Поддержка
Круглосуточная поддержка

Позвоните

Бесплатно по России:
8-800-333-79-32

ЧаВо | Форум

Ваши запросы

  • Все: -
  • Незакрытые: -
  • Последний: -

Позвоните

Бесплатно по России:
8-800-333-79-32

Свяжитесь с нами Незакрытые запросы: 

Профиль

Профиль

Trojan.Encoder.38491

Добавлен в вирусную базу Dr.Web: 2024-01-18

Описание добавлено:

Техническая информация

Для обеспечения автозапуска и распространения
Создает следующие файлы на съемном носителе
  • <Имя диска съемного носителя>:\whathappened.txt
Вредоносные функции
Для затруднения выявления своего присутствия в системе
блокирует:
  • Компонент восстановления системы (SR)
удаляет теневые копии разделов.
Завершает или пытается завершить
следующие пользовательские процессы:
  • firefox.exe
Изменения в файловой системе
Создает следующие файлы
  • C:\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\3\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\30\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\32\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\33\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\31\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\34\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\35\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\36\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\37\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\38\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\20\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\39\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\42\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\41\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\43\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\44\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\45\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\46\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\47\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\48\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\5\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\49\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\50\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\51\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\27\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\4\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\29\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\23\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\28\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\26\whathappened.txt
  • %LOCALAPPDATA%\thunderbird\profiles\hmz1jddi.default\whathappened.txt
  • %LOCALAPPDATA%low\whathappened.txt
  • %LOCALAPPDATA%low\oracle\java\au\whathappened.txt
  • %LOCALAPPDATA%low\oracle\whathappened.txt
  • %LOCALAPPDATA%low\oracle\java\whathappened.txt
  • %LOCALAPPDATA%low\sun\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\10\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\1\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\52\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\0\whathappened.txt
  • %LOCALAPPDATA%\thunderbird\profiles\chdgbv82.default-release\safebrowsing\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\11\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\12\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\14\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\15\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\16\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\17\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\18\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\19\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\2\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\21\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\24\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\25\whathappened.txt
  • %LOCALAPPDATA%\thunderbird\profiles\chdgbv82.default-release\safebrowsing\google4\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\22\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\13\whathappened.txt
  • %LOCALAPPDATA%\thunderbird\profiles\chdgbv82.default-release\startupcache\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\53\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\57\whathappened.txt
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\extensions\whathappened.txt
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\minidumps\whathappened.txt
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\saved-telemetry-pings\whathappened.txt
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\whathappened.txt
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\default\whathappened.txt
