Підтримка
Цілодобова підтримка | Правила звернення

Зателефонуйте

Глобальна підтримка:
+7 (495) 789-45-86

Поширені запитання |  Форум |  Бот самопідтримки Telegram

Ваші запити

  • Всі: -
  • Незакриті: -
  • Останій: -

Зателефонуйте

Глобальна підтримка:
+7 (495) 789-45-86

Зв'яжіться з нами Незакриті запити: 

Профіль

Профіль

Trojan.Hosts.49839

Добавлен в вирусную базу Dr.Web: 2022-03-10

Описание добавлено:

Technical Information

To ensure autorun and distribution
Modifies the following registry keys
  • [<HKLM>\Software\Classes\cclaunch\shell\open\command] '' = '"%ProgramFiles%\CCleaner\ccleaner64.exe" /%1'
  • [<HKLM>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'GrpConv' = 'grpconv -o'
Modifies file system
Creates the following files
  • %TEMP%\rarsfx0\cybermania.url
  • %ProgramFiles%\ccleaner\lang\set7efd.tmp
  • %ProgramFiles%\ccleaner\lang\set7ebe.tmp
  • %ProgramFiles%\ccleaner\lang\set7ead.tmp
  • %ProgramFiles%\ccleaner\lang\set7e8d.tmp
  • %ProgramFiles%\ccleaner\lang\set7e7c.tmp
  • %ProgramFiles%\ccleaner\lang\set7e4c.tmp
  • %ProgramFiles%\ccleaner\lang\set7e3c.tmp
  • %ProgramFiles%\ccleaner\lang\set7e0c.tmp
  • %ProgramFiles%\ccleaner\lang\set7dfb.tmp
  • %ProgramFiles%\ccleaner\lang\set7ddb.tmp
  • %ProgramFiles%\ccleaner\lang\set7dcb.tmp
  • %ProgramFiles%\ccleaner\lang\set7d9b.tmp
  • %ProgramFiles%\ccleaner\lang\set7d9a.tmp
  • %ProgramFiles%\ccleaner\lang\set7d5a.tmp
  • %ProgramFiles%\ccleaner\lang\set7d4a.tmp
  • %ProgramFiles%\ccleaner\lang\set7d2a.tmp
  • %ProgramFiles%\ccleaner\lang\set7d19.tmp
  • %ProgramFiles%\ccleaner\lang\set7ce9.tmp
  • %ProgramFiles%\ccleaner\lang\set7cd9.tmp
  • %ProgramFiles%\ccleaner\lang\set7ca9.tmp
  • %ProgramFiles%\ccleaner\lang\set7c98.tmp
  • %ProgramFiles%\ccleaner\lang\set7c78.tmp
  • %ProgramFiles%\ccleaner\lang\set7c67.tmp
  • %ProgramFiles%\ccleaner\lang\set7c47.tmp
  • %ProgramFiles%\ccleaner\lang\set7c37.tmp
  • %ProgramFiles%\ccleaner\lang\set7c16.tmp
  • %ProgramFiles%\ccleaner\lang\set7c06.tmp
  • %ProgramFiles%\ccleaner\lang\set7be6.tmp
  • %ProgramFiles%\ccleaner\lang\set7bd5.tmp
  • %ProgramFiles%\ccleaner\lang\set7f0e.tmp
  • %ProgramFiles%\ccleaner\lang\set7f3d.tmp
  • %ProgramFiles%\ccleaner\lang\set7f4e.tmp
  • %ProgramFiles%\ccleaner\lang\set7f7e.tmp
  • %ProgramFiles%\ccleaner\ccleaner.ini
  • %ProgramFiles%\ccleaner\set821a.tmp
  • %ProgramFiles%\ccleaner\set81eb.tmp
  • %ProgramFiles%\ccleaner\lang\set81ab.tmp
  • %ProgramFiles%\ccleaner\lang\set819b.tmp
  • %ProgramFiles%\ccleaner\lang\set816b.tmp
  • %ProgramFiles%\ccleaner\lang\set815a.tmp
  • %ProgramFiles%\ccleaner\lang\set812a.tmp
  • %ProgramFiles%\ccleaner\lang\set811a.tmp
  • %ProgramFiles%\ccleaner\lang\set80fa.tmp
  • %ProgramFiles%\ccleaner\lang\set80d9.tmp
  • %ProgramFiles%\ccleaner\lang\set80c9.tmp
  • %ProgramFiles%\ccleaner\lang\set80b8.tmp
