\msnetobj.dll
  • <SYSTEM32>\msltus40.dll
  • <SYSTEM32>\msoert2.dll
  • <SYSTEM32>\msoeacct.dll
  • <SYSTEM32>\msobjs.dll
  • <SYSTEM32>\msident.dll
  • <SYSTEM32>\msexch40.dll
  • <SYSTEM32>\cryptnet.dll.new
  • <SYSTEM32>\msencode.dll
  • <SYSTEM32>\msg.exe
  • <SYSTEM32>\msftedit.dll
  • <SYSTEM32>\msexcl40.dll
  • <SYSTEM32>\msdxmlc.dll
  • <SYSTEM32>\msdtctm.dll
  • <SYSTEM32>\msdtcprx.dll
  • <SYSTEM32>\msdtclog.dll
  • <SYSTEM32>\msdxm.ocx
  • <SYSTEM32>\cryptext.dll.new
  • <SYSTEM32>\msdtcuiu.dll
  • <SYSTEM32>\msg711.acm
  • <SYSTEM32>\ctl3d32.dll.new
  • <SYSTEM32>\mshtml.dll
  • <SYSTEM32>\csseqchk.dll.new
  • <SYSTEM32>\mshtmler.dll
  • <SYSTEM32>\mshtmled.dll
  • <SYSTEM32>\mshtml.tlb
  • <SYSTEM32>\mshta.exe
  • <SYSTEM32>\msgsvc.dll
  • <SYSTEM32>\msgsm32.acm
  • <SYSTEM32>\msg723.acm
  • <SYSTEM32>\mshearts.exe
  • <SYSTEM32>\msh263.drv
  • <SYSTEM32>\msh261.drv
  • <SYSTEM32>\mprddm.dll
  • <SYSTEM32>\mfc100chs.dll
  • <SYSTEM32>\cmstp.exe.new
  • <SYSTEM32>\mfc100.dll
  • <SYSTEM32>\cmutil.dll.new
  • <SYSTEM32>\mfc100d.dll
  • <SYSTEM32>\mfc100cht.dll
  • <SYSTEM32>\cmsetacl.dll.new
  • <SYSTEM32>\mdminst.dll
  • <SYSTEM32>\mdhcp.dll
  • <SYSTEM32>\mciwave.dll
  • <SYSTEM32>\cmprops.dll.new
  • <SYSTEM32>\mf3216.dll
  • <SYSTEM32>\mdwmdmsp.dll
  • <SYSTEM32>\mfc100deu.dll
  • <SYSTEM32>\comaddin.dll.new
  • <SYSTEM32>\cnvfat.dll.new
  • <SYSTEM32>\mfc100rus.dll
  • <SYSTEM32>\comcat.dll.new
  • <SYSTEM32>\mfc100ud.dll
  • <SYSTEM32>\mfc100u.dll
  • <SYSTEM32>\mfc100kor.dll
  • <SYSTEM32>\mfc100fra.dll
  • <SYSTEM32>\mfc100esn.dll
  • <SYSTEM32>\mfc100enu.dll
  • <SYSTEM32>\mfc100jpn.dll
  • <SYSTEM32>\mfc100ita.dll
  • <SYSTEM32>\cnetcfg.dll.new
  • <SYSTEM32>\mciseq.dll
  • <SYSTEM32>\lprhelp.dll
  • <SYSTEM32>\lpr.exe
  • <SYSTEM32>\cmdl32.exe.new
  • <SYSTEM32>\mag_hook.dll
  • <SYSTEM32>\magnify.exe
  • <SYSTEM32>\lprmonui.dll
  • <SYSTEM32>\lpq.exe
  • <SYSTEM32>\cmdial32.dll.new
  • <SYSTEM32>\logoff.exe
  • <SYSTEM32>\logman.exe
  • <SYSTEM32>\lpk.dll
  • <SYSTEM32>\logonui.exe
  • <SYSTEM32>\logon.scr
  • <SYSTEM32>\main.cpl
  • <SYSTEM32>\mciavi32.dll
  • <SYSTEM32>\cmpbk32.dll.new
  • <SYSTEM32>\mchgrcoi.dll
  • <SYSTEM32>\mciqtz32.dll
  • <SYSTEM32>\mciole32.dll
  • <SYSTEM32>\mcicda.dll
  • <SYSTEM32>\mcdsrv32.dll
  • <SYSTEM32>\mapistub.dll
