PER UTENTI

Chiudi

La mia libreria
La mia libreria

+ Aggiungi alla libreria

Ricerca
Ricerca

Supporto
Supporto 24/7 | Regole per contattare

Scrivi

Una richiesta attraverso il modulo

Chiama

+7 (495) 789-45-86

Forum

Richieste

Crea nuova richiesta

Chiama

+7 (495) 789-45-86

Profile

IT

RU CN DE EN ES FR IT JP KZ UZ PL BY
Chiudi
Servizi
Scanner
Dr.Web vxCube
Versione di prova
Perizia di incidenti informatici legati ai virus
Libreria dei virus
Base di conoscenza

Tecnologie

Termini

Formazione ed informazione

Falsi miti

Notizie

Trojan.Siggen6.24809

Aggiunto al database dei virus Dr.Web: 2014-11-07

La descrizione è stata aggiunta:

Technical Information

Malicious functions:
Creates and executes the following:
  • '%TEMP%\RarSFX0\Binaries\ChromeInstaller.exe' <Full path to virus>
Executes the following:
  • '<SYSTEM32>\taskkill.exe' /f /im chrome.exe
Terminates or attempts to terminate
the following user processes:
  • chrome.exe
Modifies file system :
Creates the following files:
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F928D.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F928F.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F9284.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F928B.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F9293.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F9299.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F929B.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F9294.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F9297.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F90B7.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F90B9.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F90B4.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F90B6.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F918C.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F91BD.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F9280.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F918D.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F918E.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F988A.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F988C.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F9884.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F9889.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F988D.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F9894.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F9896.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F9892.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F9893.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F92A4.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F92A9.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F929C.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F929D.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F92AA.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F9881.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F9882.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F93B1.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F94A5.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\ql\close-icon-white.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\ql\close-icon.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\btnPinterest.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\toolbar\images\chrome_bg_win.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\close.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\E29ABD.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\E29BB5.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\default_icon.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\default_icon_states.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\fx2\on\typed.gif
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\fx2\off\wave.gif
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\fx2\on\rainbow.gif
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\fx2\off\typed.gif
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\fx2\on\wave.gif
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\ArrowExpandBar.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\BkgExpandBar.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\ql\add-icon.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\arrow.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F908D.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F90A7.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F8EB6.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F8EB8.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F90AC.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F90B0.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F90B1.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F90AE.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F90AF.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F8C9F.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F8CB9.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\Expand-26x24.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F8C99.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F8D80.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F8E89.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F8EB1.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F8DBB.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F8E81.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\RightExpandBar.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\rightTooltip.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\notification.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\ql_popup3.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\s10.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\social_games.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\ql\star_bookmarks.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\search.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\separator.png
  • %TEMP%\RarSFX0\Binaries\Binaries\images\logo128.png
  • %TEMP%\RarSFX0\Binaries\Binaries\images\logo16.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\Line2.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\ql\logo.png
  • %TEMP%\RarSFX0\Binaries\Binaries\images\logo48.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\Minibar_buttons.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\new.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\logo48.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\toolbar\images\logo48.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\toolbarbutton_bg.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\tooltipArrow.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\toolbar\images\toolbar-icons_10.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\toolbar_bg.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\ui-check-box-checked.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\mailfooter.jpg
  • %TEMP%\RarSFX0\Binaries\empty.localstorage-journal
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\ui-check-box.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\toolbar\images\x.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\toolbar\images\toolbar-icons_02.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\toolbar\images\toolbar-icons_04-05.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\TellAFriendBackground.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\toolbar\images\toolbar-icons_02-03.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\toolbar\images\toolbar-icons_04.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\toolbar\images\toolbar-icons_08-09.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\toolbar\images\toolbar-icons_08.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\toolbar\images\toolbar-icons_06-07.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\toolbar\images\toolbar-icons_06.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\FB_Share_Tiny.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\fbcoverimage.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\fb-bg-sprite.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\FB_Share.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\fbimagenotheater.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\googleimagesbutton.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\googleimagesbuttonNEW.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\fbimageview.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\gifts.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F989C.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F98A1.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F9898.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F989A.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F98AD.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F9A97.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F9ABD.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F98B2.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F98B3.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\iminentbutton.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\iminentbutton_bg.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\bhp\iminent-logo.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\ql\iminent_bookmark.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\InviteFriends.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\leftTooltip.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\Line.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\fx2\led_background.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\LeftExpandBar.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\home.png
