ПОЛЬЗОВАТЕЛЯМ

Закрыть

Поиск

Поиск

Поддержка
Круглосуточная поддержка

Напишите

Запрос через форму

Позвоните

Бесплатно по России:
8-800-333-79-32

ЧаВо | Форум

Напишите

Задать вопрос в поддержку

Ваши запросы

  • Все: -
  • Незакрытые: -
  • Последний: -

Позвоните

Бесплатно по России:
8-800-333-79-32

Свяжитесь с нами Незакрытые запросы: 

Профиль

Профиль

RU
RU CN DE EN ES FR IT JP KZ UZ PL BY
Закрыть

Переключение языка сайта

Сервисы
Сканеры
FixIt!
Dr.Web vxCube
Экспертиза ВКИ
Вирусная библиотека
База знаний

Технологии

Термины

Обучение и просвещение

Мифы

Новости

Trojan.Encoder.33473

Добавлен в вирусную базу Dr.Web: 2021-02-15

Описание добавлено:

Техническая информация

Для обеспечения автозапуска и распространения
Модифицирует следующие ключи реестра
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'WindowsUpdateCheck' = '<Полный путь к файлу>'
Создает или изменяет следующие файлы
  • %HOMEPATH%\start menu\programs\startup\.a8d68e42e88bfdf0d21e
Создает следующие файлы на съемном носителе
  • <Имя диска съемного носителя>:\.a8d68e42e88bfdf0d21e
  • <Имя диска съемного носителя>:\archer.avi
  • <Имя диска съемного носителя>:\correct.avi
  • <Имя диска съемного носителя>:\delete.avi
  • <Имя диска съемного носителя>:\tileimage.bmp
  • <Имя диска съемного носителя>:\toolbar.bmp
  • <Имя диска съемного носителя>:\dashborder_192.bmp
  • <Имя диска съемного носителя>:\dashborder_144.bmp
  • <Имя диска съемного носителя>:\dashborder_120.bmp
  • <Имя диска съемного носителя>:\dashborder_96.bmp
Вредоносные функции
Для затруднения выявления своего присутствия в системе
блокирует запуск следующих системных утилит:
  • Системный антивирус (Защитник Windows)
Запускает на исполнение
  • '%WINDIR%\syswow64\net.exe' stop "SQLSERVERAGENT"
  • '%WINDIR%\syswow64\net.exe' stop U8WorkerService2
  • '%WINDIR%\syswow64\net.exe' stop "MSSQL$SHOPCONTROL9"
  • '%WINDIR%\syswow64\net.exe' stop "SQLTELEMETRY"
  • '%WINDIR%\syswow64\net.exe' stop MSSQL$FE_EXPRESS
  • '%WINDIR%\syswow64\net.exe' stop VMwareHostd
  • '%WINDIR%\syswow64\net.exe' stop MSSQL$
  • '%WINDIR%\syswow64\taskkill.exe' /IM ReportingServicesService.exe /F
  • '%WINDIR%\syswow64\taskkill.exe' /IM DDSoftPwsTomcat9.exe /F
  • '%WINDIR%\syswow64\taskkill.exe' /IM ThunderPlatform.exe /F
  • '%WINDIR%\syswow64\net.exe' stop SQLSERVERAGENT
  • '%WINDIR%\syswow64\net.exe' stop UIODetect
  • '%WINDIR%\syswow64\net.exe' stop U8WorkerService1
  • '%WINDIR%\syswow64\taskkill.exe' /IM Tomcat7w.exe /F
  • '%WINDIR%\syswow64\net.exe' stop "MSOLAP$SHOPCONTROL9"
  • '%WINDIR%\syswow64\taskkill.exe' /IM pg_ctl.exe /F
  • '%WINDIR%\syswow64\taskkill.exe' /IM BackupExec.exe /F
  • '%WINDIR%\syswow64\taskkill.exe' /IM VBoxSDS.exe /F
  • '%WINDIR%\syswow64\taskkill.exe' /F /IM Veeam.Backup.Agent.ConfigurationService.exe
  • '%WINDIR%\syswow64\taskkill.exe' /IM sqlservr.exe /F
  • '%WINDIR%\syswow64\net.exe' stop "SQLBrowser"
  • '%WINDIR%\syswow64\net.exe' stop HaoZipSvc
  • '%WINDIR%\syswow64\net.exe' stop "igfxCUIService2.0.0.0"
Изменения в файловой системе
Создает следующие файлы
  • C:\users\public\pictures\killer.bat
  • %HOMEPATH%\local settings\thunderbird\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\local settings\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\local settings\gdipfontcachev1.dat
  • %HOMEPATH%\local settings\iconcache.db
  • %HOMEPATH%\local settings\how to back your files.txt
  • %HOMEPATH%\local settings\virtualstore\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\local settings\virtualstore\how to back your files.txt
  • %HOMEPATH%\local settings\thunderbird\how to back your files.txt
  • %HOMEPATH%\printhood\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\local settings\thunderbird\updates\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\local settings\thunderbird\updates\how to back your files.txt
  • %HOMEPATH%\local settings\thunderbird\updates\8216c80c92c4e828\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\local settings\thunderbird\updates\8216c80c92c4e828\how to back your files.txt
  • %HOMEPATH%\local settings\thunderbird\profiles\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\local settings\thunderbird\profiles\how to back your files.txt
  • %HOMEPATH%\music\how to back your files.txt
  • %HOMEPATH%\my documents\how to back your files.txt
  • %HOMEPATH%\nethood\how to back your files.txt
  • %HOMEPATH%\nethood\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\pictures\how to back your files.txt
  • %HOMEPATH%\pictures\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\printhood\how to back your files.txt
  • %HOMEPATH%\recent\automaticdestinations\how to back your files.txt
  • C:\$recycle.bin\s-1-5-21-1960123792-2022915161-3775307078-1001\how to back your files.txt
