Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Trojan.Inject2.63835

Added to the Dr.Web virus database: 2017-11-25

Virus description added:

Technical Information

Malicious functions:
Executes the following:
  • '<SYSTEM32>\ping.exe' -n 1 127.0.0.1
  • '<SYSTEM32>\taskkill.exe' /f /im "<File name>.exe"
  • '<SYSTEM32>\cmd.exe'
Modifies file system:
Creates the following files:
  • %TEMP%\youtube.png
  • %TEMP%\avn_logo2.png
  • %TEMP%\k3sNH4zUED0LJj3FtmPcHB.Lk4
  • %TEMP%\feed249262723.rss+xml
  • %TEMP%\default.aspx586706125.html
  • %TEMP%\fb-datePicker.js
  • %TEMP%\status_idle-f412aff2b1a053dd639ec07d72c20475.js
Deletes itself.
Network activity:
UDP:
  • '19#.#65.17.64':6892
  • '19#.#65.17.63':6892
  • '19#.#65.17.66':6892
  • '19#.#65.17.65':6892
  • '19#.#65.17.62':6892
  • '19#.#65.17.59':6892
  • '19#.#65.17.58':6892
  • '19#.#65.17.61':6892
  • '19#.#65.17.60':6892
  • '19#.#65.17.73':6892
  • '19#.#65.17.72':6892
  • '19#.#65.17.75':6892
  • '19#.#65.17.74':6892
  • '19#.#65.17.71':6892
  • '19#.#65.17.68':6892
  • '19#.#65.17.67':6892
  • '19#.#65.17.70':6892
  • '19#.#65.17.69':6892
  • '19#.#65.17.46':6892
  • '19#.#65.17.45':6892
  • '19#.#65.17.48':6892
  • '19#.#65.17.47':6892
  • '19#.#65.17.44':6892
  • '19#.#65.17.41':6892
  • '19#.#65.17.40':6892
  • '19#.#65.17.43':6892
  • '19#.#65.17.42':6892
  • '19#.#65.17.55':6892
  • '19#.#65.17.54':6892
  • '19#.#65.17.57':6892
  • '19#.#65.17.56':6892
  • '19#.#65.17.53':6892
  • '19#.#65.17.50':6892
  • '19#.#65.17.49':6892
  • '19#.#65.17.52':6892
  • '19#.#65.17.51':6892
  • '19#.#65.17.100':6892
  • '19#.#65.17.99':6892
  • '19#.#65.17.102':6892
  • '19#.#65.17.101':6892
  • '19#.#65.17.98':6892
  • '19#.#65.17.95':6892
  • '19#.#65.17.94':6892
  • '19#.#65.17.97':6892
  • '19#.#65.17.96':6892
  • '19#.#65.17.109':6892
  • '19#.#65.17.108':6892
  • '19#.#65.17.111':6892
  • '19#.#65.17.110':6892
  • '19#.#65.17.107':6892
  • '19#.#65.17.104':6892
  • '19#.#65.17.103':6892
  • '19#.#65.17.106':6892
  • '19#.#65.17.105':6892
  • '19#.#65.17.82':6892
  • '19#.#65.17.81':6892
  • '19#.#65.17.84':6892
  • '19#.#65.17.83':6892
  • '19#.#65.17.80':6892
  • '19#.#65.17.77':6892
  • '19#.#65.17.76':6892
  • '19#.#65.17.79':6892
  • '19#.#65.17.78':6892
  • '19#.#65.17.91':6892
  • '19#.#65.17.90':6892
  • '19#.#65.17.93':6892
  • '19#.#65.17.92':6892
  • '19#.#65.17.89':6892
  • '19#.#65.17.86':6892
  • '19#.#65.17.85':6892
  • '19#.#65.17.88':6892
  • '19#.#65.17.87':6892
  • '19#.#65.16.248':6892
  • '19#.#65.16.247':6892
  • '19#.#65.16.250':6892
  • '19#.#65.16.249':6892
  • '19#.#65.16.246':6892
