Підтримка
Цілодобова підтримка | Правила звернення

Зателефонуйте

Глобальна підтримка:
+7 (495) 789-45-86

Поширені запитання |  Форум |  Бот самопідтримки Telegram

Ваші запити

  • Всі: -
  • Незакриті: -
  • Останій: -

Зателефонуйте

Глобальна підтримка:
+7 (495) 789-45-86

Зв'яжіться з нами Незакриті запити: 

Профіль

Профіль

Program.Unwanted.5405

Добавлен в вирусную базу Dr.Web: 2024-02-05

Описание добавлено:

Technical Information

To ensure autorun and distribution
Sets the following service settings
  • [HKLM\System\CurrentControlSet\Services\iTopDataRecoveryService4] 'Start' = '00000002'
  • [HKLM\System\CurrentControlSet\Services\iTopDataRecoveryService4] 'ImagePath' = '"%ProgramFiles(x86)%\iTop Data Recovery\IDRService.exe"'
Creates the following services
  • 'iTopDataRecoveryService4' "%ProgramFiles(x86)%\iTop Data Recovery\IDRService.exe"
  • 'iTopDataRecoveryService4' %ProgramFiles(x86)%\iTop Data Recovery\IDRService.exe
Malicious functions
Injects code into
the following system processes:
  • %WINDIR%\explorer.exe
Modifies file system
Creates the following files
  • %TEMP%\rarsfx0\hook.exe
  • %ProgramFiles(x86)%\itop data recovery\language\is-0gaga.tmp
  • %ProgramFiles(x86)%\itop data recovery\language\is-mvvh2.tmp
  • %ProgramFiles(x86)%\itop data recovery\language\is-4nfs9.tmp
  • %ProgramFiles(x86)%\itop data recovery\language\is-mkg4i.tmp
  • %ProgramFiles(x86)%\itop data recovery\language\is-85ghm.tmp
  • %ProgramFiles(x86)%\itop data recovery\language\is-aqgcb.tmp
  • %ProgramFiles(x86)%\itop data recovery\language\is-naddh.tmp
  • %ProgramFiles(x86)%\itop data recovery\language\is-n947q.tmp
  • %ProgramFiles(x86)%\itop data recovery\language\is-6nom4.tmp
  • %ProgramFiles(x86)%\itop data recovery\language\is-t7nuk.tmp
  • %ProgramFiles(x86)%\itop data recovery\language\is-uehd0.tmp
  • %ProgramFiles(x86)%\itop data recovery\language\is-uup0n.tmp
  • %ProgramFiles(x86)%\itop data recovery\language\is-4rian.tmp
  • %ProgramFiles(x86)%\itop data recovery\language\is-jm3i6.tmp
  • %ProgramFiles(x86)%\itop data recovery\language\is-qdmft.tmp
  • %ProgramFiles(x86)%\itop data recovery\language\is-ro4hg.tmp
  • %ProgramFiles(x86)%\itop data recovery\language\is-h1s98.tmp
  • %ProgramFiles(x86)%\itop data recovery\language\is-3dql8.tmp
  • %ProgramFiles(x86)%\itop data recovery\language\is-l62vg.tmp
  • %ProgramFiles(x86)%\itop data recovery\language\is-g1k4d.tmp
  • %ProgramFiles(x86)%\itop data recovery\language\is-iveqe.tmp
  • %ProgramFiles(x86)%\itop data recovery\language\is-e4gq3.tmp
  • %ProgramFiles(x86)%\itop data recovery\language\is-vkip3.tmp
  • %ProgramFiles(x86)%\itop data recovery\language\is-cjbfn.tmp
  • %ProgramFiles(x86)%\itop data recovery\language\is-j1dgt.tmp
  • %ALLUSERSPROFILE%\itop\bklistdata\078a588e.dat
  • %TEMP%\etilqs_zfvzffpvgmvgaiu
  • %ProgramFiles(x86)%\itop data recovery\language\is-9m4io.tmp
  • %TEMP%\etilqs_deqevjldnkywv3l
  • %TEMP%\etilqs_shhmqx9wruhzppp
  • %TEMP%\etilqs_nlwmnnlm0hjtgbj
  • %TEMP%\etilqs_k5m00cv5ylnz0df
  • %TEMP%\etilqs_pfvfxndijgud06u
  • %TEMP%\etilqs_iqbdsyt20h2cxid
  • %TEMP%\etilqs_gx8pxhkcndhc81h
  • %TEMP%\etilqs_mfc74bkrnajjs0e
  • %ProgramFiles(x86)%\itop data recovery\version.dll
  • %ProgramFiles(x86)%\itop data recovery\idrservice.log
  • %APPDATA%\microsoft\internet explorer\quick launch\user pinned\taskbar\itop data recovery.lnk
  • %ProgramFiles(x86)%\itop data recovery\language\is-de5jn.tmp
  • %TEMP%\commu.ini
  • %ALLUSERSPROFILE%\itop\idrrtt.ept
  • %ALLUSERSPROFILE%\itop\install.ini
  • %APPDATA%\itop data recovery\logs\registry.log
  • %ProgramFiles(x86)%\itop data recovery\itopinsur.log
  • %ProgramFiles(x86)%\itop data recovery\lang.dat
  • %APPDATA%\itop data recovery\main.ini
  • %ProgramFiles(x86)%\itop data recovery\unins000.dat