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\recent\automaticdestinations\74d7f43c1561fc1e.automaticdestinations-ms
  • %HOMEPATH%\recent\automaticdestinations\1b4dd67f29cb1962.automaticdestinations-ms
  • %HOMEPATH%\recent\automaticdestinations\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\recent\customdestinations\how to back your files.txt
  • %HOMEPATH%\recent\customdestinations\c312e260e424ae76.customdestinations-ms
  • %HOMEPATH%\my documents\my music\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\recent\automaticdestinations\7e4dca80246863e3.automaticdestinations-ms
  • %HOMEPATH%\my documents\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\_cache_clean_
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\startupcache\how to back your files.txt
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\e\how to back your files.txt
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\d\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\d\how to back your files.txt
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\c\how to back your files.txt
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\b\how to back your files.txt
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\a\how to back your files.txt
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\8\how to back your files.txt
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\f\how to back your files.txt
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\7\how to back your files.txt
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\6\how to back your files.txt
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\5\how to back your files.txt
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\4\how to back your files.txt
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\3\how to back your files.txt
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\2\how to back your files.txt
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\e\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\f\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\sendto\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache2\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache2\how to back your files.txt
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache2\entries\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache2\entries\how to back your files.txt
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\how to back your files.txt
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\startupcache\startupcache.4.little
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\startupcache\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache2\doomed\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\_cache_002_
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\_cache_003_
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\_cache_map_
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\how to back your files.txt
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache2\doomed\how to back your files.txt
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\_cache_001_
  • C:\$recycle.bin\how to back your files.txt
  • %HOMEPATH%\recent\customdestinations\bf8efb871eda5262.customdestinations-ms
  • C:\$recycle.bin\s-1-5-21-1960123792-2022915161-3775307078-1001\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\templates\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\templates\how to back your files.txt
  • %HOMEPATH%\start menu\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\start menu\how to back your files.txt
  • %HOMEPATH%\start menu\programs\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\start menu\programs\how to back your files.txt
  • %HOMEPATH%\start menu\programs\winrar\how to back your files.txt
  • %HOMEPATH%\start menu\programs\icq\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\start menu\programs\total commander\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\start menu\programs\total commander\how to back your files.txt
  • %HOMEPATH%\start menu\programs\telegram desktop\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\start menu\programs\telegram desktop\how to back your files.txt
  • %HOMEPATH%\start menu\programs\maintenance\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\start menu\programs\maintenance\how to back your files.txt
  • %HOMEPATH%\videos\how to back your files.txt
  • %HOMEPATH%\videos\.a8d68e42e88bfdf0d21e
  • %ALLUSERSPROFILE%\local\.a8d68e42e88bfdf0d21e
  • C:\how to back your files.txt
  • %HOMEPATH%\voip\how to back your files.txt
  • %HOMEPATH%\voip\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\how to back your files.txt
  • %HOMEPATH%\.a8d68e42e88bfdf0d21e
  • C:\users\how to back your files.txt