  • <SYSTEM32>\mapi32.dll
  • <SYSTEM32>\makecab.exe
  • <SYSTEM32>\mcd32.dll
  • <SYSTEM32>\cmmon32.exe.new
  • <SYSTEM32>\mcastmib.dll
  • <SYSTEM32>\mobsync.dll
  • <SYSTEM32>\mnmsrvc.exe
  • <SYSTEM32>\mnmdd.dll
  • <SYSTEM32>\modemui.dll
  • <SYSTEM32>\mode.com
  • <SYSTEM32>\mobsync.exe
  • <SYSTEM32>\mmutilse.dll
  • <SYSTEM32>\mmfutil.dll
  • <SYSTEM32>\mmdrv.dll
  • <SYSTEM32>\mmcshext.dll
  • <SYSTEM32>\comsnap.dll.new
  • <SYSTEM32>\mmsys.cpl
  • <SYSTEM32>\comrepl.dll.new
  • <SYSTEM32>\modex.dll
  • <SYSTEM32>\mpg4ds32.ax
  • <SYSTEM32>\mpg4dmod.dll
  • <SYSTEM32>\mpg2splt.ax
  • <SYSTEM32>\mpnotify.exe
  • <SYSTEM32>\mplay32.exe
  • <SYSTEM32>\confmsp.dll.new
  • <SYSTEM32>\mpeg2data.ax
  • <SYSTEM32>\mountvol.exe
  • <SYSTEM32>\moricons.dll
  • <SYSTEM32>\more.com
  • <SYSTEM32>\comuid.dll.new
  • <SYSTEM32>\mp4sdmod.dll
  • <SYSTEM32>\mp43dmod.dll
  • <SYSTEM32>\mmcndmgr.dll
  • <SYSTEM32>\mfcm100d.dll
  • <SYSTEM32>\compatui.dll.new
  • <SYSTEM32>\mfcm100.dll
  • <SYSTEM32>\mfcsubs.dll
  • <SYSTEM32>\mfcm100ud.dll
  • <SYSTEM32>\mfcm100u.dll
  • <SYSTEM32>\mfc71u.dll
  • <SYSTEM32>\comp.exe.new
  • <SYSTEM32>\mfc40u.dll
  • <SYSTEM32>\mfc40.dll
  • <SYSTEM32>\compact.exe.new
  • <SYSTEM32>\mfc71.dll
  • <SYSTEM32>\mfc42u.dll
  • <SYSTEM32>\mgmtapi.dll
  • <SYSTEM32>\mll_mtf.dll
  • <SYSTEM32>\mll_hp.dll
  • <SYSTEM32>\mlang.dll
  • <SYSTEM32>\mmcbase.dll
  • <SYSTEM32>\mmc.exe
  • <SYSTEM32>\mll_qic.dll
  • <SYSTEM32>\compstui.dll.new
  • <SYSTEM32>\migpwd.exe
  • <SYSTEM32>\miglibnt.dll
  • <SYSTEM32>\midimap.dll
  • <SYSTEM32>\mingwm10.dll
  • <SYSTEM32>\mimefilt.dll
  • <SYSTEM32>\milcore.dll
  • <SYSTEM32>\comcat.dll
  • <SYSTEM32>\comaddin.dll
  • <SYSTEM32>\cnvfat.dll
  • <SYSTEM32>\compatUI.dll
  • <SYSTEM32>\compact.exe
  • <SYSTEM32>\comp.exe
  • <SYSTEM32>\cnetcfg.dll
  • <SYSTEM32>\cmprops.dll
  • <SYSTEM32>\cmpbk32.dll
  • <SYSTEM32>\cmmon32.exe
  • <SYSTEM32>\cmutil.dll
  • <SYSTEM32>\cmstp.exe
  • <SYSTEM32>\cmsetACL.dll
  • <SYSTEM32>\compstui.dll
  • <SYSTEM32>\crtdll.dll
  • <SYSTEM32>\corpol.dll
  • <SYSTEM32>\convert.exe
  • <SYSTEM32>\cryptnet.dll
  • <SYSTEM32>\cryptext.dll
  • <SYSTEM32>\cryptdlg.dll
  • <SYSTEM32>\control.exe
  • <SYSTEM32>\comuid.dll
  • <SYSTEM32>\comsnap.dll
  • <SYSTEM32>\comrepl.dll
  • <SYSTEM32>\console.dll