  • %ProgramFiles(x86)%\itop data recovery\unins000.msg
  • C:\users\public\desktop\itop data recovery.lnk
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\itop data recovery\uninstall itop data recovery.lnk
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\itop data recovery\itop data recovery.lnk
  • %ProgramFiles(x86)%\itop data recovery\language\is-hivnv.tmp
  • %ProgramFiles(x86)%\itop data recovery\language\is-a106i.tmp
  • %ProgramFiles(x86)%\itop data recovery\language\is-lhnmv.tmp
  • %ProgramFiles(x86)%\itop data recovery\is-1etmc.tmp
  • %ProgramFiles(x86)%\itop data recovery\is-dh8ek.tmp
  • %ProgramFiles(x86)%\itop data recovery\is-h2qkb.tmp
  • %ProgramFiles(x86)%\itop data recovery\is-dta5b.tmp
  • %ProgramFiles(x86)%\itop data recovery\is-q4n0c.tmp
  • %ProgramFiles(x86)%\itop data recovery\is-8jm2r.tmp
  • %ProgramFiles(x86)%\itop data recovery\is-0od6j.tmp
  • %ProgramFiles(x86)%\itop data recovery\is-i0tr6.tmp
  • %ProgramFiles(x86)%\itop data recovery\is-ai4hb.tmp
  • %ProgramFiles(x86)%\itop data recovery\is-sj13k.tmp
  • %ProgramFiles(x86)%\itop data recovery\is-vhibb.tmp
  • %ProgramFiles(x86)%\itop data recovery\is-hr74n.tmp
  • %ProgramFiles(x86)%\itop data recovery\is-peuua.tmp
  • %ProgramFiles(x86)%\itop data recovery\is-86i9f.tmp
  • %ProgramFiles(x86)%\itop data recovery\is-3mb4s.tmp
  • %ProgramFiles(x86)%\itop data recovery\is-f9hf8.tmp
  • %ProgramFiles(x86)%\itop data recovery\is-90k4v.tmp
  • %ProgramFiles(x86)%\itop data recovery\is-qnjbv.tmp
  • %ProgramFiles(x86)%\itop data recovery\is-1lepd.tmp
  • %TEMP%\is-mcvru.tmp\inno_english.lng
  • %TEMP%\is-mcvru.tmp\_isetup\_shfoldr.dll
  • %TEMP%\is-mcvru.tmp\_isetup\_setup64.tmp
  • %TEMP%\is-139n5.tmp\itop-data-recovery-setup.tmp
  • %TEMP%\rarsfx0\itop-data-recovery-setup.exe
  • %TEMP%\rarsfx0\cybermania.url
  • %ProgramFiles(x86)%\itop data recovery\is-01ms8.tmp
  • %ProgramFiles(x86)%\itop data recovery\is-75smh.tmp
  • %ProgramFiles(x86)%\itop data recovery\language\is-2c83m.tmp
  • %ProgramFiles(x86)%\itop data recovery\is-0rvfo.tmp
  • %ProgramFiles(x86)%\itop data recovery\update\is-lbhoa.tmp
  • %ProgramFiles(x86)%\itop data recovery\history\is-akh62.tmp
  • %ProgramFiles(x86)%\itop data recovery\history\is-e9k32.tmp
  • %ProgramFiles(x86)%\itop data recovery\history\is-0iskh.tmp
  • %ProgramFiles(x86)%\itop data recovery\history\is-5vevf.tmp
  • %ProgramFiles(x86)%\itop data recovery\history\is-4q15n.tmp
  • %ProgramFiles(x86)%\itop data recovery\history\is-pm3i0.tmp
  • %ProgramFiles(x86)%\itop data recovery\history\is-m2iqg.tmp
  • %ProgramFiles(x86)%\itop data recovery\history\is-lhtkf.tmp
  • %ProgramFiles(x86)%\itop data recovery\history\is-lkvo3.tmp
  • %ProgramFiles(x86)%\itop data recovery\history\is-e467s.tmp
  • %ProgramFiles(x86)%\itop data recovery\language\is-0c1dr.tmp
  • %ProgramFiles(x86)%\itop data recovery\is-4hdhs.tmp
  • %ProgramFiles(x86)%\itop data recovery\is-lmb3h.tmp
  • %ProgramFiles(x86)%\itop data recovery\is-vrq5v.tmp
  • %ProgramFiles(x86)%\itop data recovery\is-lvaqt.tmp
  • %ProgramFiles(x86)%\itop data recovery\is-g93ou.tmp
  • %ProgramFiles(x86)%\itop data recovery\is-empi6.tmp
  • %ProgramFiles(x86)%\itop data recovery\is-v2f1g.tmp
  • %ProgramFiles(x86)%\itop data recovery\is-cu5pq.tmp
  • %ProgramFiles(x86)%\itop data recovery\is-g8t2u.tmp
  • %ProgramFiles(x86)%\itop data recovery\is-g1bid.tmp
  • %ProgramFiles(x86)%\itop data recovery\is-jgg3o.tmp
  • %ProgramFiles(x86)%\itop data recovery\is-g2oms.tmp
  • %ProgramFiles(x86)%\itop data recovery\is-b3e9u.tmp
  • %TEMP%\etilqs_zx3eaoodo6vjzsl
Deletes the following files
  • %TEMP%\commu.ini
  • %TEMP%\is-mcvru.tmp\inno_english.lng
  • %TEMP%\is-mcvru.tmp\_isetup\_setup64.tmp
  • %TEMP%\is-mcvru.tmp\_isetup\_shfoldr.dll
