Для коректної роботи нашого сайта необхідно включити підтримку JavaScript у Вашому браузері.
Trojan.Winlock.6368
Добавлен в вирусную базу Dr.Web:
2012-06-24
Описание добавлено:
2012-07-15
Техническая информация
Для обеспечения автозапуска и распространения:
Модифицирует следующие ключи реестра:
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'autoexec.bat' = '<Имя диска съемного носителя>:\autoexec.bat'
Вредоносные функции:
Запускает на исполнение:
%WINDIR%\explorer.exe Z:\video
%WINDIR%\explorer.exe Z:\videos
<SYSTEM32>\cmd.exe /c %CommonProgramFiles%\temps.bat
<SYSTEM32>\reg.exe ADD HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v autoexec.bat /t REG_SZ /d <Имя диска съемного носителя>:\autoexec.bat /f
Изменения в файловой системе:
Создает следующие файлы:
%CommonProgramFiles%\Temps.bat
%TEMP%\perplex.dll
Удаляет следующие файлы:
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\monitor.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\personalizing.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\PieChart.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\GArrow.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\gears.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\info.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\PieGrey.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\r1_c2.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\r1_c3.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\r3_c2.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\PieWhite.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\printer.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\r1_c1.gif
%WINDIR%\pchealth\helpctr\System\Remote Assistance\Interaction\Server\StopControl.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\alert.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\BArrow.gif
%WINDIR%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\show-chat.gif
%WINDIR%\pchealth\helpctr\System\Remote Assistance\Interaction\Server\ESC_key.gif
%WINDIR%\pchealth\helpctr\System\Remote Assistance\Interaction\Server\Helpee_line.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\card.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\drive.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\error.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\floppy.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\cd.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\check.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\chip.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\spacer.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\5_chart.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\60_chart.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\65_chart.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\45_chart.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\50_chart.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\55_chart.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\70_chart.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\90_chart.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\95_chart.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\0_chart.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\75_chart.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\80_chart.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\85_chart.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\windows.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\0_chart.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\100_chart.