ПОЛЬЗОВАТЕЛЯМ

Закрыть

Поиск

Поиск

Поддержка
Круглосуточная поддержка

Напишите

Запрос через форму

Позвоните

Бесплатно по России:
8-800-333-79-32

ЧаВо | Форум

Напишите

Задать вопрос в поддержку

Ваши запросы

  • Все: -
  • Незакрытые: -
  • Последний: -

Позвоните

Бесплатно по России:
8-800-333-79-32

Свяжитесь с нами Незакрытые запросы: 

Профиль

Профиль

RU
RU CN DE EN ES FR IT JP KZ UZ PL BY
Закрыть

Переключение языка сайта

Сервисы
Сканеры
FixIt!
Dr.Web vxCube
Экспертиза ВКИ
Вирусная библиотека
База знаний

Технологии

Термины

Обучение и просвещение

Мифы

Новости

Win32.HLLP.Stone.2

Добавлен в вирусную базу Dr.Web: 2016-07-11

Описание добавлено:

Техническая информация

Для обеспечения автозапуска и распространения
Модифицирует следующие ключи реестра
  • [<HKLM>\SoftWare\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe HelpMe.exe'
Создает или изменяет следующие файлы
  • %HOMEPATH%\start menu\programs\startup\soft.lnk
  • %ALLUSERSPROFILE%\start menu\programs\startup\desktop.ini.exe
Заражает следующие исполняемые файлы
  • %ALLUSERSPROFILE%\application data\adobe\setup\{ac76ba86-7ad7-1033-7b44-aa1000000001}\setup.exe.exe
  • %ALLUSERSPROFILE%\application data\package cache\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\vcredist_x86.exe.exe
  • %ALLUSERSPROFILE%\application data\package cache\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\vcredist_x86.exe.exe
  • %ALLUSERSPROFILE%\application data\package cache\{615bc16d-60f5-482e-91b3-b51d8130963b}\vcredist_x86.exe.exe
  • %ALLUSERSPROFILE%\application data\package cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\vc_redist.x86.exe.exe
  • %ALLUSERSPROFILE%\application data\package cache\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}\vcredist_x86.exe.exe
Вредоносные функции
Для затруднения выявления своего присутствия в системе
блокирует отображение:
  • скрытых файлов
Изменения в файловой системе
Создает следующие файлы
  • <SYSTEM32>\helpme.exe
  • %ALLUSERSPROFILE%\start menu\programs\games\internet reversi.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\games\internet hearts.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\games\internet checkers.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\games\internet backgammon.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\games\hearts.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\games\freecell.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\games\desktop.ini.exe
  • %ALLUSERSPROFILE%\start menu\programs\adobe reader x.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\games\minesweeper.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\administrative tools\services.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\administrative tools\performance.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\administrative tools\microsoft .net framework 1.1 wizards.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\administrative tools\microsoft .net framework 1.1 configuration.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\administrative tools\local security policy.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\administrative tools\event viewer.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\desktop.ini.exe
  • %ALLUSERSPROFILE%\start menu\programs\administrative tools\computer management.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\games\pinball.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\microsoft office\microsoft office tools\microsoft office 2007 language settings.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\microsoft office\microsoft office tools\microsoft clip organizer.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\microsoft office\microsoft office tools\digital certificate for vba projects.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\microsoft office\microsoft office publisher 2007.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\microsoft office\microsoft office powerpoint 2007.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\microsoft office\microsoft office outlook 2007.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\microsoft office\microsoft office onenote 2007.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\administrative tools\desktop.ini.exe
  • %ALLUSERSPROFILE%\start menu\programs\games\internet spades.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\microsoft office\microsoft office excel 2007.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\microsoft office\microsoft office access 2007.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\microsoft .net framework sdk v1.1\tools.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\microsoft .net framework sdk v1.1\overview.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\microsoft .net framework sdk v1.1\documentation.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\google chrome\google chrome.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\games\spider solitaire.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\microsoft office\microsoft office groove 2007.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\games\solitaire.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\administrative tools\data sources (odbc).lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\administrative tools\component services.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\microsoft office\microsoft office tools\microsoft office picture manager.lnk.exe
  • %ALLUSERSPROFILE%\start menu\desktop.ini.exe
  • %ALLUSERSPROFILE%\start menu\programs\accessories\communications\network connections.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\accessories\communications\hyperterminal.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\accessories\communications\desktop.ini.exe
  • %ALLUSERSPROFILE%\start menu\programs\accessories\calculator.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\accessories\accessibility\desktop.ini.exe
  • %ALLUSERSPROFILE%\start menu\programs\accessories\accessibility\accessibility wizard.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\accessories\communications\network setup wizard.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\accessories\communications\new connection wizard.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\microsoft office\microsoft office tools\microsoft office diagnostics.lnk.exe
