用户服务中心

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

CN

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Close
服务
扫描仪
Dr.Web vxCube
试用
计算机病毒事件调查
病毒知识库
知识库

技术

术语

教育培训

误区

新闻

Trojan.Siggen21.29645

Added to the Dr.Web virus database: 2023-09-16

Virus description added:

Technical Information

To ensure autorun and distribution
Modifies the following registry keys
  • [HKLM\SOFTWARE\Classes\pdf_auto_file\shell\open\command] '' = '"%ProgramFiles%\绿色软件\Foxit Reader\Foxit Reader.exe" "%1"'
  • [HKLM\SOFTWARE\Classes\FoxitReader.Document\shell\open\command] '' = '"C:\PROGRA~1\绿色软件\FOXITR~1\FOXITR~1.EXE" "%1"'
Malicious functions
Sets a new unauthorized home page for Windows Internet Explorer.
Modifies file system
Creates the following files
  • %TEMP%\aut6048.tmp
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\系统设置\电脑时间效准.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\系统简单修复\打开光驱硬盘的自动运行特性.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\硬件检测\笔记本键盘设置.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\系统简单修复\安装sql如提示挂起导入本注册表可解决.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\winsock-tcp网络协议修复.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\u盘病毒免疫工具.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\系统设置\tcpip并发连接数破解.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\网络相关设置\ping网关192.168.1.1.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\网络相关设置\ping外网测试网速是否正常.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\实用绿色软件\pdf阅读器.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\系统设置\oem-diy品牌自己做5.1.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\系统简单修复\newsid-生成新的安全标识符.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\实用绿色软件\iso光盘编辑.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\网络相关设置\ip相关的问题解答.lnk
  • %ProgramFiles%\维护工具\备份还原\手动备份恢复系统.exe
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\系统简单修复\ie不能打开新链接修复.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\硬件检测\gpuz-显卡检测.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\硬件检测\display-显示器检测.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\硬件检测\cpuz-cpu检测.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\aida64-硬件全面检测.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\系统简单修复\(仅供备用)取消磁盘的自动扫描.lnk
  • %TEMP%\7zsfx000.cmd
  • %ProgramFiles%\绿色软件\vdd-x86.sys
  • %ProgramFiles%\绿色软件\vdd-x64.sys
  • %ProgramFiles%\绿色软件\ones\reso.dll
  • %ProgramFiles%\维护工具\系统设置\输入法调整工具.exe
  • %ProgramFiles%\维护工具\系统设置\系统自启动项目管理器.exe
  • %ProgramFiles%\维护工具\硬件检测\笔记本键盘设置.exe
  • %ProgramFiles%\维护工具\卸载清除\病毒免疫工具.exe
  • %ProgramFiles%\维护工具\系统设置\电脑时间效准.exe
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\硬件检测\hdtune-硬盘检测.lnk
  • %ProgramFiles%\维护工具\卸载清除\木马端口封杀.exe