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\system.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\Untitled.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\usb.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\10_chart.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\30_chart.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\35_chart.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\40_chart.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\15_chart.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\20_chart.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\25_chart.gif
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif
%WINDIR%\pchealth\helpctr\System\images\error.gif
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif
%WINDIR%\pchealth\helpctr\System\images\feedback.gif
%WINDIR%\pchealth\helpctr\System\images\progbar.gif
%WINDIR%\pchealth\helpctr\System\images\warning.gif
%WINDIR%\pchealth\helpctr\System\images\wrapperhelp.gif
%WINDIR%\pchealth\helpctr\System\images\flyout_arrow.gif
%WINDIR%\pchealth\helpctr\System\images\get_conn.gif
%WINDIR%\pchealth\helpctr\System\images\info.gif
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_1x1.gif
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif
%WINDIR%\pchealth\helpctr\System\images\16x16\warning.gif
%WINDIR%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\UpArrow.gif
%WINDIR%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\HelpCenter.gif
%WINDIR%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\hide-chat.gif
%WINDIR%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\DividerBar.gif
%WINDIR%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\DownArrow.gif
%WINDIR%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\TakeControl.gif
%WINDIR%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\info.gif
%WINDIR%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\SendFile.gif
%WINDIR%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\SendVoice.gif
%WINDIR%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\SendVoiceOn.gif
%WINDIR%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\Options.gif
%WINDIR%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\Quit.gif
%WINDIR%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\SendChat.gif
%WINDIR%\pchealth\helpctr\System\images\Centers\Uabrand.gif
%WINDIR%\pchealth\helpctr\System\images\Expando\collapsed.gif
%WINDIR%\pchealth\helpctr\System\images\Expando\endnode.gif
%WINDIR%\pchealth\helpctr\System\images\Centers\blue_arrow.gif
%WINDIR%\pchealth\helpctr\System\images\Centers\Connect.gif
%WINDIR%\pchealth\helpctr\System\images\Centers\IULogo.gif
%WINDIR%\pchealth\helpctr\System\images\Expando\expanded.gif
%WINDIR%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\Animation.gif
%WINDIR%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\combobox_line.gif
%WINDIR%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\connected.gif
%WINDIR%\pchealth\helpctr\System\images\Expando\helpdoc.gif
%WINDIR%\pchealth\helpctr\System\Remote Assistance\Common\icon_information_32x.gif
%WINDIR%\pchealth\helpctr\System\Remote Assistance\Common\icon_warning_32x.gif
<SYSTEM32>\oobe\html\mouse\images\clicking.gif
<SYSTEM32>\oobe\html\mouse\images\desktop3.gif
<SYSTEM32>\oobe\html\mouse\images\mouse4.gif
<SYSTEM32>\oobe\html\mouse\images\but4_dwn.gif
<SYSTEM32>\oobe\html\mouse\images\but4_idl.gif
<SYSTEM32>\oobe\html\mouse\images\but4_up.gif
<SYSTEM32>\oobe\html\mouse\images\mouseimg.gif
<SYSTEM32>\oobe\images\btn3.gif
<SYSTEM32>\oobe\images\bullet1.gif
