Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\backup.exe
- hidden files
- file extensions
- Registry Editor (RegEdit)
- %PROGRAM_FILES%\FireFox\backup.exe %PROGRAM_FILES%\FireFox\
- %CommonProgramFiles%\Microsoft Shared\DW\1028\backup.exe %CommonProgramFiles%\Microsoft Shared\DW\1028\
- C:\Far\Plugins\backup.exe C:\Far\Plugins\
- %CommonProgramFiles%\MSSoap\backup.exe %CommonProgramFiles%\MSSoap\
- C:\Far\PlugDoc\Examples\Editor\backup.exe C:\Far\PlugDoc\Examples\Editor\
- %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\System Restore.exe %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\
- %CommonProgramFiles%\Microsoft Shared\MSInfo\backup.exe %CommonProgramFiles%\Microsoft Shared\MSInfo\
- %CommonProgramFiles%\MSSoap\Binaries\backup.exe %CommonProgramFiles%\MSSoap\Binaries\
- C:\Far\PlugDoc\Headers.c\backup.exe C:\Far\PlugDoc\Headers.c\
- C:\Far\Addons\XLat\data.exe C:\Far\Addons\XLat\
- C:\Far\Addons\Tables\Cyrillic\E-Mail Double Conversion\backup.exe C:\Far\Addons\Tables\Cyrillic\E-Mail Double Conversion\
- %CommonProgramFiles%\Microsoft Shared\DW\backup.exe %CommonProgramFiles%\Microsoft Shared\DW\
- %ALLUSERSPROFILE%\Documents\My Videos\backup.exe %ALLUSERSPROFILE%\Documents\My Videos\
- %ALLUSERSPROFILE%\Start Menu\backup.exe %ALLUSERSPROFILE%\Start Menu\
- C:\Far\Addons\Tables\backup.exe C:\Far\Addons\Tables\
- C:\Far\PlugDoc\Examples\backup.exe C:\Far\PlugDoc\Examples\
- C:\Far\Addons\Tables\Central European\backup.exe C:\Far\Addons\Tables\Central European\
- %PROGRAM_FILES%\ComPlus Applications\backup.exe %PROGRAM_FILES%\ComPlus Applications\
- C:\Far\Addons\Tables\Cyrillic\backup.exe C:\Far\Addons\Tables\Cyrillic\
- %CommonProgramFiles%\Microsoft Shared\DW\1025\backup.exe %CommonProgramFiles%\Microsoft Shared\DW\1025\
- C:\Far\PlugDoc\Examples\Compare\backup.exe C:\Far\PlugDoc\Examples\Compare\
- %ALLUSERSPROFILE%\Start Menu\Programs\backup.exe %ALLUSERSPROFILE%\Start Menu\Programs\
- %PROGRAM_FILES%\FireFox\chrome\browser\backup.exe %PROGRAM_FILES%\FireFox\chrome\browser\
- C:\Far\Plugins\ascii\src\backup.exe C:\Far\Plugins\ascii\src\
- %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Communications\backup.exe %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Communications\
- %CommonProgramFiles%\MSSoap\Binaries\Resources\backup.exe %CommonProgramFiles%\MSSoap\Binaries\Resources\
- C:\Far\PlugDoc\Examples\Editor\AutoWrap\backup.exe C:\Far\PlugDoc\Examples\Editor\AutoWrap\
- C:\Far\Addons\Tables\Western European\backup.exe C:\Far\Addons\Tables\Western European\
- %CommonProgramFiles%\Microsoft Shared\DW\1036\backup.exe %CommonProgramFiles%\Microsoft Shared\DW\1036\
- %WINDIR%\addins\backup.exe %WINDIR%\addins\
- C:\Far\PlugDoc\Examples\FARCmds\backup.exe C:\Far\PlugDoc\Examples\FARCmds\
- %CommonProgramFiles%\ODBC\backup.exe %CommonProgramFiles%\ODBC\
- %PROGRAM_FILES%\Internet Explorer\System Restore.exe %PROGRAM_FILES%\Internet Explorer\
- C:\Far\Plugins\ascii\backup.exe C:\Far\Plugins\ascii\
