PER UTENTI

Chiudi

La mia libreria
La mia libreria

+ Aggiungi alla libreria

Ricerca
Ricerca

Supporto
Supporto 24/7 | Regole per contattare

Scrivi

Una richiesta attraverso il modulo

Chiama

+7 (495) 789-45-86

Forum

Richieste

Crea nuova richiesta

Chiama

+7 (495) 789-45-86

Profile

IT

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Chiudi
Servizi
Scanner
Dr.Web vxCube
Versione di prova
Libreria dei virus
Base di conoscenza

Tecnologie

Termini

Formazione ed informazione

Falsi miti

Notizie

Trojan.Siggen13.62269

Aggiunto al database dei virus Dr.Web: 2021-06-21

La descrizione è stata aggiunta:

Technical Information

To ensure autorun and distribution
Sets the following service settings
  • [<HKLM>\System\CurrentControlSet\Services\kdeskcore] 'Start' = '00000002'
  • [<HKLM>\System\CurrentControlSet\Services\kdeskcore] 'ImagePath' = '"%ProgramFiles(x86)%\cmcm\kdesk\kdeskcore.exe" /service cmcore'
Creates the following services
  • 'kdeskcore' "%ProgramFiles(x86)%\cmcm\kdesk\kdeskcore.exe" /service cmcore
Modifies file system
Creates the following files
  • %TEMP%\kdesk\~121cf2\install_res\chs\1005.png
  • %ProgramFiles(x86)%\cmcm\kdesk\kpdfsdk.exe
  • %ProgramFiles(x86)%\cmcm\kdesk\kminisite.exe
  • %ProgramFiles(x86)%\cmcm\kdesk\kminibrowsertool.exe
  • %ProgramFiles(x86)%\cmcm\kdesk\kintercept.exe
  • %ProgramFiles(x86)%\cmcm\kdesk\keyemain.exe
  • %ProgramFiles(x86)%\cmcm\kdesk\kdumprepn.exe
  • %ProgramFiles(x86)%\cmcm\kdesk\kdumprep.exe
  • %ProgramFiles(x86)%\cmcm\kdesk\kdloader.exe
  • %ProgramFiles(x86)%\cmcm\kdesk\kdeskmenu64install64.exe
  • %ProgramFiles(x86)%\cmcm\kdesk\kdeskcore.exe
  • %ProgramFiles(x86)%\cmcm\kdesk\kdesk64.exe
  • %ProgramFiles(x86)%\cmcm\kdesk\kdesk.exe
  • %ProgramFiles(x86)%\cmcm\kdesk\kcmpp.exe
  • %ProgramFiles(x86)%\cmcm\kdesk\kcddltool.exe
  • %ProgramFiles(x86)%\cmcm\kdesk\cmlive.exe
  • %ProgramFiles(x86)%\cmcm\kdesk\cfwijr64.exe
  • %ProgramFiles(x86)%\cmcm\kdesk\cfwijr32.exe
  • %ProgramFiles(x86)%\cmcm\kdesk\ressrc\chs\uplive.svr
  • %ProgramFiles(x86)%\cmcm\kdesk\data\cacert.pem
  • %ProgramFiles(x86)%\cmcm\kdesk\data\catconfig.json
  • %ProgramFiles(x86)%\cmcm\kdesk\operation\cas\kfmt.datx
  • %ProgramFiles(x86)%\cmcm\kdesk\kscrcap.exe
  • %ProgramFiles(x86)%\cmcm\kdesk\ksoftpurifier.exe
  • %ProgramFiles(x86)%\cmcm\kdesk\kvipgui.exe
  • %ProgramFiles(x86)%\cmcm\kdesk\kwallpaper.exe
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-core-memory-l1-1-0.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-core-localization-l1-2-0.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-core-libraryloader-l1-1-0.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-core-interlocked-l1-1-0.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-core-heap-l1-1-0.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-core-handle-l1-1-0.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-core-file-l2-1-0.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-core-file-l1-2-0.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-core-file-l1-1-0.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-core-errorhandling-l1-1-0.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-core-datetime-l1-1-0.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-core-debug-l1-1-0.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-core-console-l1-2-0.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-core-console-l1-1-0.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\uni0nst.exe
  • %ProgramFiles(x86)%\cmcm\kdesk\rcmdhelper64.exe
  • %ProgramFiles(x86)%\cmcm\kdesk\rcmdhelper.exe
  • %ProgramFiles(x86)%\cmcm\kdesk\kwhcommonpop.exe
  • %ProgramFiles(x86)%\cmcm\kdesk\kweibotool.exe
  • %ProgramFiles(x86)%\cmcm\kdesk\kwallpaperui.exe
  • %ProgramFiles(x86)%\cmcm\kdesk\kwallpaperplayer.exe
  • %ProgramFiles(x86)%\cmcm\kdesk\kwallpaperex.exe
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-core-namedpipe-l1-1-0.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\kunioncfg.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\wallpaper_url_cfg.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\wallpaper_skin.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\data\healthcanctrl.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\data\healthbaseinfo.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\data\confirmdesc.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\data\config.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\citys.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\cityconfig.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\config\cities.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\businessicon.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\kadblock\adprocap.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\config\adinterrule.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\config\adintercate.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\kadblock\adblock.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kminisite\2ndshowcfg.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\res\trial_dynamic_wallpaper.cwp
  • %ProgramFiles(x86)%\cmcm\kdesk\assets2.cwp