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\permanent\whathappened.txt
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\permanent\chrome\idb\whathappened.txt
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\whathappened.txt
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\permanent\chrome\whathappened.txt
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\whathappened.txt
  • %APPDATA%\thunderbird\profiles\hmz1jddi.default\whathappened.txt
  • %HOMEPATH%\contacts\whathappened.txt
  • %APPDATA%\thunderbird\crash reports\whathappened.txt
  • %HOMEPATH%\desktop\whathappened.txt
  • %HOMEPATH%\downloads\whathappened.txt
  • %HOMEPATH%\favorites\whathappened.txt
  • %HOMEPATH%\favorites\links\whathappened.txt
  • %HOMEPATH%\favorites\links for united states\whathappened.txt
  • %HOMEPATH%\favorites\microsoft websites\whathappened.txt
  • %HOMEPATH%\favorites\msn websites\whathappened.txt
  • %HOMEPATH%\favorites\windows live\whathappened.txt
  • %HOMEPATH%\links\whathappened.txt
  • %HOMEPATH%\music\whathappened.txt
  • %HOMEPATH%\pictures\whathappened.txt
  • %HOMEPATH%\saved games\whathappened.txt
  • D:\whathappened.txt
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\datareporting\archived\whathappened.txt
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\datareporting\archived\2023-09\whathappened.txt
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\datareporting\whathappened.txt
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\crashes\events\whathappened.txt
  • C:\users\default\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\40\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\59\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\58\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\60\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\6\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\61\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\62\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\63\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\7\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\8\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\9\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\54\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\56\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\55\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\host\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\security\whathappened.txt
  • %APPDATA%\media center programs\whathappened.txt
  • %APPDATA%\thunderbird\whathappened.txt
  • %APPDATA%\identities\whathappened.txt
  • %APPDATA%\identities\{1bc91121-7903-48ee-bf78-1bc7ca4b5761}\whathappened.txt
  • %APPDATA%\thunderbird\pending pings\whathappened.txt
  • %APPDATA%\telegram desktop\whathappened.txt
  • %APPDATA%\thunderbird\profiles\whathappened.txt
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\crashes\whathappened.txt
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\whathappened.txt
  • %APPDATA%\thunderbird\crash reports\events\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\muffin\whathappened.txt
  • %LOCALAPPDATA%low\sun\java\jre1.8.0_45_x64\whathappened.txt
  • %APPDATA%\whathappened.txt
  • %LOCALAPPDATA%\thunderbird\profiles\chdgbv82.default-release\cache2\entries\whathappened.txt
  • %LOCALAPPDATA%\thunderbird\profiles\chdgbv82.default-release\cache2\whathappened.txt
  • %LOCALAPPDATA%\thunderbird\profiles\chdgbv82.default-release\cache2\doomed\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{6cd9e9ed-906d-4196-8dc3-f987d2f6615f}v14.29.30133\packages\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{6cd9e9ed-906d-4196-8dc3-f987d2f6615f}v14.29.30133\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{6cd9e9ed-906d-4196-8dc3-f987d2f6615f}v14.29.30133\packages\vcruntimeminimum_amd64\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\packages\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{9d29fc96-9eee-4253-943f-96b3bbfdd0b6}v14.16.27024\packages\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\packages\vcruntimeadditional_amd64\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{9d29fc96-9eee-4253-943f-96b3bbfdd0b6}v14.16.27024\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{9d29fc96-9eee-4253-943f-96b3bbfdd0b6}v14.16.27024\packages\vcruntimeadditional_amd64\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\packages\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\packages\vcruntimeminimum_amd64\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{ec9807de-b577-47b1-a024-0251805acf24}v14.29.30133\packages\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\packages\vcruntimeadditional_x86\