<SYSTEM32>\oobe\images\clickhr.gif
<SYSTEM32>\oobe\images\arrow.gif
<SYSTEM32>\oobe\images\btn1.gif
<SYSTEM32>\oobe\images\btn2.gif
<SYSTEM32>\ntimage.gif
<SYSTEM32>\oobe\html\mouse\images\but1_dwn.gif
<SYSTEM32>\oobe\html\mouse\images\but1_idl.gif
%WINDIR%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\check.gif
%WINDIR%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\help.gif
%WINDIR%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreenshot3.gif
<SYSTEM32>\oobe\html\mouse\images\but1_up.gif
<SYSTEM32>\oobe\html\mouse\images\but3_dwn.gif
<SYSTEM32>\oobe\html\mouse\images\but3_idl.gif
<SYSTEM32>\oobe\html\mouse\images\but3_up.gif
<SYSTEM32>\oobe\html\mouse\images\but2_dwn.gif
<SYSTEM32>\oobe\html\mouse\images\but2_idl.gif
<SYSTEM32>\oobe\html\mouse\images\but2_up.gif
<SYSTEM32>\oobe\images\dialtone.gif
%WINDIR%\Web\bullet.gif
%WINDIR%\Web\exclam.gif
%WINDIR%\Web\tips.gif
<SYSTEM32>\oobe\images\progress.gif
<SYSTEM32>\oobe\images\qmark.gif
<SYSTEM32>\oobe\images\redshd.gif
%WINDIR%\Web\printers\images\ipp_0002.gif
%WINDIR%\Web\printers\images\ipp_0012.gif
%WINDIR%\Web\printers\images\ipp_0015.gif
%WINDIR%\clock.avi
%WINDIR%\Web\printers\images\ipp_0003.gif
%WINDIR%\Web\printers\images\ipp_0004.gif
%WINDIR%\Web\printers\images\ipp_0005.gif
<SYSTEM32>\oobe\images\hand1.gif
<SYSTEM32>\oobe\images\hand2.gif
<SYSTEM32>\oobe\images\magnify.gif
<SYSTEM32>\oobe\images\dialup.gif
<SYSTEM32>\oobe\images\greenshd.gif
<SYSTEM32>\oobe\images\grn_btn.gif
<SYSTEM32>\oobe\images\merlin.gif
<SYSTEM32>\oobe\images\mousewn1.gif
<SYSTEM32>\oobe\images\oemlogo.gif
<SYSTEM32>\oobe\images\prodkey.gif
<SYSTEM32>\oobe\images\monitor.gif
<SYSTEM32>\oobe\images\monitor2.gif
<SYSTEM32>\oobe\images\mouse.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\80_chart.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\85_chart.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\90_chart.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\65_chart.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\70_chart.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\75_chart.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\95_chart.gif
%WINDIR%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\r1_c1.gif
%WINDIR%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\r1_c2.gif
%WINDIR%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\r1_c3.gif
%WINDIR%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\GArrow.gif
%WINDIR%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\GRect.gif
%WINDIR%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Info_Icon.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\20_chart.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\25_chart.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\30_chart.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\100_chart.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\10_chart.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\15_chart.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\35_chart.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\55_chart.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\5_chart.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\60_chart.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\40_chart.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\45_chart.gif
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\50_chart.gif
%WINDIR%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\r3_c2.gif
%WINDIR%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\icon_extweb.gif
