ПОЛЬЗОВАТЕЛЯМ

Закрыть

Поиск

Поиск

Поддержка
Круглосуточная поддержка

Напишите

Запрос через форму

Позвоните

Бесплатно по России:
8-800-333-79-32

ЧаВо | Форум

Напишите

Задать вопрос в поддержку

Ваши запросы

  • Все: -
  • Незакрытые: -
  • Последний: -

Позвоните

Бесплатно по России:
8-800-333-79-32

Свяжитесь с нами Незакрытые запросы: 

Профиль

Профиль

BY

RU CN DE EN ES FR IT JP KZ UZ PL BY
Закрыть
Сервисы
Сканеры
Dr.Web vxCube
Демо
Экспертиза ВКИ
Вирусная библиотека
База знаний

Технологии

Термины

Обучение и просвещение

Мифы

Новости

Trojan.Siggen9.61022

Добавлен в вирусную базу Dr.Web: 2020-07-25

Описание добавлено:

Technical Information

To ensure autorun and distribution
Modifies the following registry keys
  • [<HKLM>\SYSTEM\CurrentControlSet\Control\Print\Monitors\Bullzip PDF Print Monitor] 'Driver' = '%CommonProgramFiles%\Bullzip\PDF Printer\Ports\BULLZIP\bzpdf.dll'
Malicious functions
Executes the following
  • '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="TabTabEnter" dir=in action=allow enable=yes protocol=tcp program="<Current directory>\TabTabEnter.exe"
  • '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="TabTabEnter" dir=in action=allow enable=yes protocol=udp program="<Current directory>\TabTabEnter.exe"
  • '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="TabTabEnter" dir=out action=allow enable=yes protocol=tcp program="<Current directory>\TabTabEnter.exe"
  • '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="TabTabEnter" dir=out action=allow enable=yes protocol=udp program="<Current directory>\TabTabEnter.exe"
  • '<SYSTEM32>\net.exe' STOP SPOOLER /Y
Modifies file system
Creates the following files
  • <Current directory>\config.ini
  • %ProgramFiles%\bullzip\pdf printer\language\is-sd8ta.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-lul5n.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-62152.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-0eec2.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-l8f26.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-nhjh6.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-qah0o.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-mnbp9.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-l39gm.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-j6psi.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-p3157.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-pqoin.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-7gl1f.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-4dg3i.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-54m2s.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-ioc5e.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-vk62d.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-nomt8.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-9fpnf.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-k6pro.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-cvujf.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-72fh8.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-hr902.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-bamtd.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-0ia95.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-nupsj.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-kh3mu.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-49d38.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-ai9no.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-1f7mg.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-8gbqa.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-oav76.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-21pnm.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-2bh1b.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-ghb5u.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-4oap5.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-72ks0.tmp