  • %ProgramFiles(x86)%\cmcm\kdesk\kproxyipc64.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\editor\res\fonts\sans_serif.ttf
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\editor\res\fonts\opensticks.ttf
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\editor\res\fonts\nomosinlinegrunge.ttf
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\editor\res\fonts\monofur-pk7og.ttf
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\editor\res\fonts\lhf_convecta_base.ttf
  • %ProgramFiles(x86)%\cmcm\kdesk\data\healthctrlcfg.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\data\healthctrlwallpaper.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\data\healthminiappinfo.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\data\healthoffcfg.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kfooter\toolbox.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\specialicon.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\data\softpurify.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\kadblock\softpurifierinfo.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\monitortipwindow.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kvipconfig.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\data\ksysoptlp.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\kswitch.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\data\ksdkbasecfg.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\kpdfsdk.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\kadblock\knewadblockrule.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kminisite\knewcore.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kminisitecore.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\data\khealthfastpiccfg.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\security\kxescan\kfc_hfsu.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\security\kxescan\kfc_hfps.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdumpcfg.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\kdumpcfg.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\kdeskdataconfig.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\kdeskcloud.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\operation\cas\kctrl.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\data\healthreadbookinfo.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\ressrc\chs\upcfg.dat
  • %ProgramFiles(x86)%\cmcm\kdesk\kadblock.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\log\kvipsdk.dll.log
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-core-processthreads-l1-1-1.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\kuidsrv.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\ksoft\ktoolupd.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\ktoolupd.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\ksysopteng.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\kspupwnd.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\ksoftpurifyengine.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\kskinmgr.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\ksdkbase.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\kschrodingercat.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\kresmgr.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\kproxyipc.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\kpdftoolupd.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\kpdfmenu64.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\kpdfmenu.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\kminisiteplugin.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\kinst.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\operation\cas\kinfoc64.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\operation\cas\kinfoc.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\kfloatmain.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\security\kxescan\kfcdetect.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\keyeprotect.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\kurltool.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\kurltool64.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\kvipdsk.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\kvipdsk64.dll
  • %APPDATA%\kdesk\data\wallpaper\interactive.ini
  • %ALLUSERSPROFILE%\kdesk\kich80\307-4ae77245-60d02e2c-133.ich
  • %ProgramFiles(x86)%\cmcm\kdesk\desktop.ini
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\元气桌面\卸载元气桌面.lnk
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\元气桌面\在线升级.lnk
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\元气桌面\桌面整理.lnk
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\元气桌面\元气壁纸.lnk
  • %HOMEPATH%\desktop\元气桌面.lnk