  • '19#.#65.16.243':6892
  • '19#.#65.16.242':6892
  • '19#.#65.16.245':6892
  • '19#.#65.16.244':6892
  • '19#.#65.17.1':6892
  • '19#.#65.17.0':6892
  • '19#.#65.17.3':6892
  • '19#.#65.17.2':6892
  • '19#.#65.16.255':6892
  • '19#.#65.16.252':6892
  • '19#.#65.16.251':6892
  • '19#.#65.16.254':6892
  • '19#.#65.16.253':6892
  • '19#.#65.16.230':6892
  • '19#.#65.16.229':6892
  • '19#.#65.16.232':6892
  • '19#.#65.16.231':6892
  • '19#.#65.16.228':6892
  • '19#.#65.16.225':6892
  • '19#.#65.16.224':6892
  • '19#.#65.16.227':6892
  • '19#.#65.16.226':6892
  • '19#.#65.16.239':6892
  • '19#.#65.16.238':6892
  • '19#.#65.16.241':6892
  • '19#.#65.16.240':6892
  • '19#.#65.16.237':6892
  • '19#.#65.16.234':6892
  • '19#.#65.16.233':6892
  • '19#.#65.16.236':6892
  • '19#.#65.16.235':6892
  • '19#.#65.17.28':6892
  • '19#.#65.17.27':6892
  • '19#.#65.17.30':6892
  • '19#.#65.17.29':6892
  • '19#.#65.17.26':6892
  • '19#.#65.17.23':6892
  • '19#.#65.17.22':6892
  • '19#.#65.17.25':6892
  • '19#.#65.17.24':6892
  • '19#.#65.17.37':6892
  • '19#.#65.17.36':6892
  • '19#.#65.17.39':6892
  • '19#.#65.17.38':6892
  • '19#.#65.17.35':6892
  • '19#.#65.17.32':6892
  • '19#.#65.17.31':6892
  • '19#.#65.17.34':6892
  • '19#.#65.17.33':6892
  • '19#.#65.17.10':6892
  • '19#.#65.17.9':6892
  • '19#.#65.17.12':6892
  • '19#.#65.17.11':6892
  • '19#.#65.17.8':6892
  • '19#.#65.17.5':6892
  • '19#.#65.17.4':6892
  • '19#.#65.17.7':6892
  • '19#.#65.17.6':6892
  • '19#.#65.17.19':6892
  • '19#.#65.17.18':6892
  • '19#.#65.17.21':6892
  • '19#.#65.17.20':6892
  • '19#.#65.17.17':6892
  • '19#.#65.17.14':6892
  • '19#.#65.17.13':6892
  • '19#.#65.17.16':6892
  • '19#.#65.17.15':6892
  • '19#.#65.17.208':6892
  • '19#.#65.17.207':6892
  • '19#.#65.17.210':6892
  • '19#.#65.17.209':6892
  • '19#.#65.17.206':6892
  • '19#.#65.17.203':6892
  • '19#.#65.17.202':6892
  • '19#.#65.17.205':6892
  • '19#.#65.17.204':6892
  • '19#.#65.17.217':6892
  • '19#.#65.17.216':6892
  • '19#.#65.17.219':6892
  • '19#.#65.17.218':6892
  • '19#.#65.17.215':6892
  • '19#.#65.17.212':6892
  • '19#.#65.17.211':6892
  • '19#.#65.17.214':6892
  • '19#.#65.17.213':6892
  • '19#.#65.17.190':6892
  • '19#.#65.17.189':6892
  • '19#.#65.17.192':6892
  • '19#.#65.17.191':6892
  • '19#.#65.17.188':6892
  • '19#.#65.17.185':6892
  • '19#.#65.17.184':6892
  • '19#.#65.17.187':6892
  • '19#.#65.17.186':6892
  • '19#.#65.17.199':6892
  • '19#.#65.17.198':6892
  • '19#.#65.17.201':6892
  • '19#.#65.17.200':6892
  • '19#.#65.17.197':6892
  • '19#.#65.17.194':6892
  • '19#.#65.17.193':6892
  • '19#.#65.17.196':6892
