用户服务中心

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

CN

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Close
服务
扫描仪
Dr.Web vxCube
试用
病毒知识库
知识库

技术

术语

教育培训

误区

新闻

Trojan.MulDrop3.59121

Added to the Dr.Web virus database: 2012-07-15

Virus description added:

Technical Information

Malicious functions:
Creates and executes the following:
  • %TEMP%\Rootchk\chkdrv.exe UPE 0
  • %TEMP%\Rootchk\chkdrv.exe upsctrl3 0
  • %TEMP%\Rootchk\chkdrv.exe usb8028 0
  • %TEMP%\Rootchk\chkdrv.exe trojans 0
  • %TEMP%\Rootchk\chkdrv.exe umk8 0
  • %TEMP%\Rootchk\chkdrv.exe Uninterruptible 0
  • %TEMP%\Rootchk\chkdrv.exe usb8028x 0
  • %TEMP%\Rootchk\chkdrv.exe vspf 0
  • %TEMP%\Rootchk\chkdrv.exe vspf_hk 0
  • %TEMP%\Rootchk\chkdrv.exe vxdgfx 0
  • %TEMP%\Rootchk\chkdrv.exe VideoAti0 0
  • %TEMP%\Rootchk\chkdrv.exe vissv 0
  • %TEMP%\Rootchk\chkdrv.exe voodoo 0
  • %TEMP%\Rootchk\chkdrv.exe SystemInspect 0
  • %TEMP%\Rootchk\chkdrv.exe systemm 0
  • %TEMP%\Rootchk\chkdrv.exe szr_droiver 0
  • %TEMP%\Rootchk\chkdrv.exe suhdlog.sys 0
  • %TEMP%\Rootchk\chkdrv.exe symavc32 0
  • %TEMP%\Rootchk\chkdrv.exe SysLibrary 0
  • %TEMP%\Rootchk\chkdrv.exe Tech 0
  • %TEMP%\Rootchk\chkdrv.exe TIME 0
  • %TEMP%\Rootchk\chkdrv.exe timedrv26 0
  • %TEMP%\Rootchk\chkdrv.exe TPLinks 0
  • %TEMP%\Rootchk\chkdrv.exe templates 0
  • %TEMP%\Rootchk\chkdrv.exe test 0
  • %TEMP%\Rootchk\chkdrv.exe test1 0
  • %TEMP%\Rootchk\chkdrv.exe wsfit32 0
  • %TEMP%\Rootchk\chkdrv.exe wsmsge 0
  • %TEMP%\Rootchk\chkdrv.exe wspipe 0
  • %TEMP%\Rootchk\chkdrv.exe wnlogon 0
  • %TEMP%\Rootchk\chkdrv.exe wnlogow 0
  • %TEMP%\Rootchk\chkdrv.exe wrmdrv 0
  • %TEMP%\Rootchk\chkdrv.exe WTIME 0
  • %TEMP%\Rootchk\chkdrv.exe xpdt 0
  • %TEMP%\Rootchk\chkdrv.exe xpdx 0
  • %TEMP%\Rootchk\chkdrv.exe xpsp2reg 0
  • %TEMP%\Rootchk\chkdrv.exe xartcd7 0
  • %TEMP%\Rootchk\chkdrv.exe xcdkernl 0
  • %TEMP%\Rootchk\chkdrv.exe xkeyshd 0
  • %TEMP%\Rootchk\chkdrv.exe WFSVL 0
  • %TEMP%\Rootchk\chkdrv.exe wfprotect 0
  • %TEMP%\Rootchk\chkdrv.exe wfprotects 0
  • %TEMP%\Rootchk\chkdrv.exe vxvgfv 0
  • %TEMP%\Rootchk\chkdrv.exe w3a9 0
  • %TEMP%\Rootchk\chkdrv.exe wartamd 0
  • %TEMP%\Rootchk\chkdrv.exe wincom32 0
  • %TEMP%\Rootchk\chkdrv.exe winmon 0
  • %TEMP%\Rootchk\chkdrv.exe wizca 0
  • %TEMP%\Rootchk\chkdrv.exe WLMSVS 0
  • %TEMP%\Rootchk\chkdrv.exe windbg48 0
  • %TEMP%\Rootchk\chkdrv.exe winio 0
  • %TEMP%\Rootchk\chkdrv.exe winlogin 0
  • %TEMP%\Rootchk\chkdrv.exe ssipod1 0
  • %TEMP%\Rootchk\chkdrv.exe ramvxt 0
  • %TEMP%\Rootchk\chkdrv.exe rdriv 0
  • %TEMP%\Rootchk\chkdrv.exe regepsrvc 0
  • %TEMP%\Rootchk\chkdrv.exe prw76sks 0
  • %TEMP%\Rootchk\chkdrv.exe PsY 0
  • %TEMP%\Rootchk\chkdrv.exe qqd.sys 0
  • %TEMP%\Rootchk\chkdrv.exe ReIISAdmin 0