  • %PROGRAMDATA%\microsoft\windows\start menu\programs\bullzip\pdf printer\bullzip pdf printer options.lnk
  • %PROGRAMDATA%\microsoft\windows\start menu\programs\bullzip\pdf printer\home page.lnk
  • %PROGRAMDATA%\microsoft\windows\start menu\programs\bullzip\pdf printer\documentation.lnk
  • %PROGRAMDATA%\microsoft\windows\start menu\programs\bullzip\pdf printer\debug\installation log.lnk
  • %ProgramFiles%\bullzip\pdf printer\website.url
  • %ProgramFiles%\bullzip\pdf printer\language\is-v2siu.tmp
  • %ProgramFiles%\bullzip\pdf printer\doc.url
  • %ProgramFiles%\bullzip\pdf printer\prodinfo.url
  • %ProgramFiles%\bullzip\pdf printer\distiller.ini
  • %ProgramFiles%\bullzip\pdf printer\unins000.dat
  • %CommonProgramFiles%\bullzip\pdf printer\api\microsoft.net\framework\v4.0\bullzip.pdfwriter.tlb
  • %CommonProgramFiles%\bullzip\system\framework\v4.0\bullzip.pdfwriter.lib.tlb
  • %ProgramFiles%\bullzip\pdf printer\language\is-d1rv1.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-q5pft.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-e69af.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-6m95b.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-kki25.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-ogh9e.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-jq5h2.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-jab7f.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-oji8q.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-9ki5m.tmp
  • %CommonProgramFiles%\bullzip\system\framework\v4.0\bullzip.pdfwriter.upload.tlb
  • %ProgramFiles%\bullzip\pdf printer\language\is-jj5il.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-ka61t.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-unje7.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-ua76v.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-lo6av.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-j2n87.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-0vu8o.tmp
  • %ProgramFiles%\bullzip\pdf printer\language\is-h878d.tmp
  • %PROGRAMDATA%\microsoft\windows\start menu\programs\bullzip\pdf printer\debug\bug radar.lnk
  • %ProgramFiles%\bullzip\pdf printer\is-dqkng.tmp
  • %WINDIR%\assembly\tmp\mwo3osv1\bullzip.pdfwriter.upload.dll
  • %TEMP%\is-usjc1.tmp\setup_bullzippdfprinter.tmp
  • %TEMP%\setup log 2020-07-24 #001.txt
  • %TEMP%\is-1726j.tmp\_isetup\_setup64.tmp
  • %TEMP%\is-1726j.tmp\isxdl.dll
  • %ProgramFiles%\bullzip\pdf printer\is-lvsoc.tmp
  • %WINDIR%\syswow64\is-vlsng.tmp
  • %WINDIR%\syswow64\is-4rjlm.tmp
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\o2db5zlm\desktop.ini
  • %WINDIR%\syswow64\is-mgmit.tmp
  • %WINDIR%\syswow64\is-bba77.tmp
  • %WINDIR%\syswow64\is-dgdo2.tmp
  • %WINDIR%\syswow64\is-qte4e.tmp
  • %WINDIR%\syswow64\is-m01rl.tmp
  • %CommonProgramFiles%\bullzip\pdf printer\ports\bullzip\is-km5du.tmp
  • <Current directory>\bullzip\bullzipinstallscript.bat
  • <Current directory>\bullzip\setup_bullzippdfprinter.exe
  • %TEMP%\7zx.bat
  • <Current directory>\bullzip.7z
  • <Current directory>\7za.exe
  • %LOCALAPPDATA%\microsoft\windows\history\low\history.ie5\index.dat
  • %APPDATA%\microsoft\windows\cookies\low\index.dat
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\ei0tlg9f\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\b18ggl5t\desktop.ini
  • %WINDIR%\syswow64\is-ujcig.tmp
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\fw9qgh5v\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\index.dat
