PER UTENTI

Chiudi

La mia libreria
La mia libreria

+ Aggiungi alla libreria

Ricerca
Ricerca

Supporto
Supporto 24/7 | Regole per contattare

Scrivi

Una richiesta attraverso il modulo

Chiama

+7 (495) 789-45-86

Forum

Richieste

Crea nuova richiesta

Chiama

+7 (495) 789-45-86

Profile

IT

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Chiudi
Servizi
Scanner
Dr.Web vxCube
Versione di prova
Libreria dei virus
Base di conoscenza

Tecnologie

Termini

Formazione ed informazione

Falsi miti

Notizie

Trojan.KillProc2.28145

Aggiunto al database dei virus Dr.Web: 2025-07-16

La descrizione è stata aggiunta:

Technical Information

Malicious functions
Terminates or attempts to terminate
the following system processes:
  • %WINDIR%\explorer.exe
  • <SYSTEM32>\taskhost.exe
  • <SYSTEM32>\dwm.exe
the following user processes:
  • iexplore.exe
  • firefox.exe
Modifies file system
Creates the following files
  • %WINDIR%y1s2fctrp3
  • %CommonProgramFiles%\microsoft shared\fac71w2 bd1l5ir nom72kl [free] gh5b6gd7wrv .rar.exe
  • %ProgramFiles%\dvd maker\shared\upfgetx porn xxx [milf] cock .rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\upfgetx horse yzw1afy nom72kl cock mg9fvb2xk9 .rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\s2fkave wep6b08 sperm 7vepaqjm boots .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\ bq4kno titts latex .rar.exe
  • %ProgramFiles%\microsoft office\templates\eq7k2xcxt h93bklf tsomq34 l9hwcs7vvnphd9 sm .mpg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\black 7nd83wovj sperm [bangbus] ae2sd7u4xh .mpg.exe
  • %ProgramFiles%\windows journal\templates\beast vjq39c1gwy lzxyhb7k (sonja,c4w8hqa).mpg.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\sperm ihthd33 (c4w8hqa).avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\8r3baiec ddqayq mnho9y54 epyxwn .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\fac71w2 bd1l5ir lpcu5ai3 apv53deiq9fw .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\ uncut hole qx2j1b5 .zip.exe
  • %CommonProgramFiles(x86)%\microsoft shared\f07qtt h93bklf yzw1afy epyxwn .zip.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\f1i7cm nude nom72kl 7vepaqjm feet wifey (2hbt8wr).mpeg.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\horse [bangbus] ol6p1tua .avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\z9z7rwe ddqayq tsomq34 [milf] fishy .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\f1i7cm 8ok6yf nom72kl bq4kno glans (jenna,g6u8n4r).avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\gzn4ud7e w6csjja14n1 big feet zn3tvn (sarah).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\eq7k2xcxt porn yzw1afy epyxwn ol6p1tua .mpg.exe
  • %ALLUSERSPROFILE%\templates\horse girls ol6p1tua (jenna,cy4xpd).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\fac71w2 cum mzwpstr8n girls .rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\sperm hot (!) .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\horse ihthd33 fishy .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\f07qtt ddqayq tsomq34 sgu4m7oc ol6p1tua .zip.exe
  • %ALLUSERSPROFILE%\templates\black wep6b08 tsomq34 [free] (2hbt8wr).avi.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\gzn4ud7e nude beast nom72kl .zip.exe
  • C:\users\default\appdata\local\temp\yzw1afy big hole lady (y8oxsqa).avi.exe
  • C:\users\default\appdata\local\<INETFILES>\z9z7rwe h93bklf mnho9y54 bq4kno qq6w54yfhtqrbwcslg (dehod0,sarah).rar.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\horse apv53deiq9fw glans ejn547rbxhd1 .mpg.exe
  • C:\users\default\templates\mnho9y54 vjq39c1gwy hole .zip.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\f07qtt w6csjja14n1 horse sgu4m7oc titts eigt45 (jade).mpg.exe
  • %TEMP%\mnho9y54 vjq39c1gwy cock gsva2xn (y8oxsqa).mpeg.exe
  • %LOCALAPPDATA%\<INETFILES>\gay bq4kno sm .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\tsomq34 epyxwn sm .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\8r3baiec porn [milf] cock wifey .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\8r3baiec cum beast l9hwcs7vvnphd9 6tl9zg0uqa (dehod0,jade).mpg.exe
  • %APPDATA%\microsoft\templates\fac71w2 8ok6yf nom72kl l9hwcs7vvnphd9 gsva2xn .rar.exe
  • %APPDATA%\microsoft\windows\templates\horse vjq39c1gwy 8pfmdyy (36mho73,2hbt8wr).zip.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\gzn4ud7e bd1l5ir tsomq34 uncut hole .mpeg.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\black h93bklf lpcu5ai3 nom72kl rv0y8n .rar.exe
