PER UTENTI

Chiudi

La mia libreria
La mia libreria

+ Aggiungi alla libreria

Ricerca
Ricerca

Supporto
Supporto 24/7 | Regole per contattare

Scrivi

Una richiesta attraverso il modulo

Chiama

+7 (495) 789-45-86

Forum

Richieste

Crea nuova richiesta

Chiama

+7 (495) 789-45-86

Profile

IT

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Chiudi
Servizi
Scanner
Dr.Web vxCube
Versione di prova
Perizia di incidenti informatici legati ai virus
Libreria dei virus
Base di conoscenza

Tecnologie

Termini

Formazione ed informazione

Falsi miti

Notizie

Trojan.Siggen18.34579

Aggiunto al database dei virus Dr.Web: 2022-08-12

La descrizione è stata aggiunta:

Technical Information

To ensure autorun and distribution
Modifies the following registry keys
  • [<HKCU>\Software\Classes\exefile\shell\open\command] '' = '"%ALLUSERSPROFILE%\install\app.exe"%1" %*"'
Creates or modifies the following files
  • %APPDATA%\microsoft\windows\start menu\programs\startup\ms office.lnk
Malicious functions
To complicate detection of its presence in the operating system,
blocks execution of the following system utilities:
  • Windows Update
  • Windows Security Center
Modifies file system
Creates the following files
  • %ALLUSERSPROFILE%\classes\svcserv.exe
  • %ALLUSERSPROFILE%\install\app.exe
  • %ALLUSERSPROFILE%\install\1.reg
Deletes the following files
  • %ALLUSERSPROFILE%\install\1.reg
Miscellaneous
Searches for the following windows
  • ClassName: 'RegEdit_RegEdit' WindowName: ''
Creates and executes the following
  • '%ALLUSERSPROFILE%\install\app.exe'
  • '%WINDIR%\syswow64\sc.exe' delete ccEvtMgr' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete DefWatch' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete "Symantec AntiVirus"' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete "avast! Mail Scanne"' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete "avast! Antivirus"' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete NSPService' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete "Norman ZANDA"' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete nvcoas' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete scheduler' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete SNDSrvc' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete Npsvc32' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete "avast! Web Scanner"' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete NSPUpdateService' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete Norman' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete "F-Secure Gatekeeper Handler Starter"' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete FSORSPClient' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete FSAUA' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete FSGKHS' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete NPROSECSVC' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete NSESVC' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete NiG' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete SharedAccess' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete SOLOSCAN' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete Vba32Ldr' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete VACompManService' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete AntiVirService' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete AntiVirWebService' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete a2free' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete InoRT' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete SAVSService' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete GuardX' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete NOD32Krn' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete vsmon' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete nvoy' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete aswUpdSv' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete wscsvc' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete wuauserv' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete Vba32PP3' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete Vba32ECM' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete TmProxy' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete SfCtlCom' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete ccSetMgr' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete VACompMan' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete Vba32ifs' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete SPBBCSvc' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete TMBMServer' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete NPFSvc32' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete sdCoreService' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete AVUpdate' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete AVTasks2' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete PAVFNSVR' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete PSIMSVC' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete PAVSRV' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete TPSrv' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete PskSvcRetail' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete "V3 Service"' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete avg9mc' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete avg9wd' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete ABMainSV' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete AVBackup' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete Gwmsrv' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete "Panda Software Controller"' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete PavPrSrv' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete a2AntiMalware' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete Klnagent' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete AVP' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete kavsvc' (with hidden window)
  • '%WINDIR%\syswow64\regedit.exe' /s "%ALLUSERSPROFILE%\install\1.reg"' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete ArcaRemoteService' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete ekrn' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete acssrv' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete XCOMM' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete FSMA' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete FSDFWD' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete FPAVServer' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete "ewido security suite guard"' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete "ewido security suite control"' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete "SAVService"' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete "SAVAdminService"' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete "Sophos AutoUpdate Service"' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete "Sophos Client Firewall Manager"' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete eLoggerSvc6' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete "Sophos Client Firewall"' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete DrWebEngine' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete cmdAgent' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete EhttpSrv' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete Antivirus' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete DrWebFwSvc' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete "Browser Defender Update Service"' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete VSSERV' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete bdss' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete LIVESRV' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete sdAuxService' (with hidden window)
  • '%WINDIR%\syswow64\sc.exe' delete PSHost' (with hidden window)
Executes the following
  • '%WINDIR%\syswow64\regedit.exe' /s "%ALLUSERSPROFILE%\install\1.reg"
  • '%WINDIR%\syswow64\sc.exe' delete ccEvtMgr
  • '%WINDIR%\syswow64\sc.exe' delete DefWatch
  • '%WINDIR%\syswow64\sc.exe' delete "Symantec AntiVirus"
  • '%WINDIR%\syswow64\sc.exe' delete "avast! Mail Scanne"
  • '%WINDIR%\syswow64\sc.exe' delete "avast! Antivirus"
  • '%WINDIR%\syswow64\sc.exe' delete NSPService
  • '%WINDIR%\syswow64\sc.exe' delete "Norman ZANDA"
  • '%WINDIR%\syswow64\sc.exe' delete nvcoas