  • %TEMP%\Rootchk\chkdrv.exe RioDrvs 0
  • %TEMP%\Rootchk\chkdrv.exe RKBYPASS 0
  • %TEMP%\Rootchk\chkdrv.exe rlx6dob6 0
  • %TEMP%\Rootchk\chkdrv.exe Relations 0
  • %TEMP%\Rootchk\chkdrv.exe remon 0
  • %TEMP%\Rootchk\chkdrv.exe RGwatch 0
  • %TEMP%\Rootchk\chkdrv.exe pcmmup 0
  • %TEMP%\Rootchk\chkdrv.exe pe386 0
  • %TEMP%\Rootchk\chkdrv.exe performance_monitor 0
  • %TEMP%\Rootchk\chkdrv.exe Partner 0
  • %TEMP%\Rootchk\chkdrv.exe PATTERNS 0
  • %TEMP%\Rootchk\chkdrv.exe pccard 0
  • %TEMP%\Rootchk\chkdrv.exe pnpdrv 0
  • %TEMP%\Rootchk\chkdrv.exe PROT 0
  • %TEMP%\Rootchk\chkdrv.exe prt21sks 0
  • %TEMP%\Rootchk\chkdrv.exe prt47sys 0
  • %TEMP%\Rootchk\chkdrv.exe poof 0
  • %TEMP%\Rootchk\chkdrv.exe PopWinIe 0
  • %TEMP%\Rootchk\chkdrv.exe PROCSERV 0
  • %TEMP%\Rootchk\chkdrv.exe security 0
  • %TEMP%\Rootchk\chkdrv.exe SecurityMonitoringDriver 0
  • %TEMP%\Rootchk\chkdrv.exe SHIPING 0
  • %TEMP%\Rootchk\chkdrv.exe sdcardX2 0
  • %TEMP%\Rootchk\chkdrv.exe se500mdmd 0
  • %TEMP%\Rootchk\chkdrv.exe se633mxxd 0
  • %TEMP%\Rootchk\chkdrv.exe Simple 0
  • %TEMP%\Rootchk\chkdrv.exe socket573 0
  • %TEMP%\Rootchk\chkdrv.exe socketx113 0
  • %TEMP%\Rootchk\chkdrv.exe squell 0
  • %TEMP%\Rootchk\chkdrv.exe sks2drvr 0
  • %TEMP%\Rootchk\chkdrv.exe SMONITOR 0
  • %TEMP%\Rootchk\chkdrv.exe Sndsystem 0
  • %TEMP%\Rootchk\chkdrv.exe roreg 0
  • %TEMP%\Rootchk\chkdrv.exe rosa 0
  • %TEMP%\Rootchk\chkdrv.exe RpcApi 0
  • %TEMP%\Rootchk\chkdrv.exe rlx66dob 0
  • %TEMP%\Rootchk\chkdrv.exe rofl 0
  • %TEMP%\Rootchk\chkdrv.exe romman 0
  • %TEMP%\Rootchk\chkdrv.exe Runtime 0
  • %TEMP%\Rootchk\chkdrv.exe scce4 0
  • %TEMP%\Rootchk\chkdrv.exe Scripts 0
  • %TEMP%\Rootchk\chkdrv.exe scsipsrvc 0
  • %TEMP%\Rootchk\chkdrv.exe Runtime2 0
  • %TEMP%\Rootchk\chkdrv.exe satad645 0
  • %TEMP%\Rootchk\chkdrv.exe satau325 0
  • %TEMP%\Rootchk\chkdrv.exe soundwav 0
  • %TEMP%\Rootchk\chkdrv.exe spoolsvv.sys 0
  • %TEMP%\Rootchk\chkdrv.exe spoolv 0
  • %TEMP%\Rootchk\chkdrv.exe SCService 0
  • %TEMP%\Rootchk\chkdrv.exe sdqgvqcm 0
  • %TEMP%\Rootchk\chkdrv.exe SLMDriver 0
  • %TEMP%\Rootchk\chkdrv.exe srosa 0
  • %TEMP%\Rootchk\chkdrv.exe syswav 0
  • %TEMP%\Rootchk\chkdrv.exe TestUSB 0
  • %TEMP%\Rootchk\chkdrv.exe Unreal 0
  • %TEMP%\Rootchk\chkdrv.exe streamex 0
  • %TEMP%\Rootchk\chkdrv.exe sysbus32 0
  • %TEMP%\Rootchk\chkdrv.exe SysDrver 0
  • %TEMP%\Rootchk\chkdrv.exe NvVideoCenter 0
  • %TEMP%\Rootchk\chkdrv.exe oran 0
  • %TEMP%\Rootchk\chkdrv.exe ORANS 0
  • %TEMP%\Rootchk\chkdrv.exe ntload 0
  • %TEMP%\Rootchk\chkdrv.exe nuidflnt 0
  • %TEMP%\Rootchk\chkdrv.exe nvmini 0
  • %TEMP%\Rootchk\chkdrv.exe pci32 0
  • %TEMP%\Rootchk\chkdrv.exe rstk 0
  • %TEMP%\Rootchk\chkdrv.exe Rtkit 0