  • %TEMP%\is-139n5.tmp\itop-data-recovery-setup.tmp
Moves the following files
  • from %ProgramFiles(x86)%\itop data recovery\is-1lepd.tmp to %ProgramFiles(x86)%\itop data recovery\unins000.exe
  • from %ProgramFiles(x86)%\itop data recovery\language\is-l62vg.tmp to %ProgramFiles(x86)%\itop data recovery\language\flemish.lng
  • from %ProgramFiles(x86)%\itop data recovery\language\is-g1k4d.tmp to %ProgramFiles(x86)%\itop data recovery\language\finnish.lng
  • from %ProgramFiles(x86)%\itop data recovery\language\is-iveqe.tmp to %ProgramFiles(x86)%\itop data recovery\language\english.lng
  • from %ProgramFiles(x86)%\itop data recovery\language\is-e4gq3.tmp to %ProgramFiles(x86)%\itop data recovery\language\dutch.lng
  • from %ProgramFiles(x86)%\itop data recovery\language\is-vkip3.tmp to %ProgramFiles(x86)%\itop data recovery\language\danish.lng
  • from %ProgramFiles(x86)%\itop data recovery\language\is-cjbfn.tmp to %ProgramFiles(x86)%\itop data recovery\language\czech.lng
  • from %ProgramFiles(x86)%\itop data recovery\language\is-de5jn.tmp to %ProgramFiles(x86)%\itop data recovery\language\chinesetrad.lng
  • from %ProgramFiles(x86)%\itop data recovery\language\is-0c1dr.tmp to %ProgramFiles(x86)%\itop data recovery\language\bulgarian.lng
  • from %ProgramFiles(x86)%\itop data recovery\language\is-h1s98.tmp to %ProgramFiles(x86)%\itop data recovery\language\german.lng
  • from %ProgramFiles(x86)%\itop data recovery\language\is-2c83m.tmp to %ProgramFiles(x86)%\itop data recovery\language\arabic.lng
  • from %ProgramFiles(x86)%\itop data recovery\update\is-lbhoa.tmp to %ProgramFiles(x86)%\itop data recovery\update\update.ini
  • from %ProgramFiles(x86)%\itop data recovery\history\is-akh62.tmp to %ProgramFiles(x86)%\itop data recovery\history\spanish.txt
  • from %ProgramFiles(x86)%\itop data recovery\history\is-e9k32.tmp to %ProgramFiles(x86)%\itop data recovery\history\russian.txt
  • from %ProgramFiles(x86)%\itop data recovery\history\is-0iskh.tmp to %ProgramFiles(x86)%\itop data recovery\history\portuguese(pt-br).txt
  • from %ProgramFiles(x86)%\itop data recovery\history\is-5vevf.tmp to %ProgramFiles(x86)%\itop data recovery\history\polish.txt
  • from %ProgramFiles(x86)%\itop data recovery\language\is-lhnmv.tmp to %ProgramFiles(x86)%\itop data recovery\language\chinesesimp.lng
  • from %ProgramFiles(x86)%\itop data recovery\is-empi6.tmp to %ProgramFiles(x86)%\itop data recovery\rtl120.bpl
  • from %ProgramFiles(x86)%\itop data recovery\language\is-ro4hg.tmp to %ProgramFiles(x86)%\itop data recovery\language\greek.lng
  • from %ProgramFiles(x86)%\itop data recovery\language\is-hivnv.tmp to %ProgramFiles(x86)%\itop data recovery\language\turkish.lng
  • from %ProgramFiles(x86)%\itop data recovery\language\is-uup0n.tmp to %ProgramFiles(x86)%\itop data recovery\language\swedish.lng
  • from %ProgramFiles(x86)%\itop data recovery\language\is-0gaga.tmp to %ProgramFiles(x86)%\itop data recovery\language\spanish.lng
  • from %ProgramFiles(x86)%\itop data recovery\language\is-mvvh2.tmp to %ProgramFiles(x86)%\itop data recovery\language\slovenian.lng
  • from %ProgramFiles(x86)%\itop data recovery\language\is-4nfs9.tmp to %ProgramFiles(x86)%\itop data recovery\language\slovak.lng
  • from %ProgramFiles(x86)%\itop data recovery\language\is-mkg4i.tmp to %ProgramFiles(x86)%\itop data recovery\language\russian.lng
  • from %ProgramFiles(x86)%\itop data recovery\language\is-85ghm.tmp to %ProgramFiles(x86)%\itop data recovery\language\romanian.lng
  • from %ProgramFiles(x86)%\itop data recovery\history\is-4q15n.tmp to %ProgramFiles(x86)%\itop data recovery\history\japanese.txt
  • from %ProgramFiles(x86)%\itop data recovery\language\is-3dql8.tmp to %ProgramFiles(x86)%\itop data recovery\language\french.lng