%WINDIR%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\IM_icon.gif
%WINDIR%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\info.gif
%WINDIR%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\Envelope.gif
%WINDIR%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\floppy.gif
%WINDIR%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\generic_mail.gif
%WINDIR%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\logon_anim.gif
%WINDIR%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\outlook.gif
%WINDIR%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\outlook_express.gif
%WINDIR%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\square_bullet.gif
%WINDIR%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\messenger_big.gif
%WINDIR%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\monitor_left.gif
%WINDIR%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\monitor_right.gif
%WINDIR%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\icon_warning_32x.gif
%WINDIR%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\address_book.gif
%WINDIR%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\arrow.gif
%WINDIR%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\spacer.gif
%WINDIR%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\status_ok.gif
%WINDIR%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\icon_information_32x.gif
%WINDIR%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\attention.gif
%WINDIR%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\buddy_busy.gif
%WINDIR%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\buddy_none.gif
%WINDIR%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\buddy_offline.gif
%WINDIR%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\buddy.gif
%WINDIR%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\buddy_attention.gif
%WINDIR%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\buddy_away.gif
%WINDIR%\Help\Tours\htmlTour\unlock_built_ghost.jpg
%WINDIR%\Help\Tours\htmlTour\unlock_optimized.jpg
%WINDIR%\Help\Tours\htmlTour\unlock_optimized_big.jpg
%WINDIR%\Help\Tours\htmlTour\ul_logo.jpg
%WINDIR%\Help\Tours\htmlTour\unlock_built.jpg
%WINDIR%\Help\Tours\htmlTour\unlock_built_big.jpg
%WINDIR%\Help\Tours\htmlTour\unlock_optimized_ghost.jpg
%WINDIR%\Help\Tours\htmlTour\window_up.jpg
%WINDIR%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg
%WINDIR%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg
%WINDIR%\Help\Tours\htmlTour\unlock_playing.jpg
%WINDIR%\Help\Tours\htmlTour\unlock_playing_big.jpg
%WINDIR%\Help\Tours\htmlTour\unlock_playing_ghost.jpg
%WINDIR%\Help\Tours\htmlTour\safe_easy_better_big.jpg
%WINDIR%\Help\Tours\htmlTour\safe_easy_better_ghost.jpg
%WINDIR%\Help\Tours\htmlTour\safe_easy_easier.jpg
%WINDIR%\Help\Tours\htmlTour\question_icon.jpg
%WINDIR%\Help\Tours\htmlTour\read_icon.jpg
%WINDIR%\Help\Tours\htmlTour\safe_easy_better.jpg
%WINDIR%\Help\Tours\htmlTour\safe_easy_easier_big.jpg
%WINDIR%\Help\Tours\htmlTour\safe_easy_faster_ghost.jpg
%WINDIR%\Help\Tours\htmlTour\start_up.jpg
%WINDIR%\Help\Tours\htmlTour\taskbar_up.jpg
%WINDIR%\Help\Tours\htmlTour\safe_easy_easier_ghost.jpg
%WINDIR%\Help\Tours\htmlTour\safe_easy_faster.jpg
%WINDIR%\Help\Tours\htmlTour\safe_easy_faster_big.jpg
%WINDIR%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg
<SYSTEM32>\oobe\html\mouse\images\pisam.jpg
<SYSTEM32>\oobe\html\mouse\images\prague.jpg
<SYSTEM32>\oobe\html\mouse\images\praguem.jpg
<SYSTEM32>\oobe\html\mouse\images\paris.jpg
<SYSTEM32>\oobe\html\mouse\images\parism.jpg
<SYSTEM32>\oobe\html\mouse\images\pisa.jpg