  • %TEMP%\Rootchk\chkdrv.exe rudll 0
  • %TEMP%\Rootchk\chkdrv.exe phde32 0
  • %TEMP%\Rootchk\chkdrv.exe phide_ex.sys 0
  • %TEMP%\Rootchk\chkdrv.exe raid 0
  • %TEMP%\Rootchk\chkdrv.exe Ygyfrmrh 0
  • %TEMP%\Rootchk\chkdrv.exe Yjbplcow 0
  • %TEMP%\Rootchk\chkdrv.exe Yndbybmh 0
  • %TEMP%\Rootchk\chkdrv.exe wuam 0
  • %TEMP%\Rootchk\chkdrv.exe xHide 0
  • %TEMP%\Rootchk\chkdrv.exe XRW005 0
  • %TEMP%\Rootchk\chkdrv.exe Yxgunlzu 0
  • %TEMP%\Rootchk\chkdrv.exe Zykheptd 0
  • %TEMP%\Rootchk\chkdrv.exe irmon 0
  • %TEMP%\Rootchk\ISADMIN.EXE -q
  • %TEMP%\Rootchk\chkdrv.exe Zrwchrhu 0
  • %TEMP%\Rootchk\chkdrv.exe Zxbnredm 0
  • %TEMP%\Rootchk\chkdrv.exe Zxftajzo 0
  • %TEMP%\Rootchk\chkdrv.exe USBTest 0
  • %TEMP%\Rootchk\chkdrv.exe VANTI 0
  • %TEMP%\Rootchk\chkdrv.exe virdr 0
  • %TEMP%\Rootchk\chkdrv.exe usbehcl 0
  • %TEMP%\Rootchk\chkdrv.exe usbine 0
  • %TEMP%\Rootchk\chkdrv.exe usbmini 0
  • %TEMP%\Rootchk\chkdrv.exe virdrv 0
  • %TEMP%\Rootchk\chkdrv.exe vvcxqgpq 0
  • %TEMP%\Rootchk\chkdrv.exe winntbaken 0
  • %TEMP%\Rootchk\chkdrv.exe winrpcpp 0
  • %TEMP%\Rootchk\chkdrv.exe VKTServ 0
  • %TEMP%\Rootchk\chkdrv.exe vmsdrv 0
  • %TEMP%\Rootchk\chkdrv.exe VolMapDev 0
  • %TEMP%\Rootchk\chkdrv.exe nsysaudm 0
  • %TEMP%\Rootchk\chkdrv.exe delphi 0
  • %TEMP%\Rootchk\chkdrv.exe DER005 0
  • %TEMP%\Rootchk\chkdrv.exe DeviceMap 0
  • %TEMP%\Rootchk\chkdrv.exe bridges 0
  • %TEMP%\Rootchk\chkdrv.exe chgsprt 0
  • %TEMP%\Rootchk\chkdrv.exe cmdriver 0
  • %TEMP%\Rootchk\chkdrv.exe directdll 0
  • %TEMP%\Rootchk\chkdrv.exe et54fg 0
  • %TEMP%\Rootchk\chkdrv.exe GUI30svr 0
  • %TEMP%\Rootchk\chkdrv.exe guowaaayu 0
  • %TEMP%\Rootchk\chkdrv.exe dsniff 0
  • %TEMP%\Rootchk\chkdrv.exe DVDrealm 0
  • %TEMP%\Rootchk\chkdrv.exe elpow_spy 0
  • %TEMP%\Rootchk\chkdrv.exe zpzbwbhu 0
  • %TEMP%\Rootchk\chkdrv.exe ZSTDP 0
  • %TEMP%\Rootchk\chkdrv.exe npf 0
  • %TEMP%\Rootchk\chkdrv.exe xpsp2tdi 0
  • %TEMP%\Rootchk\chkdrv.exe Zloguwzp 0
  • %TEMP%\Rootchk\chkdrv.exe zopenssld 0
  • %TEMP%\Rootchk\chkdrv.exe IPRIP 0
  • %TEMP%\Rootchk\chkdrv.exe ALGCL 0
  • %TEMP%\Rootchk\chkdrv.exe ati12k 0
  • %TEMP%\Rootchk\chkdrv.exe BLUEO 0
  • %TEMP%\Rootchk\chkdrv.exe #BadRKDemo# 0
  • %TEMP%\Rootchk\chkdrv.exe _tdiserv_HOOK 0
  • %TEMP%\Rootchk\chkdrv.exe adpsSvc 0
  • %TEMP%\Rootchk\chkdrv.exe msiishlp 0
  • %TEMP%\Rootchk\chkdrv.exe msinfmgr 0
  • %TEMP%\Rootchk\chkdrv.exe MSMAPDEVICE 0
  • %TEMP%\Rootchk\chkdrv.exe MONDRV 0
  • %TEMP%\Rootchk\chkdrv.exe mrfckdll 0
  • %TEMP%\Rootchk\chkdrv.exe msiisdrv 0
  • %TEMP%\Rootchk\chkdrv.exe msriv1 0
  • %TEMP%\Rootchk\chkdrv.exe NetCN 0
  • %TEMP%\Rootchk\chkdrv.exe netpt 0
  • %TEMP%\Rootchk\chkdrv.exe NetSTrSvc 0
  • %TEMP%\Rootchk\chkdrv.exe msvnc 0
  • %TEMP%\Rootchk\chkdrv.exe NdisFilter 0