  • %HOMEPATH%\start menu\programs\winrar\.a8d68e42e88bfdf0d21e
  • C:\users\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\start menu\programs\mail.ru\how to back your files.txt
  • C:\$recycle.bin\.a8d68e42e88bfdf0d21e
  • z:\.a8d68e42e88bfdf0d21e
  • D:\.a8d68e42e88bfdf0d21e
  • C:\.a8d68e42e88bfdf0d21e
  • <Текущая директория>\ids.txt
  • z:\system volume information\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\start menu\programs\mail.ru\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\start menu\programs\icq\how to back your files.txt
  • %HOMEPATH%\recent\customdestinations\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\recent\customdestinations\1b4dd67f29cb1962.customdestinations-ms
  • %HOMEPATH%\recent\customdestinations\28c8b86deab549a1.customdestinations-ms
  • %HOMEPATH%\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms
  • %HOMEPATH%\recent\customdestinations\5afe4de1b92fc382.customdestinations-ms
  • %HOMEPATH%\recent\how to back your files.txt
  • %HOMEPATH%\start menu\programs\administrative tools\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\recent\customdestinations\10a2479c877ca098.customdestinations-ms
  • %HOMEPATH%\recent\customdestinations\5d696d521de238c3.customdestinations-ms
  • D:\system volume information\.a8d68e42e88bfdf0d21e
  • D:\$recycle.bin\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\recent\customdestinations\969252ce11249fdd.customdestinations-ms
  • D:\$recycle.bin\s-1-5-21-1960123792-2022915161-3775307078-1001\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\recent\customdestinations\74d7f43c1561fc1e.customdestinations-ms
  • %HOMEPATH%\recent\customdestinations\7e4dca80246863e3.customdestinations-ms
  • %HOMEPATH%\recent\customdestinations\9027fe24326910d2.customdestinations-ms
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\9\how to back your files.txt
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\1\how to back your files.txt
  • %HOMEPATH%\saved games\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\searches\how to back your files.txt
  • %HOMEPATH%\searches\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\sendto\how to back your files.txt
  • %HOMEPATH%\sendto\mail recipient.mapimail
  • %HOMEPATH%\sendto\desktop (create shortcut).desklink
  • %HOMEPATH%\sendto\compressed (zipped) folder.zfsendtotarget
  • %HOMEPATH%\recent\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\start menu\programs\accessories\accessibility\how to back your files.txt
  • %HOMEPATH%\start menu\programs\accessories\accessibility\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\start menu\programs\accessories\system tools\how to back your files.txt
  • %HOMEPATH%\start menu\programs\accessories\system tools\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\start menu\programs\accessories\how to back your files.txt
  • %HOMEPATH%\start menu\programs\accessories\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\start menu\programs\administrative tools\how to back your files.txt
  • %HOMEPATH%\saved games\how to back your files.txt
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\0\how to back your files.txt
Присваивает атрибут 'скрытый' для следующих файлов
  • %ALLUSERSPROFILE%\local\.a8d68e42e88bfdf0d21e
  • D:\system volume information\.a8d68e42e88bfdf0d21e
  • D:\$recycle.bin\.a8d68e42e88bfdf0d21e
  • D:\$recycle.bin\s-1-5-21-1960123792-2022915161-3775307078-1001\.a8d68e42e88bfdf0d21e
  • <Имя диска съемного носителя>:\.a8d68e42e88bfdf0d21e
  • C:\$recycle.bin\s-1-5-21-1960123792-2022915161-3775307078-1001\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\recent\automaticdestinations\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\printhood\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\pictures\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\nethood\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\my documents\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\my documents\my music\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\local settings\virtualstore\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\e\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\local settings\thunderbird\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\local settings\thunderbird\updates\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\local settings\thunderbird\updates\8216c80c92c4e828\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\local settings\thunderbird\profiles\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\startupcache\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache2\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache2\entries\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache2\doomed\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\f\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\recent\customdestinations\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\local settings\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\recent\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\start menu\programs\.a8d68e42e88bfdf0d21e