<SYSTEM32>\oobe\html\mouse\images\tyrol.jpg
<SYSTEM32>\oobe\html\mouse\images\verona.jpg
<SYSTEM32>\oobe\html\mouse\images\veronam.jpg
<SYSTEM32>\oobe\images\backdown.jpg
<SYSTEM32>\oobe\html\mouse\images\tyrolm.jpg
<SYSTEM32>\oobe\html\mouse\images\venice.jpg
<SYSTEM32>\oobe\html\mouse\images\venicem.jpg
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg
%WINDIR%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg
%WINDIR%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg
<SYSTEM32>\oobe\html\mouse\images\bulzanom.jpg
<SYSTEM32>\oobe\html\mouse\images\heidelb.jpg
<SYSTEM32>\oobe\html\mouse\images\heidelbm.jpg
%WINDIR%\pchealth\helpctr\System\DVDUpgrd\stripe.jpg
%WINDIR%\pchealth\helpctr\System\sysinfo\graphics\greendot.jpg
<SYSTEM32>\oobe\html\mouse\images\bulzano.jpg
%WINDIR%\Help\Tours\htmlTour\connected_networks_big.jpg
%WINDIR%\Help\Tours\htmlTour\connected_networks_ghost.jpg
%WINDIR%\Help\Tours\htmlTour\connected_wizard.jpg
%WINDIR%\Help\Tours\htmlTour\connected_multiple_big.jpg
%WINDIR%\Help\Tours\htmlTour\connected_multiple_ghost.jpg
%WINDIR%\Help\Tours\htmlTour\connected_networks.jpg
%WINDIR%\Help\Tours\htmlTour\connected_wizard_big.jpg
%WINDIR%\Help\Tours\htmlTour\desktop_up.jpg
%WINDIR%\Help\Tours\htmlTour\end_up.jpg
%WINDIR%\Help\Tours\htmlTour\folder_up.jpg
%WINDIR%\Help\Tours\htmlTour\connected_wizard_ghost.jpg
%WINDIR%\Help\Tours\htmlTour\control_up.jpg
%WINDIR%\Help\Tours\htmlTour\desktop_screen_shot.jpg
%WINDIR%\Help\Tours\htmlTour\best_robust.jpg
%WINDIR%\Help\Tours\htmlTour\best_robust_big.jpg
%WINDIR%\Help\Tours\htmlTour\best_robust_ghost.jpg
%WINDIR%\Help\Tours\htmlTour\best_road.jpg
%WINDIR%\Help\Tours\htmlTour\best_road_big.jpg
%WINDIR%\Help\Tours\htmlTour\best_road_ghost.jpg
%WINDIR%\Help\Tours\htmlTour\best_secure.jpg
%WINDIR%\Help\Tours\htmlTour\connected_data_big.jpg
%WINDIR%\Help\Tours\htmlTour\connected_data_ghost.jpg
%WINDIR%\Help\Tours\htmlTour\connected_multiple.jpg
%WINDIR%\Help\Tours\htmlTour\best_secure_big.jpg
%WINDIR%\Help\Tours\htmlTour\best_secure_ghost.jpg
%WINDIR%\Help\Tours\htmlTour\connected_data.jpg
%WINDIR%\Help\Tours\htmlTour\gradient.jpg
%WINDIR%\Help\Tours\htmlTour\img110.jpg
%WINDIR%\Help\Tours\htmlTour\img116.jpg
%WINDIR%\Help\Tours\htmlTour\img121.jpg
%WINDIR%\Help\Tours\htmlTour\img100.jpg
%WINDIR%\Help\Tours\htmlTour\img103.jpg
%WINDIR%\Help\Tours\htmlTour\img109.jpg
%WINDIR%\Help\Tours\htmlTour\img123.jpg
%WINDIR%\Help\Tours\htmlTour\intro_logo.jpg
%WINDIR%\Help\Tours\htmlTour\logo.jpg
%WINDIR%\Help\Tours\htmlTour\pen_icon.jpg
%WINDIR%\Help\Tours\htmlTour\img126.jpg
%WINDIR%\Help\Tours\htmlTour\img136.jpg
%WINDIR%\Help\Tours\htmlTour\img149.jpg
%WINDIR%\Help\Tours\htmlTour\img033.jpg
%WINDIR%\Help\Tours\htmlTour\img033a.jpg
%WINDIR%\Help\Tours\htmlTour\img034.jpg
%WINDIR%\Help\Tours\htmlTour\icon_up.jpg
%WINDIR%\Help\Tours\htmlTour\img004b.jpg
%WINDIR%\Help\Tours\htmlTour\img014.jpg
%WINDIR%\Help\Tours\htmlTour\img040.jpg
%WINDIR%\Help\Tours\htmlTour\img072.jpg
%WINDIR%\Help\Tours\htmlTour\img074a.jpg
%WINDIR%\Help\Tours\htmlTour\img089.jpg
%WINDIR%\Help\Tours\htmlTour\img046.jpg
%WINDIR%\Help\Tours\htmlTour\img060.jpg
%WINDIR%\Help\Tours\htmlTour\img068.jpg
%WINDIR%\Help\Tours\WindowsMediaPlayer\Img\Btn\cntd.gif
%WINDIR%\Help\Tours\WindowsMediaPlayer\Img\Btn\cnth.gif
%WINDIR%\Help\Tours\WindowsMediaPlayer\Img\Btn\taoff.gif
%WINDIR%\Help\Tours\WindowsMediaPlayer\Img\Btn\cloapp.gif
%WINDIR%\Help\Tours\WindowsMediaPlayer\Img\Btn\cloapph.gif
%WINDIR%\Help\Tours\WindowsMediaPlayer\Img\Btn\cnt.gif
%WINDIR%\Help\Tours\WindowsMediaPlayer\Img\Btn\taoffh.gif