  • %TEMP%\Rootchk\chkdrv.exe ndisstd 0
  • %TEMP%\Rootchk\chkdrv.exe imaslip 0
  • %TEMP%\Rootchk\chkdrv.exe isa32 0
  • %TEMP%\Rootchk\chkdrv.exe kbdrv64 0
  • %TEMP%\Rootchk\chkdrv.exe GxNdisHook 0
  • %TEMP%\Rootchk\chkdrv.exe hpr34k8 0
  • %TEMP%\Rootchk\chkdrv.exe i386p 0
  • %TEMP%\Rootchk\chkdrv.exe KSDT1983 0
  • %TEMP%\Rootchk\chkdrv.exe mdojtgmr 0
  • %TEMP%\Rootchk\chkdrv.exe mhvl 0
  • %TEMP%\Rootchk\chkdrv.exe minipci 0
  • %TEMP%\Rootchk\chkdrv.exe KSM 0
  • %TEMP%\Rootchk\chkdrv.exe mcemgr 0
  • %TEMP%\Rootchk\chkdrv.exe MdeRy 0
  • %TEMP%\Rootchk\chkdrv.exe directxclks 0
  • %TEMP%\Rootchk\chkdrv.exe dmtd 0
  • %TEMP%\Rootchk\chkdrv.exe docentd 0
  • %TEMP%\Rootchk\chkdrv.exe directprt 0
  • %TEMP%\Rootchk\chkdrv.exe directx 0
  • %TEMP%\Rootchk\chkdrv.exe directxclicks 0
  • %TEMP%\Rootchk\chkdrv.exe DP1112 0
  • %TEMP%\Rootchk\chkdrv.exe dvdkernl 0
  • %TEMP%\Rootchk\chkdrv.exe eps32sys 0
  • %TEMP%\Rootchk\chkdrv.exe epsn2sys 0
  • %TEMP%\Rootchk\chkdrv.exe drivemngr 0
  • %TEMP%\Rootchk\chkdrv.exe Driver 0
  • %TEMP%\Rootchk\chkdrv.exe driverpp 0
  • %TEMP%\Rootchk\chkdrv.exe CNSMINKP 0
  • %TEMP%\Rootchk\chkdrv.exe com+_messages 0
  • %TEMP%\Rootchk\chkdrv.exe combofix 0
  • %TEMP%\Rootchk\chkdrv.exe ckptrqor 0
  • %TEMP%\Rootchk\chkdrv.exe ClipArt 0
  • %TEMP%\Rootchk\chkdrv.exe cnprov 0
  • %TEMP%\Rootchk\chkdrv.exe Core 0
  • %TEMP%\Rootchk\chkdrv.exe ddirectxt 0
  • %TEMP%\Rootchk\chkdrv.exe dglp13 0
  • %TEMP%\Rootchk\chkdrv.exe directout 0
  • %TEMP%\Rootchk\chkdrv.exe cpudev 0
  • %TEMP%\Rootchk\chkdrv.exe CsdDriver 0
  • %TEMP%\Rootchk\chkdrv.exe daming 0
  • %TEMP%\Rootchk\chkdrv.exe fpuext 0
  • %TEMP%\Rootchk\chkdrv.exe front 0
  • %TEMP%\Rootchk\chkdrv.exe FSPROT 0
  • %TEMP%\Rootchk\chkdrv.exe flashdrv3 0
  • %TEMP%\Rootchk\chkdrv.exe FOPF 0
  • %TEMP%\Rootchk\chkdrv.exe FOPN 0
  • %TEMP%\Rootchk\chkdrv.exe fwdrv.sys 0
  • %TEMP%\Rootchk\chkdrv.exe gdow2k.sys 0
  • %TEMP%\Rootchk\chkdrv.exe GuartServ 0
  • %TEMP%\Rootchk\chkdrv.exe guhvj 0
  • %TEMP%\Rootchk\chkdrv.exe gb 0
  • %TEMP%\Rootchk\chkdrv.exe gdiw2k 0
  • %TEMP%\Rootchk\chkdrv.exe gdow2k 0
  • %TEMP%\Rootchk\chkdrv.exe EXAMPLE1 0
  • %TEMP%\Rootchk\chkdrv.exe explorer 0
  • %TEMP%\Rootchk\chkdrv.exe FAD 0
  • %TEMP%\Rootchk\chkdrv.exe epsonsys 0
  • %TEMP%\Rootchk\chkdrv.exe estsprt 0
  • %TEMP%\Rootchk\chkdrv.exe EXAMPLE 0
  • %TEMP%\Rootchk\chkdrv.exe fanxctrld 0
  • %TEMP%\Rootchk\chkdrv.exe Filter 0
  • %TEMP%\Rootchk\chkdrv.exe fkot15 0
  • %TEMP%\Rootchk\chkdrv.exe fkwld 0
  • %TEMP%\Rootchk\chkdrv.exe Fast 0
  • %TEMP%\Rootchk\chkdrv.exe ffpbek 0
  • %TEMP%\Rootchk\chkdrv.exe file_replication 0
  • %TEMP%\Rootchk\chkdrv.exe CelInDrv 0
  • %TEMP%\Rootchk\chkdrv.exe 7753E06A 0