  • C:\.a8d68e42e88bfdf0d21e
  • z:\.a8d68e42e88bfdf0d21e
  • C:\$recycle.bin\.a8d68e42e88bfdf0d21e
  • z:\system volume information\.a8d68e42e88bfdf0d21e
  • D:\.a8d68e42e88bfdf0d21e
  • C:\users\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\voip\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\videos\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\templates\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\start menu\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\start menu\programs\winrar\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\searches\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\start menu\programs\total commander\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\start menu\programs\telegram desktop\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\start menu\programs\startup\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\start menu\programs\maintenance\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\start menu\programs\mail.ru\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\start menu\programs\icq\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\start menu\programs\administrative tools\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\start menu\programs\accessories\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\start menu\programs\accessories\system tools\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\start menu\programs\accessories\accessibility\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\sendto\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\saved games\.a8d68e42e88bfdf0d21e
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\d\.a8d68e42e88bfdf0d21e
Перемещает следующие файлы
  • %HOMEPATH%\sendto\compressed (zipped) folder.zfsendtotarget в %HOMEPATH%\sendto\compressed (zipped) folder.zfsendtotarget.globeimposter-alpha666qqz
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\_cache_002_ в %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\_cache_002_.globeimposter-alpha666qqz
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\_cache_001_ в %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\_cache_001_.globeimposter-alpha666qqz
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\startupcache\startupcache.4.little в %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\startupcache\startupcache.4.little.globeimposter-alpha666qqz
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\_cache_clean_ в %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\_cache_clean_.globeimposter-alpha666qqz
  • %HOMEPATH%\local settings\iconcache.db в %HOMEPATH%\local settings\iconcache.db.globeimposter-alpha666qqz
  • %HOMEPATH%\local settings\gdipfontcachev1.dat в %HOMEPATH%\local settings\gdipfontcachev1.dat.globeimposter-alpha666qqz
  • %HOMEPATH%\recent\automaticdestinations\7e4dca80246863e3.automaticdestinations-ms в %HOMEPATH%\recent\automaticdestinations\7e4dca80246863e3.automaticdestinations-ms.globeimposter-alpha666qqz
  • %HOMEPATH%\recent\automaticdestinations\74d7f43c1561fc1e.automaticdestinations-ms в %HOMEPATH%\recent\automaticdestinations\74d7f43c1561fc1e.automaticdestinations-ms.globeimposter-alpha666qqz
  • %HOMEPATH%\recent\automaticdestinations\1b4dd67f29cb1962.automaticdestinations-ms в %HOMEPATH%\recent\automaticdestinations\1b4dd67f29cb1962.automaticdestinations-ms.globeimposter-alpha666qqz
  • %HOMEPATH%\recent\customdestinations\c312e260e424ae76.customdestinations-ms в %HOMEPATH%\recent\customdestinations\c312e260e424ae76.customdestinations-ms.globeimposter-alpha666qqz
  • %HOMEPATH%\recent\customdestinations\bf8efb871eda5262.customdestinations-ms в %HOMEPATH%\recent\customdestinations\bf8efb871eda5262.customdestinations-ms.globeimposter-alpha666qqz
  • %HOMEPATH%\recent\customdestinations\969252ce11249fdd.customdestinations-ms в %HOMEPATH%\recent\customdestinations\969252ce11249fdd.customdestinations-ms.globeimposter-alpha666qqz
  • %HOMEPATH%\recent\customdestinations\9027fe24326910d2.customdestinations-ms в %HOMEPATH%\recent\customdestinations\9027fe24326910d2.customdestinations-ms.globeimposter-alpha666qqz
  • %HOMEPATH%\recent\customdestinations\7e4dca80246863e3.customdestinations-ms в %HOMEPATH%\recent\customdestinations\7e4dca80246863e3.customdestinations-ms.globeimposter-alpha666qqz
  • %HOMEPATH%\recent\customdestinations\74d7f43c1561fc1e.customdestinations-ms в %HOMEPATH%\recent\customdestinations\74d7f43c1561fc1e.customdestinations-ms.globeimposter-alpha666qqz