  • <SYSTEM32>\conime.exe
  • <SYSTEM32>\confmsp.dll
  • <SYSTEM32>\cmdl32.exe
  • %WINDIR%\winhlp32.exe.new
  • <SYSTEM32>\chkntfs.exe
  • <SYSTEM32>\chkdsk.exe
  • <SYSTEM32>\cidaemon.exe
  • <SYSTEM32>\cic.dll
  • <SYSTEM32>\ciadmin.dll
  • <SYSTEM32>\chcp.com
  • <SYSTEM32>\cewmdm.dll
  • %WINDIR%\vmmreg32.dll.new
  • <SYSTEM32>\certmgr.dll
  • <SYSTEM32>\charmap.exe
  • <SYSTEM32>\cfgmgr32.dll
  • <SYSTEM32>\cfgbkend.dll
  • <SYSTEM32>\ciodm.dll
  • <SYSTEM32>\clipbrd.exe
  • <SYSTEM32>\cliconfg.rll
  • <SYSTEM32>\cliconfg.exe
  • <SYSTEM32>\cmdial32.dll
  • <SYSTEM32>\cmcfg32.dll
  • <SYSTEM32>\clipsrv.exe
  • <SYSTEM32>\cliconfg.dll
  • <SYSTEM32>\ckcnv.exe
  • <SYSTEM32>\cisvc.exe
  • <SYSTEM32>\cipher.exe
  • <SYSTEM32>\cleanmgr.exe
  • <SYSTEM32>\clbcatex.dll
  • <SYSTEM32>\clb.dll
  • <SYSTEM32>\defrag.exe
  • <SYSTEM32>\adptif.dll.new
  • <SYSTEM32>\ddrawex.dll
  • <SYSTEM32>\deskmon.dll
  • <SYSTEM32>\deskadp.dll
  • <SYSTEM32>\desk.cpl
  • <SYSTEM32>\ddraw.dll
  • <SYSTEM32>\dciman32.dll
  • <SYSTEM32>\dbnmpntw.dll
  • <SYSTEM32>\actmovie.exe.new
  • <SYSTEM32>\ddeshare.exe
  • <SYSTEM32>\admparse.dll.new
  • <SYSTEM32>\dcomcnfg.exe
  • <SYSTEM32>\adsldp.dll.new
  • <SYSTEM32>\dfrgui.dll
  • <SYSTEM32>\dfrgsnap.dll
  • <SYSTEM32>\adsnds.dll.new
  • <SYSTEM32>\dfsshlex.dll
  • <SYSTEM32>\adsnt.dll.new
  • <SYSTEM32>\dfshim.dll
  • <SYSTEM32>\dfrgres.dll
  • <SYSTEM32>\adsmsext.dll.new
  • <SYSTEM32>\devenum.dll
  • <SYSTEM32>\deskperf.dll
  • <SYSTEM32>\dfrgntfs.exe
  • <SYSTEM32>\dfrgfat.exe
  • <SYSTEM32>\devmgr.dll
  • <SYSTEM32>\dbnetlib.dll
  • <SYSTEM32>\d3d9.dll
  • <SYSTEM32>\d3d8thk.dll
  • <SYSTEM32>\access.cpl.new
  • <SYSTEM32>\d3dim700.dll
  • <SYSTEM32>\d3dim.dll
  • <SYSTEM32>\acctres.dll.new
  • <SYSTEM32>\d3d8.dll
  • <SYSTEM32>\cygwin1.dll
  • <SYSTEM32>\ctl3d32.dll
  • <SYSTEM32>\csseqchk.dll
  • <SYSTEM32>\aaaamon.dll.new
  • <SYSTEM32>\6to4svc.dll.new
  • %WINDIR%\system\winspool.drv.new
  • <SYSTEM32>\accwiz.exe.new
  • <SYSTEM32>\daxctle.ocx
  • <SYSTEM32>\datime.dll
  • <SYSTEM32>\dataclen.dll
  • <SYSTEM32>\dbmsrpcn.dll
  • <SYSTEM32>\dbgeng.dll
  • <SYSTEM32>\activeds.tlb.new
  • <SYSTEM32>\aclui.dll.new
  • <SYSTEM32>\acledit.dll.new
  • <SYSTEM32>\d3dramp.dll
  • <SYSTEM32>\d3dpmesh.dll
  • <SYSTEM32>\danim.dll