  • %TEMP%\Rootchk\chkdrv.exe a2 0
  • %TEMP%\Rootchk\chkdrv.exe ABHCOP 0
  • %TEMP%\Rootchk\chkdrv.exe 51ANREGPROT 0
  • %TEMP%\Rootchk\chkdrv.exe 51MSOFFTDI 0
  • %TEMP%\Rootchk\chkdrv.exe 67388760 0
  • %TEMP%\Rootchk\chkdrv.exe acpidisk 0
  • %TEMP%\Rootchk\chkdrv.exe albus 0
  • %TEMP%\Rootchk\chkdrv.exe allowcontinue 0
  • %TEMP%\Rootchk\chkdrv.exe amdk5 0
  • %TEMP%\Rootchk\chkdrv.exe AdServer 0
  • %TEMP%\Rootchk\chkdrv.exe adsrsvc 0
  • %TEMP%\Rootchk\chkdrv.exe agpbrdg5 0
  • %TEMP%\Rootchk\chkdrv.exe $DRVNAM$ 0
  • %TEMP%\Rootchk\chkdrv.exe $sys$aries 0
  • %TEMP%\Rootchk\chkdrv.exe {2188bad5-efbe-47e7-a92b-7144f44f9be5} 0
  • %TEMP%\Rootchk\chkdrv.exe hansen 0
  • %TEMP%\Rootchk\chkdrv.exe :::: 0
  • %TEMP%\Rootchk\chkdrv.exe __o 0
  • %TEMP%\Rootchk\chkdrv.exe 000031BE 0
  • %TEMP%\Rootchk\chkdrv.exe 45MSOFFTDI 0
  • %TEMP%\Rootchk\chkdrv.exe 47MSOFFTDI 0
  • %TEMP%\Rootchk\chkdrv.exe 50MSOFFTDI 0
  • %TEMP%\Rootchk\chkdrv.exe 15AnRegProt 0
  • %TEMP%\Rootchk\chkdrv.exe 15MSOFFTDI 0
  • %TEMP%\Rootchk\chkdrv.exe 2D49A3E8 0
  • %TEMP%\Rootchk\chkdrv.exe bdt11 0
  • %TEMP%\Rootchk\chkdrv.exe bflytsat 0
  • %TEMP%\Rootchk\chkdrv.exe bingdu 0
  • %TEMP%\Rootchk\chkdrv.exe atmsig 0
  • %TEMP%\Rootchk\chkdrv.exe axdebugld 0
  • %TEMP%\Rootchk\chkdrv.exe BDGUARD 0
  • %TEMP%\Rootchk\chkdrv.exe BITS32 0
  • %TEMP%\Rootchk\chkdrv.exe cdnprot 0
  • %TEMP%\Rootchk\chkdrv.exe CDNTRAN 0
  • %TEMP%\Rootchk\chkdrv.exe cdscsix3r 0
  • %TEMP%\Rootchk\chkdrv.exe bjo12 0
  • %TEMP%\Rootchk\chkdrv.exe BNESS 0
  • %TEMP%\Rootchk\chkdrv.exe BRGNS 0
  • %TEMP%\Rootchk\chkdrv.exe armdvc 0
  • %TEMP%\Rootchk\chkdrv.exe armrfc 0
  • %TEMP%\Rootchk\chkdrv.exe arprmdg5 0
  • %TEMP%\Rootchk\chkdrv.exe amstr32 0
  • %TEMP%\Rootchk\chkdrv.exe ANFAD 0
  • %TEMP%\Rootchk\chkdrv.exe ApiMon 0
  • %TEMP%\Rootchk\chkdrv.exe asc3550u 0
  • %TEMP%\Rootchk\chkdrv.exe atiddbxx 0
  • %TEMP%\Rootchk\chkdrv.exe atietbxx 0
  • %TEMP%\Rootchk\chkdrv.exe atixdbxx 0
  • %TEMP%\Rootchk\chkdrv.exe aspwstate 0
  • %TEMP%\Rootchk\chkdrv.exe ast 0
  • %TEMP%\Rootchk\chkdrv.exe asusrx25 0
  • %TEMP%\Rootchk\chkdrv.exe msrdr2 0
  • %TEMP%\Rootchk\chkdrv.exe mssock 0
  • %TEMP%\Rootchk\chkdrv.exe mssync2020 0
  • %TEMP%\Rootchk\chkdrv.exe mspcidrv 0
  • %TEMP%\Rootchk\chkdrv.exe msprotect 0
  • %TEMP%\Rootchk\chkdrv.exe msqmx 0
  • %TEMP%\Rootchk\chkdrv.exe msudp4 0
  • %TEMP%\Rootchk\chkdrv.exe ncio 0
  • %TEMP%\Rootchk\chkdrv.exe nclaby 0
  • %TEMP%\Rootchk\chkdrv.exe ndcia 0
  • %TEMP%\Rootchk\chkdrv.exe msusbbux 0
  • %TEMP%\Rootchk\chkdrv.exe mswsaf 0
  • %TEMP%\Rootchk\chkdrv.exe MZU_RK 0
  • %TEMP%\Rootchk\chkdrv.exe msdirectx 0
  • %TEMP%\Rootchk\chkdrv.exe msdirectxclicks 0
  • %TEMP%\Rootchk\chkdrv.exe msdirectxclks 0