  • %HOMEPATH%\recent\customdestinations\5d696d521de238c3.customdestinations-ms в %HOMEPATH%\recent\customdestinations\5d696d521de238c3.customdestinations-ms.globeimposter-alpha666qqz
  • %HOMEPATH%\recent\customdestinations\5afe4de1b92fc382.customdestinations-ms в %HOMEPATH%\recent\customdestinations\5afe4de1b92fc382.customdestinations-ms.globeimposter-alpha666qqz
  • %HOMEPATH%\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms в %HOMEPATH%\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms.globeimposter-alpha666qqz
  • %HOMEPATH%\recent\customdestinations\28c8b86deab549a1.customdestinations-ms в %HOMEPATH%\recent\customdestinations\28c8b86deab549a1.customdestinations-ms.globeimposter-alpha666qqz
  • %HOMEPATH%\recent\customdestinations\1b4dd67f29cb1962.customdestinations-ms в %HOMEPATH%\recent\customdestinations\1b4dd67f29cb1962.customdestinations-ms.globeimposter-alpha666qqz
  • %HOMEPATH%\recent\customdestinations\10a2479c877ca098.customdestinations-ms в %HOMEPATH%\recent\customdestinations\10a2479c877ca098.customdestinations-ms.globeimposter-alpha666qqz
  • %HOMEPATH%\sendto\mail recipient.mapimail в %HOMEPATH%\sendto\mail recipient.mapimail.globeimposter-alpha666qqz
  • %HOMEPATH%\sendto\desktop (create shortcut).desklink в %HOMEPATH%\sendto\desktop (create shortcut).desklink.globeimposter-alpha666qqz
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\_cache_003_ в %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\_cache_003_.globeimposter-alpha666qqz
  • %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\_cache_map_ в %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\_cache_map_.globeimposter-alpha666qqz
Изменяет следующие файлы
Изменяет расширения файлов пользовательских данных (Trojan.Encoder).
Сетевая активность
Подключается к
  • 'google.com':443
TCP
  • 'google.com':443
UDP
  • DNS ASK google.com
Другое
Ищет следующие окна
  • ClassName: '' WindowName: ''
Запускает на исполнение
  • '%WINDIR%\syswow64\cmd.exe' /c ""C:\Users\Public\Pictures\killer.bat" "
  • '%WINDIR%\syswow64\sc.exe' delete OracleJobSchedulerORCL
  • '%WINDIR%\syswow64\net1.exe' stop U8WorkerService1
  • '%WINDIR%\syswow64\net1.exe' stop MSSQL$
  • '%WINDIR%\syswow64\sc.exe' delete IpOverUsbSvc
  • '%WINDIR%\syswow64\sc.exe' delete MsDtsServer100
  • '%WINDIR%\syswow64\sc.exe' delete kbasesrv
  • '%WINDIR%\syswow64\sc.exe' delete KuaiYunTools
  • '%WINDIR%\syswow64\net1.exe' stop "MSOLAP$SHOPCONTROL9"
  • '%WINDIR%\syswow64\sc.exe' config MSSQL$ start=disabled
  • '%WINDIR%\syswow64\sc.exe' delete Protect_2345Explorer
  • '%WINDIR%\syswow64\sc.exe' delete eSightService
  • '%WINDIR%\syswow64\sc.exe' delete 2345PicSvc
  • '%WINDIR%\syswow64\sc.exe' delete apachezt
  • '%WINDIR%\syswow64\sc.exe' delete vmware-converter-agent
  • '%WINDIR%\syswow64\sc.exe' delete KMSELDI
  • '%WINDIR%\syswow64\sc.exe' delete SSMonitorService
  • '%WINDIR%\syswow64\sc.exe' delete btPanel
  • '%WINDIR%\syswow64\sc.exe' delete MMRHookService
  • '%WINDIR%\syswow64\sc.exe' delete OSearch16
  • '%WINDIR%\syswow64\sc.exe' delete "Sense Shield Service"
  • '%WINDIR%\syswow64\sc.exe' delete VMwareHostd
  • '%WINDIR%\syswow64\sc.exe' delete "Flash Helper Service"
  • '%WINDIR%\syswow64\sc.exe' delete AlibabaProtect
  • '%WINDIR%\syswow64\sc.exe' delete ReportServer
  • '%WINDIR%\syswow64\sc.exe' delete SPSearchHostController
  • '%WINDIR%\syswow64\sc.exe' delete "vm-agent"
  • '%WINDIR%\syswow64\sc.exe' delete TeamViewer
  • '%WINDIR%\syswow64\sc.exe' delete "Kiwi Syslog Server"
  • '%WINDIR%\syswow64\sc.exe' delete RabbitMQ
  • '%WINDIR%\syswow64\sc.exe' delete SPTimerV4
  • '%WINDIR%\syswow64\sc.exe' delete VmAgentDaemon
  • '%WINDIR%\syswow64\net1.exe' stop "SQLBrowser"
  • '%WINDIR%\syswow64\sc.exe' delete "UWS HiPriv Services"
  • '%WINDIR%\syswow64\sc.exe' delete "AHS SERVICE"
  • '%WINDIR%\syswow64\sc.exe' delete SPTraceV4
  • '%WINDIR%\syswow64\sc.exe' delete ZTEVdservice
  • '%WINDIR%\syswow64\sc.exe' delete OpenSSHd
  • '%WINDIR%\syswow64\sc.exe' delete qemu-ga
  • '%WINDIR%\syswow64\sc.exe' delete SPAdminV4
  • '%WINDIR%\syswow64\sc.exe' delete ProjectCalcService16
  • '%WINDIR%\syswow64\sc.exe' delete c2wts
  • '%WINDIR%\syswow64\sc.exe' delete vsvnjobsvc
  • '%WINDIR%\syswow64\sc.exe' delete 360EntHttpServer
  • '%WINDIR%\syswow64\sc.exe' delete GPSDownSvr
  • '%WINDIR%\syswow64\sc.exe' delete VirboxWebServer
  • '%WINDIR%\syswow64\sc.exe' delete VisualSVNServer
  • '%WINDIR%\syswow64\sc.exe' delete 360EntSvc
  • '%WINDIR%\syswow64\sc.exe' delete GPSUserSvr
  • '%WINDIR%\syswow64\sc.exe' delete TPlusStdUpgradeService1300
  • '%WINDIR%\syswow64\sc.exe' delete GPSStorageSvr
  • '%WINDIR%\syswow64\sc.exe' delete 360EntClientSvc
  • '%WINDIR%\syswow64\sc.exe' delete GPSDataProcSvr
  • '%WINDIR%\syswow64\sc.exe' delete LMS
  • '%WINDIR%\syswow64\sc.exe' delete BestSyncSvc