  • %ALLUSERSPROFILE%\documents\my videos\desktop.ini.exe
  • %ALLUSERSPROFILE%\documents\my pictures\sample pictures\winter.jpg.exe
  • %ALLUSERSPROFILE%\documents\my pictures\sample pictures\water lilies.jpg.exe
  • %ALLUSERSPROFILE%\documents\my pictures\sample pictures\sunset.jpg.exe
  • %ALLUSERSPROFILE%\documents\my pictures\sample pictures\desktop.ini.exe
  • %ALLUSERSPROFILE%\documents\my pictures\sample pictures\blue hills.jpg.exe
  • %ALLUSERSPROFILE%\drm\drmv2.lic.exe
  • %ALLUSERSPROFILE%\start menu\programs\microsoft office\microsoft office infopath 2007.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\accessories\communications\wireless network setup wizard.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\accessories\system tools\disk cleanup.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\accessories\system tools\disk defragmenter.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\accessories\wordpad.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\accessories\system tools\system restore.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\accessories\system tools\system information.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\accessories\system tools\security center.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\accessories\system tools\scheduled tasks.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\accessories\system tools\files and settings transfer wizard.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\acrobat.com.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\accessories\desktop.ini.exe
  • %ALLUSERSPROFILE%\start menu\programs\accessories\entertainment\desktop.ini.exe
  • %ALLUSERSPROFILE%\start menu\programs\accessories\system tools\character map.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\accessories\system tools\backup.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\accessories\remote desktop connection.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\accessories\paint.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\accessories\entertainment\volume control.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\accessories\entertainment\sound recorder.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\accessories\system tools\desktop.ini.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\ms.outlook.12.1033.hxn.exe
  • %ALLUSERSPROFILE%\start menu\programs\microsoft office\microsoft office word 2007.lnk.exe
  • C:\documents and settings\default user\start menu\programs\accessories\entertainment\desktop.ini.exe
  • C:\documents and settings\default user\start menu\programs\accessories\desktop.ini.exe
  • C:\documents and settings\default user\start menu\programs\accessories\command prompt.lnk.exe
  • C:\documents and settings\default user\start menu\programs\accessories\accessibility\utility manager.lnk.exe
  • C:\documents and settings\default user\start menu\programs\accessories\accessibility\on-screen keyboard.lnk.exe
  • C:\documents and settings\default user\start menu\programs\accessories\accessibility\narrator.lnk.exe
  • C:\documents and settings\default user\start menu\programs\accessories\accessibility\magnifier.lnk.exe
  • C:\documents and settings\default user\start menu\programs\accessories\entertainment\windows media player.lnk.exe
  • C:\documents and settings\default user\start menu\programs\accessories\accessibility\desktop.ini.exe
  • C:\documents and settings\default user\sendto\mail recipient.mapimail.exe
  • C:\documents and settings\default user\sendto\desktop.ini.exe
  • C:\documents and settings\default user\sendto\desktop (create shortcut).desklink.exe
  • C:\documents and settings\default user\sendto\compressed (zipped) folder.zfsendtotarget.exe
  • C:\documents and settings\default user\ntuser.dat.log.exe
  • C:\documents and settings\default user\ntuser.dat.exe
  • C:\documents and settings\default user\local settings\<INETFILES>\desktop.ini.exe
  • C:\documents and settings\default user\start menu\desktop.ini.exe
  • C:\documents and settings\default user\local settings\<INETFILES>\content.ie5\z9pmdpek\desktop.ini.exe
  • %ALLUSERSPROFILE%\documents\my pictures\desktop.ini.exe
  • C:\documents and settings\default user\local settings\<INETFILES>\content.ie5\index.dat.exe
  • C:\documents and settings\default user\templates\wordpfct.wpg.exe
  • C:\documents and settings\default user\templates\wordpfct.wpd.exe
  • C:\documents and settings\default user\templates\sndrec.wav.exe
  • C:\documents and settings\default user\templates\quattro.wb2.exe
  • C:\documents and settings\default user\templates\presenta.shw.exe
  • C:\documents and settings\default user\templates\powerpnt.ppt.exe
  • C:\documents and settings\default user\templates\lotus.wk4.exe
  • C:\documents and settings\default user\start menu\programs\accessories\program compatibility wizard.lnk.exe
  • C:\documents and settings\default user\start menu\programs\accessories\notepad.lnk.exe
  • C:\documents and settings\default user\templates\amipro.sam.exe
  • C:\documents and settings\default user\start menu\programs\windows media player.lnk.exe
  • C:\documents and settings\default user\start menu\programs\startup\desktop.ini.exe
  • C:\documents and settings\default user\start menu\programs\remote assistance.lnk.exe
  • C:\documents and settings\default user\start menu\programs\desktop.ini.exe
  • C:\documents and settings\default user\start menu\programs\accessories\windows explorer.lnk.exe
  • C:\documents and settings\default user\start menu\programs\accessories\tour windows xp.lnk.exe
  • C:\documents and settings\default user\templates\excel.xls.exe
  • C:\documents and settings\default user\start menu\programs\accessories\synchronize.lnk.exe
  • %ALLUSERSPROFILE%\drm\drmv2.sst.exe
  • C:\documents and settings\default user\local settings\<INETFILES>\content.ie5\etuaii8e\desktop.ini.exe
  • C:\documents and settings\default user\local settings\application data\microsoft\windows media\9.0\wmsdkns.dtd.exe
  • %ALLUSERSPROFILE%\start menu\programs\windows messenger.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\steam\steam.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\steam\steam support center.url.exe