  • %ProgramFiles%\ccleaner\lang\set8098.tmp
  • %ProgramFiles%\ccleaner\lang\set8058.tmp
  • %ProgramFiles%\ccleaner\lang\set8097.tmp
  • %ProgramFiles%\ccleaner\lang\set8057.tmp
  • %ProgramFiles%\ccleaner\lang\set8046.tmp
  • %ProgramFiles%\ccleaner\lang\set8035.tmp
  • %ProgramFiles%\ccleaner\lang\set8025.tmp
  • %ProgramFiles%\ccleaner\lang\set8014.tmp
  • %ProgramFiles%\ccleaner\lang\set8004.tmp
  • %ProgramFiles%\ccleaner\lang\set8003.tmp
  • %ProgramFiles%\ccleaner\lang\set7ff2.tmp
  • %ProgramFiles%\ccleaner\lang\set7fe1.tmp
  • %ProgramFiles%\ccleaner\lang\set7fd1.tmp
  • %ProgramFiles%\ccleaner\lang\set7fc0.tmp
  • %ProgramFiles%\ccleaner\lang\set7fb0.tmp
  • %ProgramFiles%\ccleaner\lang\set7faf.tmp
  • %ProgramFiles%\ccleaner\lang\set7f8e.tmp
  • %TEMP%\c8f7r45f.cmd
  • %ProgramFiles%\ccleaner\lang\set7ba5.tmp
  • %ProgramFiles%\ccleaner\lang\set7b95.tmp
  • %ProgramFiles%\ccleaner\lang\set7b65.tmp
  • %ProgramFiles%\ccleaner\lang\set7873.tmp
  • %ProgramFiles%\ccleaner\lang\set7872.tmp
  • %ProgramFiles%\ccleaner\lang\set7852.tmp
  • %ProgramFiles%\ccleaner\lang\set7851.tmp
  • %ProgramFiles%\ccleaner\lang\set7831.tmp
  • %ProgramFiles%\ccleaner\lang\set7830.tmp
  • %ProgramFiles%\ccleaner\lang\set781f.tmp
  • %ProgramFiles%\ccleaner\lang\set780e.tmp
  • %ProgramFiles%\ccleaner\lang\set77fe.tmp
  • %ProgramFiles%\ccleaner\lang\set77fd.tmp
  • %ProgramFiles%\ccleaner\lang\set77ec.tmp
  • %ProgramFiles%\ccleaner\lang\set77dc.tmp
  • %ProgramFiles%\ccleaner\lang\set77bb.tmp
  • %ProgramFiles%\ccleaner\lang\set77ba.tmp
  • %ProgramFiles%\ccleaner\lang\set77aa.tmp
  • %ProgramFiles%\ccleaner\lang\set7799.tmp
  • %ProgramFiles%\ccleaner\lang\set7789.tmp
  • %ProgramFiles%\ccleaner\lang\set7788.tmp
  • %ProgramFiles%\ccleaner\lang\set7767.tmp
  • %ProgramFiles%\ccleaner\lang\set7766.tmp
  • %ProgramFiles%\ccleaner\set75b1.tmp
  • %ProgramFiles%\ccleaner\set71f8.tmp
  • %ProgramFiles%\ccleaner\set71e7.tmp
  • %ProgramFiles%\ccleaner\set71e6.tmp
  • %ProgramFiles%\ccleaner\set71c6.tmp
  • %ProgramFiles%\ccleaner\set71c5.tmp
  • %TEMP%\rarsfx0\ccleaner64.inf
  • %TEMP%\rarsfx0\ccleaner64.cab
  • %TEMP%\rarsfx0\blockhost64.exe
  • %ProgramFiles%\ccleaner\lang\set7893.tmp
  • %ProgramFiles%\ccleaner\lang\set7894.tmp
  • %ProgramFiles%\ccleaner\lang\set78b4.tmp
  • %ProgramFiles%\ccleaner\lang\set78b5.tmp
  • %ProgramFiles%\ccleaner\lang\set7b34.tmp
  • %ProgramFiles%\ccleaner\lang\set7b23.tmp
  • %ProgramFiles%\ccleaner\lang\set7ae4.tmp
  • %ProgramFiles%\ccleaner\lang\set7ad3.tmp
  • %ProgramFiles%\ccleaner\lang\set7aa4.tmp
  • %ProgramFiles%\ccleaner\lang\set7a93.tmp
  • %ProgramFiles%\ccleaner\lang\set7a54.tmp
  • %ProgramFiles%\ccleaner\lang\set7a53.tmp
  • %ProgramFiles%\ccleaner\lang\set7a32.tmp
  • %ProgramFiles%\ccleaner\lang\set7a31.tmp
  • %ProgramFiles%\ccleaner\lang\set7a11.tmp