- %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Accessibility\backup.exe %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Accessibility\
- C:\Far\PlugDoc\Examples\Editor\Align\backup.exe C:\Far\PlugDoc\Examples\Editor\Align\
- %CommonProgramFiles%\Microsoft Shared\DW\1031\backup.exe %CommonProgramFiles%\Microsoft Shared\DW\1031\
- %PROGRAM_FILES%\FireFox\chrome\backup.exe %PROGRAM_FILES%\FireFox\chrome\
- C:\Far\Addons\Tables\Hebrew\backup.exe C:\Far\Addons\Tables\Hebrew\
- %CommonProgramFiles%\Microsoft Shared\Speech\backup.exe %CommonProgramFiles%\Microsoft Shared\Speech\
- %CommonProgramFiles%\Microsoft Shared\DW\1033\backup.exe %CommonProgramFiles%\Microsoft Shared\DW\1033\
- %WINDIR%\backup.exe %WINDIR%\
- C:\Far\Addons\XLat\Russian\backup.exe C:\Far\Addons\XLat\Russian\
- C:\Far\PlugDoc\Headers.pas\backup.exe C:\Far\PlugDoc\Headers.pas\
- C:\Far\backup.exe C:\Far\
- %ALLUSERSPROFILE%\backup.exe %ALLUSERSPROFILE%\
- %HOMEPATH%\Start Menu\Programs\Accessories\backup.exe %HOMEPATH%\Start Menu\Programs\Accessories\
- %HOMEPATH%\Start Menu\backup.exe %HOMEPATH%\Start Menu\
- %HOMEPATH%\Start Menu\Programs\backup.exe %HOMEPATH%\Start Menu\Programs\
- %HOMEPATH%\Start Menu\Programs\Accessories\Accessibility\backup.exe %HOMEPATH%\Start Menu\Programs\Accessories\Accessibility\
- %HOMEPATH%\Start Menu\Programs\Accessories\Entertainment\backup.exe %HOMEPATH%\Start Menu\Programs\Accessories\Entertainment\
- %ALLUSERSPROFILE%\Documents\backup.exe %ALLUSERSPROFILE%\Documents\
- %HOMEPATH%\Start Menu\Programs\Administrative Tools\backup.exe %HOMEPATH%\Start Menu\Programs\Administrative Tools\
- C:\Far\Addons\System Restore.exe C:\Far\Addons\
- %ALLUSERSPROFILE%\Desktop\backup.exe %ALLUSERSPROFILE%\Desktop\
- %HOMEPATH%\Cookies\backup.exe %HOMEPATH%\Cookies\
- %HOMEPATH%\Desktop\backup.exe %HOMEPATH%\Desktop\
- %HOMEPATH%\backup.exe %HOMEPATH%\
- C:\backup.exe \
- C:\Documents and Settings\backup.exe C:\Documents and Settings\
- %HOMEPATH%\Favorites\backup.exe %HOMEPATH%\Favorites\
- %HOMEPATH%\My Documents\My Music\backup.exe %HOMEPATH%\My Documents\My Music\
- %HOMEPATH%\My Documents\My Pictures\backup.exe %HOMEPATH%\My Documents\My Pictures\
- %HOMEPATH%\My Documents\Downloads\update.exe %HOMEPATH%\My Documents\Downloads\
- %HOMEPATH%\Favorites\Links\System Restore.exe %HOMEPATH%\Favorites\Links\
- %HOMEPATH%\My Documents\data.exe %HOMEPATH%\My Documents\
- %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\000D7521\backup.exe %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\000D7521\
- %CommonProgramFiles%\Microsoft Shared\backup.exe %CommonProgramFiles%\Microsoft Shared\
- C:\Far\Addons\SetUp\backup.exe C:\Far\Addons\SetUp\
- C:\Far\Addons\Macros\backup.exe C:\Far\Addons\Macros\
- %CommonProgramFiles%\data.exe %CommonProgramFiles%\
- %ALLUSERSPROFILE%\Documents\My Pictures\backup.exe %ALLUSERSPROFILE%\Documents\My Pictures\
- %CommonProgramFiles%\Microsoft Shared\DAO\backup.exe %CommonProgramFiles%\Microsoft Shared\DAO\
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\backup.exe %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\