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\vcruntime140.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\ucrtbase.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\sqlite.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\security\kxescan\sqlite.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\msvcr80.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\msvcp80.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\msvcp140_1.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\msvcp140.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\liblz4.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\kxebase.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\kwpplayer.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\kwhrequestor.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\kweatherquerier.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\kvipsdk.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-core-processthreads-l1-1-0.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\editor\res\fonts\lazer84.ttf
  • %ProgramFiles(x86)%\cmcm\kdesk\keasyipcn.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\kdump64.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-crt-stdio-l1-1-0.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-crt-runtime-l1-1-0.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-crt-process-l1-1-0.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-crt-private-l1-1-0.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-crt-multibyte-l1-1-0.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-crt-math-l1-1-0.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-crt-locale-l1-1-0.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-crt-heap-l1-1-0.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-crt-filesystem-l1-1-0.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-crt-environment-l1-1-0.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-crt-convert-l1-1-0.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-crt-conio-l1-1-0.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-core-xstate-l2-1-0.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-core-util-l1-1-0.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-core-timezone-l1-1-0.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-core-sysinfo-l1-1-0.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-core-synch-l1-2-0.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-core-synch-l1-1-0.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-core-string-l1-1-0.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-core-rtlsupport-l1-1-0.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-core-profile-l1-1-0.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-crt-string-l1-1-0.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-crt-time-l1-1-0.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-crt-utility-l1-1-0.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\cfwmmh32.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\kdsflh.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\kdnsresolver.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\kdeskplugin64.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\kdeskplugin.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\kdeskmenu64.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\kdeskmenu.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\kdeskcomp.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\kdeskcollator64.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\kdeskcollator.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\kcmppinvoker.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\api-ms-win-core-processenvironment-l1-1-0.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\kavd.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\irrklang.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\ikpmp3.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\ikpflac.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\freetype.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\dbgeng.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\depdlls\concrt140.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\cfwscc64.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\cfwscc32.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\cfwpen.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\cfwmmh64.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\kdump.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\keasyipcn64.dll
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\editor\res\fonts\kust.ttf
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\60012.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kfooter\excel_8.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\res\skin\earth_frame.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\res\skin\chris_tree_frame.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\res\skin\chinese_knot_frame.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\res\skin\camera_frame.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\res\skin\angrybird_frame.png
  • %ProgramFiles(x86)%\cmcm\kdesk\ressrc\chs\bk\kuninst\60001.png
  • %ProgramFiles(x86)%\cmcm\kdesk\ressrc\chs\bk\kuninst\60000.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\60000.png
  • %ProgramFiles(x86)%\cmcm\kdesk\ressrc\chs\bk\cmlive\60000.png
  • %ProgramFiles(x86)%\cmcm\kdesk\install_res\chs\6000.png
  • %ProgramFiles(x86)%\cmcm\kdesk\install_res\chs\5005.png
  • %ProgramFiles(x86)%\cmcm\kdesk\install_res\chs\5004.png