  • %ALLUSERSPROFILE%\start menu\programs\qip 2012\uninstall qip 2012.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\qip 2012\qip 2012.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\qip 2012\qip 2012 on the web.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\winrar\console rar manual.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\pidgin.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\msn.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\mozilla thunderbird.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\mozilla firefox.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\mirc\versions.txt.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\mirc\readme.txt.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\mirc\mirc.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\mirc\mirc help.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\opera.lnk.exe
  • C:\documents and settings\default user\local settings\<INETFILES>\content.ie5\h8mbgrq8\desktop.ini.exe
  • %ALLUSERSPROFILE%\start menu\programs\mirc\ircintro help.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\windows movie maker.lnk.exe
  • C:\documents and settings\default user\local settings\<INETFILES>\content.ie5\ee7gwdg8\desktop.ini.exe
  • C:\documents and settings\default user\local settings\<INETFILES>\content.ie5\desktop.ini.exe
  • C:\documents and settings\default user\local settings\history\history.ie5\index.dat.exe
  • C:\documents and settings\default user\local settings\history\history.ie5\desktop.ini.exe
  • C:\documents and settings\default user\local settings\history\desktop.ini.exe
  • C:\documents and settings\default user\local settings\desktop.ini.exe
  • C:\documents and settings\default user\local settings\application data\microsoft\windows media\9.0\wmsdkns.xml.exe
  • %ALLUSERSPROFILE%\start menu\programs\winrar\winrar help.lnk.exe
  • %ALLUSERSPROFILE%\start menu\programs\winrar\what is new in the latest version.lnk.exe
  • C:\documents and settings\default user\cookies\index.dat.exe
  • C:\documents and settings\default user\application data\microsoft\internet explorer\brndlog.txt.exe
  • C:\documents and settings\default user\application data\microsoft\internet explorer\brndlog.bak.exe
  • C:\documents and settings\default user\application data\desktop.ini.exe
  • %ALLUSERSPROFILE%\start menu\windows update.lnk.exe
  • %ALLUSERSPROFILE%\start menu\windows catalog.lnk.exe
  • %ALLUSERSPROFILE%\start menu\set program access and defaults.lnk.exe
  • C:\documents and settings\default user\local settings\application data\microsoft\media player\currentdatabase_59r.wmdb.exe
  • %ALLUSERSPROFILE%\start menu\programs\winrar\winrar.lnk.exe
  • %ALLUSERSPROFILE%\documents\my music\sample playlists\00107ff6\plylst9.wpl.exe
  • %ALLUSERSPROFILE%\documents\my music\sample playlists\00107ff6\plylst8.wpl.exe
  • %ALLUSERSPROFILE%\documents\my music\sample playlists\00107ff6\plylst7.wpl.exe
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\ball.bmp.exe
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\dirt bike.bmp.exe
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\chess.bmp.exe
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\cat.bmp.exe
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\car.bmp.exe
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\butterfly.bmp.exe
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\beach.bmp.exe
  • %ALLUSERSPROFILE%\application data\microsoft\msdn\7.0\1042\dexplore.ctm.exe
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\drip.bmp.exe
  • %ALLUSERSPROFILE%\application data\microsoft\office\groove\installed_resources.xss.exe
  • %ALLUSERSPROFILE%\application data\microsoft\office\sharepointteamsite.ico.exe
  • %ALLUSERSPROFILE%\application data\microsoft\office\sharepointportalsite.ico.exe
  • %ALLUSERSPROFILE%\application data\microsoft\office\mysite.ico.exe
  • %ALLUSERSPROFILE%\application data\microsoft\office\mysharepoints.ico.exe
  • %ALLUSERSPROFILE%\application data\microsoft\office\groove\sketchpadtestschema.xml.exe
  • %ALLUSERSPROFILE%\application data\microsoft\office\groove\installed_schemas.xss.exe
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\airplane.bmp.exe
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\astronaut.bmp.exe
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\duck.bmp.exe
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\skater.bmp.exe
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\snowflake.bmp.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\hx_1033_mtoc_hx.hxh.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\hx_1033_mkwd_namedurl.hxw.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\hx_1033_mkwd_k.hxw.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\hx.hxn.exe
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\user.bmp.exe
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\guest.bmp.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\hx_1033_mvalidator.hxd.exe
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\fish.bmp.exe
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\frog.bmp.exe
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\pink flower.bmp.exe
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\palm tree.bmp.exe
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\lift-off.bmp.exe
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\kick.bmp.exe
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\horses.bmp.exe
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\guitar.bmp.exe
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\red flower.bmp.exe
  • C:\documents and settings\localservice\cookies\index.dat.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\hx_1033_mvalidator.lck.exe
  • %ALLUSERSPROFILE%\application data\microsoft\office\data\opa12.bak.exe
  • C:\boot.ini.exe
  • %ALLUSERSPROFILE%\application data\adobe\setup\{ac76ba86-7ad7-1033-7b44-aa1000000001}\setup.ini.exe
  • %ALLUSERSPROFILE%\application data\adobe\setup\{ac76ba86-7ad7-1033-7b44-aa1000000001}\setup.exe.exe
  • %ALLUSERSPROFILE%\application data\adobe\setup\{ac76ba86-7ad7-1033-7b44-aa1000000001}\data1.cab.exe
  • %ALLUSERSPROFILE%\application data\adobe\setup\{ac76ba86-7ad7-1033-7b44-aa1000000001}\acroread.msi.exe