  • '%WINDIR%\syswow64\sc.exe' delete NFWebServer
  • '%WINDIR%\syswow64\sc.exe' delete GPSGatewaySvr
  • '%WINDIR%\syswow64\sc.exe' delete jhi_service
  • '%WINDIR%\syswow64\sc.exe' delete "FlexNet Licensing Service 64"
  • '%WINDIR%\syswow64\net1.exe' stop HaoZipSvc
  • '%WINDIR%\syswow64\sc.exe' delete MotionBoardRCService57
  • '%WINDIR%\syswow64\sc.exe' delete ftusbrdsrv
  • '%WINDIR%\syswow64\sc.exe' delete secbizsrv
  • '%WINDIR%\syswow64\sc.exe' delete vmware-converter-worker
  • '%WINDIR%\syswow64\sc.exe' delete TPlusStdAppService1300
  • '%WINDIR%\syswow64\sc.exe' delete AppFabricCachingService
  • '%WINDIR%\syswow64\sc.exe' delete SQLTELEMETRY
  • '%WINDIR%\syswow64\sc.exe' delete QQCertificateService
  • '%WINDIR%\syswow64\sc.exe' delete MSSQL$SQL2008
  • '%WINDIR%\syswow64\sc.exe' delete ADWS
  • '%WINDIR%\syswow64\sc.exe' delete MSMQ
  • '%WINDIR%\syswow64\sc.exe' delete OracleRemExecService
  • '%WINDIR%\syswow64\sc.exe' delete SQLAgent$SQL2008
  • '%WINDIR%\syswow64\sc.exe' delete MotionBoard57
  • '%WINDIR%\syswow64\sc.exe' delete smtpsvrJT
  • '%WINDIR%\syswow64\sc.exe' delete GPSDaemon
  • '%WINDIR%\syswow64\sc.exe' delete TPlusStdTaskService1300
  • '%WINDIR%\syswow64\sc.exe' delete Jenkins
  • '%WINDIR%\syswow64\sc.exe' delete SSSyncService
  • '%WINDIR%\syswow64\sc.exe' delete vmware-converter-server
  • '%WINDIR%\syswow64\sc.exe' delete allpass_redisservice_port21160
  • '%WINDIR%\syswow64\sc.exe' delete VMUSBArbService
  • '%WINDIR%\syswow64\sc.exe' delete ProjectQueueService16
  • '%WINDIR%\syswow64\sc.exe' config MSSQLSERVER start=disabled
  • '%WINDIR%\syswow64\net1.exe' stop UIODetect
  • '%WINDIR%\syswow64\cmd.exe' /c @echo off sc config browser sc config browser start=enabled vssadmin delete shadows /all /quiet sc stop vss sc config vss start=disabled sc stop MongoDB sc config MongoDB start=disabl...
  • '%WINDIR%\syswow64\sc.exe' config "SQL Server (MSSQLSERVER)" start=disabled
  • '%WINDIR%\syswow64\sc.exe' delete "DAService_TCP"
  • '%WINDIR%\syswow64\cmd.exe' /c "color e & @taskkill /IM VBoxSDS.exe /F & @taskkill /IM mysqld.exe /F & @taskkill /IM TeamViewer_Service.exe /F & @taskkill /IM TeamViewer.exe /F & @taskkill /IM CasLicenceServer.exe /F & @t...
  • '%WINDIR%\syswow64\sc.exe' delete "UWS LoPriv Services"
  • '%WINDIR%\syswow64\net1.exe' stop "SQLSERVERAGENT"
  • '%WINDIR%\syswow64\sc.exe' delete OracleOraDb11g_home1ClrAgent
  • '%WINDIR%\syswow64\sc.exe' delete "eCard-TTransServer"
  • '%WINDIR%\syswow64\sc.exe' delete ftnlsv3
  • '%WINDIR%\syswow64\sc.exe' delete SQLSERVERAGENT
  • '%WINDIR%\syswow64\sc.exe' delete OracleOraDb11g_home1TNSListener
  • '%WINDIR%\syswow64\sc.exe' delete REPLICA
  • '%WINDIR%\syswow64\sc.exe' delete "XT800Service_Personal"
  • '%WINDIR%\syswow64\cmd.exe' /c "color e & @taskkill /IM BackupExec.exe /F & @taskkill /IM Att.exe /F & @taskkill /IM mdm.exe /F & @taskkill /IM BackupExecManagementService.exe /F & @taskkill /IM bengine.exe /F & @taskkill...
  • '%WINDIR%\syswow64\sc.exe' delete MSCRMAsyncService
  • '%WINDIR%\syswow64\cmd.exe' /c "color e & @taskkill /IM pg_ctl.exe /F & @taskkill /IM rcrelay.exe /F & @taskkill /IM SogouImeBroker.exe /F & @taskkill /IM CCenter.exe /F & @taskkill /IM ScanFrm.exe /F & @taskkill /IM d_ma...
  • '%WINDIR%\syswow64\cmd.exe' /c "color e & @taskkill /IM ThunderPlatform.exe /F & @taskkill /IM iexplore.exe /F & @taskkill /IM vm-agent.exe /F & @taskkill /IM vm-agent-daemon.exe /F & @taskkill /IM eSightService.exe /F & ...
  • '%WINDIR%\syswow64\cmd.exe' /c "color b & net stop "SQLSERVERAGENT" & net stop "SQLBrowser" & net stop "SQLTELEMETRY" & net stop "MsDtsServer130" & net stop "SSISTELEMETRY130" & net stop "SQLWrite" & net stop "MSSQL$VEEAM...
  • '%WINDIR%\syswow64\cmd.exe' /c "color b & sc config MSSQLSERVER start=disabled & sc config "SQL Server (MSSQLSERVER)" start=disabled & net stop MSSQL$ & sc config MSSQL$ start=disabled & net stop SQLSERVERAGENT & sc confi...
  • '%WINDIR%\syswow64\cmd.exe' /c "color b & taskkill /F /IM Veeam.Backup.Agent.ConfigurationService.exe & taskkill /F /IM Veeam.Backup.BrokerService.exe & taskkill /F /IM Veeam.Backup.CatalogDataService.exe & taskkill /F /I...
  • '%WINDIR%\syswow64\cmd.exe' /c "color b & net stop "MSOLAP$SHOPCONTROL9" & net stop "MSSQL$SHOPCONTROL9" & net stop "MSSQLFDLauncher$SHOPCONTROL9" & net stop "ReportServer$SHOPCONTROL9" & net stop "SQLAgent$SHOPCONTROL9" ...
  • '%WINDIR%\syswow64\cmd.exe' /c "color b & @taskkill /IM Tomcat7w.exe /F & @taskkill /IM "UFSoft.U8.OC.QuartzScheduler.exe" /F & @taskkill /IM UFSoft.U8.OC.QuartzScheduler.exe /F & @taskkill /IM Launchpad.exe /F & @taskkil...
  • '%WINDIR%\syswow64\cmd.exe' /c "color b & @taskkill /IM DDSoftPwsTomcat9.exe /F & @taskkill /IM U8SmartClient.exe /F & @taskkill /IM U8SmartClientMonitor.exe /F & @taskkill /IM tomcat9.exe /F & @taskkill /IM SqlManagement...