  • %ProgramFiles%\ccleaner\lang\set7a10.tmp
  • %ProgramFiles%\ccleaner\lang\set79f0.tmp
  • %ProgramFiles%\ccleaner\lang\set79ef.tmp
  • %ProgramFiles%\ccleaner\lang\set79ce.tmp
  • %ProgramFiles%\ccleaner\lang\set79cf.tmp
  • %ProgramFiles%\ccleaner\lang\set79ad.tmp
  • %ProgramFiles%\ccleaner\lang\set799d.tmp
  • %ProgramFiles%\ccleaner\lang\set797d.tmp
  • %ProgramFiles%\ccleaner\lang\set797c.tmp
  • %ProgramFiles%\ccleaner\lang\set795b.tmp
  • %ProgramFiles%\ccleaner\lang\set795a.tmp
  • %ProgramFiles%\ccleaner\lang\set792b.tmp
  • %ProgramFiles%\ccleaner\lang\set792a.tmp
  • %ProgramFiles%\ccleaner\lang\set7909.tmp
  • %ProgramFiles%\ccleaner\lang\set7908.tmp
  • %ProgramFiles%\ccleaner\lang\set78f8.tmp
  • %ProgramFiles%\ccleaner\lang\set78e7.tmp
  • %ProgramFiles%\ccleaner\lang\set78d7.tmp
  • %ProgramFiles%\ccleaner\lang\set78c6.tmp
  • %ProgramFiles%\ccleaner\lang\set7b54.tmp
  • nul
Deletes the following files
  • %ProgramFiles%\ccleaner\set71c5.tmp
  • %ProgramFiles%\ccleaner\lang\set7cd9.tmp
  • %ProgramFiles%\ccleaner\lang\set7d19.tmp
  • %ProgramFiles%\ccleaner\lang\set7d4a.tmp
  • %ProgramFiles%\ccleaner\lang\set7d9a.tmp
  • %ProgramFiles%\ccleaner\lang\set7dcb.tmp
  • %ProgramFiles%\ccleaner\lang\set7dfb.tmp
  • %ProgramFiles%\ccleaner\lang\set7e3c.tmp
  • %ProgramFiles%\ccleaner\lang\set7e7c.tmp
  • %ProgramFiles%\ccleaner\lang\set7ead.tmp
  • %ProgramFiles%\ccleaner\lang\set7efd.tmp
  • %ProgramFiles%\ccleaner\lang\set7f3d.tmp
  • %ProgramFiles%\ccleaner\lang\set7f7e.tmp
  • %ProgramFiles%\ccleaner\lang\set7faf.tmp
  • %ProgramFiles%\ccleaner\lang\set7c67.tmp
  • %ProgramFiles%\ccleaner\lang\set7c98.tmp
  • %ProgramFiles%\ccleaner\lang\set7fc0.tmp
  • %ProgramFiles%\ccleaner\lang\set7fe1.tmp
  • %TEMP%\rarsfx0\ccleaner64.cab
  • %TEMP%\rarsfx0\blockhost64.exe
  • %TEMP%\c8f7r45f.cmd
  • %ProgramFiles%\ccleaner\set81eb.tmp
  • %ProgramFiles%\ccleaner\lang\set819b.tmp
  • %ProgramFiles%\ccleaner\lang\set7a10.tmp
  • %ProgramFiles%\ccleaner\lang\set815a.tmp
  • %ProgramFiles%\ccleaner\lang\set80d9.tmp
  • %ProgramFiles%\ccleaner\lang\set80b8.tmp
  • %ProgramFiles%\ccleaner\lang\set8097.tmp
  • %ProgramFiles%\ccleaner\lang\set8057.tmp
  • %ProgramFiles%\ccleaner\lang\set8035.tmp
  • %ProgramFiles%\ccleaner\lang\set8014.tmp
  • %ProgramFiles%\ccleaner\lang\set8003.tmp
  • %ProgramFiles%\ccleaner\lang\set7c37.tmp
  • %ProgramFiles%\ccleaner\lang\set7c06.tmp
  • %ProgramFiles%\ccleaner\lang\set7bd5.tmp
  • %ProgramFiles%\ccleaner\set71f8.tmp
  • %ProgramFiles%\ccleaner\lang\set7766.tmp
  • %ProgramFiles%\ccleaner\lang\set7788.tmp
  • %ProgramFiles%\ccleaner\lang\set7799.tmp
  • %ProgramFiles%\ccleaner\lang\set77ba.tmp
  • %ProgramFiles%\ccleaner\lang\set77dc.tmp
  • %ProgramFiles%\ccleaner\lang\set77fd.tmp
  • %ProgramFiles%\ccleaner\lang\set780e.tmp
  • %ProgramFiles%\ccleaner\lang\set7830.tmp