  • %LOCALAPPDATA%\microsoft\windows\history\low\history.ie5\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\history\low\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\desktop.ini
  • <Current directory>\log.txt
  • %ProgramFiles%\bullzip\pdf printer\is-5o40m.tmp
  • %ProgramFiles%\bullzip\pdf printer\is-924ij.tmp
  • %ProgramFiles%\bullzip\pdf printer\is-vhlhb.tmp
  • %CommonProgramFiles%\bullzip\pdf printer\api\com\is-kvp5e.tmp
  • %ProgramFiles%\bullzip\pdf printer\is-ttog8.tmp
  • %CommonProgramFiles%\bullzip\system\framework\v2.0\is-qvbvc.tmp
  • %WINDIR%\assembly\tmp\b3dhbrhv\bullzip.pdfwriter.lib.dll
  • %CommonProgramFiles%\bullzip\system\framework\v4.0\is-67vcc.tmp
  • %WINDIR%\assembly\tmp\qf9d1gmo\bullzip.pdfwriter.lib.dll
  • %CommonProgramFiles%\bullzip\system\framework\v2.0\is-7v2jk.tmp
  • %CommonProgramFiles%\bullzip\system\framework\v4.0\is-bt5n3.tmp
  • %ProgramFiles%\bullzip\pdf printer\debug\is-68fa8.tmp
  • %WINDIR%\assembly\tmp\ksmtu1z5\bullzip.pdfwriter.upload.dll
  • %CommonProgramFiles%\bullzip\system\framework\v2.0\is-efs4k.tmp
  • %WINDIR%\assembly\tmp\7sgajm72\bullzip.pdfwriter.internalext.dll
  • %CommonProgramFiles%\bullzip\system\framework\v4.0\is-cumli.tmp
  • %WINDIR%\assembly\tmp\52njyhcf\bullzip.pdfwriter.internalext.dll
  • %CommonProgramFiles%\bullzip\system\framework\v4.0\is-8kncf.tmp
  • %WINDIR%\assembly\tmp\9b4jliw9\bullzip.pdfwriter.dll
  • %ProgramFiles%\bullzip\pdf printer\is-q8i1n.tmp
  • %CommonProgramFiles%\bullzip\pdf printer\api\microsoft.net\framework\v4.0\is-rf1q2.tmp
  • %ProgramFiles%\bullzip\pdf printer\res\ico\16x16x32bpp\is-p0u2j.tmp
  • %ProgramFiles%\bullzip\pdf printer\api\com\is-6atd4.tmp
  • %ProgramFiles%\bullzip\pdf printer\api\exe\is-54l3s.tmp
  • <SYSTEM32>\spool\drivers\w32x86\0\is-u806o.tmp
  • <SYSTEM32>\spool\drivers\w32x86\3\is-gv6be.tmp
  • <SYSTEM32>\spool\drivers\x64\3\is-1hmi5.tmp
  • %ProgramFiles%\bullzip\pdf printer\macros\examples\is-7u701.tmp
  • %WINDIR%\assembly\tmp\q7c4j51z\bullzip.pdfwriter.xpsinternal.dll
  • %CommonProgramFiles%\bullzip\pdf printer\api\microsoft.net\framework\v2.0\is-2iccm.tmp
  • %ProgramFiles%\bullzip\pdf printer\is-ib0oh.tmp
  • %ProgramFiles%\bullzip\pdf printer\is-u88ir.tmp
  • %ProgramFiles%\bullzip\pdf printer\is-5vevl.tmp
  • %WINDIR%\syswow64\is-5tje0.tmp
  • %WINDIR%\syswow64\is-qt7sv.tmp
  • %ProgramFiles%\bullzip\pdf printer\icc\is-7ndc2.tmp
  • %WINDIR%\assembly\tmp\jyxc5ti6\bullzip.pdfwriter.dll
  • %CommonProgramFiles%\bullzip\system\framework\v4.0\bullzip.pdfwriter.internalext.tlb
Sets the 'hidden' attribute to the following files
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\fw9qgh5v\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\o2db5zlm\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\b18ggl5t\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\ei0tlg9f\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\history\low\history.ie5\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\history\low\desktop.ini
Deletes the following files
  • %TEMP%\7zx.bat
  • <Current directory>\bullzip.7z
Moves the following files
  • from %ProgramFiles%\bullzip\pdf printer\is-lvsoc.tmp to %ProgramFiles%\bullzip\pdf printer\unins000.exe