%WINDIR%\Help\Tours\WindowsMediaPlayer\Img\Btn\tpauseh.gif
%WINDIR%\Help\Tours\WindowsMediaPlayer\Img\Btn\tplay.gif
%WINDIR%\Help\Tours\WindowsMediaPlayer\Img\Btn\tplayh.gif
%WINDIR%\Help\Tours\WindowsMediaPlayer\Img\Btn\taon.gif
%WINDIR%\Help\Tours\WindowsMediaPlayer\Img\Btn\taonh.gif
%WINDIR%\Help\Tours\WindowsMediaPlayer\Img\Btn\tpause.gif
%WINDIR%\Help\Tours\htmlTour\nav_unlock.gif
%WINDIR%\Help\Tours\htmlTour\nav_unlock_down.gif
%WINDIR%\Help\Tours\htmlTour\spacer.gif
%WINDIR%\Help\Tours\htmlTour\nav_safe_easy_down.gif
%WINDIR%\Help\Tours\htmlTour\nav_start_here.gif
%WINDIR%\Help\Tours\htmlTour\nav_start_here_down.gif
%WINDIR%\Help\Tours\WindowsMediaPlayer\Img\mplogo.gif
%WINDIR%\Help\Tours\WindowsMediaPlayer\Img\vidsamp.gif
%WINDIR%\Help\Tours\WindowsMediaPlayer\Img\Btn\bktr.gif
%WINDIR%\Help\Tours\WindowsMediaPlayer\Img\Btn\bktrh.gif
%WINDIR%\Help\Tours\WindowsMediaPlayer\Img\mplogoh.gif
%WINDIR%\Help\Tours\WindowsMediaPlayer\Img\tourbg.gif
%WINDIR%\Help\Tours\WindowsMediaPlayer\Img\videobg.gif
%WINDIR%\Help\Tours\WindowsMediaPlayer\Img\WMarks\wm1.gif
%WINDIR%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif
%WINDIR%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif
%WINDIR%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif
%WINDIR%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif
%WINDIR%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif
%WINDIR%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif
%WINDIR%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif
%WINDIR%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif
%WINDIR%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif
%WINDIR%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif
%WINDIR%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_1x1.gif
%WINDIR%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif
%WINDIR%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif
%WINDIR%\Help\Tours\WindowsMediaPlayer\Img\WMarks\wm5.gif
%WINDIR%\Help\Tours\WindowsMediaPlayer\Img\WMarks\wm6.gif
%WINDIR%\Help\Tours\WindowsMediaPlayer\Img\WMarks\wm7.gif
%WINDIR%\Help\Tours\WindowsMediaPlayer\Img\WMarks\wm2.gif
%WINDIR%\Help\Tours\WindowsMediaPlayer\Img\WMarks\wm3.gif
%WINDIR%\Help\Tours\WindowsMediaPlayer\Img\WMarks\wm4.gif
%WINDIR%\Help\Tours\WindowsMediaPlayer\Img\WMarks\wm8.gif
%WINDIR%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif
%WINDIR%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif
%WINDIR%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif
%WINDIR%\Help\Tours\WindowsMediaPlayer\Img\WMarks\wm9.gif
%WINDIR%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif
%WINDIR%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif
<SYSTEM32>\oobe\images\skipoff.jpg
<SYSTEM32>\oobe\images\skipover.jpg
<SYSTEM32>\oobe\images\skipup.jpg
<SYSTEM32>\oobe\images\nextup.jpg
<SYSTEM32>\oobe\images\oemcoa.jpg
<SYSTEM32>\oobe\images\skipdown.jpg
<SYSTEM32>\oobe\images\wpaback.jpg
<SYSTEM32>\oobe\images\wpatop.jpg
%WINDIR%\Web\Wallpaper\Ascent.jpg
%WINDIR%\Web\Wallpaper\Autumn.jpg
<SYSTEM32>\oobe\images\wpabtm.jpg
<SYSTEM32>\oobe\images\wpaflag.jpg
<SYSTEM32>\oobe\images\wpakey.jpg
<SYSTEM32>\oobe\images\mslogo.jpg
<SYSTEM32>\oobe\images\newbtm1.jpg
<SYSTEM32>\oobe\images\newbtm8.jpg
<SYSTEM32>\oobe\images\backoff.jpg
<SYSTEM32>\oobe\images\backover.jpg
<SYSTEM32>\oobe\images\backup.jpg
<SYSTEM32>\oobe\images\newmark1.jpg
<SYSTEM32>\oobe\images\nextdown.jpg
<SYSTEM32>\oobe\images\nextoff.jpg
<SYSTEM32>\oobe\images\nextover.jpg
<SYSTEM32>\oobe\images\newmark8.jpg
<SYSTEM32>\oobe\images\newtop1.jpg
<SYSTEM32>\oobe\images\newtop8.jpg