- %ALLUSERSPROFILE%\Favorites\backup.exe %ALLUSERSPROFILE%\Favorites\
- C:\Far\Addons\Shell\backup.exe C:\Far\Addons\Shell\
- C:\Far\PlugDoc\System Restore.exe C:\Far\PlugDoc\
- C:\Far\Addons\Colors\backup.exe C:\Far\Addons\Colors\
- %ALLUSERSPROFILE%\Documents\My Music\My Playlists\backup.exe %ALLUSERSPROFILE%\Documents\My Music\My Playlists\
- %ALLUSERSPROFILE%\Documents\My Music\backup.exe %ALLUSERSPROFILE%\Documents\My Music\
- C:\Far\Addons\Archivers\backup.exe C:\Far\Addons\Archivers\
- %HOMEPATH%\Start Menu\Programs\Startup\backup.exe %HOMEPATH%\Start Menu\Programs\Startup\
- C:\Far\Addons\Colors\Custom Highlighting\backup.exe C:\Far\Addons\Colors\Custom Highlighting\
- %PROGRAM_FILES%\backup.exe %PROGRAM_FILES%\
- %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\update.exe %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\
- C:\Far\Addons\Colors\Default Highlighting\data.exe C:\Far\Addons\Colors\Default Highlighting\
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\backup.exe %ALLUSERSPROFILE%\Documents\My Music\Sample Music\
- <Auxiliary element> <Auxiliary element>
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] 'NoFolderOptions' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFolderOptions' = '00000001'
- %CommonProgramFiles%\Microsoft Shared\DW\1028\backup.exe
- C:\Far\Addons\Tables\Cyrillic\E-Mail Double Conversion\backup.exe
- C:\Far\Addons\XLat\data.exe
- C:\Far\Plugins\backup.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\System Restore.exe
- %PROGRAM_FILES%\FireFox\backup.exe
- %PROGRAM_FILES%\FireFox\chrome\backup.exe
- %CommonProgramFiles%\Microsoft Shared\MSInfo\backup.exe
- C:\Far\Plugins\ascii\backup.exe
- %CommonProgramFiles%\MSSoap\Binaries\backup.exe
- C:\Far\PlugDoc\Headers.c\backup.exe
- C:\Far\PlugDoc\Examples\Editor\Align\backup.exe
- %ALLUSERSPROFILE%\Documents\My Videos\backup.exe
- C:\Far\Addons\Tables\Central European\backup.exe
- C:\Far\PlugDoc\Examples\Compare\backup.exe
- C:\Far\PlugDoc\Examples\backup.exe
- %ALLUSERSPROFILE%\Start Menu\backup.exe
- %CommonProgramFiles%\Microsoft Shared\DW\backup.exe
- C:\Far\Addons\Tables\Cyrillic\backup.exe
- %CommonProgramFiles%\MSSoap\backup.exe
- C:\Far\PlugDoc\Examples\Editor\backup.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\backup.exe
- %CommonProgramFiles%\Microsoft Shared\DW\1025\backup.exe
- %PROGRAM_FILES%\ComPlus Applications\backup.exe
- %WINDIR%\addins\backup.exe
- %CommonProgramFiles%\Microsoft Shared\Speech\1033\backup.exe
- C:\Far\PlugDoc\Examples\FARCmds\backup.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Communications\backup.exe
- C:\Far\Addons\Tables\Western European\backup.exe
- %CommonProgramFiles%\ODBC\backup.exe
- %CommonProgramFiles%\MSSoap\Binaries\Resources\1033\backup.exe
- C:\Far\PlugDoc\Examples\Editor\Brackets\backup.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Entertainment\backup.exe
- %PROGRAM_FILES%\Internet Explorer\System Restore.exe