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\packages\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\packages\vcruntimeminimum_x86\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\packages\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\packages\vcruntimeminimum_amd64\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{e699e009-1c3c-4e50-9b57-2b39f0954c7f}v14.29.30133\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{e699e009-1c3c-4e50-9b57-2b39f0954c7f}v14.29.30133\packages\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{e699e009-1c3c-4e50-9b57-2b39f0954c7f}v14.29.30133\packages\vcruntimeadditional_amd64\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{42667d2e-b054-46c1-9d46-2ee1332c14c1}v14.29.30133\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{38b2c744-ad08-4d5b-91a2-3fb6f739ff3e}\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{42667d2e-b054-46c1-9d46-2ee1332c14c1}v14.29.30133\packages\vcruntimeadditional_x86\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\packages\vcruntimeadditional_amd64\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\packages\whathappened.txt
  • C:\kms\whathappened.txt
  • C:\perflogs\admin\whathappened.txt
  • %ALLUSERSPROFILE%\adobe\arm\whathappened.txt
  • %ALLUSERSPROFILE%\adobe\arm\s\whathappened.txt
  • %ALLUSERSPROFILE%\adobe\arm\{291aa914-a987-4ce9-bd63-ac0a92d435e5}\whathappened.txt
  • %ALLUSERSPROFILE%\adobe\setup\whathappened.txt
  • %ALLUSERSPROFILE%\adobe\setup\{ac76ba86-7ad7-1033-7b44-ac0f074e4100}\whathappened.txt
  • %ALLUSERSPROFILE%\adobe\whathappened.txt
  • %ALLUSERSPROFILE%\microsoft help\whathappened.txt
  • %ALLUSERSPROFILE%\whathappened.txt
  • m:\$recycle.bin\s-1-5-21-3150914307-1777937420-491476919-1000\desktop.ini
  • %ALLUSERSPROFILE%\oracle\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{ec9807de-b577-47b1-a024-0251805acf24}v14.29.30133\whathappened.txt
  • %ALLUSERSPROFILE%\oracle\java\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\packages\whathappened.txt
  • %ALLUSERSPROFILE%\oracle\java\javapath\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\42d5bec7ddfbd49e76467529cbc2868987bf8460\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\42d5bec7ddfbd49e76467529cbc2868987bf8460\packages\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\42d5bec7ddfbd49e76467529cbc2868987bf8460\packages\patch\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\42d5bec7ddfbd49e76467529cbc2868987bf8460\packages\patch\x64\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\packages\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\packages\vcruntimeminimum_x86\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{295d1583-fdb9-414b-a4c8-da539362a26b}\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\whathappened.txt
  • %ALLUSERSPROFILE%\oracle\java\installcache_x64\whathappened.txt
  • C:\perflogs\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{42667d2e-b054-46c1-9d46-2ee1332c14c1}v14.29.30133\packages\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{f1b0fb3a-e0ea-47a6-9383-3650655403b0}v14.16.27024\packages\whathappened.txt
  • C:\users\public\downloads\whathappened.txt
  • C:\users\public\libraries\whathappened.txt
  • C:\users\public\music\whathappened.txt
  • C:\users\public\music\sample music\whathappened.txt
  • C:\users\public\pictures\whathappened.txt
  • C:\users\public\pictures\sample pictures\whathappened.txt
  • C:\users\public\recorded tv\whathappened.txt
  • C:\users\public\recorded tv\sample media\whathappened.txt
  • C:\users\public\videos\whathappened.txt
  • C:\users\public\videos\sample videos\whathappened.txt
  • %HOMEPATH%\whathappened.txt
  • %HOMEPATH%\appdata\whathappened.txt
  • C:\users\public\documents\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{ec9807de-b577-47b1-a024-0251805acf24}v14.29.30133\packages\vcruntimeminimum_x86\whathappened.txt
  • C:\users\public\favorites\whathappened.txt
  • %LOCALAPPDATA%\whathappened.txt
  • %TEMP%\whathappened.txt
  • %TEMP%\hsperfdata_user\whathappened.txt
  • %TEMP%\low\whathappened.txt
  • %TEMP%\microsoft .net framework 4 setup_4.0.30319\whathappened.txt
  • %TEMP%\microsoft visual c++ 2010 x64 redistributable setup_10.0.30319\whathappened.txt
  • %TEMP%\microsoft visual c++ 2010 x86 redistributable setup_10.0.30319\whathappened.txt
  • %TEMP%\opera installer\whathappened.txt
  • %TEMP%\wpdnse\whathappened.txt
  • %LOCALAPPDATA%\thunderbird\whathappened.txt
  • %LOCALAPPDATA%\thunderbird\profiles\whathappened.txt
  • %LOCALAPPDATA%\thunderbird\profiles\chdgbv82.default-release\whathappened.txt
  • %LOCALAPPDATA%\microsoft help\whathappened.txt
  • %LOCALAPPDATA%\programs\whathappened.txt