  • %ALLUSERSPROFILE%\application data\adobe\setup\{ac76ba86-7ad7-1033-7b44-aa1000000001}\abcpy.ini.exe
  • %ALLUSERSPROFILE%\application data\adobe\acrobat\10.0\replicate\security\directories.acrodata.exe
  • %ALLUSERSPROFILE%\application data\microsoft\office\data\opa12.dat.exe
  • %ALLUSERSPROFILE%\application data\microsoft\crypto\rsa\s-1-5-18\6d14e4b1d8ca773bab785d1be032546e_5f9fe710-99e6-4c04-be62-a7f1b8b321d1.exe
  • C:\autorun.inf.exe
  • C:\autoexec.bat.exe
  • C:\autorun.inf
  • C:\autorun.exe
  • D:\autorun.inf.exe
  • D:\autorun.inf
  • D:\autorun.exe
  • C:\config.sys.exe
  • %ALLUSERSPROFILE%\application data\microsoft\office\documentrepository.ico.exe
  • %ALLUSERSPROFILE%\application data\microsoft\crypto\rsa\s-1-5-18\d42cc0c3858a58db2db37658219e6400_5f9fe710-99e6-4c04-be62-a7f1b8b321d1.exe
  • %ALLUSERSPROFILE%\application data\microsoft\media player\usermigratedstore_59r.bin.exe
  • %ALLUSERSPROFILE%\application data\microsoft\dbgclr\7.1\1033\dbgclr.ctm.exe
  • %ALLUSERSPROFILE%\application data\microsoft\network\downloader\qmgr1.dat.exe
  • %ALLUSERSPROFILE%\application data\microsoft\network\downloader\qmgr0.dat.exe
  • %ALLUSERSPROFILE%\application data\microsoft\network\connections\pbk\sharedaccess.ini.exe
  • %ALLUSERSPROFILE%\application data\microsoft\msdn\7.0\3082\dexplore.ctm.exe
  • %ALLUSERSPROFILE%\application data\microsoft\msdn\7.0\2052\dexplore.ctm.exe
  • %ALLUSERSPROFILE%\application data\microsoft\msdn\7.0\1050\dexplore.ctm.exe
  • %ALLUSERSPROFILE%\application data\microsoft\media player\defaultstore_59r.bin.exe
  • %ALLUSERSPROFILE%\application data\microsoft\msdn\7.0\1049\dexplore.ctm.exe
  • %ALLUSERSPROFILE%\application data\desktop.ini.exe
  • %ALLUSERSPROFILE%\application data\microsoft\msdn\7.0\1041\dexplore.ctm.exe
  • %ALLUSERSPROFILE%\application data\microsoft\msdn\7.0\1040\dexplore.ctm.exe
  • %ALLUSERSPROFILE%\application data\microsoft\msdn\7.0\1036\dexplore.ctm.exe
  • %ALLUSERSPROFILE%\application data\microsoft\msdn\7.0\1033\dexplore.ctm.exe
  • %ALLUSERSPROFILE%\application data\microsoft\msdn\7.0\1031\dexplore.ctm.exe
  • %ALLUSERSPROFILE%\application data\microsoft\msdn\7.0\1028\dexplore.ctm.exe
  • %ALLUSERSPROFILE%\application data\microsoft\msdn\7.0\1046\dexplore.ctm.exe
  • C:\documents and settings\default user\templates\excel4.xls.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\ms.dexplore.hxn.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\ms.dexplore_1033_mkwd_k.hxw.exe
  • %ALLUSERSPROFILE%\desktop\mozilla thunderbird.lnk.exe
  • %ALLUSERSPROFILE%\desktop\mozilla firefox.lnk.exe
  • %ALLUSERSPROFILE%\desktop\mirc.lnk.exe
  • %ALLUSERSPROFILE%\desktop\google chrome.lnk.exe
  • %ALLUSERSPROFILE%\desktop\adobe reader x.lnk.exe
  • %ALLUSERSPROFILE%\application data\sun\java\java update\jaureglist.xml.exe
  • %ALLUSERSPROFILE%\application data\package cache\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}\vcredist_x86.exe.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\ms.dexplore_1033_mkwd_a.hxw.exe
  • %ALLUSERSPROFILE%\application data\package cache\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}\state.rsm.exe
  • %ALLUSERSPROFILE%\application data\package cache\{be960c1c-7bad-3de6-8b1a-2616fe532845}v14.0.23026\packages\vcruntimeadditional_x86\cab1.cab.exe
  • %ALLUSERSPROFILE%\application data\package cache\{a2563e55-3bec-3828-8d67-e5e8b9e8b675}v14.0.23026\packages\vcruntimeminimum_x86\vc_runtimeminimum_x86.msi.exe
  • %ALLUSERSPROFILE%\application data\package cache\{a2563e55-3bec-3828-8d67-e5e8b9e8b675}v14.0.23026\packages\vcruntimeminimum_x86\cab1.cab.exe
  • %ALLUSERSPROFILE%\application data\package cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\vc_redist.x86.exe.exe
  • %ALLUSERSPROFILE%\application data\package cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.exe
  • %ALLUSERSPROFILE%\application data\package cache\{615bc16d-60f5-482e-91b3-b51d8130963b}\vcredist_x86.exe.exe
  • %ALLUSERSPROFILE%\application data\package cache\{615bc16d-60f5-482e-91b3-b51d8130963b}\state.rsm.exe
  • %ALLUSERSPROFILE%\application data\package cache\{be960c1c-7bad-3de6-8b1a-2616fe532845}v14.0.23026\packages\vcruntimeadditional_x86\vc_runtimeadditional_x86.msi.exe
  • %ALLUSERSPROFILE%\application data\package cache\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\vcredist_x86.exe.exe
  • %ALLUSERSPROFILE%\application data\package cache\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\state.rsm.exe
  • %ALLUSERSPROFILE%\documents\my music\desktop.ini.exe
  • %ALLUSERSPROFILE%\desktop\steam.lnk.exe
  • %ALLUSERSPROFILE%\documents\my music\sample playlists\00107ff6\plylst6.wpl.exe
  • %ALLUSERSPROFILE%\documents\my music\sample playlists\00107ff6\plylst5.wpl.exe
  • %ALLUSERSPROFILE%\documents\my music\sample playlists\00107ff6\plylst4.wpl.exe
  • %ALLUSERSPROFILE%\documents\my music\sample playlists\00107ff6\plylst3.wpl.exe
  • %ALLUSERSPROFILE%\documents\my music\sample playlists\00107ff6\plylst2.wpl.exe
  • %ALLUSERSPROFILE%\documents\my music\sample playlists\00107ff6\plylst15.wpl.exe
  • %ALLUSERSPROFILE%\documents\desktop.ini.exe
  • %ALLUSERSPROFILE%\documents\my music\sample playlists\00107ff6\plylst14.wpl.exe
  • %ALLUSERSPROFILE%\desktop\opera.lnk.exe
  • %ALLUSERSPROFILE%\documents\my music\sample playlists\00107ff6\plylst11.wpl.exe
  • %ALLUSERSPROFILE%\documents\my music\sample playlists\00107ff6\plylst10.wpl.exe
  • %ALLUSERSPROFILE%\documents\my music\sample playlists\00107ff6\plylst1.wpl.exe
  • %ALLUSERSPROFILE%\documents\my music\sample music\new stories (highway blues).wma.exe
  • %ALLUSERSPROFILE%\documents\my music\sample music\desktop.ini.exe
  • %ALLUSERSPROFILE%\documents\my music\sample music\beethoven's symphony no. 9 (scherzo).wma.exe
  • %ALLUSERSPROFILE%\documents\my music\sample playlists\00107ff6\plylst13.wpl.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\ms.dexplore_1033_mkwd_f.hxw.exe
  • %ALLUSERSPROFILE%\documents\my music\sample playlists\00107ff6\plylst12.wpl.exe
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\dog.bmp.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\ms.netframeworksdkv1.1.hxn.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\ms.mstore.12.1033.hxn.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\ms.mspub.dev.12.1033.hxn.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\ms.mspub.12.1033.hxn.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\ms.mse.12.1033.hxn.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\ms.msaccess.dev.12.1033.hxn.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\ms.msaccess.12.1033.hxn.exe