  • %ProgramFiles(x86)%\cmcm\kdesk\install_res\chs\5003.png
  • %ProgramFiles(x86)%\cmcm\kdesk\install_res\chs\5002.png
  • %ProgramFiles(x86)%\cmcm\kdesk\install_res\chs\5001.png
  • %ProgramFiles(x86)%\cmcm\kdesk\install_res\chs\5000.png
  • %ProgramFiles(x86)%\cmcm\kdesk\ressrc\chs\bk\kuninst\460000.png
  • %ProgramFiles(x86)%\cmcm\kdesk\ressrc\chs\bk\cmlive\360000.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kintercept\res\2120002.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kintercept\res\2120001.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\res\skin\feicui_frame.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\res\skin\goldmedal_frame.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kfooter\icon_1.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kfooter\icon_2.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kfooter\screenrecord_7.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\res\skin\rabbit_frame.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\res\preview\preview_whale.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\res\preview\preview_weini.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\res\preview\preview_usleader.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\res\preview\preview_sunnydoll.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\res\preview\preview_rabbit.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\res\preview\preview_mascot.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\res\preview\preview_lantern.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\res\preview\preview_goldmedal.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\res\preview\preview_earth.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\res\preview\preview_feicui.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\res\preview\preview_christree.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\res\preview\preview_chinese_knot.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\res\preview\preview_camera.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\res\preview\preview_angrybird.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kfooter\prcycleaner.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\res\skin\mascot_frame.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\res\skin\lantern_frame.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\share\kdesk_share.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kfooter\icon_4.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kfooter\icon_3.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kfooter\softpurifier.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kintercept\res\2120000.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\181009.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\181008.png
  • %ProgramFiles(x86)%\cmcm\kdesk\install_res\chs\1005.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\res\action6_guide_video.mp4
  • %ProgramFiles(x86)%\cmcm\kdesk\ressrc\chs\ksoftpurifier.zip
  • %ProgramFiles(x86)%\cmcm\kdesk\ressrc\chs\kintercept.zip
  • %TEMP%\kdesk\~121cf2\setup.xml
  • %TEMP%\kdesk\~121cf2\product.xml
  • %TEMP%\kdesk\~121cf2\clear_i.xml
  • %TEMP%\kdesk\~121cf2\install_res\chs\5102.xml
  • %TEMP%\kdesk\~121cf2\install_res\chs\214.xml
  • %TEMP%\kdesk\~121cf2\install_res\chs\203.xml
  • %TEMP%\kdesk\~121cf2\install_res\chs\103.xml
  • %TEMP%\kdesk\~121cf2\install_res\chs\102.xml
  • %TEMP%\kdesk\~121cf2\install_res\chs\6000.png
  • %TEMP%\kdesk\~121cf2\install_res\chs\5005.png
  • %TEMP%\kdesk\~121cf2\install_res\chs\5004.png
  • %TEMP%\kdesk\kdesksetup.log
  • %TEMP%\kdesk\~121cf2\install_res\chs\5003.png
  • %TEMP%\kdesk\~121cf2\install_res\chs\5002.png
  • %TEMP%\kdesk\~121cf2\install_res\chs\5001.png
  • %TEMP%\kdesk\~121cf2\install_res\chs\5000.png
  • %TEMP%\kdesk\~121cf2\install_res\chs\1018.png
  • %ProgramFiles(x86)%\cmcm\kdesk\install_res\chs\1018.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\110000.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\110001.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\110002.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\181006.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\181003.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\181002.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\171001.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\171000.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\130009.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\130008.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\130007.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\130006.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\130005.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\130003.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\130004.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\130002.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\130001.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\130000.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\120001.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\120000.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\res\1120001.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\res\1120000.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\111000.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\110004.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\110003.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\181007.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kintercept\res\260010.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\editor\res\fonts\engineer.ttf