  • '19#.#65.17.195':6892
  • '19#.#65.17.244':6892
  • '19#.#65.17.243':6892
  • '19#.#65.17.246':6892
  • '19#.#65.17.245':6892
  • '19#.#65.17.242':6892
  • '19#.#65.17.239':6892
  • '19#.#65.17.238':6892
  • '19#.#65.17.241':6892
  • '19#.#65.17.240':6892
  • '19#.#65.17.253':6892
  • '19#.#65.17.252':6892
  • '19#.#65.17.255':6892
  • '19#.#65.17.254':6892
  • '19#.#65.17.251':6892
  • '19#.#65.17.248':6892
  • '19#.#65.17.247':6892
  • '19#.#65.17.250':6892
  • '19#.#65.17.249':6892
  • '19#.#65.17.226':6892
  • '19#.#65.17.225':6892
  • '19#.#65.17.228':6892
  • '19#.#65.17.227':6892
  • '19#.#65.17.224':6892
  • '19#.#65.17.221':6892
  • '19#.#65.17.220':6892
  • '19#.#65.17.223':6892
  • '19#.#65.17.222':6892
  • '19#.#65.17.235':6892
  • '19#.#65.17.234':6892
  • '19#.#65.17.237':6892
  • '19#.#65.17.236':6892
  • '19#.#65.17.233':6892
  • '19#.#65.17.230':6892
  • '19#.#65.17.229':6892
  • '19#.#65.17.232':6892
  • '19#.#65.17.231':6892
  • '19#.#65.17.136':6892
  • '19#.#65.17.135':6892
  • '19#.#65.17.138':6892
  • '19#.#65.17.137':6892
  • '19#.#65.17.134':6892
  • '19#.#65.17.131':6892
  • '19#.#65.17.130':6892
  • '19#.#65.17.133':6892
  • '19#.#65.17.132':6892
  • '19#.#65.17.145':6892
  • '19#.#65.17.144':6892
  • '19#.#65.17.147':6892
  • '19#.#65.17.146':6892
  • '19#.#65.17.143':6892
  • '19#.#65.17.140':6892
  • '19#.#65.17.139':6892
  • '19#.#65.17.142':6892
  • '19#.#65.17.141':6892
  • '19#.#65.17.118':6892
  • '19#.#65.17.117':6892
  • '19#.#65.17.120':6892
  • '19#.#65.17.119':6892
  • '19#.#65.17.116':6892
  • '19#.#65.17.113':6892
  • '19#.#65.17.112':6892
  • '19#.#65.17.115':6892
  • '19#.#65.17.114':6892
  • '19#.#65.17.127':6892
  • '19#.#65.17.126':6892
  • '19#.#65.17.129':6892
  • '19#.#65.17.128':6892
  • '19#.#65.17.125':6892
  • '19#.#65.17.122':6892
  • '19#.#65.17.121':6892
  • '19#.#65.17.124':6892
  • '19#.#65.17.123':6892
  • '19#.#65.17.172':6892
  • '19#.#65.17.171':6892
  • '19#.#65.17.174':6892
  • '19#.#65.17.173':6892
  • '19#.#65.17.170':6892
  • '19#.#65.17.167':6892
  • '19#.#65.17.166':6892
  • '19#.#65.17.169':6892
  • '19#.#65.17.168':6892
  • '19#.#65.17.181':6892
  • '19#.#65.17.180':6892
  • '19#.#65.17.183':6892
  • '19#.#65.17.182':6892
  • '19#.#65.17.179':6892
  • '19#.#65.17.176':6892
  • '19#.#65.17.175':6892
  • '19#.#65.17.178':6892
  • '19#.#65.17.177':6892
  • '19#.#65.17.154':6892
  • '19#.#65.17.153':6892
  • '19#.#65.17.156':6892
  • '19#.#65.17.155':6892
  • '19#.#65.17.152':6892
  • '19#.#65.17.149':6892
  • '19#.#65.17.148':6892
  • '19#.#65.17.151':6892
  • '19#.#65.17.150':6892