  • from %ProgramFiles%\bullzip\pdf printer\language\is-7gl1f.tmp to %ProgramFiles%\bullzip\pdf printer\language\kor.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-pqoin.tmp to %ProgramFiles%\bullzip\pdf printer\language\kdi.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-p3157.tmp to %ProgramFiles%\bullzip\pdf printer\language\jpn.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-j6psi.tmp to %ProgramFiles%\bullzip\pdf printer\language\ita.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-l39gm.tmp to %ProgramFiles%\bullzip\pdf printer\language\ind.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-qah0o.tmp to %ProgramFiles%\bullzip\pdf printer\language\hun.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-bamtd.tmp to %ProgramFiles%\bullzip\pdf printer\language\hrv.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-nhjh6.tmp to %ProgramFiles%\bullzip\pdf printer\language\hin.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-l8f26.tmp to %ProgramFiles%\bullzip\pdf printer\language\heb.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-hr902.tmp to %ProgramFiles%\bullzip\pdf printer\language\dan.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-0eec2.tmp to %ProgramFiles%\bullzip\pdf printer\language\glc.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-lul5n.tmp to %ProgramFiles%\bullzip\pdf printer\language\fin.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-sd8ta.tmp to %ProgramFiles%\bullzip\pdf printer\language\far.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-54m2s.tmp to %ProgramFiles%\bullzip\pdf printer\language\eti.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-ioc5e.tmp to %ProgramFiles%\bullzip\pdf printer\language\esn.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-vk62d.tmp to %ProgramFiles%\bullzip\pdf printer\language\epo.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-nomt8.tmp to %ProgramFiles%\bullzip\pdf printer\language\enu.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-9fpnf.tmp to %ProgramFiles%\bullzip\pdf printer\language\eng.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-k6pro.tmp to %ProgramFiles%\bullzip\pdf printer\language\ena.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-cvujf.tmp to %ProgramFiles%\bullzip\pdf printer\language\ell.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-62152.tmp to %ProgramFiles%\bullzip\pdf printer\language\fra.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-72fh8.tmp to %ProgramFiles%\bullzip\pdf printer\language\deu.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-4dg3i.tmp to %ProgramFiles%\bullzip\pdf printer\language\lth.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-q5pft.tmp to %ProgramFiles%\bullzip\pdf printer\language\rus.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-d1rv1.tmp to %ProgramFiles%\bullzip\pdf printer\language\urd.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-e69af.tmp to %ProgramFiles%\bullzip\pdf printer\language\ukr.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-h878d.tmp to %ProgramFiles%\bullzip\pdf printer\language\trk.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-jj5il.tmp to %ProgramFiles%\bullzip\pdf printer\language\tha.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-0vu8o.tmp to %ProgramFiles%\bullzip\pdf printer\language\tam.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-j2n87.tmp to %ProgramFiles%\bullzip\pdf printer\language\sve.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-lo6av.tmp to %ProgramFiles%\bullzip\pdf printer\language\sro.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-ua76v.tmp to %ProgramFiles%\bullzip\pdf printer\language\srl.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-unje7.tmp to %ProgramFiles%\bullzip\pdf printer\language\slv.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-21pnm.tmp to %ProgramFiles%\bullzip\pdf printer\language\mlt.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-oav76.tmp to %ProgramFiles%\bullzip\pdf printer\language\lvi.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-6m95b.tmp to %ProgramFiles%\bullzip\pdf printer\language\rom.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-9ki5m.tmp to %ProgramFiles%\bullzip\pdf printer\language\ptg.