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\res\skin\weini_frame.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\healthcloud.ini
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\res\extern_skin_map.ini
  • %ProgramFiles(x86)%\cmcm\kdesk\data\cookieccfg.ini
  • %ProgramFiles(x86)%\cmcm\kdesk\kcdpt\scene\commonalienpop.ini
  • %ProgramFiles(x86)%\cmcm\kdesk\data\url_filter.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\scom.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\capricorn\scenes.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\data\open_url_tool_cfg.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\install.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\ressrc\chs\citys.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\capricorn\cfgmap.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\ressrc\chs\bk\cmlive\760002.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\ressrc\chs\bk\cmlive\660002.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\60092.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\60091.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\60072.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\60071.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\60052.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\60051.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\60032.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\60031.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\data\healthversion.ini
  • %ProgramFiles(x86)%\cmcm\kdesk\kcdpt\scene\jianjiaopopdesktop.ini
  • %ProgramFiles(x86)%\cmcm\kdesk\security\kxescan\kfccfg.ini
  • %ProgramFiles(x86)%\cmcm\kdesk\ressrc\chs\kismain.ini
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\editor\res\fonts\dunkin_sans_bold.ttf
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\editor\res\fonts\cursedtimerulil-zznm.ttf
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\editor\res\fonts\cooper_regular.ttf
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\editor\res\fonts\blackout_2_am.ttf
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\editor\res\fonts\arial.ttf
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\editor\res\fonts\8bitoperatorplus8-regular.ttf
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\editor\res\fonts\spincycle_3d_ot.otf
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\editor\res\fonts\selektor_bold_italic.otf
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\editor\res\fonts\segment7standard.otf
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\editor\res\fonts\potra.otf
  • %ProgramFiles(x86)%\cmcm\kdesk\kcdpt\scene\shortcuttipex.ini
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\editor\res\fonts\alcubierre.otf
  • %ProgramFiles(x86)%\cmcm\kdesk\kcdpt\scene\shortcuttip.ini
  • %ProgramFiles(x86)%\cmcm\kdesk\kcdpt\selfdetect.ini
  • %ProgramFiles(x86)%\cmcm\kdesk\data\scanctrl.ini
  • %ProgramFiles(x86)%\cmcm\kdesk\kcdpt\scene\repeatpop.ini
  • %ProgramFiles(x86)%\cmcm\kdesk\kcdpt\scene\productcmpptime.ini
  • %ProgramFiles(x86)%\cmcm\kdesk\kcdpt\scene\productcmpp.ini
  • %ProgramFiles(x86)%\cmcm\kdesk\oem.ini
  • %ProgramFiles(x86)%\cmcm\kdesk\data\newsminisite_commoncfg.ini
  • %ProgramFiles(x86)%\cmcm\kdesk\data\newsminisitecfdt.ini
  • %ProgramFiles(x86)%\cmcm\kdesk\ressrc\chs\kswitchlist.ini
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\res\skin\usleader_frame.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\editor\res\fonts\facon-2.ttf
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\60011.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\60010.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\150000.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\install_res\chs\103.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\install_res\chs\102.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\100001.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\100000.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\ressrc\chs\bk\cmlive\100.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\microsoft.vc80.mfc.manifest
  • %ProgramFiles(x86)%\cmcm\kdesk\microsoft.vc80.crt.manifest
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\res\uninst_yq.ico
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\icons\tianmao.ico
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\icons\taobao.ico
  • %ProgramFiles(x86)%\cmcm\kdesk\data\khealthctrl_eye\icon\lockscreen.ico
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\kwallpaper_16.ico
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\res\kwallpaper.ico
