PER UTENTI

Chiudi

La mia libreria
La mia libreria

+ Aggiungi alla libreria

Ricerca
Ricerca

Supporto
Supporto 24/7 | Regole per contattare

Scrivi

Una richiesta attraverso il modulo

Chiama

+7 (495) 789-45-86

Forum

Richieste

Crea nuova richiesta

Chiama

+7 (495) 789-45-86

Profile

IT

RU CN DE EN ES FR IT JP KZ UZ PL BY
Chiudi
Servizi
Scanner
Dr.Web vxCube
Versione di prova
Perizia di incidenti informatici legati ai virus
Libreria dei virus
Base di conoscenza

Tecnologie

Termini

Formazione ed informazione

Falsi miti

Notizie

Trojan.KeyLogger.40050

Aggiunto al database dei virus Dr.Web: 2018-05-28

La descrizione è stata aggiunta:

Technical Information

Malicious functions:
Installs hooks to intercept notifications
on keystrokes:
  • Handler for all processes: %APPDATA%\MyMacro\cfgdll.dll
Terminates or attempts to terminate
the following system processes:
  • <SYSTEM32>\ping.exe
Modifies file system:
Creates the following files:
  • %TEMP%\mac1.tmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ИЎПыЖҐЕд.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\И·ИП.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\їОТµ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\їОТµНкіЙ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\А§ДС.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\РЎїОТµ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\іЙ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\З°НщїОТµ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ФВББ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\Ц№Й±.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\Дї±кНтАпМэ·з.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\Ц№Й±2.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ґр¶Ф.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\З°НщКЖБ¦.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ИООс.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\°пЕЙКЖБ¦.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\Чш±к.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\°Ч±К.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\°ЧЧй¶У.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ґґЅЁ¶УОй.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\¶УОй.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\¶УОйїХО».bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\РЎЗ°.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ґтїЄВЫЅЈЅ±Аш.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\З°НщїОТµ2.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\єЪЧй¶У.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\НЛіц»ЄЙЅ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ґуіъН·.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ґуё«Н·.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\їі·Ґ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\РЎіъН·.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\РЎё«Н·.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\0.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\·µ»Ш.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\№ШЧў.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\»хЖ·ЅфИ±.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\»­НјЗшУт.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\µЇД»їЄ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\РД.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\µЪ¶ю±іѕ°.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\µЪБщ±іѕ°.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\µЪИэ±іѕ°.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\µЪЛД±іѕ°.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\µЪОе±іѕ°.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ґтїЄ»ЄЙЅВЫЅЈ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\»ЄЙЅВЫЅЈ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ВЫЅЈ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ВЫЅЈЅ±Аш.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЖҐЕд.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЦРФ­.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\»о¶ЇФВББ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЛгШФ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\З°НщНтАп.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\РЎµШНјІЭ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\БйЦҐ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\Т°ЙЅІО.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\Цм№ы.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\Ѕрїу.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\БўТшїу.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЛйКЇ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ОЩѕ§їу.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\РЎµШНјКЇ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЧжДёВМїу.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\°ЪМЇ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\И·¶ЁНтАпМэ·з.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\µ±З°МеБ¦»Цёґ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ВйТВРьЙН.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЛўРВ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\РьЙН1.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\З°НщІи№ЭЛµКй.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\К№УГВЇЧУ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\1ПЯ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ПВјэН·.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\µЗЅЈёу.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЖҐЕд·й»р.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\Йъ»ојјДЬ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ґуµШНјІЭ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\µШБй№ы.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\·ўЛН.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ФУІЭ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\НЛіц¶УОй.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\Т»јьє°»°.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\±дЗї.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\јтµҐ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЖХНЁ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\З°НщзОзї.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЗуІЖ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\МЅ±¦.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\Х䱦ёу2.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\»ЄХжХж.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\РЎМъЗВ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\БўјґЗ°Нщ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ІЙјЇ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЙФєуФЩЛµ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\И·ИПМеБ¦»Цёґ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\Т»јьМбЅ»їОТµ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\їОТµНкіЙ2.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЖҐЕдКэБїЙЩ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\З°Нщ°пЕЙИООс.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\З°НщЛгШФ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\»о¶ЇНј.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\И«ІїЗеіэ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\°пЕЙТ»ЅЗ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\И·¶ЁїОТµ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\НтАпМэ·з.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\РьЙН.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\НЪїу.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\єЪКЦ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ґуМъЗВ.bmp
