用户服务中心

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

CN

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Close
服务
扫描仪
Dr.Web vxCube
试用
计算机病毒事件调查
病毒知识库
知识库

技术

术语

教育培训

误区

新闻

Trojan.Encoder.37716

Added to the Dr.Web virus database: 2023-07-19

Virus description added:

Technical Information

Malicious functions
Launches a large number of processes
Modifies file system
Modifies the following files
  • %HOMEPATH%\contacts\user.contact
  • %HOMEPATH%\favorites\windows live\windows live spaces.url
  • %HOMEPATH%\favorites\windows live\windows live mail.url
  • %HOMEPATH%\favorites\windows live\windows live gallery.url
  • %HOMEPATH%\favorites\windows live\get windows live.url
  • %HOMEPATH%\favorites\msn websites\msnbc news.url
  • %HOMEPATH%\favorites\msn websites\msn.url
  • %HOMEPATH%\favorites\msn websites\msn sports.url
  • %HOMEPATH%\favorites\msn websites\msn money.url
  • %HOMEPATH%\favorites\msn websites\msn entertainment.url
  • %HOMEPATH%\favorites\msn websites\msn autos.url
  • %HOMEPATH%\favorites\microsoft websites\microsoft store.url
  • %HOMEPATH%\favorites\microsoft websites\microsoft at work.url
  • %HOMEPATH%\favorites\microsoft websites\microsoft at home.url
  • %HOMEPATH%\favorites\microsoft websites\ie site on microsoft.com.url
  • %HOMEPATH%\favorites\microsoft websites\ie add-on site.url
  • %HOMEPATH%\favorites\links for united states\usa.gov.url
  • %HOMEPATH%\favorites\links for united states\gobiernousa.gov.url
  • %HOMEPATH%\favorites\links\web slice gallery.url
  • %HOMEPATH%\desktop\telegram.lnk
  • %HOMEPATH%\desktop\google chrome.lnk
  • %HOMEPATH%\desktop\february_catalogue__2015.doc
  • %HOMEPATH%\desktop\dialmap.bmp
  • %HOMEPATH%\desktop\default.bmp
  • %HOMEPATH%\desktop\dashborder_120.bmp
  • %HOMEPATH%\desktop\contosoroot.cer
  • %HOMEPATH%\desktop\coffee.bmp
  • %HOMEPATH%\desktop\browse.htm
  • %HOMEPATH%\links\desktop.lnk
  • %HOMEPATH%\links\downloads.lnk
Modifies multiple files.
Modifies user data files (Trojan.Encoder).
Miscellaneous
Executes the following
  • '<SYSTEM32>\cmd.exe' /c rundll32.exe user32.dll,SwapMouseButton
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_88 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_89 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_89 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_90 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_90 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_91 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_91 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_92 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_92 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_93 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_93 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_94 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_94 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_87 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_88 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_95 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_95 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_102 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_102 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_101 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_101 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_100 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_86 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_100 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_99 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_98 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_98 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_97 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_97 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_96 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_96 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_87 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_86 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_103 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_71 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_72 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_72 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_73 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_73 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_74 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_74 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_75 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_75 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_76 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_76 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_77 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_77 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_78 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_78 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_85 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_82 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_82 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_85 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_84 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_84 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_83 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_83 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_99 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_103 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_70 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_81 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_80 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_80 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_79 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_79 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_81 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_47 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_104 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_122 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_123 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_123 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_124 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_124 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_125 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_125 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_126 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_126 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_127 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_127 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_128 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_128 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_129 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_129 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_130 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_130 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_137 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_137 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_136 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_136 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_135 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_135 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_122 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_70 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_133 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_133 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_132 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_132 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_131 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_131 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_134 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_121 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_71 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_120 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_117 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_105 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_106 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_106 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_107 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_107 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_108 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_108 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_109 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_109 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_110 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_110 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_111 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_111 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_112 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_112 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_113 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_120 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_119 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_119 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_118 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_118 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_117 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_121 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_104 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_116 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_115 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_115 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_114 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_114 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_113 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_116 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_105 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_69 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_69 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_68 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_19 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_19 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_20 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_20 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_21 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_21 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_22 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_22 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_23 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_23 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_24 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_24 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_25 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_25 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_26 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_33 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_29 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_30 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_32 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_32 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_31 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_31 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_30 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_18 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_17 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_12 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_28 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_28 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_27 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_27 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_26 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_29 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_138 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_33 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_16 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_1 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_1 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_2 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_2 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_3 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_3 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_4 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_4 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_5 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_5 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_6 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_6 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_7 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_7 1748260240
  • '<SYSTEM32>\rundll32.exe' user32.dll,SwapMouseButton
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_8 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_15 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_8 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_9 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_9 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_10 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_10 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_11 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_17 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_11 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_16 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_13 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_13 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_14 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_14 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_15 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_12 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_134 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_34 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_35 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_53 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_54 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_54 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_55 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_55 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_56 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_56 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_57 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_57 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_58 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_58 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_59 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_59 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_60 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_60 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_61 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_61 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_52 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_68 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_67 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_67 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_66 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_66 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_53 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_65 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_34 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_64 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_63 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_63 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_62 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_62 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_65 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_35 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_64 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_18 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_36 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_36 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_37 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_37 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_38 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_38 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_39 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_39 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_40 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_40 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_41 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_41 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_42 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_42 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_43 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_43 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_44 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_51 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_50 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_50 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_49 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_49 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_48 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_52 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_48 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_51 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_46 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_46 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_45 1748260240
  • '<SYSTEM32>\cmd.exe' /c fsutil file createnew droplet_45 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_44 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_47 1748260240
  • '<SYSTEM32>\fsutil.exe' file createnew droplet_138 1748260240

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play
Wechat