  • '19#.#65.17.163':6892
  • '19#.#65.17.162':6892
  • '19#.#65.17.165':6892
  • '19#.#65.17.164':6892
  • '19#.#65.17.161':6892
  • '19#.#65.17.158':6892
  • '19#.#65.17.157':6892
  • '19#.#65.17.160':6892
  • '19#.#65.17.159':6892
  • '19#.#65.16.32':6892
  • '19#.#65.16.31':6892
  • '19#.#65.16.34':6892
  • '19#.#65.16.33':6892
  • '19#.#65.16.30':6892
  • '19#.#65.16.27':6892
  • '19#.#65.16.26':6892
  • '19#.#65.16.29':6892
  • '19#.#65.16.28':6892
  • '19#.#65.16.41':6892
  • '19#.#65.16.40':6892
  • '19#.#65.16.43':6892
  • '19#.#65.16.42':6892
  • '19#.#65.16.39':6892
  • '19#.#65.16.36':6892
  • '19#.#65.16.35':6892
  • '19#.#65.16.38':6892
  • '19#.#65.16.37':6892
  • '19#.#65.16.14':6892
  • '19#.#65.16.13':6892
  • '19#.#65.16.16':6892
  • '19#.#65.16.15':6892
  • '19#.#65.16.12':6892
  • '19#.#65.16.9':6892
  • '19#.#65.16.8':6892
  • '19#.#65.16.11':6892
  • '19#.#65.16.10':6892
  • '19#.#65.16.23':6892
  • '19#.#65.16.22':6892
  • '19#.#65.16.25':6892
  • '19#.#65.16.24':6892
  • '19#.#65.16.21':6892
  • '19#.#65.16.18':6892
  • '19#.#65.16.17':6892
  • '19#.#65.16.20':6892
  • '19#.#65.16.19':6892
  • '19#.#65.16.68':6892
  • '19#.#65.16.67':6892
  • '19#.#65.16.70':6892
  • '19#.#65.16.69':6892
  • '19#.#65.16.66':6892
  • '19#.#65.16.63':6892
  • '19#.#65.16.62':6892
  • '19#.#65.16.65':6892
  • '19#.#65.16.64':6892
  • '19#.#65.16.77':6892
  • '19#.#65.16.76':6892
  • '19#.#65.16.79':6892
  • '19#.#65.16.78':6892
  • '19#.#65.16.75':6892
  • '19#.#65.16.72':6892
  • '19#.#65.16.71':6892
  • '19#.#65.16.74':6892
  • '19#.#65.16.73':6892
  • '19#.#65.16.50':6892
  • '19#.#65.16.49':6892
  • '19#.#65.16.52':6892
  • '19#.#65.16.51':6892
  • '19#.#65.16.48':6892
  • '19#.#65.16.45':6892
  • '19#.#65.16.44':6892
  • '19#.#65.16.47':6892
  • '19#.#65.16.46':6892
  • '19#.#65.16.59':6892
  • '19#.#65.16.58':6892
  • '19#.#65.16.61':6892
  • '19#.#65.16.60':6892
  • '19#.#65.16.57':6892
  • '19#.#65.16.54':6892
  • '19#.#65.16.53':6892
  • '19#.#65.16.56':6892
  • '19#.#65.16.55':6892
  • '12#.0.0.24':6892
  • '12#.0.0.23':6892
  • '12#.0.0.26':6892
  • '12#.0.0.25':6892
  • '12#.0.0.22':6892
  • '12#.0.0.19':6892
  • '12#.0.0.18':6892
  • '12#.0.0.21':6892
  • '12#.0.0.20':6892
  • '<L####NET_GATEWAY>':6892
  • '<L###LNET>.0.0':6892
  • '<L###LNET>.0.3':6892
  • '<L###LNET>.0.2':6892
  • '12#.0.0.31':6892
  • '12#.0.0.28':6892
  • '12#.0.0.27':6892
  • '12#.0.0.30':6892
  • '12#.0.0.29':6892
  • '12#.0.0.6':6892
  • '12#.0.0.5':6892
  • '12#.0.0.8':6892
  • '12#.0.0.7':6892
  • '12#.0.0.4':6892
  • 'localhost':6892
  • '12#.0.0.0':6892
  • '12#.0.0.3':6892