  • from %ProgramFiles(x86)%\itop data recovery\language\is-n947q.tmp to %ProgramFiles(x86)%\itop data recovery\language\polish.lng
  • from %ProgramFiles(x86)%\itop data recovery\language\is-6nom4.tmp to %ProgramFiles(x86)%\itop data recovery\language\norwegian.lng
  • from %ProgramFiles(x86)%\itop data recovery\language\is-t7nuk.tmp to %ProgramFiles(x86)%\itop data recovery\language\malay.lng
  • from %ProgramFiles(x86)%\itop data recovery\language\is-uehd0.tmp to %ProgramFiles(x86)%\itop data recovery\language\korean.lng
  • from %ProgramFiles(x86)%\itop data recovery\language\is-4rian.tmp to %ProgramFiles(x86)%\itop data recovery\language\japanese.lng
  • from %ProgramFiles(x86)%\itop data recovery\language\is-j1dgt.tmp to %ProgramFiles(x86)%\itop data recovery\language\italian.lng
  • from %ProgramFiles(x86)%\itop data recovery\language\is-jm3i6.tmp to %ProgramFiles(x86)%\itop data recovery\language\indonesian.lng
  • from %ProgramFiles(x86)%\itop data recovery\language\is-naddh.tmp to %ProgramFiles(x86)%\itop data recovery\language\portuguese(pt-br).lng
  • from %ProgramFiles(x86)%\itop data recovery\language\is-qdmft.tmp to %ProgramFiles(x86)%\itop data recovery\language\hungarian.lng
  • from %ProgramFiles(x86)%\itop data recovery\history\is-pm3i0.tmp to %ProgramFiles(x86)%\itop data recovery\history\italian.txt
  • from %ProgramFiles(x86)%\itop data recovery\history\is-m2iqg.tmp to %ProgramFiles(x86)%\itop data recovery\history\history.txt
  • from %ProgramFiles(x86)%\itop data recovery\history\is-lhtkf.tmp to %ProgramFiles(x86)%\itop data recovery\history\german.txt
  • from %ProgramFiles(x86)%\itop data recovery\is-vhibb.tmp to %ProgramFiles(x86)%\itop data recovery\iconpin64.exe
  • from %ProgramFiles(x86)%\itop data recovery\is-dta5b.tmp to %ProgramFiles(x86)%\itop data recovery\lang.dat
  • from %ProgramFiles(x86)%\itop data recovery\is-q4n0c.tmp to %ProgramFiles(x86)%\itop data recovery\itopinsur.exe
  • from %ProgramFiles(x86)%\itop data recovery\is-8jm2r.tmp to %ProgramFiles(x86)%\itop data recovery\itopdatarecovery.exe
  • from %ProgramFiles(x86)%\itop data recovery\is-0od6j.tmp to %ProgramFiles(x86)%\itop data recovery\infohelp.dll
  • from %ProgramFiles(x86)%\itop data recovery\is-i0tr6.tmp to %ProgramFiles(x86)%\itop data recovery\idrservice.exe
  • from %ProgramFiles(x86)%\itop data recovery\is-ai4hb.tmp to %ProgramFiles(x86)%\itop data recovery\idrinit.exe
  • from %ProgramFiles(x86)%\itop data recovery\language\is-a106i.tmp to %ProgramFiles(x86)%\itop data recovery\language\ukrainian.lng
  • from %ProgramFiles(x86)%\itop data recovery\is-dh8ek.tmp to %ProgramFiles(x86)%\itop data recovery\libssl-1_1.dll
  • from %ProgramFiles(x86)%\itop data recovery\is-hr74n.tmp to %ProgramFiles(x86)%\itop data recovery\iconpin64.dll
  • from %ProgramFiles(x86)%\itop data recovery\is-86i9f.tmp to %ProgramFiles(x86)%\itop data recovery\iconpin32.exe
  • from %ProgramFiles(x86)%\itop data recovery\is-01ms8.tmp to %ProgramFiles(x86)%\itop data recovery\iconpin32.dll
  • from %ProgramFiles(x86)%\itop data recovery\is-3mb4s.tmp to %ProgramFiles(x86)%\itop data recovery\eula.rtf
  • from %ProgramFiles(x86)%\itop data recovery\is-f9hf8.tmp to %ProgramFiles(x86)%\itop data recovery\datastate.dll
  • from %ProgramFiles(x86)%\itop data recovery\is-90k4v.tmp to %ProgramFiles(x86)%\itop data recovery\autoupdate.exe
  • from %ProgramFiles(x86)%\itop data recovery\is-qnjbv.tmp to %ProgramFiles(x86)%\itop data recovery\aupdate.exe
  • from %ProgramFiles(x86)%\itop data recovery\is-sj13k.tmp to %ProgramFiles(x86)%\itop data recovery\idrbackup.exe
  • from %ProgramFiles(x86)%\itop data recovery\language\is-aqgcb.tmp to %ProgramFiles(x86)%\itop data recovery\language\portuguese(pt-pt).lng