  • %LOCALAPPDATA%\programs\common\whathappened.txt
  • %HOMEPATH%\documents\whathappened.txt
  • %HOMEPATH%\searches\whathappened.txt
  • C:\users\default\videos\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\packages\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{f1b0fb3a-e0ea-47a6-9383-3650655403b0}v14.16.27024\packages\vcruntimeminimum_amd64\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{f65db027-aff3-4070-886a-0d87064aabb1}\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\packages\vcruntimeadditional_x86\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{fd9b6070-d13e-45dc-819b-41806bf45b6b}\whathappened.txt
  • %ALLUSERSPROFILE%\sun\whathappened.txt
  • %ALLUSERSPROFILE%\sun\java\whathappened.txt
  • %ALLUSERSPROFILE%\sun\java\java update\whathappened.txt
  • C:\recovery\4cc8e8a4-51d2-11ee-b826-9a90d4dcffb5\whathappened.txt
  • <Текущая директория>\whathappened.txt
  • C:\recovery\whathappened.txt
  • C:\users\public\whathappened.txt
  • C:\users\public\desktop\whathappened.txt
  • C:\users\whathappened.txt
  • C:\users\default\appdata\local\temp\whathappened.txt
  • C:\users\default\appdata\local\whathappened.txt
  • C:\users\default\appdata\roaming\media center programs\whathappened.txt
  • C:\users\default\appdata\roaming\whathappened.txt
  • C:\users\default\desktop\whathappened.txt
  • C:\users\default\documents\whathappened.txt
  • C:\users\default\downloads\whathappened.txt
  • C:\users\default\favorites\whathappened.txt
  • C:\users\default\links\whathappened.txt
  • C:\users\default\music\whathappened.txt
  • C:\users\default\pictures\whathappened.txt
  • C:\users\default\saved games\whathappened.txt
  • %ALLUSERSPROFILE%\package cache\{f1b0fb3a-e0ea-47a6-9383-3650655403b0}v14.16.27024\whathappened.txt
  • C:\users\default\appdata\whathappened.txt
  • %HOMEPATH%\videos\whathappened.txt
Перемещает следующие файлы
  • %TEMP%\adobearm.log в %TEMP%\adobearm.log.dydxn
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\enigmail.sqlite в %APPDATA%\thunderbird\profiles\chdgbv82.default-release\enigmail.sqlite.dydxn
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\extension-preferences.json в %APPDATA%\thunderbird\profiles\chdgbv82.default-release\extension-preferences.json.dydxn
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\directorytree.json в %APPDATA%\thunderbird\profiles\chdgbv82.default-release\directorytree.json.dydxn
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\addons.json в %APPDATA%\thunderbird\profiles\chdgbv82.default-release\addons.json.dydxn
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\cookies.sqlite в %APPDATA%\thunderbird\profiles\chdgbv82.default-release\cookies.sqlite.dydxn
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\blist.sqlite в %APPDATA%\thunderbird\profiles\chdgbv82.default-release\blist.sqlite.dydxn
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\addonstartup.json.lz4 в %APPDATA%\thunderbird\profiles\chdgbv82.default-release\addonstartup.json.lz4.dydxn
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\abook.sqlite в %APPDATA%\thunderbird\profiles\chdgbv82.default-release\abook.sqlite.dydxn
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\crashes\store.json.mozlz4 в %APPDATA%\thunderbird\profiles\chdgbv82.default-release\crashes\store.json.mozlz4.dydxn
  • %TEMP%\wmsetup.log в %TEMP%\wmsetup.log.dydxn
  • %TEMP%\tmpaddon в %TEMP%\tmpaddon.dydxn
  • %TEMP%\setupexe(202309121734336dc).log в %TEMP%\setupexe(202309121734336dc).log.dydxn
  • %TEMP%\rgia609.tmp-tmp в %TEMP%\rgia609.tmp-tmp.dydxn
  • %TEMP%\rgia609.tmp в %TEMP%\rgia609.tmp.dydxn
  • %TEMP%\microsoft visual c++ 2010 x86 redistributable setup_20230912_171631997.html в %TEMP%\microsoft visual c++ 2010 x86 redistributable setup_20230912_171631997.html.dydxn
  • %TEMP%\microsoft visual c++ 2010 x86 redistributable setup_20230912_171631997-msi_vc_red.msi.txt в %TEMP%\microsoft visual c++ 2010 x86 redistributable setup_20230912_171631997-msi_vc_red.msi.txt.dydxn
  • %TEMP%\microsoft visual c++ 2010 x64 redistributable setup_20230912_171623793.html в %TEMP%\microsoft visual c++ 2010 x64 redistributable setup_20230912_171623793.html.dydxn
  • %TEMP%\microsoft visual c++ 2010 x64 redistributable setup_20230912_171623793-msi_vc_red.msi.txt в %TEMP%\microsoft visual c++ 2010 x64 redistributable setup_20230912_171623793-msi_vc_red.msi.txt.dydxn
  • %TEMP%\microsoft visual c++ 2010 x64 redistributable setup_20230912_171604215.html в %TEMP%\microsoft visual c++ 2010 x64 redistributable setup_20230912_171604215.html.dydxn
  • %TEMP%\microsoft .net framework 4.8 setup_20230912_173103134.html в %TEMP%\microsoft .net framework 4.8 setup_20230912_173103134.html.dydxn