  • '12#.0.0.2':6892
  • '12#.0.0.15':6892
  • '12#.0.0.14':6892
  • '12#.0.0.17':6892
  • '12#.0.0.16':6892
  • '12#.0.0.13':6892
  • '12#.0.0.10':6892
  • '12#.0.0.9':6892
  • '12#.0.0.12':6892
  • '12#.0.0.11':6892
  • '<L###LNET>.0.28':6892
  • '<L###LNET>.0.27':6892
  • '<L###LNET>.0.30':6892
  • '<L###LNET>.0.29':6892
  • '<L###LNET>.0.26':6892
  • '<L###LNET>.0.23':6892
  • '<L###LNET>.0.22':6892
  • '<L###LNET>.0.25':6892
  • '<L###LNET>.0.24':6892
  • '19#.#65.16.5':6892
  • '19#.#65.16.4':6892
  • '19#.#65.16.7':6892
  • '19#.#65.16.6':6892
  • '19#.#65.16.3':6892
  • '19#.#65.16.0':6892
  • '<L###LNET>.0.31':6892
  • '19#.#65.16.2':6892
  • '19#.#65.16.1':6892
  • '<L###LNET>.0.10':6892
  • '<L###LNET>.0.9':6892
  • '<L###LNET>.0.12':6892
  • '<L###LNET>.0.11':6892
  • '<L###LNET>.0.8':6892
  • '<L###LNET>.0.5':6892
  • '<L###LNET>.0.4':6892
  • '<L###LNET>.0.7':6892
  • '<L###LNET>.0.6':6892
  • '<L###LNET>.0.19':6892
  • '<L###LNET>.0.18':6892
  • '<L###LNET>.0.21':6892
  • '<L###LNET>.0.20':6892
  • '<L###LNET>.0.17':6892
  • '<L###LNET>.0.14':6892
  • '<L###LNET>.0.13':6892
  • '<L###LNET>.0.16':6892
  • '<L###LNET>.0.15':6892
  • '19#.#65.16.176':6892
  • '19#.#65.16.175':6892
  • '19#.#65.16.178':6892
  • '19#.#65.16.177':6892
  • '19#.#65.16.174':6892
  • '19#.#65.16.171':6892
  • '19#.#65.16.170':6892
  • '19#.#65.16.173':6892
  • '19#.#65.16.172':6892
  • '19#.#65.16.185':6892
  • '19#.#65.16.184':6892
  • '19#.#65.16.187':6892
  • '19#.#65.16.186':6892
  • '19#.#65.16.183':6892
  • '19#.#65.16.180':6892
  • '19#.#65.16.179':6892
  • '19#.#65.16.182':6892
  • '19#.#65.16.181':6892
  • '19#.#65.16.158':6892
  • '19#.#65.16.157':6892
  • '19#.#65.16.160':6892
  • '19#.#65.16.159':6892
  • '19#.#65.16.156':6892
  • '19#.#65.16.153':6892
  • '19#.#65.16.152':6892
  • '19#.#65.16.155':6892
  • '19#.#65.16.154':6892
  • '19#.#65.16.167':6892
  • '19#.#65.16.166':6892
  • '19#.#65.16.169':6892
  • '19#.#65.16.168':6892
  • '19#.#65.16.165':6892
  • '19#.#65.16.162':6892
  • '19#.#65.16.161':6892
  • '19#.#65.16.164':6892
  • '19#.#65.16.163':6892
  • '19#.#65.16.212':6892
  • '19#.#65.16.211':6892
  • '19#.#65.16.214':6892
  • '19#.#65.16.213':6892
  • '19#.#65.16.210':6892
  • '19#.#65.16.207':6892
  • '19#.#65.16.206':6892
  • '19#.#65.16.209':6892
  • '19#.#65.16.208':6892
  • '19#.#65.16.221':6892
  • '19#.#65.16.220':6892
  • '19#.#65.16.223':6892
  • '19#.#65.16.222':6892
  • '19#.#65.16.219':6892
  • '19#.#65.16.216':6892
  • '19#.#65.16.215':6892
  • '19#.#65.16.218':6892
  • '19#.#65.16.217':6892
  • '19#.#65.16.194':6892