  • %ALLUSERSPROFILE%\application data\oracle\java\installcache\baseimagefam8.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\ms.infopatheditor.12.1033.hxn.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\ms.groove.12.1033.hxn.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\ms.graph.12.1033.hxn.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\ms.excel.dev.12.1033.hxn.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\ms.excel.12.1033.hxn.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\ms.dexplore_1033_mvalidator.lck.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\ms.dexplore_1033_mvalidator.hxd.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\ms.dexplore_1033_mkwd_vs70namedurl.hxw.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\ms.infopath.12.1033.hxn.exe
  • %ALLUSERSPROFILE%\application data\package cache\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\vcredist_x86.exe.exe
  • %ALLUSERSPROFILE%\application data\package cache\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\state.rsm.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\ms.netframeworksdkv1.1_1033_mkwd_k.hxw.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\ms.netframeworksdkv1.1_1033_mkwd_a.hxw.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\nslist.hxl.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\ms.winword.dev.12.1033.hxn.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\ms.winword.12.1033.hxn.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\ms.setlang.12.1033.hxn.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\ms.ribbon.12.1033.hxn.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\ms.powerpnt.dev.12.1033.hxn.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\ms.netframeworksdkv1.1_1033_mkwd_f.hxw.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\ms.powerpnt.12.1033.hxn.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\ms.netframeworksdkv1.1_1033_cvalidator.hxd.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\ms.onenote.12.1033.hxn.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\ms.ois.12.1033.hxn.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\ms.netframeworksdkv1.1_1033_mvalidator.lck.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\ms.netframeworksdkv1.1_1033_mvalidator.hxd.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\ms.netframeworksdkv1.1_1033_mtoc_netsdk.hxh.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\ms.netframeworksdkv1.1_1033_mkwd_netsdknamedurls.hxw.exe
  • %ALLUSERSPROFILE%\application data\microsoft help\ms.outlook.dev.12.1033.hxn.exe
  • C:\documents and settings\localservice\local settings\application data\fontcache3.0.0.0.dat.exe
Присваивает атрибут 'скрытый' для следующих файлов
  • D:\autorun.exe
  • D:\autorun.inf
  • C:\autorun.exe
  • C:\autorun.inf
Удаляет следующие файлы
  • D:\autorun.inf
  • C:\autorun.inf
Подменяет следующие исполняемые файлы
  • %ALLUSERSPROFILE%\Application Data\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA1000000001}\setup.exe
  • %ALLUSERSPROFILE%\Application Data\Package Cache\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\vcredist_x86.exe
  • %ALLUSERSPROFILE%\Application Data\Package Cache\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\vcredist_x86.exe
  • %ALLUSERSPROFILE%\Application Data\Package Cache\{615bc16d-60f5-482e-91b3-b51d8130963b}\vcredist_x86.exe
  • %ALLUSERSPROFILE%\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\VC_redist.x86.exe
  • %ALLUSERSPROFILE%\Application Data\Package Cache\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}\vcredist_x86.exe
Подменяет следующие файлы
  • D:\autorun.inf
  • %ALLUSERSPROFILE%\Start Menu\Programs\Games\Solitaire.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Games\Pinball.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Games\Minesweeper.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Games\Internet Spades.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Games\Internet Reversi.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Games\Internet Hearts.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Games\Internet Checkers.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Games\Internet Backgammon.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Games\Hearts.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Games\Freecell.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Games\desktop.ini
  • %ALLUSERSPROFILE%\Start Menu\Programs\desktop.ini
  • %ALLUSERSPROFILE%\Start Menu\Programs\Adobe Reader X.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools\Services.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools\Performance.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Games\Spider Solitaire.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Google Chrome\Google Chrome.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Language Settings.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Microsoft Office\Microsoft Office Publisher 2007.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Microsoft Office\Microsoft Office OneNote 2007.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\mIRC\IRCIntro Help.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Microsoft Office\Microsoft Office InfoPath 2007.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Microsoft Office\Microsoft Office Groove 2007.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Microsoft Office\Microsoft Office Access 2007.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Microsoft .NET Framework SDK v1.1\Tools.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Microsoft .NET Framework SDK v1.1\Overview.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Microsoft .NET Framework SDK v1.1\Documentation.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Microsoft Office\Microsoft Office Outlook 2007.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2007.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools\desktop.ini