  • '%WINDIR%\syswow64\sc.exe' delete scheduler
  • '%WINDIR%\syswow64\sc.exe' delete NiG
  • '%WINDIR%\syswow64\sc.exe' delete SPBBCSvc
  • '%WINDIR%\syswow64\sc.exe' delete "avast! Web Scanner"
  • '%WINDIR%\syswow64\sc.exe' delete NSPUpdateService
  • '%WINDIR%\syswow64\sc.exe' delete Norman
  • '%WINDIR%\syswow64\sc.exe' delete "F-Secure Gatekeeper Handler Starter"
  • '%WINDIR%\syswow64\sc.exe' delete FSORSPClient
  • '%WINDIR%\syswow64\sc.exe' delete FSAUA
  • '%WINDIR%\syswow64\sc.exe' delete FSGKHS
  • '%WINDIR%\syswow64\sc.exe' delete NPROSECSVC
  • '%WINDIR%\syswow64\sc.exe' delete Npsvc32
  • '%WINDIR%\syswow64\sc.exe' delete "Sophos Client Firewall"
  • '%WINDIR%\syswow64\sc.exe' delete TMBMServer
  • '%WINDIR%\syswow64\sc.exe' delete VACompManService
  • '%WINDIR%\syswow64\sc.exe' delete AntiVirService
  • '%WINDIR%\syswow64\sc.exe' delete AntiVirWebService
  • '%WINDIR%\syswow64\sc.exe' delete a2free
  • '%WINDIR%\syswow64\sc.exe' delete InoRT
  • '%WINDIR%\syswow64\sc.exe' delete SAVSService
  • '%WINDIR%\syswow64\sc.exe' delete GuardX
  • '%WINDIR%\syswow64\sc.exe' delete NOD32Krn
  • '%WINDIR%\syswow64\sc.exe' delete vsmon
  • '%WINDIR%\syswow64\sc.exe' delete NSESVC
  • '%WINDIR%\syswow64\sc.exe' delete SNDSrvc
  • '%WINDIR%\syswow64\sc.exe' delete wscsvc
  • '%WINDIR%\syswow64\sc.exe' delete wuauserv
  • '%WINDIR%\syswow64\sc.exe' delete Vba32PP3
  • '%WINDIR%\syswow64\sc.exe' delete Vba32ECM
  • '%WINDIR%\syswow64\sc.exe' delete TmProxy
  • '%WINDIR%\syswow64\sc.exe' delete SfCtlCom
  • '%WINDIR%\syswow64\sc.exe' delete ccSetMgr
  • '%WINDIR%\syswow64\sc.exe' delete VACompMan
  • '%WINDIR%\syswow64\sc.exe' delete Vba32ifs
  • '%WINDIR%\syswow64\sc.exe' delete SharedAccess
  • '%WINDIR%\syswow64\sc.exe' delete Vba32Ldr
  • '%WINDIR%\syswow64\sc.exe' delete nvoy
  • '%WINDIR%\syswow64\sc.exe' delete NPFSvc32
  • '%WINDIR%\syswow64\sc.exe' delete eLoggerSvc6
  • '%WINDIR%\syswow64\sc.exe' delete ABMainSV
  • '%WINDIR%\syswow64\sc.exe' delete AVUpdate
  • '%WINDIR%\syswow64\sc.exe' delete AVTasks2
  • '%WINDIR%\syswow64\sc.exe' delete PAVFNSVR
  • '%WINDIR%\syswow64\sc.exe' delete PSIMSVC
  • '%WINDIR%\syswow64\sc.exe' delete PAVSRV
  • '%WINDIR%\syswow64\sc.exe' delete TPSrv
  • '%WINDIR%\syswow64\sc.exe' delete PskSvcRetail
  • '%WINDIR%\syswow64\sc.exe' delete "V3 Service"
  • '%WINDIR%\syswow64\sc.exe' delete SOLOSCAN
  • '%WINDIR%\syswow64\sc.exe' delete sdAuxService
  • '%WINDIR%\syswow64\sc.exe' delete ArcaRemoteService
  • '%WINDIR%\syswow64\sc.exe' delete AVBackup
  • '%WINDIR%\syswow64\sc.exe' delete Gwmsrv
  • '%WINDIR%\syswow64\sc.exe' delete "Panda Software Controller"
  • '%WINDIR%\syswow64\sc.exe' delete PavPrSrv
  • '%WINDIR%\syswow64\sc.exe' delete a2AntiMalware
  • '%WINDIR%\syswow64\sc.exe' delete Klnagent
  • '%WINDIR%\syswow64\sc.exe' delete AVP
  • '%WINDIR%\syswow64\sc.exe' delete kavsvc
  • '%WINDIR%\syswow64\sc.exe' delete avg9mc
  • '%WINDIR%\syswow64\sc.exe' delete aswUpdSv
  • '%WINDIR%\syswow64\sc.exe' delete sdCoreService
  • '%WINDIR%\syswow64\sc.exe' delete bdss
  • '%WINDIR%\syswow64\sc.exe' delete XCOMM
  • '%WINDIR%\syswow64\sc.exe' delete acssrv
  • '%WINDIR%\syswow64\sc.exe' delete FSMA
  • '%WINDIR%\syswow64\sc.exe' delete FSDFWD
  • '%WINDIR%\syswow64\sc.exe' delete FPAVServer
  • '%WINDIR%\syswow64\sc.exe' delete "ewido security suite guard"
  • '%WINDIR%\syswow64\sc.exe' delete "ewido security suite control"
  • '%WINDIR%\syswow64\sc.exe' delete "SAVService"
  • '%WINDIR%\syswow64\sc.exe' delete "SAVAdminService"
  • '%WINDIR%\syswow64\sc.exe' delete LIVESRV
  • '%WINDIR%\syswow64\sc.exe' delete "Sophos AutoUpdate Service"
  • '%WINDIR%\syswow64\sc.exe' delete avg9wd
  • '%WINDIR%\syswow64\sc.exe' delete ekrn
  • '%WINDIR%\syswow64\sc.exe' delete DrWebEngine
  • '%WINDIR%\syswow64\sc.exe' delete cmdAgent
  • '%WINDIR%\syswow64\sc.exe' delete EhttpSrv
  • '%WINDIR%\syswow64\sc.exe' delete Antivirus
  • '%WINDIR%\syswow64\sc.exe' delete DrWebFwSvc
  • '%WINDIR%\syswow64\sc.exe' delete "Browser Defender Update Service"
  • '%WINDIR%\syswow64\sc.exe' delete VSSERV
  • '%WINDIR%\syswow64\sc.exe' delete "Sophos Client Firewall Manager"
  • '%WINDIR%\syswow64\sc.exe' delete PSHost

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play