  • <SYSTEM32>\d3dxof.dll
  • <SYSTEM32>\d3drm.dll
  • <SYSTEM32>\cdosys.dll
  • <SYSTEM32>\asctrls.ocx
  • <SYSTEM32>\arp.exe
  • <SYSTEM32>\appwiz.cpl
  • <SYSTEM32>\asr_fmt.exe
  • <SYSTEM32>\aspnet_counters.dll
  • <SYSTEM32>\asferror.dll
  • <SYSTEM32>\appmgr.dll
  • <SYSTEM32>\alrsvc.dll
  • <SYSTEM32>\ahui.exe
  • <SYSTEM32>\advpack.dll
  • <SYSTEM32>\appmgmts.dll
  • <SYSTEM32>\apcups.dll
  • <SYSTEM32>\amstream.dll
  • <SYSTEM32>\asr_ldm.exe
  • <SYSTEM32>\attrib.exe
  • <SYSTEM32>\atrace.dll
  • <SYSTEM32>\atmpvcno.dll
  • <SYSTEM32>\autochk.exe
  • <SYSTEM32>\auditusr.exe
  • <SYSTEM32>\audiosrv.dll
  • <SYSTEM32>\atmlib.dll
  • <SYSTEM32>\at.exe
  • <SYSTEM32>\asycfilt.dll
  • <SYSTEM32>\asr_pfu.exe
  • <SYSTEM32>\atmadm.exe
  • <SYSTEM32>\atl100.dll
  • <SYSTEM32>\atkctrs.dll
  • <SYSTEM32>\adsnw.dll
  • %WINDIR%\winhlp32.exe
  • %WINDIR%\vmmreg32.dll
  • %WINDIR%\twunk_32.exe
  • <SYSTEM32>\aaaamon.dll
  • <SYSTEM32>\6to4svc.dll
  • %WINDIR%\system\WINSPOOL.DRV
  • %WINDIR%\twain_32.dll
  • %WINDIR%\regedit.exe
  • %WINDIR%\NOTEPAD.EXE
  • %WINDIR%\hh.exe
  • %WINDIR%\TASKMAN.EXE
  • %WINDIR%\sleep.exe
  • %WINDIR%\sfk.exe
  • <SYSTEM32>\access.cpl
  • <SYSTEM32>\adsldp.dll
  • <SYSTEM32>\adptif.dll
  • <SYSTEM32>\admparse.dll
  • <SYSTEM32>\adsnt.dll
  • <SYSTEM32>\adsnds.dll
  • <SYSTEM32>\adsmsext.dll
  • <SYSTEM32>\actmovie.exe
  • <SYSTEM32>\acelpdec.ax
  • <SYSTEM32>\accwiz.exe
  • <SYSTEM32>\acctres.dll
  • <SYSTEM32>\activeds.tlb
  • <SYSTEM32>\aclui.dll
  • <SYSTEM32>\acledit.dll
  • <SYSTEM32>\cc3250mt.dll
  • %WINDIR%\hh.exe.new
  • <SYSTEM32>\cc3250.dll
  • <SYSTEM32>\cc3260mt.dll
  • %WINDIR%\notepad.exe.new
  • <SYSTEM32>\cc3260.dll
  • <SYSTEM32>\catsrvut.dll
  • <SYSTEM32>\capesnpn.dll
  • <SYSTEM32>\camocx.dll
  • <SYSTEM32>\calc.exe
  • <SYSTEM32>\catsrvps.dll
  • <SYSTEM32>\catsrv.dll
  • <SYSTEM32>\cards.dll
  • %WINDIR%\regedit.exe.new
  • <SYSTEM32>\cdfview.dll
  • <SYSTEM32>\ccfgnt.dll
  • <SYSTEM32>\cc3290mt.dll
  • %WINDIR%\twunk_32.exe.new
  • <SYSTEM32>\cdmodem.dll
  • <SYSTEM32>\cdm.dll
  • %WINDIR%\twain_32.dll.new
  • %WINDIR%\taskman.exe.new
  • <SYSTEM32>\cc3270mt.dll
  • <SYSTEM32>\cc3270.dll
  • <SYSTEM32>\cc3290.dll
  • <SYSTEM32>\cc3280mt.dll
  • <SYSTEM32>\cc3280.dll
  • <SYSTEM32>\cacls.exe
  • <SYSTEM32>\batt.dll