  • %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools\Event Viewer.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\desktop.ini
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Communications\New Connection Wizard.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Communications\Network Setup Wizard.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Communications\Network Connections.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Communications\HyperTerminal.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Communications\desktop.ini
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Calculator.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Accessibility\desktop.ini
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Accessibility\Accessibility Wizard.lnk
  • %ALLUSERSPROFILE%\Start Menu\desktop.ini
  • %ALLUSERSPROFILE%\DRM\drmv2.sst
  • %ALLUSERSPROFILE%\DRM\drmv2.lic
  • %ALLUSERSPROFILE%\Documents\My Videos\Desktop.ini
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Entertainment\desktop.ini
  • %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools\Local Security Policy.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Entertainment\Volume Control.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Paint.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools\Computer Management.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools\Component Services.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Acrobat.com.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\WordPad.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\System Tools\System Restore.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\System Tools\System Information.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\System Tools\Security Center.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\System Tools\Scheduled Tasks.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\System Tools\Disk Defragmenter.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\System Tools\desktop.ini
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\System Tools\Character Map.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\System Tools\Backup.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\MS.POWERPNT.12.1033.hxn
  • %ALLUSERSPROFILE%\Start Menu\Programs\mIRC\mIRC Help.lnk
  • C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Entertainment\desktop.ini
  • C:\Documents and Settings\Default User\Local Settings\<INETFILES>\desktop.ini
  • C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\desktop.ini
  • C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Command Prompt.lnk
  • C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk
  • C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk
  • C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk
  • C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk
  • C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\desktop.ini
  • C:\Documents and Settings\Default User\Start Menu\desktop.ini
  • C:\Documents and Settings\Default User\SendTo\Mail Recipient.MAPIMail
  • C:\Documents and Settings\Default User\SendTo\desktop.ini
  • C:\Documents and Settings\Default User\SendTo\Desktop (create shortcut).DeskLink
  • C:\Documents and Settings\Default User\SendTo\Compressed (zipped) Folder.ZFSendToTarget
  • C:\Documents and Settings\Default User\NTUSER.DAT.LOG
  • C:\Documents and Settings\Default User\NTUSER.DAT
  • C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Notepad.lnk
  • C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk
  • C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Synchronize.lnk
  • C:\Documents and Settings\Default User\Local Settings\<INETFILES>\Content.IE5\Z9PMDPEK\desktop.ini
  • C:\Documents and Settings\Default User\Templates\sndrec.wav
  • C:\Documents and Settings\Default User\Templates\quattro.wb2
  • C:\Documents and Settings\Default User\Templates\presenta.shw
  • C:\Documents and Settings\Default User\Templates\powerpnt.ppt
  • C:\Documents and Settings\Default User\Templates\lotus.wk4
  • C:\Documents and Settings\Default User\Templates\excel4.xls
  • C:\Documents and Settings\Default User\Templates\excel.xls
  • C:\Documents and Settings\Default User\Start Menu\Programs\Windows Media Player.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\mIRC\mIRC.lnk
  • C:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini
  • C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk
  • C:\Documents and Settings\Default User\Start Menu\Programs\desktop.ini
  • C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Windows Explorer.lnk
  • C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Tour Windows XP.lnk
  • C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk
  • C:\Documents and Settings\Default User\Templates\wordpfct.wpd
  • C:\Documents and Settings\Default User\Local Settings\<INETFILES>\Content.IE5\index.dat
  • C:\Documents and Settings\Default User\Local Settings\<INETFILES>\Content.IE5\H8MBGRQ8\desktop.ini
  • %ALLUSERSPROFILE%\Start Menu\Programs\WinRAR\Console RAR manual.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Windows Messenger.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Steam\Steam.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Steam\Steam Support Center.url
  • %ALLUSERSPROFILE%\Start Menu\Programs\QIP 2012\Uninstall QIP 2012.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\QIP 2012\QIP 2012.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\QIP 2012\QIP 2012 on the Web.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Pidgin.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Opera.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\MSN.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Mozilla Thunderbird.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Mozilla Firefox.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\mIRC\Versions.txt.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\mIRC\Readme.txt.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\WinRAR\What is new in the latest version.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\WinRAR\WinRAR help.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\WinRAR\WinRAR.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Windows Movie Maker.lnk
  • %ALLUSERSPROFILE%\Start Menu\Set Program Access and Defaults.lnk