  • %HOMEPATH%\templates\nom72kl sgu4m7oc titts .mpg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\black wep6b08 tsomq34 big sweet .zip.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\z9z7rwe porn horse sgu4m7oc fishy .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\f07qtt xakmpl beast big hole zn3tvn (jade).rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\yzw1afy uncut gsva2xn .avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\yzw1afy girls titts sweet (2hbt8wr).rar.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\horse [milf] fishy .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\eq7k2xcxt horse mnho9y54 ihthd33 (liz).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\s2fkave xakmpl [bangbus] glans (hyo87il,g6u8n4r).rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\gzn4ud7e nude xxx bq4kno (g6u8n4r).rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\black w6csjja14n1 xxx uncut gh5b6gd7wrv (haj1oyikd,2hbt8wr).zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\8r3baiec 8ok6yf tsomq34 nom72kl (jade).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\black horse mzwpstr8n [milf] titts nrb42wq .mpg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\f1i7cm w6csjja14n1 gay hot (!) .avi.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\z9z7rwe 7nd83wovj gay uncut ash .mpeg.exe
  • %WINDIR%\assembly\temp\lpcu5ai3 l9hwcs7vvnphd9 .zip.exe
  • %WINDIR%\assembly\tmp\lpcu5ai3 ihthd33 hole .mpeg.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\f1i7cm ddqayq beast [bangbus] (dxocjwba).zip.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\yzw1afy vjq39c1gwy hole zn3tvn .rar.exe
  • %WINDIR%\pla\templates\s2fkave ddqayq mzwpstr8n [milf] glans 6tl9zg0uqa .zip.exe
  • %WINDIR%\security\templates\f1i7cm 7nd83wovj xxx uncut cock .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\yzw1afy l9hwcs7vvnphd9 cock .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\eq7k2xcxt nude sperm bq4kno qq6w54yfhtqrbwcslg .mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\mnho9y54 big (sarah).mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\xxx hot (!) titts zmc8ujp .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\black horse nom72kl bq4kno shoes .avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\z9z7rwe h93bklf gay [bangbus] 40+ .avi.exe
  • %WINDIR%\syswow64\config\systemprofile\8r3baiec 7nd83wovj xxx 7vepaqjm fishy .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\gzn4ud7e cum sperm [bangbus] fw58kpr41ob1w .zip.exe
  • %WINDIR%\syswow64\fxstmp\wpjwijv lpcu5ai3 [free] .mpg.exe
  • %WINDIR%\syswow64\ime\shared\nom72kl [bangbus] hole (jenna,2hbt8wr).zip.exe
  • %WINDIR%\syswow64\config\systemprofile\beast [bangbus] cock .avi.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\f07qtt w6csjja14n1 mnho9y54 7vepaqjm ejn547rbxhd1 .mpg.exe
  • %WINDIR%\syswow64\fxstmp\gay ihthd33 .rar.exe
  • %WINDIR%\syswow64\ime\shared\8r3baiec 7nd83wovj tsomq34 uncut .mpeg.exe
  • %WINDIR%\temp\z9z7rwe cum gay l9hwcs7vvnphd9 (dxocjwba).zip.exe
  • %WINDIR%\winsxs\installtemp\wep6b08 sperm uncut glans hotel .avi.exe
  • <Current directory>\sqjaed7r1vnw
  • %CommonProgramFiles%\microsoft shared\nom72kl apv53deiq9fw .rar.exe
  • %ProgramFiles%\dvd maker\shared\jxaglwti nude xxx bq4kno 50+ .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\nude beast sgu4m7oc .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\viaz50 yzw1afy bq4kno legs .zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\z9z7rwe horse tsomq34 uncut ol6p1tua .zip.exe
  • %ProgramFiles%\microsoft office\templates\f07qtt yzw1afy l9hwcs7vvnphd9 balls .avi.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\viaz50 mnho9y54 [free] .zip.exe
  • %ProgramFiles%\windows journal\templates\horse [free] lady .mpeg.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\nude nude [bangbus] .rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\sperm big (gina).mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\mzwpstr8n uncut .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\jxaglwti h93bklf sperm big ash (jade,rdl1tfkz).rar.exe
  • %CommonProgramFiles(x86)%\microsoft shared\tsomq34 7vepaqjm ash (jenna,36mho73).mpg.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\black xxx bd1l5ir [bangbus] legs shoes (jenna).rar.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\0287zh uncut ash ae2sd7u4xh (sandy).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\8ok6yf hot (!) .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\z1qxwcd horse xakmpl 7vepaqjm .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\gay big fishy (sarah).mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\upfgetx bd1l5ir sperm [milf] ash sweet .mpeg.exe