  • <SYSTEM32>\avwav.dll
  • <SYSTEM32>\avtapi.dll
  • <SYSTEM32>\bitsprx3.dll
  • <SYSTEM32>\bitsprx2.dll
  • <SYSTEM32>\bidispl.dll
  • <SYSTEM32>\avmeter.dll
  • <SYSTEM32>\autofmt.exe
  • <SYSTEM32>\autodisc.dll
  • <SYSTEM32>\autoconv.exe
  • <SYSTEM32>\avifil32.dll
  • <SYSTEM32>\avicap32.dll
  • <SYSTEM32>\autolfn.exe
  • <SYSTEM32>\blackbox.dll
  • <SYSTEM32>\bthprops.cpl
  • <SYSTEM32>\bthci.dll
  • <SYSTEM32>\browsewm.dll
  • <SYSTEM32>\cabview.dll
  • <SYSTEM32>\btpanui.dll
  • <SYSTEM32>\bthserv.dll
  • <SYSTEM32>\browselc.dll
  • <SYSTEM32>\bootok.exe
  • <SYSTEM32>\bootcfg.exe
  • <SYSTEM32>\blastcln.exe
  • <SYSTEM32>\borlndmm.dll
  • <SYSTEM32>\bootvrfy.exe
  • <SYSTEM32>\bootvid.dll
  • <SYSTEM32>\dgnet.dll
  • <SYSTEM32>\feclient.dll
  • <SYSTEM32>\avtapi.dll.new
  • <SYSTEM32>\fdeploy.dll
  • <SYSTEM32>\avwav.dll.new
  • <SYSTEM32>\find.exe
  • <SYSTEM32>\filemgmt.dll
  • <SYSTEM32>\fde.dll
  • <SYSTEM32>\exts.dll
  • <SYSTEM32>\extrac32.exe
  • <SYSTEM32>\extmgr.dll
  • <SYSTEM32>\fc.exe
  • <SYSTEM32>\faultrep.dll
  • <SYSTEM32>\avmeter.dll.new
  • <SYSTEM32>\findstr.exe
  • <SYSTEM32>\fontext.dll
  • <SYSTEM32>\bidispl.dll.new
  • <SYSTEM32>\fmifs.dll
  • <SYSTEM32>\fontview.exe
  • <SYSTEM32>\bitsprx2.dll.new
  • <SYSTEM32>\fontsub.dll
  • <SYSTEM32>\fltMc.exe
  • <SYSTEM32>\fixmapi.exe
  • <SYSTEM32>\firewall.cpl
  • <SYSTEM32>\finger.exe
  • <SYSTEM32>\fltlib.dll
  • <SYSTEM32>\fldrclnr.dll
  • <SYSTEM32>\batt.dll.new
  • <SYSTEM32>\expsrv.dll
  • <SYSTEM32>\encapi.dll
  • <SYSTEM32>\els.dll
  • <SYSTEM32>\efsadu.dll
  • <SYSTEM32>\EqnClass.Dll
  • <SYSTEM32>\encdec.dll
  • <SYSTEM32>\autodisc.dll.new
  • <SYSTEM32>\autoconv.exe.new
  • <SYSTEM32>\dxtmsft.dll
  • <SYSTEM32>\dxmasf.dll
  • <SYSTEM32>\auditusr.exe.new
  • <SYSTEM32>\dxva2.dll
  • <SYSTEM32>\dxtrans.dll
  • <SYSTEM32>\autochk.exe.new
  • <SYSTEM32>\autofmt.exe.new
  • <SYSTEM32>\eventvwr.exe
  • <SYSTEM32>\eventtriggers.exe
  • <SYSTEM32>\avicap32.dll.new
  • <SYSTEM32>\expand.exe
  • <SYSTEM32>\avifil32.dll.new
  • <SYSTEM32>\evr.dll
  • <SYSTEM32>\eventcreate.exe
  • <SYSTEM32>\autolfn.exe.new
  • <SYSTEM32>\esentprf.dll
  • <SYSTEM32>\esent97.dll
  • <SYSTEM32>\eventcls.dll
  • <SYSTEM32>\eudcedit.exe
  • <SYSTEM32>\esentutl.exe
  • <SYSTEM32>\help.exe
  • <SYSTEM32>\hdwwiz.cpl