  • C:\Documents and Settings\Default User\Local Settings\<INETFILES>\Content.IE5\EE7GWDG8\desktop.ini
  • C:\Documents and Settings\Default User\Local Settings\<INETFILES>\Content.IE5\ETUAII8E\desktop.ini
  • C:\Documents and Settings\Default User\Local Settings\<INETFILES>\Content.IE5\desktop.ini
  • C:\Documents and Settings\Default User\Local Settings\History\History.IE5\index.dat
  • C:\Documents and Settings\Default User\Local Settings\History\History.IE5\desktop.ini
  • C:\Documents and Settings\Default User\Local Settings\History\desktop.ini
  • C:\Documents and Settings\Default User\Local Settings\desktop.ini
  • %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Winter.jpg
  • %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Entertainment\Sound Recorder.lnk
  • C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML
  • C:\Documents and Settings\Default User\Cookies\index.dat
  • C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.txt
  • C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.bak
  • C:\Documents and Settings\Default User\Application Data\desktop.ini
  • %ALLUSERSPROFILE%\Start Menu\Windows Update.lnk
  • %ALLUSERSPROFILE%\Start Menu\Windows Catalog.lnk
  • C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD
  • C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb
  • %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Water lilies.jpg
  • %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Sunset.jpg
  • %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\desktop.ini
  • %ALLUSERSPROFILE%\Application Data\Microsoft\OFFICE\SharePointPortalSite.ico
  • %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp
  • %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp
  • %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp
  • %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp
  • %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp
  • %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp
  • %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp
  • %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp
  • %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp
  • %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp
  • %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp
  • %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp
  • %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp
  • %ALLUSERSPROFILE%\Application Data\Microsoft\OFFICE\SharePointTeamSite.ico
  • %ALLUSERSPROFILE%\Application Data\Microsoft\OFFICE\MySharePoints.ico
  • %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp
  • %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp
  • %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp
  • %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\MS.Dexplore.hxn
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\Hx_1033_MValidator.Lck
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\Hx_1033_MValidator.HxD
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\Hx_1033_MTOC_Hx.HxH
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\Hx_1033_MKWD_NamedURL.HxW
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\Hx_1033_MKWD_K.HxW
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\Hx.hxn
  • %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\user.bmp
  • %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\guest.bmp
  • %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp
  • %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp
  • %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp
  • %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp
  • %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\MS.Dexplore_1033_MKWD_A.HxW
  • %ALLUSERSPROFILE%\Application Data\Microsoft\OFFICE\MySite.ico
  • %ALLUSERSPROFILE%\Application Data\Microsoft\OFFICE\Groove\SketchPadTestSchema.xml
  • %ALLUSERSPROFILE%\Application Data\Microsoft\MSDN\7.0\3082\dexplore.CTM
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Media Player\DefaultStore_59R.bin
  • %ALLUSERSPROFILE%\Application Data\Microsoft\DbgClr\7.1\1033\DbgCLR.CTM
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_5f9fe710-99e6-4c04-be62-a7f1b8b321d1
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_5f9fe710-99e6-4c04-be62-a7f1b8b321d1
  • %ALLUSERSPROFILE%\Application Data\desktop.ini
  • %ALLUSERSPROFILE%\Application Data\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA1000000001}\Setup.ini
  • %ALLUSERSPROFILE%\Application Data\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA1000000001}\Data1.cab
  • %ALLUSERSPROFILE%\Application Data\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA1000000001}\AcroRead.msi
  • %ALLUSERSPROFILE%\Application Data\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA1000000001}\ABCPY.INI
  • %ALLUSERSPROFILE%\Application Data\Adobe\Acrobat\10.0\Replicate\Security\directories.acrodata
  • C:\CONFIG.SYS
  • C:\boot.ini
  • C:\autorun.inf
  • C:\AUTOEXEC.BAT
  • %ALLUSERSPROFILE%\Application Data\Microsoft\MSDN\7.0\1028\dexplore.CTM
  • %ALLUSERSPROFILE%\Application Data\Microsoft\MSDN\7.0\1031\dexplore.CTM
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Media Player\UserMigratedStore_59R.bin
  • %ALLUSERSPROFILE%\Application Data\Microsoft\MSDN\7.0\1033\dexplore.CTM
  • %ALLUSERSPROFILE%\Application Data\Microsoft\OFFICE\Groove\Installed_schemas.xss
  • %ALLUSERSPROFILE%\Application Data\Microsoft\MSDN\7.0\1036\dexplore.CTM
  • %ALLUSERSPROFILE%\Application Data\Microsoft\OFFICE\Groove\Installed_resources.xss
  • %ALLUSERSPROFILE%\Application Data\Microsoft\OFFICE\DocumentRepository.ico
  • %ALLUSERSPROFILE%\Application Data\Microsoft\OFFICE\DATA\opa12.dat
  • %ALLUSERSPROFILE%\Application Data\Microsoft\OFFICE\DATA\OPA12.BAK
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr1.dat
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr0.dat
  • C:\Documents and Settings\Default User\Templates\wordpfct.wpg
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\MS.Dexplore_1033_MKWD_F.HxW
  • %ALLUSERSPROFILE%\Application Data\Microsoft\MSDN\7.0\2052\dexplore.CTM
  • %ALLUSERSPROFILE%\Application Data\Microsoft\MSDN\7.0\1050\dexplore.CTM
  • %ALLUSERSPROFILE%\Application Data\Microsoft\MSDN\7.0\1049\dexplore.CTM
  • %ALLUSERSPROFILE%\Application Data\Microsoft\MSDN\7.0\1046\dexplore.CTM