  • from %ProgramFiles(x86)%\itop data recovery\is-peuua.tmp to %ProgramFiles(x86)%\itop data recovery\locallang.exe
  • from %ProgramFiles(x86)%\itop data recovery\is-0rvfo.tmp to %ProgramFiles(x86)%\itop data recovery\madexcept_.bpl
  • from %ProgramFiles(x86)%\itop data recovery\is-b3e9u.tmp to %ProgramFiles(x86)%\itop data recovery\madbasic_.bpl
  • from %ProgramFiles(x86)%\itop data recovery\history\is-lkvo3.tmp to %ProgramFiles(x86)%\itop data recovery\history\french.txt
  • from %ProgramFiles(x86)%\itop data recovery\history\is-e467s.tmp to %ProgramFiles(x86)%\itop data recovery\history\dutch.txt
  • from %ProgramFiles(x86)%\itop data recovery\is-4hdhs.tmp to %ProgramFiles(x86)%\itop data recovery\winid.dat
  • from %ProgramFiles(x86)%\itop data recovery\is-75smh.tmp to %ProgramFiles(x86)%\itop data recovery\vclx120.bpl
  • from %ProgramFiles(x86)%\itop data recovery\is-lmb3h.tmp to %ProgramFiles(x86)%\itop data recovery\vcl120.bpl
  • from %ProgramFiles(x86)%\itop data recovery\is-vrq5v.tmp to %ProgramFiles(x86)%\itop data recovery\uninstallinfo.exe
  • from %ProgramFiles(x86)%\itop data recovery\is-1etmc.tmp to %ProgramFiles(x86)%\itop data recovery\maddisasm_.bpl
  • from %ProgramFiles(x86)%\itop data recovery\is-lvaqt.tmp to %ProgramFiles(x86)%\itop data recovery\sqlite3.dll
  • from %ProgramFiles(x86)%\itop data recovery\is-h2qkb.tmp to %ProgramFiles(x86)%\itop data recovery\libcrypto-1_1.dll
  • from %ProgramFiles(x86)%\itop data recovery\is-v2f1g.tmp to %ProgramFiles(x86)%\itop data recovery\registeridr.dll
  • from %ProgramFiles(x86)%\itop data recovery\is-cu5pq.tmp to %ProgramFiles(x86)%\itop data recovery\productstatistics3.dll
  • from %ProgramFiles(x86)%\itop data recovery\is-g8t2u.tmp to %ProgramFiles(x86)%\itop data recovery\productstat3.exe
  • from %ProgramFiles(x86)%\itop data recovery\is-g1bid.tmp to %ProgramFiles(x86)%\itop data recovery\pdfium.dll
  • from %ProgramFiles(x86)%\itop data recovery\is-jgg3o.tmp to %ProgramFiles(x86)%\itop data recovery\pdf2bmp.dll
  • from %ProgramFiles(x86)%\itop data recovery\is-g2oms.tmp to %ProgramFiles(x86)%\itop data recovery\newfts.exe
  • from %ProgramFiles(x86)%\itop data recovery\is-g93ou.tmp to %ProgramFiles(x86)%\itop data recovery\sendbugreport.exe
  • from %ProgramFiles(x86)%\itop data recovery\language\is-9m4io.tmp to %ProgramFiles(x86)%\itop data recovery\language\vietnamese.lng
Network activity
Connects to
  • 'ip##fo.io':80
  • 'ya###.opera.com':80
  • 'si#####ck2.opera.com':80
  • 're###.opera.com':80
  • 'si#####ck2.opera.com':443
  • 'en.###ipedia.org':80
  • 'am##on.com':443
  • 'se####.yahoo.com':443
  • 'au######te.geo.opera.com':443
  • 'bing.com':80
  • 'am##on.com':80
  • 'du###uckgo.com':443
  • 'se####.yahoo.com':80
  • 'google.com':80
  • 'au######te.geo.opera.com':80
  • 'st###.#pdategfiles.com':80
  • 'st#####.googleapis.com':443
  • 's3.###zonaws.com':443
  • 'cy###mania.ws':443
  • 'fa###ook.com':80
TCP
HTTP GET requests
  • http://ip##fo.io/
  • http://au######te.geo.opera.com/geolocation/
  • http://www.google.com/favicon.ico
  • http://se####.yahoo.com/favicon.ico
  • http://www.am##on.com/favicon.ico
  • http://www.bing.com/s/a/bing_p.ico
  • http://re###.opera.com/www.opera.com/firstrun/
  • http://si#####ck2.opera.com/?ho###################################################
  • http://re###.opera.com/favicon.ico
  • http://ya###.opera.com/favicon.ico
  • http://re###.opera.com/speeddials/partner/facebook
HTTP POST requests
  • http://st###.#pdategfiles.com/iinstall.php?op##############################################################################################
Other
  • 's3.###zonaws.com':443
  • 'st#####.googleapis.com':443
  • 'du###uckgo.com':443
  • 'au######te.geo.opera.com':443
  • 'am##on.com':443
  • 'se####.yahoo.com':443
  • 'si#####ck2.opera.com':443