  • '19#.#65.16.193':6892
  • '19#.#65.16.196':6892
  • '19#.#65.16.195':6892
  • '19#.#65.16.192':6892
  • '19#.#65.16.189':6892
  • '19#.#65.16.188':6892
  • '19#.#65.16.191':6892
  • '19#.#65.16.190':6892
  • '19#.#65.16.203':6892
  • '19#.#65.16.202':6892
  • '19#.#65.16.205':6892
  • '19#.#65.16.204':6892
  • '19#.#65.16.201':6892
  • '19#.#65.16.198':6892
  • '19#.#65.16.197':6892
  • '19#.#65.16.200':6892
  • '19#.#65.16.199':6892
  • '19#.#65.16.104':6892
  • '19#.#65.16.103':6892
  • '19#.#65.16.106':6892
  • '19#.#65.16.105':6892
  • '19#.#65.16.102':6892
  • '19#.#65.16.99':6892
  • '19#.#65.16.98':6892
  • '19#.#65.16.101':6892
  • '19#.#65.16.100':6892
  • '19#.#65.16.113':6892
  • '19#.#65.16.112':6892
  • '19#.#65.16.115':6892
  • '19#.#65.16.114':6892
  • '19#.#65.16.111':6892
  • '19#.#65.16.108':6892
  • '19#.#65.16.107':6892
  • '19#.#65.16.110':6892
  • '19#.#65.16.109':6892
  • '19#.#65.16.86':6892
  • '19#.#65.16.85':6892
  • '19#.#65.16.88':6892
  • '19#.#65.16.87':6892
  • '19#.#65.16.84':6892
  • '19#.#65.16.81':6892
  • '19#.#65.16.80':6892
  • '19#.#65.16.83':6892
  • '19#.#65.16.82':6892
  • '19#.#65.16.95':6892
  • '19#.#65.16.94':6892
  • '19#.#65.16.97':6892
  • '19#.#65.16.96':6892
  • '19#.#65.16.93':6892
  • '19#.#65.16.90':6892
  • '19#.#65.16.89':6892
  • '19#.#65.16.92':6892
  • '19#.#65.16.91':6892
  • '19#.#65.16.140':6892
  • '19#.#65.16.139':6892
  • '19#.#65.16.142':6892
  • '19#.#65.16.141':6892
  • '19#.#65.16.138':6892
  • '19#.#65.16.135':6892
  • '19#.#65.16.134':6892
  • '19#.#65.16.137':6892
  • '19#.#65.16.136':6892
  • '19#.#65.16.149':6892
  • '19#.#65.16.148':6892
  • '19#.#65.16.151':6892
  • '19#.#65.16.150':6892
  • '19#.#65.16.147':6892
  • '19#.#65.16.144':6892
  • '19#.#65.16.143':6892
  • '19#.#65.16.146':6892
  • '19#.#65.16.145':6892
  • '19#.#65.16.122':6892
  • '19#.#65.16.121':6892
  • '19#.#65.16.124':6892
  • '19#.#65.16.123':6892
  • '19#.#65.16.120':6892
  • '19#.#65.16.117':6892
  • '19#.#65.16.116':6892
  • '19#.#65.16.119':6892
  • '19#.#65.16.118':6892
  • '19#.#65.16.131':6892
  • '19#.#65.16.130':6892
  • '19#.#65.16.133':6892
  • '19#.#65.16.132':6892
  • '19#.#65.16.129':6892
  • '19#.#65.16.126':6892
  • '19#.#65.16.125':6892
  • '19#.#65.16.128':6892
  • '19#.#65.16.127':6892
Miscellaneous:
Searches for the following windows:
  • ClassName: 'zglrznis' WindowName: ''
  • ClassName: 'cqoth' WindowName: ''
  • ClassName: 'icxqiyziyxah' WindowName: ''
  • ClassName: 'revekaelufesr' WindowName: ''
  • ClassName: 'jzcyoaij' WindowName: ''
  • ClassName: 'hys' WindowName: ''
  • ClassName: 'zandhfr' WindowName: ''