  • '%WINDIR%\syswow64\cmd.exe' /c "color b & @sc delete "XT800Service_Personal" & @sc delete SQLSERVERAGENT & @sc delete SQLWriter & @sc delete SQLBrowser & @sc delete MSSQLFDLauncher & @sc delete MSSQLSERVER & @sc delete Qc...
  • '%WINDIR%\syswow64\cmd.exe' /c "color b & @sc delete "DAService_TCP" & @sc delete "eCard-TTransServer" & @sc delete eCardMPService & @sc delete EnergyDataService & @sc delete UI0Detect & @sc delete K3MobileService & @sc d...
  • '%WINDIR%\syswow64\cmd.exe' /c "color b & sc config "SQLWriter" start= disabled"
  • '%WINDIR%\syswow64\cmd.exe' /c "color b & @sc delete OracleOraDb11g_home1ClrAgent & @sc delete OracleOraDb11g_home1TNSListener & @sc delete OracleVssWriterORCL & @sc delete OracleServiceORCL & @sc delete aspnet_state @sc ...
  • '%WINDIR%\syswow64\cmd.exe' /c "@color b & sc delete MSCRMAsyncService & @sc delete REPLICA & @sc delete RTCATS & @sc delete RTCAVMCU & @sc delete RtcQms & @sc delete RTCMEETINGMCU & @sc delete RTCIMMCU & @sc delete RTCDA...
  • '%WINDIR%\syswow64\cmd.exe' /c "color b & @taskkill /IM ReportingServicesService.exe /F & @sc delete "SQL Server Reporting Services" & @sc delete MSSQLFDLauncher & @taskkill /IM U8CEServer.exe /F & @taskkill /IM ServerNT....
  • '%WINDIR%\syswow64\cmd.exe' /c "color a & @net stop U8WorkerService1 & @net stop U8WorkerService2 & @net stop "memcached Server" & @net stop Apache2.4 & @net stop UFIDAWebService & @net stop MSComplianceAudit & @net stop ...
  • '%WINDIR%\syswow64\cmd.exe' /c "color a & @net stop HaoZipSvc & @net stop "igfxCUIService2.0.0.0" & @net stop Realtek11nSU & @net stop xenlite & @net stop XenSvc & @net stop Apache2.2 & @net stop "Synology Drive VSS Servi...
  • '%WINDIR%\syswow64\cmd.exe' /c "color a & @net stop UIODetect & @net stop VMwareHostd & @net stop TeamViewer8 & @net stop VMUSBArbService & @net stop VMAuthdService & @net stop wanxiao-monitor & @net stop WebAttendServer ...
  • '%WINDIR%\syswow64\cmd.exe' /c "color e & @taskkill /IM sqlservr.exe /F & @taskkill /IM httpd.exe /F & @taskkill /IM java.exe /F & @taskkill /IM fdhost.exe /F & @taskkill /IM fdlauncher.exe /F & @taskkill /IM Veeam.Backup...
  • '%WINDIR%\syswow64\sc.exe' delete eCardMPService
  • '%WINDIR%\syswow64\cmd.exe' /c "color b & @sc delete "UWS LoPriv Services" & @sc delete ftnlsv3 & @sc delete ftnlses3 & @sc delete FxService & @sc delete "UtilDev Web Server Pro" & @sc delete ftusbrdwks & @sc delete ftusb...
  • '%WINDIR%\syswow64\sc.exe' delete ftnlses3
  • '%WINDIR%\syswow64\sc.exe' config "SQLWriter" start= disabled
  • '%WINDIR%\syswow64\sc.exe' delete SQLWriter
  • '%WINDIR%\syswow64\sc.exe' delete RTCDATAMCU
  • '%WINDIR%\syswow64\sc.exe' delete "ZTE USBIP Client Guard"
  • '%WINDIR%\syswow64\sc.exe' delete ImeDictUpdateService
  • '%WINDIR%\syswow64\sc.exe' delete UIODetect
  • '%WINDIR%\syswow64\sc.exe' delete RTCCDR
  • '%WINDIR%\syswow64\sc.exe' delete VMTools
  • '%WINDIR%\syswow64\sc.exe' delete "ZTE USBIP Client"
  • '%WINDIR%\syswow64\sc.exe' delete XT800Service_Personal
  • '%WINDIR%\syswow64\sc.exe' delete "wanxiao-monitor"
  • '%WINDIR%\syswow64\sc.exe' delete MCService
  • '%WINDIR%\syswow64\sc.exe' delete "ZTE FileTranS"
  • '%WINDIR%\syswow64\sc.exe' delete VGAuthService
  • '%WINDIR%\syswow64\sc.exe' delete ProjectEventService16
  • '%WINDIR%\syswow64\sc.exe' delete VMAuthdService
  • '%WINDIR%\syswow64\sc.exe' delete wwbizsrv
  • '%WINDIR%\syswow64\sc.exe' delete MSDTC
  • '%WINDIR%\syswow64\sc.exe' delete WebAttendServer
  • '%WINDIR%\syswow64\sc.exe' delete OracleVssWriterORCL
  • '%WINDIR%\syswow64\sc.exe' delete MSSQLServerOLAPService
  • '%WINDIR%\syswow64\sc.exe' delete zyb_sync
  • '%WINDIR%\syswow64\sc.exe' delete "FontCache3.0.0.0"
  • '%WINDIR%\syswow64\sc.exe' delete QcSoftService
  • '%WINDIR%\syswow64\sc.exe' delete EnergyDataService
  • '%WINDIR%\syswow64\sc.exe' delete FxService
  • '%WINDIR%\syswow64\sc.exe' delete SQLBrowser
  • '%WINDIR%\syswow64\sc.exe' delete OracleServiceORCL
  • '%WINDIR%\syswow64\sc.exe' delete RTCAVMCU
  • '%WINDIR%\syswow64\sc.exe' delete UI0Detect
  • '%WINDIR%\syswow64\sc.exe' delete "UtilDev Web Server Pro"
  • '%WINDIR%\syswow64\sc.exe' delete RTCATS
  • '%WINDIR%\syswow64\sc.exe' delete MSSQLFDLauncher
  • '%WINDIR%\syswow64\sc.exe' delete RtcQms
  • '%WINDIR%\syswow64\sc.exe' delete K3MobileService
  • '%WINDIR%\syswow64\sc.exe' delete RTCMEETINGMCU
  • '%WINDIR%\syswow64\sc.exe' delete MSSQLSERVER
  • '%WINDIR%\syswow64\sc.exe' delete ftusbrdwks
  • '%WINDIR%\syswow64\sc.exe' delete TCPIDDAService
  • '%WINDIR%\syswow64\sc.exe' delete RTCIMMCU
  • '%WINDIR%\syswow64\sc.exe' delete aspnet_state @sc delete Redis
  • '%WINDIR%\syswow64\sc.exe' delete JhTask
  • '%WINDIR%\syswow64\sc.exe' delete LPManager