  • 'ya###.opera.com':443
  • 'cy###mania.ws':443
UDP
  • DNS ASK ip##fo.io
  • DNS ASK op##a.com
  • DNS ASK ya###.opera.com
  • DNS ASK re###.opera.com
  • DNS ASK si#####ck2.opera.com
  • DNS ASK en.###ipedia.org
  • DNS ASK bi##.#ikimedia.org
  • DNS ASK bing.com
  • DNS ASK am##on.com
  • DNS ASK du###uckgo.com
  • DNS ASK se####.yahoo.com
  • DNS ASK au######te.geo.opera.com
  • DNS ASK google.com
  • DNS ASK st###.#pdategfiles.com
  • DNS ASK st#####.googleapis.com
  • DNS ASK s3.###zonaws.com
  • DNS ASK cy###mania.ws
  • DNS ASK fa###ook.com
Miscellaneous
Searches for the following windows
  • ClassName: 'EDIT' WindowName: ''
  • ClassName: 'Opera_MessageWindow' WindowName: '%APPDATA%\Opera Software\Opera Stable'
Creates and executes the following
  • '%TEMP%\rarsfx0\itop-data-recovery-setup.exe' /silent
  • '%ProgramFiles(x86)%\itop data recovery\idrservice.exe'
  • '%ProgramFiles(x86)%\itop data recovery\iconpin64.exe' Pin "%ProgramFiles(x86)%\iTop Data Recovery\iTopDataRecovery.exe"
  • '%ProgramFiles(x86)%\itop data recovery\uninstallinfo.exe' /install idr4
  • '%TEMP%\rarsfx0\hook.exe'
  • '%ProgramFiles(x86)%\itop data recovery\itopinsur.exe' /insur=other /reinstall=0 /regkeynameinsur="iTop Data Recovery" /writeregWow6432Node=0
  • '%ProgramFiles(x86)%\itop data recovery\idrinit.exe' /insur "%TEMP%\RarSFX0\itop-data-recovery-setup.exe" /reinstall=0 /regkeynameinsur="iTop Data Recovery" /writeregWow6432Node=0
  • '%ProgramFiles(x86)%\itop data recovery\newfts.exe'
  • '%ProgramFiles(x86)%\itop data recovery\itopinsur.exe' /SetLicenseStatus
  • '%ProgramFiles(x86)%\itop data recovery\locallang.exe'
  • '%TEMP%\is-139n5.tmp\itop-data-recovery-setup.tmp' /SL5="$1025A,11586334,329216,%TEMP%\RarSFX0\itop-data-recovery-setup.exe" /silent
  • '%ProgramFiles(x86)%\itop data recovery\itopinsur.exe' /SetLicenseStatus' (with hidden window)
  • '%ProgramFiles(x86)%\itop data recovery\locallang.exe' ' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c sc stop iTopDataRecoveryService4' (with hidden window)
  • '%ProgramFiles(x86)%\itop data recovery\uninstallinfo.exe' /install idr4' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c sc delete iTopDataRecoveryService3' (with hidden window)
  • '%ProgramFiles(x86)%\itop data recovery\iconpin64.exe' Pin "%ProgramFiles(x86)%\iTop Data Recovery\iTopDataRecovery.exe"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c sc create iTopDataRecoveryService4 binPath= "\"%ProgramFiles(x86)%\iTop Data Recovery\IDRService.exe\"" start= auto DisplayName= "iTop Data Recovery Service 4"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c sc description iTopDataRecoveryService4 "iTop Data Recovery Service"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c sc start iTopDataRecoveryService4' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c sc stop iTopDataRecoveryService3' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c sc delete iTopDataRecoveryService4' (with hidden window)
  • '%ProgramFiles(x86)%\itop data recovery\idrinit.exe' /insur "%TEMP%\RarSFX0\itop-data-recovery-setup.exe" /reinstall=0 /regkeynameinsur="iTop Data Recovery" /writeregWow6432Node=0' (with hidden window)
  • '%ProgramFiles(x86)%\itop data recovery\itopinsur.exe' /insur=other /reinstall=0 /regkeynameinsur="iTop Data Recovery" /writeregWow6432Node=0' (with hidden window)
Executes the following
  • '%WINDIR%\syswow64\cmd.exe' /c sc stop iTopDataRecoveryService3
  • '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="2188.12.1920590615\1706720268" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
  • '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="2188.11.901453083\461935061" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