  • %TEMP%\Rootchk\chkdrv.exe MOPROT 0
  • %TEMP%\Rootchk\chkdrv.exe mpsmp 0
  • %TEMP%\Rootchk\chkdrv.exe msdirect 0
  • %TEMP%\Rootchk\chkdrv.exe MSDLOBJDRV 0
  • %TEMP%\Rootchk\chkdrv.exe msftcpip 0
  • %TEMP%\Rootchk\chkdrv.exe msgegh 0
  • %TEMP%\Rootchk\chkdrv.exe msguard 0
  • %TEMP%\Rootchk\chkdrv.exe MSDNDDrv 0
  • %TEMP%\Rootchk\chkdrv.exe msdndr 0
  • %TEMP%\Rootchk\chkdrv.exe msfsr 0
  • %TEMP%\Rootchk\chkdrv.exe Oddysee 0
  • %TEMP%\Rootchk\chkdrv.exe openglssd 0
  • %TEMP%\Rootchk\chkdrv.exe openglwxd 0
  • %TEMP%\Rootchk\chkdrv.exe obbf117 0
  • %TEMP%\Rootchk\chkdrv.exe obbn13rt 0
  • %TEMP%\Rootchk\chkdrv.exe od1z2hteipeoeuos 0
  • %TEMP%\Rootchk\chkdrv.exe p4p_service 0
  • %TEMP%\Rootchk\chkdrv.exe paraudio 0
  • %TEMP%\Rootchk\chkdrv.exe parcls 0
  • %TEMP%\Rootchk\chkdrv.exe PartMsg 0
  • %TEMP%\Rootchk\chkdrv.exe p76xxsks 0
  • %TEMP%\Rootchk\chkdrv.exe p79bsksb 0
  • %TEMP%\Rootchk\chkdrv.exe p81eskse 0
  • %TEMP%\Rootchk\chkdrv.exe nkgfs 0
  • %TEMP%\Rootchk\chkdrv.exe nodantivir 0
  • %TEMP%\Rootchk\chkdrv.exe ntio256 0
  • %TEMP%\Rootchk\chkdrv.exe NDnet1 0
  • %TEMP%\Rootchk\chkdrv.exe ne 0
  • %TEMP%\Rootchk\chkdrv.exe new_drv 0
  • %TEMP%\Rootchk\chkdrv.exe ntkrnl 0
  • %TEMP%\Rootchk\chkdrv.exe NtTf 0
  • %TEMP%\Rootchk\chkdrv.exe nucdrv 0
  • %TEMP%\Rootchk\chkdrv.exe nuclab 0
  • %TEMP%\Rootchk\chkdrv.exe ntldr.sys 0
  • %TEMP%\Rootchk\chkdrv.exe NtmlSvc 0
  • %TEMP%\Rootchk\chkdrv.exe ntndis 0
  • %TEMP%\Rootchk\chkdrv.exe mmlogon 0
  • %TEMP%\Rootchk\chkdrv.exe idersrvc 0
  • %TEMP%\Rootchk\chkdrv.exe idnaux 0
  • %TEMP%\Rootchk\chkdrv.exe ies4service 0
  • %TEMP%\Rootchk\chkdrv.exe HWRegProt 0
  • %TEMP%\Rootchk\chkdrv.exe i82440bx 0
  • %TEMP%\Rootchk\chkdrv.exe ICF 0
  • %TEMP%\Rootchk\chkdrv.exe iesprt 0
  • %TEMP%\Rootchk\chkdrv.exe ispvcr 0
  • %TEMP%\Rootchk\chkdrv.exe jr 0
  • %TEMP%\Rootchk\chkdrv.exe k53lock 0
  • %TEMP%\Rootchk\chkdrv.exe iesservice4 0
  • %TEMP%\Rootchk\chkdrv.exe iexplor 0
  • %TEMP%\Rootchk\chkdrv.exe ipudpb2 0
  • %TEMP%\Rootchk\chkdrv.exe hdfs 0
  • %TEMP%\Rootchk\chkdrv.exe hdusb 0
  • %TEMP%\Rootchk\chkdrv.exe hflt_ipf 0
  • %TEMP%\Rootchk\chkdrv.exe h1dd3n 0
  • %TEMP%\Rootchk\chkdrv.exe haxdrv 0
  • %TEMP%\Rootchk\chkdrv.exe HCALWAY 0
  • %TEMP%\Rootchk\chkdrv.exe hide_evr2 0
  • %TEMP%\Rootchk\chkdrv.exe Hpdriver 0
  • %TEMP%\Rootchk\chkdrv.exe hpprintdrv 0
  • %TEMP%\Rootchk\chkdrv.exe huy32 0
  • %TEMP%\Rootchk\chkdrv.exe hidport 0
  • %TEMP%\Rootchk\chkdrv.exe hidproc 0
  • %TEMP%\Rootchk\chkdrv.exe HidServf 0
  • %TEMP%\Rootchk\chkdrv.exe main1 0
  • %TEMP%\Rootchk\chkdrv.exe mcfdrv 0
  • %TEMP%\Rootchk\chkdrv.exe MEDIADRVER 0
  • %TEMP%\Rootchk\chkdrv.exe m_hook 0
  • %TEMP%\Rootchk\chkdrv.exe m32lock 0
  • %TEMP%\Rootchk\chkdrv.exe m5 0