  • C:\documents and settings\all users\「开始」菜单\程序\实用绿色软件\定时关机酷.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\系统简单修复\若任务管理器被病毒禁用导入本注册表可解开.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\网络相关设置\世纪前线网络质量测试工具.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\备份还原\手动备份恢复系统.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\系统设置\输入法调整工具.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\网络相关设置\填写ip为192.168.0.118.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\网络相关设置\填写ip为192.168.1.118.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\实用绿色软件\网络协议修复.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\系统设置\系统自启动项目管理器.lnk
  • %ProgramFiles%\维护工具\简单修复\若任务管理器被病毒禁用导入本注册表可解开.reg
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\系统简单修复\显示隐藏文件(中了该类病毒后).lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\系统简单修复\修复exe文件关联.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\系统简单修复\修复windows media player.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\实用绿色软件\虚拟光驱.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\一键备份还原系统.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\系统设置\一键清理系统垃圾文件.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\系统设置\给每个盘添加卷标.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\实用绿色软件\飞鸽传书.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\系统简单修复\任务栏修复工具.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\清除所有多余的桌面右键菜单.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\清除所有多余的启动项目.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\硬件检测\内存条检测.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\系统设置\木马端口封杀.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\网络相关设置\开通局域网共享(访问本机要填用户名和密码).lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\网络相关设置\开通局域网共享(访问本机无需验证即可进入).lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\系统简单修复\解决内存不能为read的问题.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\系统简单修复\解决iis无法调试的问题.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\系统简单修复\恢复winxp系统默认服务.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\硬件检测\光驱检测.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\实用绿色软件\光盘刻录软件.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\网络相关设置\关闭局域网共享.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\系统简单修复\关闭光驱硬盘的自动运行特性.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\系统设置\删除快捷方式的箭头.lnk
  • %ProgramFiles%\绿色软件\定时关机酷.exe
  • %ProgramFiles%\维护工具\硬件检测\内存条检测memtest.exe
  • %ProgramFiles%\维护工具\简单修复\任务栏修复工具.exe
  • %ProgramFiles%\维护工具\简单修复\administrator帐户设为不隐藏.reg
  • %ProgramFiles%\维护工具\网络设置\解决局域网共享\(仅供备用)硬盘各分区的默认共享:打开(原版xp本来就是开的).reg
  • %ProgramFiles%\维护工具\网络设置\解决局域网共享\(仅供备用)硬盘各分区的默认共享:关闭.reg
  • %ProgramFiles%\维护工具\网络设置\解决局域网共享\为什么要这样做?.txt
  • %ProgramFiles%\绿色软件\foxit reader\lang_zh_cn.xml
  • %ProgramFiles%\维护工具\简单修复\解决内存不能为read的批处理.cmd
  • %ProgramFiles%\维护工具\简单修复\解决iis无法调试的问题.cmd
  • %ProgramFiles%\维护工具\系统设置\给每个盘添加卷标.cmd
  • %ProgramFiles%\维护工具\卸载清除\清除所有多余的桌面右键菜单.cmd
  • %ProgramFiles%\维护工具\卸载清除\清除所有多余的启动项目.cmd
  • %ProgramFiles%\维护工具\简单修复\注册表编辑器regedit解禁.cmd
  • %ProgramFiles%\维护工具\网络设置\解决局域网共享\开通局域网共享(访问本机要填用户名和密码).cmd
  • %ProgramFiles%\维护工具\网络设置\解决局域网共享\开通局域网共享(访问本机无需验证即可进入).cmd
  • %ProgramFiles%\维护工具\简单修复\关闭光驱硬盘的自动运行特性.reg
  • %ProgramFiles%\维护工具\网络设置\解决局域网共享\填写ip为192.168.1.118.cmd
  • %ProgramFiles%\维护工具\系统设置\删除快捷方式的箭头.cmd
  • %ProgramFiles%\维护工具\网络设置\解决局域网共享\关闭局域网共享.cmd