  • <SYSTEM32>\hal.dll
  • <SYSTEM32>\hhsetup.dll
  • <SYSTEM32>\btpanui.dll.new
  • <SYSTEM32>\hhctrl.ocx
  • <SYSTEM32>\h323msp.dll
  • <SYSTEM32>\gpupdate.exe
  • <SYSTEM32>\browselc.dll.new
  • <SYSTEM32>\gptext.dll
  • <SYSTEM32>\grpconv.exe
  • <SYSTEM32>\browsewm.dll.new
  • <SYSTEM32>\graftabl.com
  • <SYSTEM32>\hlink.dll
  • <SYSTEM32>\httpapi.dll
  • <SYSTEM32>\calc.exe.new
  • <SYSTEM32>\html.iec
  • <SYSTEM32>\camocx.dll.new
  • <SYSTEM32>\hypertrm.dll
  • <SYSTEM32>\htui.dll
  • <SYSTEM32>\hticons.dll
  • <SYSTEM32>\hnetwiz.dll
  • <SYSTEM32>\hnetmon.dll
  • <SYSTEM32>\cabview.dll.new
  • <SYSTEM32>\hotplug.dll
  • <SYSTEM32>\hostname.exe
  • <SYSTEM32>\cacls.exe.new
  • <SYSTEM32>\gpresult.exe
  • <SYSTEM32>\ftp.exe
  • <SYSTEM32>\blackbox.dll.new
  • <SYSTEM32>\fsutil.exe
  • <SYSTEM32>\g711codc.ax
  • <SYSTEM32>\fwcfg.dll
  • <SYSTEM32>\ftsrch.dll
  • <SYSTEM32>\fsusd.dll
  • <SYSTEM32>\framebuf.dll
  • <SYSTEM32>\format.com
  • <SYSTEM32>\forcedos.exe
  • <SYSTEM32>\fsquirt.exe
  • <SYSTEM32>\freecell.exe
  • <SYSTEM32>\bitsprx3.dll.new
  • <SYSTEM32>\blastcln.exe.new
  • <SYSTEM32>\gpedit.dll
  • <SYSTEM32>\glu32.dll
  • <SYSTEM32>\bootvid.dll.new
  • <SYSTEM32>\gpkrsrc.dll
  • <SYSTEM32>\gpkcsp.dll
  • <SYSTEM32>\bootvrfy.exe.new
  • <SYSTEM32>\glmf32.dll
  • <SYSTEM32>\gdiplus.dll
  • <SYSTEM32>\bootcfg.exe.new
  • <SYSTEM32>\gcdef.dll
  • <SYSTEM32>\getuname.dll
  • <SYSTEM32>\getmac.exe
  • <SYSTEM32>\bootok.exe.new
  • <SYSTEM32>\dxdiagn.dll
  • <SYSTEM32>\dmscript.dll
  • <SYSTEM32>\dmremote.exe
  • <SYSTEM32>\appmgmts.dll.new
  • <SYSTEM32>\appmgr.dll.new
  • <SYSTEM32>\dmsynth.dll
  • <SYSTEM32>\dmstyle.dll
  • <SYSTEM32>\dmocx.dll
  • <SYSTEM32>\dmdskres.dll
  • <SYSTEM32>\dmdskmgr.dll
  • <SYSTEM32>\dmdlgs.dll
  • <SYSTEM32>\dmloader.dll
  • <SYSTEM32>\dmintf.dll
  • <SYSTEM32>\dmime.dll
  • <SYSTEM32>\dmusic.dll
  • <SYSTEM32>\dplaysvr.exe
  • <SYSTEM32>\arp.exe.new
  • <SYSTEM32>\dplay.dll
  • <SYSTEM32>\dpnaddr.dll
  • <SYSTEM32>\dpmodemx.dll
  • <SYSTEM32>\dplayx.dll
  • <SYSTEM32>\dpcdll.dll
  • <SYSTEM32>\docprop.dll
  • <SYSTEM32>\dmview.ocx
  • <SYSTEM32>\dmutil.dll
  • <SYSTEM32>\doskey.exe
  • <SYSTEM32>\docprop2.dll
  • <SYSTEM32>\appwiz.cpl.new
  • <SYSTEM32>\dmconfig.dll
  • <SYSTEM32>\dimap.dll
  • <SYSTEM32>\digest.dll