  • %TEMP%\Rootchk\chkdrv.exe mediaply 0
  • %TEMP%\Rootchk\chkdrv.exe mm77lgn 0
  • %TEMP%\Rootchk\chkdrv.exe mmc 0
  • %TEMP%\Rootchk\chkdrv.exe mmccrd 0
  • %TEMP%\Rootchk\chkdrv.exe mfbx 0
  • %TEMP%\Rootchk\chkdrv.exe mfstcpip 0
  • %TEMP%\Rootchk\chkdrv.exe mi5035a5 0
  • %TEMP%\Rootchk\chkdrv.exe kprof 0
  • %TEMP%\Rootchk\chkdrv.exe KWatch1 0
  • %TEMP%\Rootchk\chkdrv.exe KXSMP 0
  • %TEMP%\Rootchk\chkdrv.exe kcp 0
  • %TEMP%\Rootchk\chkdrv.exe ke7dnl 0
  • %TEMP%\Rootchk\chkdrv.exe kednld 0
  • %TEMP%\Rootchk\chkdrv.exe lanfs 0
  • %TEMP%\Rootchk\chkdrv.exe lsass 0
  • %TEMP%\Rootchk\chkdrv.exe LSPOOLDRV 0
  • %TEMP%\Rootchk\chkdrv.exe lzx32 0
  • %TEMP%\Rootchk\chkdrv.exe lanmandrv 0
  • %TEMP%\Rootchk\chkdrv.exe LanPort 0
  • %TEMP%\Rootchk\chkdrv.exe linksrvd 0
Executes the following:
  • <SYSTEM32>\findstr.exe /X "ycsrgb.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "rxx5ot.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "mmx17g.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "yvprgb.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "ycsvgd.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "xopptp.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "rxx6ot.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "ydsvgd.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "....49.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "yvsvga.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "twpkbd.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "....44.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "xmm13g.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "mmx19g.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "ycsvga.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "sdmapi.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "utgrbe.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "ufgrbe.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "svkvpn.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "svjvpn.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "wsmsag.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "mswsag.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "eetvpn.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "eexvpn.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "emul65.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "emul37.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "xdpptp.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "yvdrgb.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "rmk8ot.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "rmk9ot.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "wnmicf.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "wnmifc.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "twpkad.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "....64.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "....16.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe HKEY_LOCAL_MACHINE