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\kdesk_16.ico
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\kdesk.ico
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\icons\juhuasuan.ico
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\icons\internavigation.ico
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\icons\baidu.ico
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kfooter\word_9.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\res\skin\whale_frame.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\150001.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\150100.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\150101.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\150200.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\ressrc\chs\bk\kuninst\60002.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\ressrc\chs\bk\cmtray\60002.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\ressrc\chs\bk\kuninst\560012.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\560011.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\res\560010.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\ressrc\chs\bk\cmlive\560002.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\install_res\chs\5102.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\ressrc\chs\bk\kuninst\460002.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\ressrc\chs\bk\cmlive\360002.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kintercept\res\260012.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\res\skin\sunnydoll_frame.png
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kintercept\res\260011.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\install_res\chs\214.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\ressrc\chs\bk\kuninst\214.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\install_res\chs\203.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\ressrc\chs\bk\kuninst\2001.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\res\160012.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\res\160011.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kwallpaper\res\160010.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\150301.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\150300.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\data\kdesk\res\150201.xml
  • %ProgramFiles(x86)%\cmcm\kdesk\ressrc\chs\bk\cmlive\60002.xml
  • %APPDATA%\kdesk\data\wallpaper\common_config.json_download.tmp
Deletes the following files
  • %APPDATA%\kdesk\data\wallpaper\common_config.json
  • %TEMP%\kdesk\~121cf2\clear_i.xml
  • %TEMP%\kdesk\~121cf2\install_res\chs\1005.png
  • %TEMP%\kdesk\~121cf2\install_res\chs\1018.png
  • %TEMP%\kdesk\~121cf2\install_res\chs\102.xml
  • %TEMP%\kdesk\~121cf2\install_res\chs\103.xml
  • %TEMP%\kdesk\~121cf2\install_res\chs\203.xml
  • %TEMP%\kdesk\~121cf2\install_res\chs\214.xml
  • %TEMP%\kdesk\~121cf2\install_res\chs\5000.png
  • %TEMP%\kdesk\~121cf2\install_res\chs\5001.png
  • %TEMP%\kdesk\~121cf2\install_res\chs\5002.png
  • %TEMP%\kdesk\~121cf2\install_res\chs\5003.png
  • %TEMP%\kdesk\~121cf2\install_res\chs\5004.png
  • %TEMP%\kdesk\~121cf2\install_res\chs\5005.png
  • %TEMP%\kdesk\~121cf2\install_res\chs\5102.xml
  • %TEMP%\kdesk\~121cf2\install_res\chs\6000.png
Moves the following files
  • from %APPDATA%\kdesk\data\wallpaper\common_config.json_download.tmp to %APPDATA%\kdesk\data\wallpaper\common_config.json_download
  • from %APPDATA%\kdesk\data\wallpaper\common_config.json_download to %APPDATA%\kdesk\data\wallpaper\common_config.json
Substitutes the following files
  • %APPDATA%\kdesk\data\wallpaper\common_config.json_download.tmp
  • %APPDATA%\kdesk\data\wallpaper\common_config.json_download
  • %APPDATA%\kdesk\data\wallpaper\common_config.json
Network activity
Connects to
  • 're######ner.zhhainiao.com':80
  • 'he######top0.ksmobile.com':80
  • 'im######un.zhhainiao.com':443
  • 'he######top1.ksmobile.com':80
  • 'un###.#nfoc.duba.net':80
  • 'in###2.duba.net':80
TCP
HTTP POST requests
  • http://he######top1.ksmobile.com/c/
  • http://he######top0.ksmobile.com/c/
  • http://in###2.duba.net/c/
Other
  • 'im######un.zhhainiao.com':443
UDP
  • DNS ASK re######ner.zhhainiao.com
  • DNS ASK he######top0.ksmobile.com
  • DNS ASK he######top1.ksmobile.com
  • DNS ASK im######un.zhhainiao.com
  • DNS ASK un###.#nfoc.duba.net
  • DNS ASK in###2.duba.net
Miscellaneous
Searches for the following windows
  • ClassName: 'SHELLDLL_DefView' WindowName: ''
  • ClassName: 'Progman' WindowName: 'Program Manager'
  • ClassName: 'SysListView32' WindowName: 'FolderView'
Creates and executes the following
  • '%ProgramFiles(x86)%\cmcm\kdesk\kdeskcore.exe' /service cmcore
  • '%ProgramFiles(x86)%\cmcm\kdesk\kwallpaper.exe' /mode:3
  • '%ProgramFiles(x86)%\cmcm\kdesk\kdeskmenu64install64.exe' /install:kdeskmenu64.dll /forcedMode:true
  • '%ProgramFiles(x86)%\cmcm\kdesk\kdesk64.exe' /from:7 /mode:3 /operation:1
  • '%ProgramFiles(x86)%\cmcm\kdesk\kwallpaper.exe' /mode:3' (with hidden window)

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play