Рекомендации по лечению

  1. В случае если операционная система способна загрузиться (в штатном режиме или режиме защиты от сбоев), скачайте лечащую утилиту Dr.Web CureIt! и выполните с ее помощью полную проверку вашего компьютера, а также используемых вами переносных носителей информации.
  2. Если загрузка операционной системы невозможна, измените настройки BIOS вашего компьютера, чтобы обеспечить возможность загрузки ПК с компакт-диска или USB-накопителя. Скачайте образ аварийного диска восстановления системы Dr.Web® LiveDisk или утилиту записи Dr.Web® LiveDisk на USB-накопитель, подготовьте соответствующий носитель. Загрузив компьютер с использованием данного носителя, выполните его полную проверку и лечение обнаруженных угроз.
Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Выполните полную проверку системы с использованием Антивируса Dr.Web Light для macOS. Данный продукт можно загрузить с официального сайта Apple App Store.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Скачать Dr.Web с Apple Store

На загруженной ОС выполните полную проверку всех дисковых разделов с использованием продукта Антивирус Dr.Web для Linux.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

  1. Если мобильное устройство функционирует в штатном режиме, загрузите и установите на него бесплатный антивирусный продукт Dr.Web для Android Light. Выполните полную проверку системы и используйте рекомендации по нейтрализации обнаруженных угроз.
  2. Если мобильное устройство заблокировано троянцем-вымогателем семейства Android.Locker (на экране отображается обвинение в нарушении закона, требование выплаты определенной денежной суммы или иное сообщение, мешающее нормальной работе с устройством), выполните следующие действия:
    • загрузите свой смартфон или планшет в безопасном режиме (в зависимости от версии операционной системы и особенностей конкретного мобильного устройства эта процедура может быть выполнена различными способами; обратитесь за уточнением к инструкции, поставляемой вместе с приобретенным аппаратом, или напрямую к его производителю);
    • после активации безопасного режима установите на зараженное устройство бесплатный антивирусный продукт Dr.Web для Android Light и произведите полную проверку системы, выполнив рекомендации по нейтрализации обнаруженных угроз;
    • выключите устройство и включите его в обычном режиме.

Подробнее о Dr.Web для Android

Демо бесплатно на 14 дней

Выдаётся при установке

Скачать с сайта
Скачать с Google Play