  • '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="2188.10.731985851\2113591637" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
  • '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="2188.9.1369998355\1459881335" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
  • '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="2188.8.763637612\1032728269" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
  • '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="2188.7.1219030550\78585910" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
  • '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="2188.6.946546409\1895519467" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
  • '%ProgramFiles(x86)%\opera\29.0.1795.47\opera_crashreporter.exe' --type=utility --channel="2188.4.572738626\1120423668" --lang=en-US --no-sandbox --enable-proprietary-media-types-playback /prefetch:-645351001 /crash-reporter-parent-id=2816
  • '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="2188.5.327894879\1859674069" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
  • '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="2188.4.572738626\1120423668" --lang=en-US --no-sandbox --enable-proprietary-media-types-playback /prefetch:-645351001
  • '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=renderer --alt-high-dpi-setting=96 --disable-direct-npapi-requests --enable-deferred-image-decoding --lang=en-US --enable-proprietary-media-types-playback --extension-process --enable-we...
  • '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=renderer --alt-high-dpi-setting=96 --disable-direct-npapi-requests --enable-deferred-image-decoding --lang=en-US --enable-proprietary-media-types-playback --disable-client-side-phishing-...
  • '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=gpu-process --channel="2188.0.1090987117\1254072026" --enable-proprietary-media-types-playback --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,19,42 --gpu-vendor-id=0x0000 --gp...
  • '%ProgramFiles(x86)%\opera\29.0.1795.47\opera_crashreporter.exe' -noautoupdate --ran-launcher -- https://www.cybermania.ws/ /crash-reporter-parent-id=2188
  • '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' -noautoupdate --ran-launcher -- https://www.cybermania.ws/
  • '%ProgramFiles(x86)%\opera\launcher.exe' -noautoupdate -- "https://www.cybermania.ws/"
  • '%WINDIR%\syswow64\sc.exe' start iTopDataRecoveryService4
  • '%WINDIR%\syswow64\cmd.exe' /c sc start iTopDataRecoveryService4
  • '%WINDIR%\syswow64\sc.exe' description iTopDataRecoveryService4 "iTop Data Recovery Service"
  • '%WINDIR%\syswow64\cmd.exe' /c sc description iTopDataRecoveryService4 "iTop Data Recovery Service"
  • '%WINDIR%\syswow64\sc.exe' create iTopDataRecoveryService4 binPath= "\"%ProgramFiles(x86)%\iTop Data Recovery\IDRService.exe\"" start= auto DisplayName= "iTop Data Recovery Service 4"
  • '%WINDIR%\syswow64\cmd.exe' /c sc create iTopDataRecoveryService4 binPath= "\"%ProgramFiles(x86)%\iTop Data Recovery\IDRService.exe\"" start= auto DisplayName= "iTop Data Recovery Service 4"
  • '%WINDIR%\syswow64\sc.exe' delete iTopDataRecoveryService4
  • '%WINDIR%\syswow64\cmd.exe' /c sc delete iTopDataRecoveryService4
  • '%WINDIR%\syswow64\sc.exe' delete iTopDataRecoveryService3
  • '%WINDIR%\syswow64\cmd.exe' /c sc delete iTopDataRecoveryService3
  • '%WINDIR%\syswow64\sc.exe' stop iTopDataRecoveryService4
  • '%WINDIR%\syswow64\cmd.exe' /c sc stop iTopDataRecoveryService4
  • '%WINDIR%\syswow64\sc.exe' stop iTopDataRecoveryService3
  • '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="2188.15.1254797150\639013637" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
  • '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="2188.16.2007224814\1328633202" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001