  • %ProgramFiles%\ccleaner\lang\set7851.tmp
  • %ProgramFiles%\ccleaner\lang\set7872.tmp
  • %ProgramFiles%\ccleaner\lang\set7893.tmp
  • %ProgramFiles%\ccleaner\lang\set78b4.tmp
  • %ProgramFiles%\ccleaner\lang\set78c6.tmp
  • %ProgramFiles%\ccleaner\set71e6.tmp
  • %ProgramFiles%\ccleaner\lang\set78e7.tmp
  • %ProgramFiles%\ccleaner\lang\set7b95.tmp
  • %ProgramFiles%\ccleaner\lang\set7908.tmp
  • %ProgramFiles%\ccleaner\lang\set792a.tmp
  • %ProgramFiles%\ccleaner\lang\set795a.tmp
  • %ProgramFiles%\ccleaner\lang\set797c.tmp
  • %ProgramFiles%\ccleaner\lang\set799d.tmp
  • %ProgramFiles%\ccleaner\lang\set79ce.tmp
  • %ProgramFiles%\ccleaner\lang\set811a.tmp
  • %ProgramFiles%\ccleaner\lang\set79ef.tmp
  • %TEMP%\rarsfx0\ccleaner64.inf
  • %ProgramFiles%\ccleaner\lang\set7a53.tmp
  • %ProgramFiles%\ccleaner\lang\set7a93.tmp
  • %ProgramFiles%\ccleaner\lang\set7ad3.tmp
  • %ProgramFiles%\ccleaner\lang\set7b23.tmp
  • %ProgramFiles%\ccleaner\lang\set7b54.tmp
  • %ProgramFiles%\ccleaner\lang\set7a31.tmp
  • %TEMP%\rarsfx0\cybermania.url
Moves the following files
  • from %ProgramFiles%\ccleaner\set71c6.tmp to %ProgramFiles%\ccleaner\branding.dll
  • from %ProgramFiles%\ccleaner\lang\set7c16.tmp to %ProgramFiles%\ccleaner\lang\lang-1058.dll
  • from %ProgramFiles%\ccleaner\lang\set7c47.tmp to %ProgramFiles%\ccleaner\lang\lang-1059.dll
  • from %ProgramFiles%\ccleaner\lang\set7c78.tmp to %ProgramFiles%\ccleaner\lang\lang-1060.dll
  • from %ProgramFiles%\ccleaner\lang\set7ca9.tmp to %ProgramFiles%\ccleaner\lang\lang-1061.dll
  • from %ProgramFiles%\ccleaner\lang\set7ce9.tmp to %ProgramFiles%\ccleaner\lang\lang-1062.dll
  • from %ProgramFiles%\ccleaner\lang\set7d2a.tmp to %ProgramFiles%\ccleaner\lang\lang-1063.dll
  • from %ProgramFiles%\ccleaner\lang\set7d5a.tmp to %ProgramFiles%\ccleaner\lang\lang-1065.dll
  • from %ProgramFiles%\ccleaner\lang\set7d9b.tmp to %ProgramFiles%\ccleaner\lang\lang-1066.dll
  • from %ProgramFiles%\ccleaner\lang\set7ddb.tmp to %ProgramFiles%\ccleaner\lang\lang-1067.dll
  • from %ProgramFiles%\ccleaner\lang\set7e0c.tmp to %ProgramFiles%\ccleaner\lang\lang-1068.dll
  • from %ProgramFiles%\ccleaner\lang\set7e4c.tmp to %ProgramFiles%\ccleaner\lang\lang-1071.dll
  • from %ProgramFiles%\ccleaner\lang\set7e8d.tmp to %ProgramFiles%\ccleaner\lang\lang-1079.dll
  • from %ProgramFiles%\ccleaner\lang\set7ebe.tmp to %ProgramFiles%\ccleaner\lang\lang-1081.dll
  • from %ProgramFiles%\ccleaner\lang\set7f4e.tmp to %ProgramFiles%\ccleaner\lang\lang-1087.dll
  • from %ProgramFiles%\ccleaner\lang\set81ab.tmp to %ProgramFiles%\ccleaner\lang\lang-9999.dll
  • from %ProgramFiles%\ccleaner\lang\set7f8e.tmp to %ProgramFiles%\ccleaner\lang\lang-1090.dll
  • from %ProgramFiles%\ccleaner\lang\set7fb0.tmp to %ProgramFiles%\ccleaner\lang\lang-1092.dll