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-oji8q.tmp to %ProgramFiles%\bullzip\pdf printer\language\ptb.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-jab7f.tmp to %ProgramFiles%\bullzip\pdf printer\language\plk.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-jq5h2.tmp to %ProgramFiles%\bullzip\pdf printer\language\nor.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-ogh9e.tmp to %ProgramFiles%\bullzip\pdf printer\language\non.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-kki25.tmp to %ProgramFiles%\bullzip\pdf printer\language\nld.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-ghb5u.tmp to %ProgramFiles%\bullzip\pdf printer\language\nlb.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-2bh1b.tmp to %ProgramFiles%\bullzip\pdf printer\language\msl.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-ka61t.tmp to %ProgramFiles%\bullzip\pdf printer\language\sky.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-mnbp9.tmp to %ProgramFiles%\bullzip\pdf printer\language\csy.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-0ia95.tmp to %ProgramFiles%\bullzip\pdf printer\language\cht.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-nupsj.tmp to %ProgramFiles%\bullzip\pdf printer\language\chs.txt
  • from %ProgramFiles%\bullzip\pdf printer\macros\examples\is-7u701.tmp to %ProgramFiles%\bullzip\pdf printer\macros\examples\base.vbs
  • from <SYSTEM32>\spool\drivers\x64\3\is-1hmi5.tmp to <SYSTEM32>\spool\drivers\x64\3\bullzip.ppd
  • from <SYSTEM32>\spool\drivers\w32x86\3\is-gv6be.tmp to <SYSTEM32>\spool\drivers\w32x86\3\bullzip.ppd
  • from <SYSTEM32>\spool\drivers\w32x86\0\is-u806o.tmp to <SYSTEM32>\spool\drivers\w32x86\0\bullzip.ppd
  • from %ProgramFiles%\bullzip\pdf printer\api\exe\is-54l3s.tmp to %ProgramFiles%\bullzip\pdf printer\api\exe\config.exe
  • from %ProgramFiles%\bullzip\pdf printer\api\com\is-6atd4.tmp to %ProgramFiles%\bullzip\pdf printer\api\com\pdf printer api.chm
  • from %CommonProgramFiles%\bullzip\pdf printer\api\com\is-kvp5e.tmp to %CommonProgramFiles%\bullzip\pdf printer\api\com\bzpdfc.dll
  • from %ProgramFiles%\bullzip\pdf printer\is-vhlhb.tmp to %ProgramFiles%\bullzip\pdf printer\program.ico
  • from %ProgramFiles%\bullzip\pdf printer\is-q8i1n.tmp to %ProgramFiles%\bullzip\pdf printer\pdfcmd.exe
  • from %ProgramFiles%\bullzip\pdf printer\is-924ij.tmp to %ProgramFiles%\bullzip\pdf printer\gui.exe.manifest
  • from %CommonProgramFiles%\bullzip\pdf printer\ports\bullzip\is-km5du.tmp to %CommonProgramFiles%\bullzip\pdf printer\ports\bullzip\bzpdf.dll
  • from %WINDIR%\syswow64\is-m01rl.tmp to %WINDIR%\syswow64\tabstripctlu.ocx
  • from %WINDIR%\syswow64\is-qte4e.tmp to %WINDIR%\syswow64\lblctlsu.ocx
  • from %WINDIR%\syswow64\is-dgdo2.tmp to %WINDIR%\syswow64\exlvwu.ocx
  • from %WINDIR%\syswow64\is-bba77.tmp to %WINDIR%\syswow64\editctlsu.ocx
  • from %WINDIR%\syswow64\is-mgmit.tmp to %WINDIR%\syswow64\cblctlsu.ocx
  • from %WINDIR%\syswow64\is-4rjlm.tmp to %WINDIR%\syswow64\btnctlsu.ocx
  • from %WINDIR%\syswow64\is-ujcig.tmp to %WINDIR%\syswow64\mscomctl.ocx
  • from %WINDIR%\syswow64\is-vlsng.tmp to %WINDIR%\syswow64\comdlg32.ocx
  • from %ProgramFiles%\bullzip\pdf printer\is-5o40m.tmp to %ProgramFiles%\bullzip\pdf printer\gui.exe
  • from %ProgramFiles%\bullzip\pdf printer\is-ib0oh.tmp to %ProgramFiles%\bullzip\pdf printer\documentcollector.exe
  • from %ProgramFiles%\bullzip\pdf printer\res\ico\16x16x32bpp\is-p0u2j.tmp to %ProgramFiles%\bullzip\pdf printer\res\ico\16x16x32bpp\printer16x16.ico
  • from %ProgramFiles%\bullzip\pdf printer\is-u88ir.tmp to %ProgramFiles%\bullzip\pdf printer\notify.exe
  • from %ProgramFiles%\bullzip\pdf printer\language\is-kh3mu.tmp to %ProgramFiles%\bullzip\pdf printer\language\cat.txt