  • %TEMP%\microsoft visual c++ 2010 x64 redistributable setup_20230912_171604215-msi_vc_red.msi.txt в %TEMP%\microsoft visual c++ 2010 x64 redistributable setup_20230912_171604215-msi_vc_red.msi.txt.dydxn
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\extensions.json в %APPDATA%\thunderbird\profiles\chdgbv82.default-release\extensions.json.dydxn
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\formhistory.sqlite в %APPDATA%\thunderbird\profiles\chdgbv82.default-release\formhistory.sqlite.dydxn
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\favicons.sqlite в %APPDATA%\thunderbird\profiles\chdgbv82.default-release\favicons.sqlite.dydxn
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\history.sqlite в %APPDATA%\thunderbird\profiles\chdgbv82.default-release\history.sqlite.dydxn
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite в %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite.dydxn
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\saved-telemetry-pings\d8154144-ac52-40e8-b685-b640783b2c0d в %APPDATA%\thunderbird\profiles\chdgbv82.default-release\saved-telemetry-pings\d8154144-ac52-40e8-b685-b640783b2c0d.dydxn
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\saved-telemetry-pings\22a456d0-5d02-445b-9603-4fe4b9e5c45c в %APPDATA%\thunderbird\profiles\chdgbv82.default-release\saved-telemetry-pings\22a456d0-5d02-445b-9603-4fe4b9e5c45c.dydxn
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\saved-telemetry-pings\199a0618-6d48-4205-858d-6b9a8ba9e913 в %APPDATA%\thunderbird\profiles\chdgbv82.default-release\saved-telemetry-pings\199a0618-6d48-4205-858d-6b9a8ba9e913.dydxn
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\datareporting\archived\2023-09\1694565729926.199a0618-6d48-4205-858d-6b9a8ba9e913.first-shutdown.jsonlz4 в %APPDATA%\thunderbird\profiles\chdgbv82.default-release\datareporting\archived\2023-09\1694565729926.199a0618-6d48-4205-858d-6b9a8ba9e913.first-shutdown.jsonlz4.dydxn
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\datareporting\archived\2023-09\1694565729925.d8154144-ac52-40e8-b685-b640783b2c0d.main.jsonlz4 в %APPDATA%\thunderbird\profiles\chdgbv82.default-release\datareporting\archived\2023-09\1694565729925.d8154144-ac52-40e8-b685-b640783b2c0d.main.jsonlz4.dydxn
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\datareporting\state.json в %APPDATA%\thunderbird\profiles\chdgbv82.default-release\datareporting\state.json.dydxn
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\datareporting\archived\2023-09\1694565729880.22a456d0-5d02-445b-9603-4fe4b9e5c45c.new-profile.jsonlz4 в %APPDATA%\thunderbird\profiles\chdgbv82.default-release\datareporting\archived\2023-09\1694565729880.22a456d0-5d02-445b-9603-4fe4b9e5c45c.new-profile.jsonlz4.dydxn
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\datareporting\session-state.json в %APPDATA%\thunderbird\profiles\chdgbv82.default-release\datareporting\session-state.json.dydxn
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\webappsstore.sqlite в %APPDATA%\thunderbird\profiles\chdgbv82.default-release\webappsstore.sqlite.dydxn
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\xulstore.json в %APPDATA%\thunderbird\profiles\chdgbv82.default-release\xulstore.json.dydxn
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage.sqlite в %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage.sqlite.dydxn
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\times.json в %APPDATA%\thunderbird\profiles\chdgbv82.default-release\times.json.dydxn
  • %APPDATA%\thunderbird\crash reports\installtime20210406220621 в %APPDATA%\thunderbird\crash reports\installtime20210406220621.dydxn
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\sessioncheckpoints.json в %APPDATA%\thunderbird\profiles\chdgbv82.default-release\sessioncheckpoints.json.dydxn
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\prefs.js в %APPDATA%\thunderbird\profiles\chdgbv82.default-release\prefs.js.dydxn
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\places.sqlite в %APPDATA%\thunderbird\profiles\chdgbv82.default-release\places.sqlite.dydxn
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\search.json.mozlz4 в %APPDATA%\thunderbird\profiles\chdgbv82.default-release\search.json.mozlz4.dydxn
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\pkcs11.txt в %APPDATA%\thunderbird\profiles\chdgbv82.default-release\pkcs11.txt.dydxn
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\permissions.sqlite в %APPDATA%\thunderbird\profiles\chdgbv82.default-release\permissions.sqlite.dydxn
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\openpgp.sqlite в %APPDATA%\thunderbird\profiles\chdgbv82.default-release\openpgp.sqlite.dydxn