  • from %ProgramFiles%\ccleaner\lang\set7fd1.tmp to %ProgramFiles%\ccleaner\lang\lang-1093.dll
  • from %ProgramFiles%\ccleaner\lang\set7ff2.tmp to %ProgramFiles%\ccleaner\lang\lang-1102.dll
  • from %ProgramFiles%\ccleaner\lang\set8004.tmp to %ProgramFiles%\ccleaner\lang\lang-1104.dll
  • from %ProgramFiles%\ccleaner\lang\set8025.tmp to %ProgramFiles%\ccleaner\lang\lang-1109.dll
  • from %ProgramFiles%\ccleaner\lang\set8046.tmp to %ProgramFiles%\ccleaner\lang\lang-1110.dll
  • from %ProgramFiles%\ccleaner\lang\set8058.tmp to %ProgramFiles%\ccleaner\lang\lang-1155.dll
  • from %ProgramFiles%\ccleaner\lang\set8098.tmp to %ProgramFiles%\ccleaner\lang\lang-2052.dll
  • from %ProgramFiles%\ccleaner\lang\set80c9.tmp to %ProgramFiles%\ccleaner\lang\lang-2070.dll
  • from %ProgramFiles%\ccleaner\lang\set80fa.tmp to %ProgramFiles%\ccleaner\lang\lang-2074.dll
  • from %ProgramFiles%\ccleaner\lang\set812a.tmp to %ProgramFiles%\ccleaner\lang\lang-3098.dll
  • from %ProgramFiles%\ccleaner\lang\set816b.tmp to %ProgramFiles%\ccleaner\lang\lang-5146.dll
  • from %ProgramFiles%\ccleaner\lang\set7be6.tmp to %ProgramFiles%\ccleaner\lang\lang-1057.dll
  • from %ProgramFiles%\ccleaner\lang\set7f0e.tmp to %ProgramFiles%\ccleaner\lang\lang-1086.dll
  • from %ProgramFiles%\ccleaner\lang\set7ba5.tmp to %ProgramFiles%\ccleaner\lang\lang-1056.dll
  • from %ProgramFiles%\ccleaner\lang\set78b5.tmp to %ProgramFiles%\ccleaner\lang\lang-1037.dll
  • from %ProgramFiles%\ccleaner\set71e7.tmp to %ProgramFiles%\ccleaner\ccleaner.dat
  • from %ProgramFiles%\ccleaner\set75b1.tmp to %ProgramFiles%\ccleaner\ccleaner64.exe
  • from %ProgramFiles%\ccleaner\lang\set7767.tmp to %ProgramFiles%\ccleaner\lang\lang-1025.dll
  • from %ProgramFiles%\ccleaner\lang\set7789.tmp to %ProgramFiles%\ccleaner\lang\lang-1026.dll
  • from %ProgramFiles%\ccleaner\lang\set77aa.tmp to %ProgramFiles%\ccleaner\lang\lang-1027.dll
  • from %ProgramFiles%\ccleaner\lang\set77bb.tmp to %ProgramFiles%\ccleaner\lang\lang-1028.dll
  • from %ProgramFiles%\ccleaner\lang\set77ec.tmp to %ProgramFiles%\ccleaner\lang\lang-1029.dll
  • from %ProgramFiles%\ccleaner\lang\set77fe.tmp to %ProgramFiles%\ccleaner\lang\lang-1030.dll
  • from %ProgramFiles%\ccleaner\lang\set781f.tmp to %ProgramFiles%\ccleaner\lang\lang-1031.dll
  • from %ProgramFiles%\ccleaner\lang\set7831.tmp to %ProgramFiles%\ccleaner\lang\lang-1032.dll
  • from %ProgramFiles%\ccleaner\lang\set7852.tmp to %ProgramFiles%\ccleaner\lang\lang-1034.dll
  • from %ProgramFiles%\ccleaner\lang\set7873.tmp to %ProgramFiles%\ccleaner\lang\lang-1035.dll
  • from %ProgramFiles%\ccleaner\lang\set7894.tmp to %ProgramFiles%\ccleaner\lang\lang-1036.dll
  • from %ProgramFiles%\ccleaner\lang\set78d7.tmp to %ProgramFiles%\ccleaner\lang\lang-1038.dll
  • from %ProgramFiles%\ccleaner\lang\set7b34.tmp to %ProgramFiles%\ccleaner\lang\lang-1054.dll