  • ClassName: 'glvjbz' WindowName: ''
  • ClassName: 'kfaq' WindowName: ''
  • ClassName: 'f' WindowName: ''
  • ClassName: 'qccuwfcsqkpkf' WindowName: ''
  • ClassName: 'nw' WindowName: ''
  • ClassName: 'mksaac' WindowName: ''
  • ClassName: 'oapgnayfsi' WindowName: ''
  • ClassName: 'xvjb' WindowName: ''
  • ClassName: 'i' WindowName: ''
  • ClassName: 'xiuba' WindowName: ''
  • ClassName: 'ttshbmq' WindowName: ''
  • ClassName: 'tgvgo' WindowName: ''
  • ClassName: 'ztuwegbw' WindowName: ''
  • ClassName: 'zfnuvimllnnd' WindowName: ''
  • ClassName: 'zy' WindowName: ''
  • ClassName: 'wkmzp' WindowName: ''
  • ClassName: 'wdrhk' WindowName: ''
  • ClassName: 'rpuugoxxz' WindowName: ''
  • ClassName: 'mzpp' WindowName: ''
  • ClassName: 'ufsfqyoobnavod' WindowName: ''
  • ClassName: 'fp' WindowName: ''
  • ClassName: 'vqlflx' WindowName: ''
  • ClassName: 'enxvucaagdhyik' WindowName: ''
  • ClassName: 'nkdojxwiygdvk' WindowName: ''
  • ClassName: 'bkbyojstbq' WindowName: ''
  • ClassName: 'tjfkob' WindowName: ''
  • ClassName: 'vxihqhtk' WindowName: ''
  • ClassName: 'roak' WindowName: ''
  • ClassName: 'tzcr' WindowName: ''
  • ClassName: 'wrvykmrfkkhpauj' WindowName: ''
  • ClassName: 'aibtyqkcmyyei' WindowName: ''
  • ClassName: 'fsvakesendqfo' WindowName: ''
  • ClassName: 'qemivvxhnig' WindowName: ''
  • ClassName: 'vngfnbu' WindowName: ''
  • ClassName: 'nmkuzmlnh' WindowName: ''
  • ClassName: 'vamfxsodpabgs' WindowName: ''
  • ClassName: '' WindowName: ''
  • ClassName: 'dssvyw' WindowName: ''
  • ClassName: 'ryyscgruk' WindowName: ''
  • ClassName: 'w' WindowName: ''
  • ClassName: 'rsuwtrvoqtepa' WindowName: ''
  • ClassName: 'lwhixes' WindowName: ''
  • ClassName: 'pysgffcmi' WindowName: ''
  • ClassName: 'xdtlqnlfjt' WindowName: ''
  • ClassName: 'hwfjqdcvx' WindowName: ''
  • ClassName: 'vruxlxkswwgjn' WindowName: ''
  • ClassName: 'mx' WindowName: ''
  • ClassName: 'wjmtfl' WindowName: ''
  • ClassName: 'euu' WindowName: ''
  • ClassName: 'lkgxpu' WindowName: ''
  • ClassName: 'iltkmrxbtdfstg' WindowName: ''
  • ClassName: 'ulgvfmxjctvydwo' WindowName: ''
  • ClassName: 'rxlwznijlekan' WindowName: ''
  • ClassName: 'csspnguakwbvkos' WindowName: ''
  • ClassName: 'npnwihfciyipds' WindowName: ''
  • ClassName: 'ziza' WindowName: ''
  • ClassName: 'u' WindowName: ''
  • ClassName: 'pasvb' WindowName: ''
  • ClassName: 'unoq' WindowName: ''
  • ClassName: 'olfaesokyqc' WindowName: ''
  • ClassName: 'ifq' WindowName: ''
  • ClassName: 'zsjmmzwq' WindowName: ''
  • ClassName: 'lejqykeeszcwuus' WindowName: ''