  • from %CommonProgramFiles%\bullzip\system\framework\v2.0\is-efs4k.tmp to %CommonProgramFiles%\bullzip\system\framework\v2.0\bullzip.pdfwriter.internalext.dll
  • from %ProgramFiles%\bullzip\pdf printer\language\is-49d38.tmp to %ProgramFiles%\bullzip\pdf printer\language\bsb.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-ai9no.tmp to %ProgramFiles%\bullzip\pdf printer\language\bgr.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-1f7mg.tmp to %ProgramFiles%\bullzip\pdf printer\language\bel.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-8gbqa.tmp to %ProgramFiles%\bullzip\pdf printer\language\ara.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-v2siu.tmp to %ProgramFiles%\bullzip\pdf printer\language\afk.txt
  • from %ProgramFiles%\bullzip\pdf printer\is-dqkng.tmp to %ProgramFiles%\bullzip\pdf printer\labels.txt
  • from %ProgramFiles%\bullzip\pdf printer\debug\is-68fa8.tmp to %ProgramFiles%\bullzip\pdf printer\debug\bugradar.exe
  • from %CommonProgramFiles%\bullzip\system\framework\v4.0\is-8kncf.tmp to %CommonProgramFiles%\bullzip\system\framework\v4.0\bullzip.pdfwriter.xpsinternal.dll
  • from %CommonProgramFiles%\bullzip\system\framework\v4.0\is-cumli.tmp to %CommonProgramFiles%\bullzip\system\framework\v4.0\bullzip.pdfwriter.internalext.dll
  • from %CommonProgramFiles%\bullzip\system\framework\v4.0\is-bt5n3.tmp to %CommonProgramFiles%\bullzip\system\framework\v4.0\bullzip.pdfwriter.upload.dll
  • from %ProgramFiles%\bullzip\pdf printer\is-5vevl.tmp to %ProgramFiles%\bullzip\pdf printer\port.exe
  • from %CommonProgramFiles%\bullzip\system\framework\v2.0\is-7v2jk.tmp to %CommonProgramFiles%\bullzip\system\framework\v2.0\bullzip.pdfwriter.upload.dll
  • from %CommonProgramFiles%\bullzip\system\framework\v4.0\is-67vcc.tmp to %CommonProgramFiles%\bullzip\system\framework\v4.0\bullzip.pdfwriter.lib.dll
  • from %CommonProgramFiles%\bullzip\system\framework\v2.0\is-qvbvc.tmp to %CommonProgramFiles%\bullzip\system\framework\v2.0\bullzip.pdfwriter.lib.dll
  • from %ProgramFiles%\bullzip\pdf printer\is-ttog8.tmp to %ProgramFiles%\bullzip\pdf printer\bullzip.pdfwriter.chm
  • from %CommonProgramFiles%\bullzip\pdf printer\api\microsoft.net\framework\v4.0\is-rf1q2.tmp to %CommonProgramFiles%\bullzip\pdf printer\api\microsoft.net\framework\v4.0\bullzip.pdfwriter.dll
  • from %CommonProgramFiles%\bullzip\pdf printer\api\microsoft.net\framework\v2.0\is-2iccm.tmp to %CommonProgramFiles%\bullzip\pdf printer\api\microsoft.net\framework\v2.0\bullzip.pdfwriter.dll
  • from %ProgramFiles%\bullzip\pdf printer\icc\is-7ndc2.tmp to %ProgramFiles%\bullzip\pdf printer\icc\srgb_iec61966-2-1_no_black_scaling.icc
  • from %WINDIR%\syswow64\is-qt7sv.tmp to %WINDIR%\syswow64\bzdct.dll
  • from %WINDIR%\syswow64\is-5tje0.tmp to %WINDIR%\syswow64\bzflrdr.dll
  • from %ProgramFiles%\bullzip\pdf printer\language\is-4oap5.tmp to %ProgramFiles%\bullzip\pdf printer\language\vit.txt
  • from %ProgramFiles%\bullzip\pdf printer\language\is-72ks0.tmp to %ProgramFiles%\bullzip\pdf printer\language\index.ini
Network activity
TCP
HTTP GET requests
  • http://fa###rsoft.ro/tabtabenter/tabtabenter.php
  • http://fa###rsoft.ro/tabtabenter/7za.exe
  • http://fa###rsoft.ro/tabtabenter/BULLZIP.7z
UDP
  • DNS ASK fa###rsoft.ro
Miscellaneous
Creates and executes the following
  • '<Current directory>\7za.exe' -y x <Current directory>\BULLZIP.7z -o<Current directory>\BULLZIP\
  • '<Current directory>\bullzip\setup_bullzippdfprinter.exe' /sp /silent /norestart /nocancel
  • '%TEMP%\is-usjc1.tmp\setup_bullzippdfprinter.tmp' /SL5="$D002A,16909817,143360,<Current directory>\BULLZIP\Setup_BullzipPDFPrinter.exe" /sp /silent /norestart /nocancel
  • '%TEMP%\is-1726j.tmp\_isetup\_setup64.tmp' 105 0x264