Рекомендации по лечению

  1. В случае если операционная система способна загрузиться (в штатном режиме или режиме защиты от сбоев), скачайте лечащую утилиту Dr.Web CureIt! и выполните с ее помощью полную проверку вашего компьютера, а также используемых вами переносных носителей информации.
  2. Если загрузка операционной системы невозможна, измените настройки BIOS вашего компьютера, чтобы обеспечить возможность загрузки ПК с компакт-диска или USB-накопителя. Скачайте образ аварийного диска восстановления системы Dr.Web® LiveDisk или утилиту записи Dr.Web® LiveDisk на USB-накопитель, подготовьте соответствующий носитель. Загрузив компьютер с использованием данного носителя, выполните его полную проверку и лечение обнаруженных угроз.
Скачать Dr.Web

По серийному номеру

Выполните полную проверку системы с использованием Антивируса Dr.Web Light для macOS. Данный продукт можно загрузить с официального сайта Apple App Store.

На загруженной ОС выполните полную проверку всех дисковых разделов с использованием продукта Антивирус Dr.Web для Linux.

Скачать Dr.Web

По серийному номеру

  1. Если мобильное устройство функционирует в штатном режиме, загрузите и установите на него бесплатный антивирусный продукт Dr.Web для Android Light. Выполните полную проверку системы и используйте рекомендации по нейтрализации обнаруженных угроз.
  2. Если мобильное устройство заблокировано троянцем-вымогателем семейства Android.Locker (на экране отображается обвинение в нарушении закона, требование выплаты определенной денежной суммы или иное сообщение, мешающее нормальной работе с устройством), выполните следующие действия:
    • загрузите свой смартфон или планшет в безопасном режиме (в зависимости от версии операционной системы и особенностей конкретного мобильного устройства эта процедура может быть выполнена различными способами; обратитесь за уточнением к инструкции, поставляемой вместе с приобретенным аппаратом, или напрямую к его производителю);
    • после активации безопасного режима установите на зараженное устройство бесплатный антивирусный продукт Dr.Web для Android Light и произведите полную проверку системы, выполнив рекомендации по нейтрализации обнаруженных угроз;
    • выключите устройство и включите его в обычном режиме.

Подробнее о Dr.Web для Android

Демо бесплатно на 14 дней

Выдаётся при установке