  • %ALLUSERSPROFILE%\Application Data\Microsoft\MSDN\7.0\1042\dexplore.CTM
  • %ALLUSERSPROFILE%\Application Data\Microsoft\MSDN\7.0\1041\dexplore.CTM
  • %ALLUSERSPROFILE%\Application Data\Microsoft\MSDN\7.0\1040\dexplore.CTM
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Network\Connections\Pbk\sharedaccess.ini
  • C:\Documents and Settings\Default User\Templates\amipro.sam
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\MS.Dexplore_1033_MKWD_K.HxW
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\MS.NETFrameworkSDKv1.1_1033_MKWD_A.HxW
  • %ALLUSERSPROFILE%\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Music\desktop.ini
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma
  • %ALLUSERSPROFILE%\Documents\My Music\Desktop.ini
  • %ALLUSERSPROFILE%\Documents\desktop.ini
  • %ALLUSERSPROFILE%\Desktop\Steam.lnk
  • %ALLUSERSPROFILE%\Desktop\Opera.lnk
  • %ALLUSERSPROFILE%\Desktop\Mozilla Thunderbird.lnk
  • %ALLUSERSPROFILE%\Desktop\Mozilla Firefox.lnk
  • %ALLUSERSPROFILE%\Desktop\mIRC.lnk
  • %ALLUSERSPROFILE%\Desktop\Google Chrome.lnk
  • %ALLUSERSPROFILE%\Desktop\Adobe Reader X.lnk
  • %ALLUSERSPROFILE%\Application Data\Sun\Java\Java Update\jaureglist.xml
  • %ALLUSERSPROFILE%\Application Data\Package Cache\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}\state.rsm
  • %ALLUSERSPROFILE%\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Music\New Stories (Highway Blues).wma
  • %ALLUSERSPROFILE%\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\00107FF6\Plylst10.wpl
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\00107FF6\Plylst11.wpl
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\00107FF6\Plylst4.wpl
  • %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Blue hills.jpg
  • %ALLUSERSPROFILE%\Documents\My Pictures\Desktop.ini
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\00107FF6\Plylst9.wpl
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\00107FF6\Plylst8.wpl
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\00107FF6\Plylst7.wpl
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\00107FF6\Plylst6.wpl
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\00107FF6\Plylst5.wpl
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\00107FF6\Plylst3.wpl
  • %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\00107FF6\Plylst2.wpl
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\00107FF6\Plylst15.wpl
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\00107FF6\Plylst14.wpl
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\00107FF6\Plylst13.wpl
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\00107FF6\Plylst12.wpl
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\00107FF6\Plylst1.wpl
  • %ALLUSERSPROFILE%\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi
  • %ALLUSERSPROFILE%\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm
  • %ALLUSERSPROFILE%\Application Data\Package Cache\{615bc16d-60f5-482e-91b3-b51d8130963b}\state.rsm
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\MS.NETFrameworkSDKv1.1_1033_MKWD_F.HxW
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\MS.NETFrameworkSDKv1.1.hxn
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\MS.MSTORE.12.1033.hxn
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\MS.MSPUB.DEV.12.1033.hxn
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\MS.MSPUB.12.1033.hxn
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\MS.MSE.12.1033.hxn
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\MS.MSACCESS.DEV.12.1033.hxn
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\MS.MSACCESS.12.1033.hxn
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\MS.INFOPATHEDITOR.12.1033.hxn
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\MS.INFOPATH.12.1033.hxn
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\MS.GROOVE.12.1033.hxn
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\MS.GRAPH.12.1033.hxn
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\MS.EXCEL.DEV.12.1033.hxn
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\MS.EXCEL.12.1033.hxn
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\MS.Dexplore_1033_MValidator.Lck
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\MS.NETFrameworkSDKv1.1_1033_CValidator.HxD
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\MS.NETFrameworkSDKv1.1_1033_MKWD_K.HxW
  • %ALLUSERSPROFILE%\Application Data\Package Cache\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\state.rsm
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\MS.NETFrameworkSDKv1.1_1033_MTOC_NETSDK.HxH
  • %ALLUSERSPROFILE%\Application Data\Package Cache\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\state.rsm
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\MS.NETFrameworkSDKv1.1_1033_MKWD_NETSDKNamedUrls.HxW
  • %ALLUSERSPROFILE%\Application Data\Oracle\Java\installcache\baseimagefam8
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\nslist.hxl
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\MS.WINWORD.DEV.12.1033.hxn
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\MS.WINWORD.12.1033.hxn
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\MS.SETLANG.12.1033.hxn
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\MS.Dexplore_1033_MValidator.HxD
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\MS.RIBBON.12.1033.hxn
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\MS.POWERPNT.DEV.12.1033.hxn
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\MS.OUTLOOK.DEV.12.1033.hxn
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\MS.OUTLOOK.12.1033.hxn
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\MS.ONENOTE.12.1033.hxn
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\MS.OIS.12.1033.hxn
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\MS.NETFrameworkSDKv1.1_1033_MValidator.Lck
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\MS.NETFrameworkSDKv1.1_1033_MValidator.HxD
  • %ALLUSERSPROFILE%\Application Data\Microsoft Help\MS.Dexplore_1033_MKWD_VS70NamedUrl.HxW
  • C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
Изменяет множество файлов пользовательских данных (Trojan.Encoder).
Изменяет расширения файлов пользовательских данных (Trojan.Encoder).
Другое
Создает и запускает на исполнение
  • '<SYSTEM32>\helpme.exe'
  • '<SYSTEM32>\helpme.exe' ' (со скрытым окном)