  • %TEMP%\RarSFX0\Binaries\Binaries\images\icon_19.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\help.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\toolbar\images\hide.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\imbwin_bg.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\imbwin1.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\imbwin1_409daae67f73f4fb84c27d6d70463f2b.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\imbwin_hf.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\imbwin_vf.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\fx2\off\rainbow.gif
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\dailymotion.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\lib\db.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\corriere.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\craigslist.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\default_adapter.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\ebay.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\ehow.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\delta-search.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\diretta.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\bomnegocio.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\chip.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\lib\base64.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\services\bhp.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\ciao.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\contentScript.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\lib\context.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\conduit.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\lib\config.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\go.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\google.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\globo.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\gmx.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\gumtree.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\imdb.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\inbox.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\huffingtonpost.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\ilmeteo.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\facebook.IL.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\facebook.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\elmundo.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\elpais.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\facebook.US.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\friv.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\funutilities.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\services\favlinks.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\foxsports.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\games\gameiframe4.html
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\games\games.html
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\games\gameiframe2.html
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\games\gameiframe3.html
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\dailymotion.css
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\games\games.css
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\google.css
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\default_adapter.css
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\facebook.css
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\menu_page\1036.html
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\menu_page\1040.html
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\menu_page\1031.html
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\menu_page\1033.html
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\menu_page\1048.html
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\menu_page\3082.html
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\games\gameiframe1.html
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\menu_page\1055.html
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\menu_page\2070.html
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\aol.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\ask.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\abril.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\amazon.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\autoscout24.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\background.unit.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\baixaki.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\autosottocosto.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\background.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\t-online.css
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\template.css
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\imdb.css
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\menu_page\ShareMenu.css
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\toolbar\toolbar.css
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\youtube.css
  • %TEMP%\RarSFX0\Binaries\Update.xml
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\twitter.css
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\yahoo.css
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\voila.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\walmart.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\v9.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\virgilio.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\weather.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\yelp.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\youtube.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\web.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\yahoo.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\lib\tinifying.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\tiscali.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\tagged.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\terra.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\toolbar\toolbar.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\twitter.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\uol.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\tripadvisor.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\twitpic.js
  • %TEMP%\RarSFX0\Binaries\empty.localstorage
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\fx2\off\blink.gif
  • %TEMP%\RarSFX0\Binaries\Binaries\_locales\tr\messages.json
  • %TEMP%\RarSFX0\Binaries\Binaries\_locales\de\messages.json
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\fx2\on\blink.gif
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\fx2\off\led.gif
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\fx2\on\led.gif
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\fx2\off\flip.gif
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\fx2\on\flip.gif
  • %TEMP%\RarSFX0\Binaries\Binaries\manifest.json
  • %TEMP%\RarSFX0\Binaries\Binaries\manifest.unit.json
  • %TEMP%\RarSFX0\Binaries\ChromeInstaller.exe
  • %TEMP%\RarSFX0\Binaries\PremadeExtKey.data
  • %TEMP%\RarSFX0\Binaries\Binaries\_locales\en\messages.json
  • %TEMP%\RarSFX0\Binaries\Binaries\_locales\fr\messages.json
  • %TEMP%\RarSFX0\Binaries\Binaries\_locales\it\messages.json
  • %TEMP%\RarSFX0\Binaries\Binaries\_locales\pt_BR\messages.json
  • %TEMP%\RarSFX0\Binaries\Binaries\_locales\es\messages.json
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\minibar.translations.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\minibar.unit.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\mercadolivre.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\minibar.min.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\minibar.vars.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\netlog.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\lib\newtabredirect.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\msn.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\mundoanuncio.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\jappy.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\jquery\jquery.min.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\indeed.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\instagram.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\leboncoin.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\marca.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\mediaset.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\libero.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\live.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\sfr.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\shopping.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\roblox.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\segundamano.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\skyrock.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\subito.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\t-online.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\SOAP.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\spiegel.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\olx.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\orange.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\nirvam.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\okcupid.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\pagesjaunes.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\pof.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\repubblica.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\photobucket.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\pinterest.js