  • <SYSTEM32>\findstr.exe /X "....32.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "....xt.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "....tt.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "....24.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "....xm.sys]" temp3.txt
  • <SYSTEM32>\find.exe "Windows XP"
  • %WINDIR%\regedit.exe /E temp1.txt "HKEY_Local_Machine\system\currentcontrolset\services"
  • <SYSTEM32>\cmd.exe /c %TEMP%\Rootchk\Rootchk.bat
  • <SYSTEM32>\find.exe "Windows 2000"
  • <SYSTEM32>\findstr.exe /m /f:/ /I "cdnprot"
  • %WINDIR%\regedit.exe /E temp1.txt "HKEY_Local_Machine\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal"
  • <SYSTEM32>\findstr.exe /i "HKEY_.*Pigeon HKEY_.*windbg48 HKEY_.*Microsoft.IE.Updater_."
  • <SYSTEM32>\findstr.exe /x "............"
  • <SYSTEM32>\findstr.exe /X "....gs.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "....gm.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "....3a.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "....6a.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "lanmui.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "lannui.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "....hh.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "....hk.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "....du.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "....dh.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "....mm.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "....dx.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "....ax.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "....aj.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "....01.sys]" temp3.txt
  • <SYSTEM32>\findstr.exe /X "....02.sys]" temp3.txt
Modifies file system :
Creates the following files:
  • %TEMP%\Rootchk\temp2.txt
  • %TEMP%\Rootchk\temp1.txt
  • %TEMP%\Rootchk\exp.txt
  • C:\rootlog.txt
  • %TEMP%\Rootchk\root.txt
  • %TEMP%\Rootchk\temp3.txt
  • %TEMP%\Rootchk\haxfix.txt
  • %TEMP%\Rootchk\chkdrv.exe
  • %TEMP%\Rootchk\Rootchk.bat
  • %TEMP%\nsa2.tmp
  • %TEMP%\Rootchk\known_drivers.txt
  • %TEMP%\Rootchk\ISADMIN.EXE
  • %TEMP%\Rootchk\catchme.exe
Deletes the following files:
  • %TEMP%\Rootchk\temp3.txt
  • %TEMP%\Rootchk\temp2.txt
  • %TEMP%\Rootchk\temp1.txt
Miscellaneous:
Searches for the following windows:
  • ClassName: 'RegEdit_RegEdit' WindowName: ''

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play
Wechat