  • from %ProgramFiles%\ccleaner\lang\set78f8.tmp to %ProgramFiles%\ccleaner\lang\lang-1040.dll
  • from %ProgramFiles%\ccleaner\lang\set7909.tmp to %ProgramFiles%\ccleaner\lang\lang-1041.dll
  • from %ProgramFiles%\ccleaner\lang\set792b.tmp to %ProgramFiles%\ccleaner\lang\lang-1042.dll
  • from %ProgramFiles%\ccleaner\lang\set795b.tmp to %ProgramFiles%\ccleaner\lang\lang-1043.dll
  • from %ProgramFiles%\ccleaner\lang\set797d.tmp to %ProgramFiles%\ccleaner\lang\lang-1044.dll
  • from %ProgramFiles%\ccleaner\lang\set79ad.tmp to %ProgramFiles%\ccleaner\lang\lang-1045.dll
  • from %ProgramFiles%\ccleaner\lang\set79cf.tmp to %ProgramFiles%\ccleaner\lang\lang-1046.dll
  • from %ProgramFiles%\ccleaner\lang\set79f0.tmp to %ProgramFiles%\ccleaner\lang\lang-1048.dll
  • from %ProgramFiles%\ccleaner\lang\set7a11.tmp to %ProgramFiles%\ccleaner\lang\lang-1049.dll
  • from %ProgramFiles%\ccleaner\lang\set7a32.tmp to %ProgramFiles%\ccleaner\lang\lang-1050.dll
  • from %ProgramFiles%\ccleaner\lang\set7a54.tmp to %ProgramFiles%\ccleaner\lang\lang-1051.dll
  • from %ProgramFiles%\ccleaner\lang\set7aa4.tmp to %ProgramFiles%\ccleaner\lang\lang-1052.dll
  • from %ProgramFiles%\ccleaner\lang\set7ae4.tmp to %ProgramFiles%\ccleaner\lang\lang-1053.dll
  • from %ProgramFiles%\ccleaner\lang\set7b65.tmp to %ProgramFiles%\ccleaner\lang\lang-1055.dll
  • from %ProgramFiles%\ccleaner\set821a.tmp to %ProgramFiles%\ccleaner\uninst.exe
Modifies the following files
  • %LOCALAPPDATA%\microsoft\windows\explorer\explorerstartuplog_runonce.etl
Modifies the HOSTS file.
Network activity
Connects to
  • 'cy###mania.ws':443
TCP
Other
  • 'cy###mania.ws':443
UDP
  • DNS ASK cy###mania.ws
  • DNS ASK microsoft.com
Miscellaneous
Searches for the following windows
  • ClassName: 'EDIT' WindowName: ''
  • ClassName: 'Static' WindowName: ''
  • ClassName: 'MS_AutodialMonitor' WindowName: ''
  • ClassName: 'MS_WebCheckMonitor' WindowName: ''
Creates and executes the following
  • '%TEMP%\rarsfx0\blockhost64.exe'
  • '<SYSTEM32>\cmd.exe' /c ""%TEMP%\C8F7R45F.cmd" "%TEMP%\RarSFX0\BlockHost64.exe" "' (with hidden window)
Executes the following
  • '<SYSTEM32>\infdefaultinstall.exe' "%TEMP%\RarSFX0\CCleaner64.inf"
  • '<SYSTEM32>\runonce.exe' -r
  • '<SYSTEM32>\grpconv.exe' -o
  • '<SYSTEM32>\cmd.exe' /c ""%TEMP%\C8F7R45F.cmd" "%TEMP%\RarSFX0\BlockHost64.exe" "
  • '<SYSTEM32>\takeown.exe' /f "<DRIVERS>\etc\hosts" /a
  • '<SYSTEM32>\cmd.exe' /S /D /c" echo y"
  • '<SYSTEM32>\icacls.exe' <DRIVERS>\etc\hosts /c /grant "administrators:F"
  • '<SYSTEM32>\attrib.exe' -h -r -s <DRIVERS>\etc\hosts
  • '<SYSTEM32>\find.exe' /C /I "CyberMania CCleaner Block" <DRIVERS>\etc\hosts
  • '<SYSTEM32>\find.exe' /C /I "0.0.0.0 license-api.ccleaner.com" <DRIVERS>\etc\hosts
  • '<SYSTEM32>\find.exe' /C /I "CCleaner Block End" <DRIVERS>\etc\hosts
  • '<SYSTEM32>\ipconfig.exe' -flushdns