  • %ProgramFiles%\维护工具\网络设置\ping网关192.168.1.1.cmd
  • %ProgramFiles%\维护工具\网络设置\ping外网测试网速是否正常.cmd
  • %ProgramFiles%\维护工具\简单修复\ie不能打开新链接修复.cmd
  • %ProgramFiles%\维护工具\系统设置\c盘转换为ntfs格式.cmd
  • %ProgramFiles%\维护工具\系统设置\自动关闭空闲的ide通道.bat
  • %ProgramFiles%\维护工具\简单修复\修复windows media player.bat
  • %ProgramFiles%\维护工具\卸载清除\一键清理系统垃圾文件.bat
  • %ProgramFiles%\维护工具\简单修复\winxp原本的各项服务.bat
  • %ProgramFiles%\维护工具\卸载清除\ico.ico
  • %WINDIR%\temp\tool.reg
  • %TEMP%\aut696d.tmp
  • %WINDIR%\temp\tool.exe
  • %ProgramFiles%\维护工具\网络设置\解决局域网共享\填写ip为192.168.0.118.cmd
  • %ProgramFiles%\维护工具\网络设置\解决局域网共享\关闭局域网共享.reg
  • %ProgramFiles%\维护工具\简单修复\修复exe文件关联.reg
  • %ProgramFiles%\维护工具\系统设置\删除快捷方式的箭头.reg
  • %ProgramFiles%\维护工具\网络设置\世纪前线网络质量测试工具.exe
  • %ProgramFiles%\维护工具\硬件检测\gpuz.exe
  • %ProgramFiles%\维护工具\系统设置\winsockfixcncn汉化版.exe
  • %ProgramFiles%\绿色软件\virtual_drive.exe
  • %ProgramFiles%\绿色软件\ultraiso.exe
  • %ProgramFiles%\维护工具\系统设置\tcpip并发连接数破解.exe
  • %ProgramFiles%\维护工具\系统设置\rebuild.exe
  • %ProgramFiles%\optimize\optimize.exe
  • %ProgramFiles%\绿色软件\ones\ones.exe
  • %ProgramFiles%\维护工具\系统设置\oem-diy品牌自己做5.1.exe
  • %ProgramFiles%\维护工具\简单修复\newsid-生成新的安全标识符.exe
  • %ProgramFiles%\kuai.exe
  • %ProgramFiles%\维护工具\网络设置\ip切换器.exe
  • %ProgramFiles%\维护工具\网络设置\ip修改工具.exe
  • %ProgramFiles%\绿色软件\ipmsg.exe
  • %ProgramFiles%\维护工具\硬件检测\hdtune.exe
  • %ProgramFiles%\绿色软件\foxit reader\foxit reader.exe
  • %ProgramFiles%\维护工具\简单修复\取消磁盘的自动扫描.reg
  • %ProgramFiles%\维护工具\硬件检测\display.exe
  • %ProgramFiles%\维护工具\硬件检测\cpuz.exe
  • %ProgramFiles%\维护工具\硬件检测\cdspeed.exe
  • %ProgramFiles%\绿色软件\ipmsg.log
  • %ProgramFiles%\维护工具\网络设置\解决局域网共享\ip相关的问题解答.doc
  • %ProgramFiles%\绿色软件\foxit reader\foxitreader_preferences.ini
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\系统简易优化向导.lnk
  • %ProgramFiles%\维护工具\简单修复\注册表编辑器regedit解禁.reg
  • %ProgramFiles%\维护工具\简单修复\显示隐藏文件(中了该类病毒后).reg
  • %ProgramFiles%\维护工具\简单修复\打开光驱硬盘的自动运行特性.reg
  • %ProgramFiles%\维护工具\网络设置\解决局域网共享\开通局域网共享(访问本机要填用户名和密码).reg
  • %ProgramFiles%\维护工具\网络设置\解决局域网共享\开通局域网共享(访问本机无需验证即可进入).reg
  • %ProgramFiles%\维护工具\简单修复\安装sql如提示挂起导入本注册表可解决.reg
  • %ProgramFiles%\维护工具\简单修复\因装了kb905474正版验证补丁进系统受阻导入本注册表可破解.reg
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\系统简单修复\注册表编辑器regedit解禁.lnk
  • C:\documents and settings\all users\「开始」菜单\程序\维护人员工具\系统设置\自动关闭空闲的ide通道.lnk
Deletes the following files
  • %TEMP%\aut6048.tmp
  • %TEMP%\aut696d.tmp
  • %WINDIR%\temp\tool.exe
  • %TEMP%\7zsfx000.cmd
  • %ProgramFiles%\kuai.exe
  • %WINDIR%\temp\tool.reg
Miscellaneous
Searches for the following windows
  • ClassName: 'EDIT' WindowName: ''
  • ClassName: 'RegEdit_RegEdit' WindowName: ''
Creates and executes the following
  • '%WINDIR%\temp\tool.exe'
  • '%ProgramFiles%\kuai.exe' /S
  • '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\7ZSfx000.cmd" "' (with hidden window)
Executes the following
  • '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\7ZSfx000.cmd" "
  • '%WINDIR%\syswow64\regedit.exe' /s %WINDIR%\temp\tool.reg

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play
Wechat