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\global-messages-db.sqlite в %APPDATA%\thunderbird\profiles\chdgbv82.default-release\global-messages-db.sqlite.dydxn
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\permanent\chrome\.metadata-v2 в %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\permanent\chrome\.metadata-v2.dydxn
  • %TEMP%\microsoft .net framework 4 setup_20230912_172639823.html в %TEMP%\microsoft .net framework 4 setup_20230912_172639823.html.dydxn
  • %TEMP%\microsoft .net framework 4 setup_20230912_172639823-msi_netfx_extended_x64.msi.txt в %TEMP%\microsoft .net framework 4 setup_20230912_172639823-msi_netfx_extended_x64.msi.txt.dydxn
  • %TEMP%\microsoft .net framework 4 setup_20230912_172639823-msi_netfx_core_x64.msi.txt в %TEMP%\microsoft .net framework 4 setup_20230912_172639823-msi_netfx_core_x64.msi.txt.dydxn
  • %TEMP%\dd_vcredist_amd64_20230912172034_001_vcruntimeminimum_x64.log в %TEMP%\dd_vcredist_amd64_20230912172034_001_vcruntimeminimum_x64.log.dydxn
  • %TEMP%\dd_vcredist_amd64_20230912172034.log в %TEMP%\dd_vcredist_amd64_20230912172034.log.dydxn
  • %TEMP%\dd_vcredist_amd64_20230912172034_002_vcruntimeadditional_x64.log в %TEMP%\dd_vcredist_amd64_20230912172034_002_vcruntimeadditional_x64.log.dydxn
  • %TEMP%\dd_vcredist_amd64_20230912171824_001_vcruntimeadditional_x64.log в %TEMP%\dd_vcredist_amd64_20230912171824_001_vcruntimeadditional_x64.log.dydxn
  • %TEMP%\dd_vcredist_amd64_20230912171824.log в %TEMP%\dd_vcredist_amd64_20230912171824.log.dydxn
  • %TEMP%\dd_vcredist_amd64_20230912171735_1_vcruntimeadditional_x64.log в %TEMP%\dd_vcredist_amd64_20230912171735_1_vcruntimeadditional_x64.log.dydxn
  • %TEMP%\dd_vcredist_amd64_20230912171824_000_vcruntimeminimum_x64.log в %TEMP%\dd_vcredist_amd64_20230912171824_000_vcruntimeminimum_x64.log.dydxn
  • %TEMP%\dd_vcredist_amd64_20230912171735_0_vcruntimeminimum_x64.log в %TEMP%\dd_vcredist_amd64_20230912171735_0_vcruntimeminimum_x64.log.dydxn
  • %TEMP%\dd_vcredist_amd64_20230912171735.log в %TEMP%\dd_vcredist_amd64_20230912171735.log.dydxn
  • %TEMP%\dd_vcredist_amd64_20230912171641_0_vcruntimeminimum_x64.log в %TEMP%\dd_vcredist_amd64_20230912171641_0_vcruntimeminimum_x64.log.dydxn
  • %TEMP%\dd_vcredistui12db.txt в %TEMP%\dd_vcredistui12db.txt.dydxn
  • %TEMP%\dd_vcredist_amd64_20230912171641_1_vcruntimeadditional_x64.log в %TEMP%\dd_vcredist_amd64_20230912171641_1_vcruntimeadditional_x64.log.dydxn
  • %TEMP%\dd_vcredist_amd64_20230912171641.log в %TEMP%\dd_vcredist_amd64_20230912171641.log.dydxn
  • %TEMP%\dd_vcredistmsi12db.txt в %TEMP%\dd_vcredistmsi12db.txt.dydxn
  • %TEMP%\dd_setuputility.txt в %TEMP%\dd_setuputility.txt.dydxn
  • %TEMP%\dd_ndp48-x86-x64-allos-enu_decompression_log.txt в %TEMP%\dd_ndp48-x86-x64-allos-enu_decompression_log.txt.dydxn
  • %TEMP%\aspnetsetup_00001.log в %TEMP%\aspnetsetup_00001.log.dydxn
  • %TEMP%\adobesfx.log в %TEMP%\adobesfx.log.dydxn
  • %TEMP%\dd_dotnetfx40_full_x86_x64_decompression_log.txt в %TEMP%\dd_dotnetfx40_full_x86_x64_decompression_log.txt.dydxn
  • %TEMP%\chrome_installer.log в %TEMP%\chrome_installer.log.dydxn
  • %TEMP%\aspnetsetup_00000.log в %TEMP%\aspnetsetup_00000.log.dydxn
  • %TEMP%\dd_vcredist_amd64_20230912172134.log в %TEMP%\dd_vcredist_amd64_20230912172134.log.dydxn
  • %TEMP%\dd_vcredist_amd64_20230912172247.log в %TEMP%\dd_vcredist_amd64_20230912172247.log.dydxn
  • %TEMP%\dd_vcredist_amd64_20230912172315.log в %TEMP%\dd_vcredist_amd64_20230912172315.log.dydxn
  • %TEMP%\dd_vcredist_amd64_20230912172247_001_vcruntimeminimum_x64.log в %TEMP%\dd_vcredist_amd64_20230912172247_001_vcruntimeminimum_x64.log.dydxn
  • %TEMP%\javadeployreg.log в %TEMP%\javadeployreg.log.dydxn
  • %TEMP%\jusched.log в %TEMP%\jusched.log.dydxn
  • %TEMP%\dd_wcf_ca_smci_20230913_002946_802.txt в %TEMP%\dd_wcf_ca_smci_20230913_002946_802.txt.dydxn
  • %TEMP%\dd_wcf_ca_smci_20230913_002944_977.txt в %TEMP%\dd_wcf_ca_smci_20230913_002944_977.txt.dydxn
  • %TEMP%\dd_vcredist_x86_20230912172350.log в %TEMP%\dd_vcredist_x86_20230912172350.log.dydxn
  • %TEMP%\dd_vcredist_x86_20230912172322_002_vcruntimeadditional_x86.log в %TEMP%\dd_vcredist_x86_20230912172322_002_vcruntimeadditional_x86.log.dydxn
  • %TEMP%\dd_vcredist_x86_20230912172322_001_vcruntimeminimum_x86.log в %TEMP%\dd_vcredist_x86_20230912172322_001_vcruntimeminimum_x86.log.dydxn
  • %TEMP%\dd_vcredist_x86_20230912172322.log в %TEMP%\dd_vcredist_x86_20230912172322.log.dydxn
  • %TEMP%\dd_vcredist_x86_20230912172224.log в %TEMP%\dd_vcredist_x86_20230912172224.log.dydxn
  • %TEMP%\dd_vcredist_x86_20230912172157_002_vcruntimeadditional_x86.log в %TEMP%\dd_vcredist_x86_20230912172157_002_vcruntimeadditional_x86.log.dydxn