Рекомендации по лечению

  1. В случае если операционная система способна загрузиться (в штатном режиме или режиме защиты от сбоев), скачайте лечащую утилиту Dr.Web CureIt! и выполните с ее помощью полную проверку вашего компьютера, а также используемых вами переносных носителей информации.
  2. Если загрузка операционной системы невозможна, измените настройки BIOS вашего компьютера, чтобы обеспечить возможность загрузки ПК с компакт-диска или USB-накопителя. Скачайте образ аварийного диска восстановления системы Dr.Web® LiveDisk или утилиту записи Dr.Web® LiveDisk на USB-накопитель, подготовьте соответствующий носитель. Загрузив компьютер с использованием данного носителя, выполните его полную проверку и лечение обнаруженных угроз.
Скачать Dr.Web

По серийному номеру

Выполните полную проверку системы с использованием Антивируса Dr.Web Light для macOS. Данный продукт можно загрузить с официального сайта Apple App Store.

На загруженной ОС выполните полную проверку всех дисковых разделов с использованием продукта Антивирус Dr.Web для Linux.

Скачать Dr.Web

По серийному номеру

  1. Если мобильное устройство функционирует в штатном режиме, загрузите и установите на него бесплатный антивирусный продукт Dr.Web для Android Light. Выполните полную проверку системы и используйте рекомендации по нейтрализации обнаруженных угроз.
  2. Если мобильное устройство заблокировано троянцем-вымогателем семейства Android.Locker (на экране отображается обвинение в нарушении закона, требование выплаты определенной денежной суммы или иное сообщение, мешающее нормальной работе с устройством), выполните следующие действия:
    • загрузите свой смартфон или планшет в безопасном режиме (в зависимости от версии операционной системы и особенностей конкретного мобильного устройства эта процедура может быть выполнена различными способами; обратитесь за уточнением к инструкции, поставляемой вместе с приобретенным аппаратом, или напрямую к его производителю);
    • после активации безопасного режима установите на зараженное устройство бесплатный антивирусный продукт Dr.Web для Android Light и произведите полную проверку системы, выполнив рекомендации по нейтрализации обнаруженных угроз;
    • выключите устройство и включите его в обычном режиме.

Подробнее о Dr.Web для Android

Демо бесплатно на 14 дней

Выдаётся при установке