  • %ALLUSERSPROFILE%\templates\gzn4ud7e mnho9y54 l9hwcs7vvnphd9 lzxyhb7k .avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\0287zh bd1l5ir apv53deiq9fw .zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\lpcu5ai3 girls rv0y8n .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\f07qtt wep6b08 apv53deiq9fw ejn547rbxhd1 .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\f07qtt gay nom72kl apv53deiq9fw wifey .mpeg.exe
  • %ALLUSERSPROFILE%\templates\zc8giv9 8ok6yf epyxwn .rar.exe
  • C:\users\default\appdata\local\temp\sperm w6csjja14n1 girls .mpeg.exe
  • C:\users\default\appdata\local\<INETFILES>\w6csjja14n1 vjq39c1gwy .avi.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\tsomq34 sgu4m7oc (karin).rar.exe
  • C:\users\default\templates\mzwpstr8n gay uncut cock ae2sd7u4xh (cy4xpd).avi.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\0287zh bd1l5ir vjq39c1gwy .mpeg.exe
  • %TEMP%\jxaglwti girls .avi.exe
  • %LOCALAPPDATA%\<INETFILES>\viaz50 7nd83wovj beast sgu4m7oc nmibe2 .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\gzn4ud7e xxx sperm apv53deiq9fw js80j73 (liz,gina).mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\zc8giv9 h93bklf xakmpl l9hwcs7vvnphd9 titts 779mipj .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\z1qxwcd tsomq34 xakmpl 7vepaqjm titts boots (dehod0).mpeg.exe
  • %APPDATA%\microsoft\templates\wep6b08 [bangbus] titts .mpg.exe
  • %APPDATA%\microsoft\windows\templates\4h1e2a346 xakmpl horse uncut .mpg.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\ [milf] (36mho73,sonja).mpeg.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\mnho9y54 uncut legs .avi.exe
  • %HOMEPATH%\templates\zc8giv9 bd1l5ir [milf] boobs .mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\bd1l5ir [free] feet boots .zip.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\ cum 7vepaqjm qx2j1b5 (g6u8n4r).rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\8ok6yf epyxwn ae2sd7u4xh .rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\f07qtt h93bklf [bangbus] b37oavmx289 (sonja).avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\f07qtt horse nom72kl nom72kl boobs .mpeg.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\gzn4ud7e wep6b08 hot (!) ae2sd7u4xh (sandy,c4w8hqa).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\ddqayq girls ash .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\jxaglwti bd1l5ir mnho9y54 [bangbus] hole lady .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\z1qxwcd xxx mzwpstr8n bq4kno .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\lpcu5ai3 bq4kno balls (sandy).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\bd1l5ir nom72kl [free] nmibe2 .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\sperm gay big .avi.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\ikdyfwhy lpcu5ai3 girls .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\7b6fhxi bd1l5ir h93bklf vjq39c1gwy .rar.exe
  • %WINDIR%\assembly\temp\nom72kl uncut .avi.exe
  • %WINDIR%\assembly\tmp\s2fkave ddqayq [free] 6tl9zg0uqa .zip.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\7b6fhxi ddqayq uncut .mpg.exe
  • %WINDIR%\pla\templates\ [free] jxqgtp sweet .mpeg.exe
  • %WINDIR%\security\templates\sperm xxx [milf] feet 779mipj (sandy).mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\f07qtt nude nom72kl sgu4m7oc cock .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\porn [milf] ol6p1tua .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\wpjwijv xakmpl [milf] balls .zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\gay nude nom72kl zmc8ujp .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\4h1e2a346 tsomq34 mzwpstr8n ihthd33 glans (jade).avi.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\upfgetx 7nd83wovj 7vepaqjm hole rv0y8n .avi.exe
  • %WINDIR%\syswow64\fxstmp\8r3baiec xxx ihthd33 feet .mpeg.exe
  • %WINDIR%\syswow64\ime\shared\lpcu5ai3 7vepaqjm sgoibhh .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\fac71w2 xxx 7vepaqjm .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\8r3baiec gay epyxwn feet .mpeg.exe
  • %WINDIR%\syswow64\fxstmp\tsomq34 [free] lady (haj1oyikd).mpeg.exe
  • %WINDIR%\syswow64\ime\shared\fac71w2 porn w6csjja14n1 nom72kl lzxyhb7k (dxocjwba).rar.exe
  • %WINDIR%\temp\ikdyfwhy nude girls .mpg.exe
  • %WINDIR%\winsxs\installtemp\8ok6yf wep6b08 vjq39c1gwy young .mpg.exe
Miscellaneous
Searches for the following windows
  • ClassName: 'Progman' WindowName: ''
  • ClassName: 'Proxy Desktop' WindowName: ''
Restarts the analyzed sample
Executes the following
  • '%WINDIR%\explorer.exe'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play