  • <SYSTEM32>\diantz.exe
  • <SYSTEM32>\dinput8.dll
  • <SYSTEM32>\ahui.exe.new
  • <SYSTEM32>\dinput.dll
  • <SYSTEM32>\advpack.dll.new
  • <SYSTEM32>\adsnw.dll.new
  • <SYSTEM32>\dgsetup.dll
  • <SYSTEM32>\dgrpsetu.dll
  • <SYSTEM32>\diactfrm.dll
  • <SYSTEM32>\dhcpsapi.dll
  • <SYSTEM32>\dhcpmon.dll
  • <SYSTEM32>\diskcomp.com
  • <SYSTEM32>\dmadmin.exe
  • <SYSTEM32>\dllhst3g.exe
  • <SYSTEM32>\dllhost.exe
  • <SYSTEM32>\apcups.dll.new
  • <SYSTEM32>\dmcompos.dll
  • <SYSTEM32>\dmband.dll
  • <SYSTEM32>\dispex.dll
  • <SYSTEM32>\diskcopy.dll
  • <SYSTEM32>\alrsvc.dll.new
  • <SYSTEM32>\diskcopy.com
  • <SYSTEM32>\diskperf.exe
  • <SYSTEM32>\amstream.dll.new
  • <SYSTEM32>\diskpart.exe
  • <SYSTEM32>\dsprpres.dll
  • <SYSTEM32>\dsprop.dll
  • <SYSTEM32>\dsound3d.dll
  • <SYSTEM32>\dssec.dll
  • <SYSTEM32>\dsquery.dll
  • <SYSTEM32>\atmlib.dll.new
  • <SYSTEM32>\atmadm.exe.new
  • <SYSTEM32>\dskquota.dll
  • <SYSTEM32>\dsdmoprp.dll
  • <SYSTEM32>\dsdmo.dll
  • <SYSTEM32>\dsound.dll
  • <SYSTEM32>\atkctrs.dll.new
  • <SYSTEM32>\dskquoui.dll
  • <SYSTEM32>\dsuiext.dll
  • <SYSTEM32>\attrib.exe.new
  • <SYSTEM32>\dx7vb.dll
  • <SYSTEM32>\dwwin.exe
  • <SYSTEM32>\audiosrv.dll.new
  • <SYSTEM32>\dxdiag.exe
  • <SYSTEM32>\dx8vb.dll
  • <SYSTEM32>\dvdupgrd.exe
  • <SYSTEM32>\dumprep.exe
  • <SYSTEM32>\dswave.dll
  • <SYSTEM32>\atmpvcno.dll.new
  • <SYSTEM32>\atrace.dll.new
  • <SYSTEM32>\dvdplay.exe
  • <SYSTEM32>\duser.dll
  • <SYSTEM32>\at.exe.new
  • <SYSTEM32>\dpserial.dll
  • <SYSTEM32>\dpnwsock.dll
  • <SYSTEM32>\dpnsvr.exe
  • <SYSTEM32>\dpvoice.dll
  • <SYSTEM32>\asr_fmt.exe.new
  • <SYSTEM32>\dpvacm.dll
  • <SYSTEM32>\dpnmodem.dll
  • <SYSTEM32>\dpnhpast.dll
  • <SYSTEM32>\dpnet.dll
  • <SYSTEM32>\asctrls.ocx.new
  • <SYSTEM32>\asferror.dll.new
  • <SYSTEM32>\dpnlobby.dll
  • <SYSTEM32>\dpnhupnp.dll
  • <SYSTEM32>\dpvsetup.exe
  • <SYSTEM32>\asycfilt.dll.new
  • <SYSTEM32>\drmv2clt.dll
  • <SYSTEM32>\drmstor.dll
  • <SYSTEM32>\dsauth.dll
  • <SYSTEM32>\ds32gt.dll
  • <SYSTEM32>\drwtsn32.exe
  • <SYSTEM32>\asr_pfu.exe.new
  • <SYSTEM32>\asr_ldm.exe.new
  • <SYSTEM32>\dpwsock.dll
  • <SYSTEM32>\dpvvox.dll
  • <SYSTEM32>\drmclien.dll
  • <SYSTEM32>\driverquery.exe
  • <SYSTEM32>\dpwsockx.dll
Malicious functions:
Creates and executes the following:
  • 'C:\exc.exe'