Deletes the following files:
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\autoscout24.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\autosottocosto.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\aol.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\ask.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\baixaki.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\ciao.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\conduit.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\bomnegocio.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\chip.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\fx2\off\flip.gif
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\fx2\off\led.gif
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\fx2\on\wave.gif
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\fx2\off\blink.gif
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\fx2\off\rainbow.gif
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\abril.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\amazon.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\fx2\off\typed.gif
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\fx2\off\wave.gif
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\elpais.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\facebook.css
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\ehow.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\elmundo.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\facebook.IL.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\foxsports.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\friv.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\facebook.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\facebook.US.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\dailymotion.css
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\dailymotion.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\corriere.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\craigslist.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\default_adapter.css
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\diretta.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\ebay.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\default_adapter.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\delta-search.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F9884.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F9889.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F9881.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F9882.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F988A.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F9892.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F9893.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F988C.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F988D.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F929C.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F929D.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F9299.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F929B.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F92A4.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F93B1.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F94A5.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F92A9.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F92AA.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\bhp\iminent-logo.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\fx2\led_background.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F9A97.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F9ABD.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\fx2\on\blink.gif
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\fx2\on\rainbow.gif
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\fx2\on\typed.gif
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\fx2\on\flip.gif
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\fx2\on\led.gif
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F9898.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F989A.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F9894.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F9896.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F989C.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F98B2.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F98B3.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F98A1.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F98AD.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\twitter.css
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\twitter.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\tripadvisor.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\twitpic.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\uol.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\voila.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\walmart.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\v9.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\virgilio.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\spiegel.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\subito.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\shopping.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\skyrock.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\t-online.css
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\terra.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\tiscali.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\t-online.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\tagged.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\lib\newtabredirect.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\lib\tinifying.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\lib\context.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\lib\db.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\jquery\jquery.min.js
  • %TEMP%\RarSFX0\Binaries\Binaries\images\logo16.png
  • %TEMP%\RarSFX0\Binaries\Binaries\images\logo48.png
  • %TEMP%\RarSFX0\Binaries\Binaries\images\icon_19.png
  • %TEMP%\RarSFX0\Binaries\Binaries\images\logo128.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\yahoo.css
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\yahoo.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\weather.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\web.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\yelp.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\lib\base64.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\lib\config.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\youtube.css
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\youtube.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\inbox.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\indeed.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\imdb.css
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\imdb.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\instagram.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\libero.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\live.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\jappy.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\leboncoin.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\gmx.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\go.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\funutilities.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\globo.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\google.css
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\huffingtonpost.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\ilmeteo.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\google.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\gumtree.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\photobucket.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\pinterest.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\orange.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\pagesjaunes.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\pof.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\segundamano.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\sfr.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\repubblica.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\roblox.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\mercadolivre.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\msn.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\marca.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\mediaset.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\mundoanuncio.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\okcupid.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\olx.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\netlog.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\adapters\nirvam.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F9297.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\menu_page\3082.html
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\menu_page\ShareMenu.css