  • %TEMP%\dd_vcredist_x86_20230912172157.log в %TEMP%\dd_vcredist_x86_20230912172157.log.dydxn
  • %TEMP%\dd_vcredist_x86_20230912172157_001_vcruntimeminimum_x86.log в %TEMP%\dd_vcredist_x86_20230912172157_001_vcruntimeminimum_x86.log.dydxn
  • %TEMP%\dd_vcredist_x86_20230912171936.log в %TEMP%\dd_vcredist_x86_20230912171936.log.dydxn
  • %TEMP%\dd_vcredist_x86_20230912171936_001_vcruntimeadditional_x86.log в %TEMP%\dd_vcredist_x86_20230912171936_001_vcruntimeadditional_x86.log.dydxn
  • %TEMP%\dd_vcredist_x86_20230912171936_000_vcruntimeminimum_x86.log в %TEMP%\dd_vcredist_x86_20230912171936_000_vcruntimeminimum_x86.log.dydxn
  • %TEMP%\dd_vcredist_x86_20230912171759_1_vcruntimeadditional_x86.log в %TEMP%\dd_vcredist_x86_20230912171759_1_vcruntimeadditional_x86.log.dydxn
  • %TEMP%\dd_vcredist_x86_20230912171759.log в %TEMP%\dd_vcredist_x86_20230912171759.log.dydxn
  • %TEMP%\dd_vcredist_x86_20230912171710_1_vcruntimeadditional_x86.log в %TEMP%\dd_vcredist_x86_20230912171710_1_vcruntimeadditional_x86.log.dydxn
  • %TEMP%\dd_vcredist_x86_20230912171759_0_vcruntimeminimum_x86.log в %TEMP%\dd_vcredist_x86_20230912171759_0_vcruntimeminimum_x86.log.dydxn
  • %TEMP%\dd_vcredist_x86_20230912171710.log в %TEMP%\dd_vcredist_x86_20230912171710.log.dydxn
  • %TEMP%\dd_vcredist_x86_20230912171710_0_vcruntimeminimum_x86.log в %TEMP%\dd_vcredist_x86_20230912171710_0_vcruntimeminimum_x86.log.dydxn
  • %TEMP%\dd_vcredist_amd64_20230912172247_002_vcruntimeadditional_x64.log в %TEMP%\dd_vcredist_amd64_20230912172247_002_vcruntimeadditional_x64.log.dydxn
  • %TEMP%\jawshtml.html в %TEMP%\jawshtml.html.dydxn
  • %APPDATA%\thunderbird\profiles\hmz1jddi.default\times.json в %APPDATA%\thunderbird\profiles\hmz1jddi.default\times.json.dydxn
Изменяет следующие файлы
  • C:\kms\kms_vl_all_aio_debug.log.dydxn
  • %ALLUSERSPROFILE%\microsoft help\ms.winword.dev.14.1033.hxn.dydxn
  • %ALLUSERSPROFILE%\microsoft help\ms.setlang.14.1033.hxn.dydxn
  • %ALLUSERSPROFILE%\package cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\state.rsm.dydxn
  • %ALLUSERSPROFILE%\microsoft help\ms.powerpnt.dev.14.1033.hxn.dydxn
  • %ALLUSERSPROFILE%\package cache\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\packages\vcruntimeminimum_x86\cab1.cab.dydxn
  • %ALLUSERSPROFILE%\oracle\java\installcache_x64\baseimagefam8.dydxn
  • %ALLUSERSPROFILE%\microsoft help\ms.powerpnt.14.1033.hxn.dydxn
  • %ALLUSERSPROFILE%\microsoft help\ms.winword.14.1033.hxn.dydxn
  • %ALLUSERSPROFILE%\microsoft help\ms.outlook.dev.14.1033.hxn.dydxn
  • %ALLUSERSPROFILE%\microsoft help\ms.outlook.14.1033.hxn.dydxn
  • %ALLUSERSPROFILE%\microsoft help\ms.mspub.dev.14.1033.hxn.dydxn
  • %ALLUSERSPROFILE%\microsoft help\ms.ois.14.1033.hxn.dydxn
  • %ALLUSERSPROFILE%\package cache\{295d1583-fdb9-414b-a4c8-da539362a26b}\state.rsm.dydxn
  • %ALLUSERSPROFILE%\microsoft help\ms.mspub.14.1033.hxn.dydxn
  • %ALLUSERSPROFILE%\microsoft help\ms.msaccess.14.1033.hxn.dydxn
  • %ALLUSERSPROFILE%\microsoft help\ms.onenote.14.1033.hxn.dydxn
  • %ALLUSERSPROFILE%\microsoft help\ms.graph.14.1033.hxn.dydxn
  • %ALLUSERSPROFILE%\microsoft help\ms.excel.dev.14.1033.hxn.dydxn
  • %ALLUSERSPROFILE%\microsoft help\ms.msouc.14.1033.hxn.dydxn
  • %ALLUSERSPROFILE%\microsoft help\ms.infopath.14.1033.hxn.dydxn
  • %ALLUSERSPROFILE%\microsoft help\ms.msaccess.dev.14.1033.hxn.dydxn
  • %ALLUSERSPROFILE%\microsoft help\ms.groove.14.1033.hxn.dydxn
  • %ALLUSERSPROFILE%\microsoft help\ms.infopatheditor.14.1033.hxn.dydxn
  • %ALLUSERSPROFILE%\microsoft help\ms.excel.14.1033.hxn.dydxn
  • %ALLUSERSPROFILE%\microsoft help\hx.hxn.dydxn
  • %ALLUSERSPROFILE%\adobe\setup\{ac76ba86-7ad7-1033-7b44-ac0f074e4100}\data1.cab.dydxn
  • %ALLUSERSPROFILE%\microsoft help\ms.mstore.14.1033.hxn.dydxn
  • %ALLUSERSPROFILE%\microsoft help\nslist.hxl.dydxn
Изменяет множество файлов.
Изменяет расширения файлов пользовательских данных (Trojan.Encoder).
Другое
Создает и запускает на исполнение
  • '<SYSTEM32>\cmd.exe' /c vssadmin.exe delete shadows /all /quiet' (со скрытым окном)
  • '<SYSTEM32>\cmd.exe' /c wmic SHADOWCOPY DELETE' (со скрытым окном)
  • '<SYSTEM32>\cmd.exe' /c bcdedit / set{ default } recoveryenabled No' (со скрытым окном)
  • '<SYSTEM32>\cmd.exe' /c bcdedit / set{ default } bootstatuspolicy ignoreallfailures' (со скрытым окном)
Запускает на исполнение
  • '<SYSTEM32>\cmd.exe' /c vssadmin.exe delete shadows /all /quiet
  • '<SYSTEM32>\cmd.exe' /c wmic SHADOWCOPY DELETE
  • '<SYSTEM32>\cmd.exe' /c bcdedit / set{ default } recoveryenabled No
  • '<SYSTEM32>\cmd.exe' /c bcdedit / set{ default } bootstatuspolicy ignoreallfailures
  • '<SYSTEM32>\bcdedit.exe' / set{ default } bootstatuspolicy ignoreallfailures