  • ClassName: 'qcmedhykfamsbv' WindowName: ''
  • ClassName: 'fq' WindowName: ''
  • ClassName: 'fmvyxnjrndp' WindowName: ''
  • ClassName: 'h' WindowName: ''
  • ClassName: 'oe' WindowName: ''
  • ClassName: 'p' WindowName: ''
  • ClassName: 'rkstuvsqrwfdaw' WindowName: ''
  • ClassName: 'ezabhnauqmahdij' WindowName: ''
  • ClassName: 'mxnbzjuafnqz' WindowName: ''
  • ClassName: 'fbhw' WindowName: ''
  • ClassName: 'r' WindowName: ''
  • ClassName: 'tpzmtcokp' WindowName: ''
  • ClassName: 'aui' WindowName: ''
  • ClassName: 'yzgohxbw' WindowName: ''
  • ClassName: 'oucuxyd' WindowName: ''
  • ClassName: 'xyyqokrjmjl' WindowName: ''
  • ClassName: 'vezzxqbmbnynzlj' WindowName: ''
  • ClassName: 'a' WindowName: ''
  • ClassName: 'azbpl' WindowName: ''
  • ClassName: 'vkietfrrdg' WindowName: ''
  • ClassName: 'thsyfx' WindowName: ''
  • ClassName: 'mtaplsuqjssr' WindowName: ''
  • ClassName: 'ykcpjvbmzxk' WindowName: ''
  • ClassName: 'gb' WindowName: ''
  • ClassName: 'vxgqktonengnk' WindowName: ''
  • ClassName: 'ldlz' WindowName: ''
  • ClassName: 'wmwhvs' WindowName: ''
  • ClassName: 'trjtcvphv' WindowName: ''
  • ClassName: 'xk' WindowName: ''
  • ClassName: 'genulassprcds' WindowName: ''
  • ClassName: 'dcugdikwdvuczv' WindowName: ''
  • ClassName: 'dnkhpzzraruzrde' WindowName: ''
  • ClassName: 'cmb' WindowName: ''
  • ClassName: 'bekq' WindowName: ''
  • ClassName: 'qnfjruogefi' WindowName: ''
  • ClassName: 'ecpwexrhop' WindowName: ''
  • ClassName: 'xqig' WindowName: ''
  • ClassName: 'ndc' WindowName: ''
  • ClassName: 'hbgvvzoubxwhpmx' WindowName: ''
  • ClassName: 'bsax' WindowName: ''
  • ClassName: 'euulpxiveqzz' WindowName: ''
  • ClassName: 'mfstrx' WindowName: ''
  • ClassName: 'acyphkxuhti' WindowName: ''
  • ClassName: 'hcegho' WindowName: ''
  • ClassName: 'zbua' WindowName: ''
  • ClassName: 'ocappruoavx' WindowName: ''
  • ClassName: 'qs' WindowName: ''
  • ClassName: 'vvnypgnro' WindowName: ''
  • ClassName: 'nkd' WindowName: ''
  • ClassName: 'ue' WindowName: ''
  • ClassName: 'oqppycz' WindowName: ''
  • ClassName: 'jisesldzge' WindowName: ''
  • ClassName: 'ljygeatcqorhzmq' WindowName: ''
  • ClassName: 'ket' WindowName: ''
  • ClassName: 'uadljvma' WindowName: ''
  • ClassName: 'rduegosqd' WindowName: ''
  • ClassName: 'zpgqz' WindowName: ''
  • ClassName: 'etwytnawrfjulo' WindowName: ''
  • ClassName: 'qreynjnyxrekyb' WindowName: ''
  • ClassName: 'xun' WindowName: ''
  • ClassName: 'bzhlg' WindowName: ''
  • ClassName: 'xegqmqejrk' WindowName: ''
  • ClassName: 'rxvswopehi' WindowName: ''

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android