%WINDIR%\Web\Wallpaper\Azul.jpg
<SYSTEM32>\oobe\images\title.wma
%WINDIR%\Help\Tours\htmlTour\bluearrow.gif
%WINDIR%\Help\Tours\htmlTour\bot_bar.gif
%WINDIR%\Web\Wallpaper\Vortec space.jpg
%WINDIR%\Web\Wallpaper\Wind.jpg
%WINDIR%\Web\Wallpaper\Windows XP.jpg
%WINDIR%\Help\Tours\htmlTour\nav_best.gif
%WINDIR%\Help\Tours\htmlTour\nav_connected_down.gif
%WINDIR%\Help\Tours\htmlTour\nav_gray.gif
%WINDIR%\Help\Tours\htmlTour\nav_safe_easy.gif
%WINDIR%\Help\Tours\htmlTour\nav_best_down.gif
%WINDIR%\Help\Tours\htmlTour\nav_blank.gif
%WINDIR%\Help\Tours\htmlTour\nav_connected.gif
%WINDIR%\Web\Wallpaper\Home.jpg
%WINDIR%\Web\Wallpaper\Moon flower.jpg
%WINDIR%\Web\Wallpaper\Peace.jpg
%WINDIR%\Web\Wallpaper\Crystal.jpg
%WINDIR%\Web\Wallpaper\Follow.jpg
%WINDIR%\Web\Wallpaper\Friend.jpg
%WINDIR%\Web\Wallpaper\Power.jpg
%WINDIR%\Web\Wallpaper\Ripple.jpg
%WINDIR%\Web\Wallpaper\Stonehenge.jpg
%WINDIR%\Web\Wallpaper\Tulips.jpg
%WINDIR%\Web\Wallpaper\Purple flower.jpg
%WINDIR%\Web\Wallpaper\Radiance.jpg
%WINDIR%\Web\Wallpaper\Red moon desert.jpg
Самоудаляется.
Другое:
Ищет следующие окна:
ClassName: 'MS_WINHELP' WindowName: ''
ClassName: 'Shell_TrayWnd' WindowName: ''
Рекомендации по лечению
Windows
macOS
Linux
Android
В случае если операционная система способна загрузиться (в штатном режиме или режиме защиты от сбоев), скачайте лечащую утилиту Dr.Web CureIt! и выполните с ее помощью полную проверку вашего компьютера, а также используемых вами переносных носителей информации.
Если загрузка операционной системы невозможна, измените настройки BIOS вашего компьютера, чтобы обеспечить возможность загрузки ПК с компакт-диска или USB-накопителя. Скачайте образ аварийного диска восстановления системы Dr.Web® LiveDisk или утилиту записи Dr.Web® LiveDisk на USB-накопитель, подготовьте соответствующий носитель. Загрузив компьютер с использованием данного носителя, выполните его полную проверку и лечение обнаруженных угроз.
Выполните полную проверку системы с использованием Антивируса Dr.Web Light для macOS. Данный продукт можно загрузить с официального сайта Apple App Store .
Если мобильное устройство функционирует в штатном режиме, загрузите и установите на него бесплатный антивирусный продукт Dr.Web для Android Light . Выполните полную проверку системы и используйте рекомендации по нейтрализации обнаруженных угроз.
Если мобильное устройство заблокировано троянцем-вымогателем семейства Android.Locker (на экране отображается обвинение в нарушении закона, требование выплаты определенной денежной суммы или иное сообщение, мешающее нормальной работе с устройством), выполните следующие действия:
загрузите свой смартфон или планшет в безопасном режиме (в зависимости от версии операционной системы и особенностей конкретного мобильного устройства эта процедура может быть выполнена различными способами; обратитесь за уточнением к инструкции, поставляемой вместе с приобретенным аппаратом, или напрямую к его производителю);
после активации безопасного режима установите на зараженное устройство бесплатный антивирусный продукт Dr.Web для Android Light и произведите полную проверку системы, выполнив рекомендации по нейтрализации обнаруженных угроз;
выключите устройство и включите его в обычном режиме.
Подробнее о Dr.Web для Android
Демо бесплатно на 14 дней
Выдаётся при установке
Завантажте Dr.Web для Android
Безкоштовно на 3 місяці
Всі компоненти захисту
Подовження демо в AppGallery/Google Pay
Подальший перегляд даного сайта означає, що Ви погоджуєтесь на використання нами cookie-файлів та інших технологій збору статистичних відомостей про відвідувачів. Докладніше
OK