- %CommonProgramFiles%\Microsoft Shared\DW\1036\backup.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools\backup.exe
- C:\Far\Addons\Tables\Hebrew\backup.exe
- C:\Far\PlugDoc\Headers.pas\backup.exe
- %WINDIR%\backup.exe
- %CommonProgramFiles%\Microsoft Shared\DW\1031\backup.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Accessibility\backup.exe
- C:\Far\Addons\XLat\Russian\backup.exe
- %PROGRAM_FILES%\FireFox\chrome\browser\backup.exe
- C:\Far\Plugins\ascii\src\backup.exe
- C:\Far\PlugDoc\Examples\Editor\AutoWrap\backup.exe
- %CommonProgramFiles%\Microsoft Shared\Speech\backup.exe
- %CommonProgramFiles%\MSSoap\Binaries\Resources\backup.exe
- %CommonProgramFiles%\Microsoft Shared\DW\1033\backup.exe
- C:\Far\Addons\Tables\backup.exe
- %HOMEPATH%\Start Menu\backup.exe
- %HOMEPATH%\Start Menu\Programs\backup.exe
- %HOMEPATH%\Start Menu\Programs\Accessories\backup.exe
- %HOMEPATH%\My Documents\Downloads\update.exe
- %HOMEPATH%\My Documents\My Music\backup.exe
- %HOMEPATH%\My Documents\My Pictures\backup.exe
- %HOMEPATH%\Start Menu\Programs\Accessories\Accessibility\backup.exe
- C:\Far\Addons\System Restore.exe
- %ALLUSERSPROFILE%\Desktop\backup.exe
- <Current directory>\<Virus name>.zip
- C:\Far\backup.exe
- %ALLUSERSPROFILE%\backup.exe
- <Current directory>\<Virus name>.dat
- C:\backup.exe
- C:\Documents and Settings\backup.exe
- <Current directory>\backup.exe
- <Current directory>\temp.zip
- <Current directory>\11a02776
- %HOMEPATH%\Favorites\backup.exe
- %HOMEPATH%\Favorites\Links\System Restore.exe
- %HOMEPATH%\My Documents\data.exe
- %HOMEPATH%\backup.exe
- %HOMEPATH%\Cookies\backup.exe
- %HOMEPATH%\Desktop\backup.exe
- C:\Far\Addons\SetUp\backup.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\000D7521\backup.exe
- %CommonProgramFiles%\Microsoft Shared\backup.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\update.exe
- C:\Far\Addons\Macros\backup.exe
- %CommonProgramFiles%\data.exe
- %CommonProgramFiles%\Microsoft Shared\DAO\backup.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\backup.exe
- %ALLUSERSPROFILE%\Favorites\backup.exe
- C:\Far\Addons\Shell\backup.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\backup.exe
- C:\Far\PlugDoc\System Restore.exe
- %ALLUSERSPROFILE%\Documents\backup.exe
- %ALLUSERSPROFILE%\Documents\My Music\backup.exe
- C:\Far\Addons\Colors\backup.exe
- %HOMEPATH%\Start Menu\Programs\Accessories\Entertainment\backup.exe
- %HOMEPATH%\Start Menu\Programs\Administrative Tools\backup.exe
- C:\Far\Addons\Archivers\backup.exe
- C:\Far\Addons\Colors\Default Highlighting\data.exe
- <Auxiliary element>
- %PROGRAM_FILES%\backup.exe
- C:\Far\Addons\Colors\Custom Highlighting\backup.exe
- %ALLUSERSPROFILE%\Documents\My Music\My Playlists\backup.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\backup.exe
- <Current directory>\<Virus name>.zip
- <Current directory>\temp.zip
- <Current directory>\<Virus name>.dat
- <Current directory>\temp.zip
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ExploreWClass' WindowName: ''
- ClassName: 'CabinetWClass' WindowName: ''