  • %APPDATA%\MyMacro\plugin\WINDOW.ini
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\С°µА.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\С°µА2.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\С°µАНкіЙ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\УТјэН·.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЧујэН·.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\И·¶ЁєПіЙ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\їЄКјЕлвї.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\¶ЇЧч.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ґуУжѕЯ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\№єВт.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\»о¶Ї.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\И·¶Ё.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\МнјУ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\РЎУжѕЯ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\УжѕЯ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЧФ¶ЇС°В·.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ґ№µц.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\№Ш±Х1.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\Іи№ЭЛµКй.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\Ѕ­єюзОзї.bmp
  • %APPDATA%\qmacro\shield\SD003.dat
  • %APPDATA%\qmacro\shield\SD001.dat
  • %APPDATA%\qmacro\shield\Shield.ini
  • %APPDATA%\qmacro\shield\SD002.dat
  • %APPDATA%\qmacro\shield\SD000.dat
  • %TEMP%\MT.zip
  • %APPDATA%\MyMacro\plugin\WINDOW.DLL
  • %APPDATA%\MyMacro\plugin\LXJ_PLUG.DLL
  • %APPDATA%\MyMacro\plugin\BGKMS6_10.DLL
  • %APPDATA%\MyMacro\plugin\BGCP2_02.DLL
  • %APPDATA%\MyMacro\plugin\FILE.DLL
  • %TEMP%\mymacro.zip
  • %TEMP%\RKey.zip
  • %APPDATA%\MyMacro\RKey.dat
  • %TEMP%\Runner.zip
  • %APPDATA%\MyMacro\Runner.exe
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ОґСЎЦРЅ­єю.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\µ±З°ЖҐЕдЦР.bmp
  • %APPDATA%\MyMacro\mymacro_errinfo.exe
  • %TEMP%\QMLog\20180527.log
  • %APPDATA%\MyMacro\cfgdll.dll
  • %APPDATA%\MyMacro\ShieldModule.dat
  • %APPDATA%\MacroCommerce\qdisp.dll
  • %ALLUSERSPROFILE%\Application Data\boost_interprocess\FkGk5lDwrFRu
  • %ALLUSERSPROFILE%\Application Data\boost_interprocess\FkGk5lDwrFR
  • %ALLUSERSPROFILE%\Application Data\boost_interprocess\oeZENFTndt5Q
  • %ALLUSERSPROFILE%\Application Data\boost_interprocess\u7dD6n8Ucltc
  • %TEMP%\ebd2.tmp
  • %TEMP%\win.ini
  • %TEMP%\plugin.zip
  • %APPDATA%\MyMacro\MT.exe
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\МѕєЕ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\СЎЦРЅ­єю.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\јЧ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ОґСЎЦР·ЧХщ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\СЎЦР·ЧХщ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\»рЦЦ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\»Ёјь.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\АъНт°о.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ХЅ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\°пЕЙИООсНкіЙ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\°пЕЙИООсТСНкіЙ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ФшПИЙъ.bmp
  • %APPDATA%\qmacro\shield\SD004.dat
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\Іи№ЭЛµКйНкіЙ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЛгШФНкіЙ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\С°»хЗ§.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\№Т»ъ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ОТ·Ѕ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\Ѕ­ДП.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\КАЅз.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\»»ПЯ±кК¶.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\»»ПЯИ¦.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\№єВт2.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\°ЧКЦ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\Т»јьМбЅ».bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\Ѕ­єюзОзїНкіЙ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\АлїЄ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\Х䱦ёу.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\СЎЦР°пЕЙ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ОґСЎЦР°пЕЙ.bmp
  • %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\h[1].js
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ТТ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\јМРшґрМв.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\НЛіцІи№Э.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\Ѕ­єюзОзїВј.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\З°ИҐґтМЅ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\З°НщЅ­.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ОТ»бРЎРД.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\¶аР»БЛ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\З°Нщ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ё±±ѕ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЅшИлІи№Э.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ОґСЎЦРУОАъ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\Вд±К.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЗшУт.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЛгГьІ·ШФ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЛжФµ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЅУКЬ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\¶Ф»°їт.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\°пЕЙ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\°пЕЙИООс.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\°пЕЙИООс¶Ф»°.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\¶ФєЕ.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\И·¶Ё°пЕЙИООс.bmp
  • %WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\СЎЦРУОАъ.bmp
  • %APPDATA%\MyMacro\plugin\FILE.ini
Deletes the following files:
  • %TEMP%\plugin.zip
  • %TEMP%\mymacro.zip
  • %TEMP%\RKey.zip
  • %TEMP%\Runner.zip
  • %TEMP%\MT.zip
  • %ALLUSERSPROFILE%\Application Data\boost_interprocess\u7dD6n8Ucltc
  • %APPDATA%\MyMacro\ShieldModule.dat
Network activity:
Connects to:
  • '12#.#25.114.144':80
  • 'w.###ata.net':443
TCP:
HTTP GET requests:
  • http://hm.##idu.com/h.js?82############################## via 12#.#25.114.144
  • http://lo#.##.baidu.com/hm.gif?cc############################################################################################################################################## via 12#.#25.114.1...
  • http://lo#.##.baidu.com/hm.gif?cc########################################################################################################################################################## via 1...
UDP:
  • DNS ASK so##.xiaojl.com
  • DNS ASK www.ba##u.com
  • DNS ASK hm.##idu.com
  • DNS ASK lo#.##.baidu.com
  • DNS ASK w.###ata.net
Miscellaneous:
Searches for the following windows:
  • ClassName: '#32770' WindowName: '??????????????'
  • ClassName: '#32770' WindowName: 'ЎѕВмТПЎїіюБфПг'
Creates and executes the following:
  • '%APPDATA%\MyMacro\Runner.exe' --host_id 5 --verify_key 7wkIYUJ3fNFo --product "<Full path to file>" --version 2014.05.145683
Executes the following:
  • '<SYSTEM32>\ping.exe' www.ba##u.com -n 2

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play