Рекомендации по лечению

  1. В случае если операционная система способна загрузиться (в штатном режиме или режиме защиты от сбоев), скачайте лечащую утилиту Dr.Web CureIt! и выполните с ее помощью полную проверку вашего компьютера, а также используемых вами переносных носителей информации.
  2. Если загрузка операционной системы невозможна, измените настройки BIOS вашего компьютера, чтобы обеспечить возможность загрузки ПК с компакт-диска или USB-накопителя. Скачайте образ аварийного диска восстановления системы Dr.Web® LiveDisk или утилиту записи Dr.Web® LiveDisk на USB-накопитель, подготовьте соответствующий носитель. Загрузив компьютер с использованием данного носителя, выполните его полную проверку и лечение обнаруженных угроз.
Скачать Dr.Web

По серийному номеру

Выполните полную проверку системы с использованием Антивируса Dr.Web Light для macOS. Данный продукт можно загрузить с официального сайта Apple App Store.

На загруженной ОС выполните полную проверку всех дисковых разделов с использованием продукта Антивирус Dr.Web для Linux.

Скачать Dr.Web

По серийному номеру

  1. Если мобильное устройство функционирует в штатном режиме, загрузите и установите на него бесплатный антивирусный продукт Dr.Web для Android Light. Выполните полную проверку системы и используйте рекомендации по нейтрализации обнаруженных угроз.
  2. Если мобильное устройство заблокировано троянцем-вымогателем семейства Android.Locker (на экране отображается обвинение в нарушении закона, требование выплаты определенной денежной суммы или иное сообщение, мешающее нормальной работе с устройством), выполните следующие действия:
    • загрузите свой смартфон или планшет в безопасном режиме (в зависимости от версии операционной системы и особенностей конкретного мобильного устройства эта процедура может быть выполнена различными способами; обратитесь за уточнением к инструкции, поставляемой вместе с приобретенным аппаратом, или напрямую к его производителю);
    • после активации безопасного режима установите на зараженное устройство бесплатный антивирусный продукт Dr.Web для Android Light и произведите полную проверку системы, выполнив рекомендации по нейтрализации обнаруженных угроз;
    • выключите устройство и включите его в обычном режиме.

Подробнее о Dr.Web для Android

Демо бесплатно на 14 дней

Выдаётся при установке