Modifies file system :
Creates the following files:
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\fifo.log
  • %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\freeav[1]
  • C:\exc.exe
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\RestorePointSize
Moves the following files:
  • from <SYSTEM32>\dllcache\mouse.drv.new to <SYSTEM32>\dllcache\mouse.drv
  • from <SYSTEM32>\dllcache\msvideo.dll.new to <SYSTEM32>\dllcache\msvideo.dll
  • from <SYSTEM32>\dllcache\mmsystem.dll.new to <SYSTEM32>\dllcache\mmsystem.dll
  • from <SYSTEM32>\dllcache\mmtask.tsk.new to <SYSTEM32>\dllcache\mmtask.tsk
  • from <SYSTEM32>\dllcache\olecli.dll.new to <SYSTEM32>\dllcache\olecli.dll
  • from <SYSTEM32>\dllcache\sound.drv.new to <SYSTEM32>\dllcache\sound.drv
  • from <SYSTEM32>\dllcache\system.drv.new to <SYSTEM32>\dllcache\system.drv
  • from <SYSTEM32>\dllcache\olesvr.dll.new to <SYSTEM32>\dllcache\olesvr.dll
  • from <SYSTEM32>\dllcache\shell.dll.new to <SYSTEM32>\dllcache\shell.dll
  • from <SYSTEM32>\dllcache\mciwave.drv.new to <SYSTEM32>\dllcache\mciwave.drv
  • from <SYSTEM32>\dllcache\avicap.dll.new to <SYSTEM32>\dllcache\avicap.dll
  • from <SYSTEM32>\dllcache\avifile.dll.new to <SYSTEM32>\dllcache\avifile.dll
  • from <SYSTEM32>\dllcache\notepad.exe.new to <SYSTEM32>\dllcache\notepad.exe
  • from <SYSTEM32>\dllcache\taskman.exe.new to <SYSTEM32>\dllcache\taskman.exe
  • from <SYSTEM32>\dllcache\commdlg.dll.new to <SYSTEM32>\dllcache\commdlg.dll
  • from <SYSTEM32>\dllcache\mciavi.drv.new to <SYSTEM32>\dllcache\mciavi.drv
  • from <SYSTEM32>\dllcache\mciseq.drv.new to <SYSTEM32>\dllcache\mciseq.drv
  • from <SYSTEM32>\dllcache\keyboard.drv.new to <SYSTEM32>\dllcache\keyboard.drv
  • from <SYSTEM32>\dllcache\lzexpand.dll.new to <SYSTEM32>\dllcache\lzexpand.dll
Network activity:
Connects to:
  • 'www.fr##av.com':80
  • 'localhost':1035
TCP:
HTTP GET requests:
  • www.fr##av.com/
UDP:
  • DNS ASK www.fr##av.com
Miscellaneous:
Searches for the following windows:
  • ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
  • ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
  • ClassName: 'IEFrame' WindowName: '(null)'
  • ClassName: 'Shell_TrayWnd' WindowName: '(null)'
  • ClassName: '' WindowName: '(null)'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play