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\menu_page\1055.html
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\menu_page\2070.html
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\games\gameiframe1.html
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\games\gameiframe4.html
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\games\games.css
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\games\gameiframe2.html
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\games\gameiframe3.html
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\services\bhp.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\services\favlinks.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\minibar.vars.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\template.css
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\menu_page\1031.html
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\menu_page\1040.html
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\menu_page\1048.html
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\menu_page\1033.html
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\menu_page\1036.html
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\fbimagenotheater.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\fbimageview.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\fb-bg-sprite.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\fbcoverimage.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\FB_Share.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\googleimagesbutton.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\googleimagesbuttonNEW.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\FB_Share_Tiny.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\gifts.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\ArrowExpandBar.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\BkgExpandBar.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\games\games.html
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\arrow.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\btnPinterest.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\default_icon_states.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\Expand-26x24.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\close.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\default_icon.png
  • %TEMP%\RarSFX0\Binaries\Binaries\_locales\es\messages.json
  • %TEMP%\RarSFX0\Binaries\Binaries\_locales\en\messages.json
  • %TEMP%\RarSFX0\Binaries\Binaries\_locales\it\messages.json
  • %TEMP%\RarSFX0\Binaries\Binaries\_locales\fr\messages.json
  • %TEMP%\RarSFX0\Binaries\Binaries\_locales\de\messages.json
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\contentScript.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\SOAP.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\background.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\background.unit.js
  • %TEMP%\RarSFX0\Binaries\empty.localstorage
  • %TEMP%\RarSFX0\Binaries\PremadeExtKey.data
  • %TEMP%\RarSFX0\Binaries\empty.localstorage-journal
  • %TEMP%\RarSFX0\Binaries\ChromeInstaller.exe
  • %TEMP%\RarSFX0\Binaries\Update.xml
  • %TEMP%\RarSFX0\Binaries\Binaries\_locales\tr\messages.json
  • %TEMP%\RarSFX0\Binaries\Binaries\_locales\pt_BR\messages.json
  • %TEMP%\RarSFX0\Binaries\Binaries\manifest.json
  • %TEMP%\RarSFX0\Binaries\Binaries\manifest.unit.json
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\toolbar\images\toolbar-icons_08-09.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\toolbar\images\toolbar-icons_08.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\toolbar\images\toolbar-icons_06-07.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\toolbar\images\toolbar-icons_06.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\toolbar\images\toolbar-icons_10.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\minibar.translations.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\minibar.unit.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\toolbar\images\x.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\minibar.min.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\toolbar\images\chrome_bg_win.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\toolbar\images\hide.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\toolbar\toolbar.css
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\toolbar\toolbar.js
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\toolbar\images\logo48.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\toolbar\images\toolbar-icons_04-05.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\toolbar\images\toolbar-icons_04.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\toolbar\images\toolbar-icons_02-03.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\toolbar\images\toolbar-icons_02.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F8EB1.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F8EB6.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F8E81.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F8E89.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F8EB8.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F90AC.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F90AE.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F908D.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F90A7.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\E29ABD.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\E29BB5.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\ql\logo.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\ql\star_bookmarks.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F8C99.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F8D80.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F8DBB.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F8C9F.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F8CB9.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F9280.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F9284.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F918E.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F91BD.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F928B.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F9293.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F9294.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F928D.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F928F.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F90B1.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F90B4.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F90AF.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F90B0.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F90B6.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F918C.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F918D.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F90B7.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\emoji\F09F90B9.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\leftTooltip.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\Line.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\InviteFriends.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\LeftExpandBar.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\Line2.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\Minibar_buttons.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\new.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\logo48.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\mailfooter.jpg
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\imbwin1.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\imbwin1_409daae67f73f4fb84c27d6d70463f2b.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\help.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\home.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\imbwin_bg.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\iminentbutton.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\iminentbutton_bg.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\imbwin_hf.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\imbwin_vf.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\tooltipArrow.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\ui-check-box-checked.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\toolbarbutton_bg.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\toolbar_bg.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\ui-check-box.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\ql\close-icon.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\ql\iminent_bookmark.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\ql\add-icon.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\ql\close-icon-white.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\RightExpandBar.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\rightTooltip.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\notification.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\ql_popup3.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\s10.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\social_games.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\TellAFriendBackground.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\search.png
  • %TEMP%\RarSFX0\Binaries\Binaries\scripts\minibar\content\images\separator.png
Miscellaneous:
Searches for the following windows:
  • ClassName: '' WindowName: ''
  • ClassName: 'Shell_TrayWnd' WindowName: ''
  • ClassName: 'EDIT' WindowName: ''

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play