  • '%WINDIR%\syswow64\netsh.exe' advfirewall firewall delete rule name="TabTabEnter"' (with hidden window)
  • '%WINDIR%\microsoft.net\framework64\v4.0.30319\regasm.exe' /codebase Bullzip.PdfWriter.InternalExt.dll /tlb' (with hidden window)
  • '%WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe' /codebase Bullzip.PdfWriter.InternalExt.dll /tlb' (with hidden window)
  • '%WINDIR%\microsoft.net\framework64\v4.0.30319\regasm.exe' /codebase Bullzip.PdfWriter.Upload.dll /tlb' (with hidden window)
  • '%WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe' /codebase Bullzip.PdfWriter.Upload.dll /tlb' (with hidden window)
  • '%WINDIR%\microsoft.net\framework64\v4.0.30319\regasm.exe' /codebase Bullzip.PdfWriter.Lib.dll /tlb' (with hidden window)
  • '%WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe' /codebase Bullzip.PdfWriter.Lib.dll /tlb' (with hidden window)
  • '<SYSTEM32>\net.exe' start spooler' (with hidden window)
  • '<SYSTEM32>\net.exe' STOP SPOOLER /Y' (with hidden window)
  • '%WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe' /codebase Bullzip.PDFWriter.dll /tlb' (with hidden window)
  • '%WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe' /codebase Bullzip.PdfWriter.XpsInternal.dll /tlb' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c <Current directory>\BULLZIP\BullzipInstallScript.bat' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\7zx.bat' (with hidden window)
  • '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="TabTabEnter" dir=out action=allow enable=yes protocol=udp program="<Current directory>\TabTabEnter.exe"' (with hidden window)
  • '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="TabTabEnter" dir=out action=allow enable=yes protocol=tcp program="<Current directory>\TabTabEnter.exe"' (with hidden window)
  • '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="TabTabEnter" dir=in action=allow enable=yes protocol=udp program="<Current directory>\TabTabEnter.exe"' (with hidden window)
  • '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="TabTabEnter" dir=in action=allow enable=yes protocol=tcp program="<Current directory>\TabTabEnter.exe"' (with hidden window)
  • '%WINDIR%\microsoft.net\framework64\v4.0.30319\regasm.exe' /codebase Bullzip.PDFWriter.dll /tlb' (with hidden window)
  • '<SYSTEM32>\regsvr32.exe' /s vbscript.dll' (with hidden window)
Executes the following
  • '%WINDIR%\syswow64\netsh.exe' advfirewall firewall delete rule name="TabTabEnter"
  • '%WINDIR%\syswow64\regsvr32.exe' /s "<SYSTEM32>\bzDCT.dll"
  • '%WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe' /codebase Bullzip.PDFWriter.dll /tlb
  • '%WINDIR%\microsoft.net\framework64\v4.0.30319\regasm.exe' /codebase Bullzip.PDFWriter.dll /tlb
  • '%WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe' /codebase Bullzip.PdfWriter.Lib.dll /tlb
  • '%WINDIR%\microsoft.net\framework64\v4.0.30319\regasm.exe' /codebase Bullzip.PdfWriter.Lib.dll /tlb
  • '%WINDIR%\syswow64\regsvr32.exe' /s "%CommonProgramFiles%\Bullzip\PDF Printer\API\COM\bzpdfc.dll"
  • '%WINDIR%\syswow64\regsvr32.exe' /s "<SYSTEM32>\bzFlRdr.dll"
  • '%WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe' /codebase Bullzip.PdfWriter.Upload.dll /tlb
  • '%WINDIR%\microsoft.net\framework64\v4.0.30319\regasm.exe' /codebase Bullzip.PdfWriter.InternalExt.dll /tlb
  • '%WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe' /codebase Bullzip.PdfWriter.XpsInternal.dll /tlb
  • '<SYSTEM32>\regsvr32.exe' /s vbscript.dll
  • '%WINDIR%\syswow64\regsvr32.exe' /u /s "%WINDIR%\SysWOW64\comdlg32.ocx"
  • '%WINDIR%\syswow64\regsvr32.exe' /s "%WINDIR%\SysWOW64\comdlg32.ocx"
  • '%WINDIR%\microsoft.net\framework64\v4.0.30319\regasm.exe' /codebase Bullzip.PdfWriter.Upload.dll /tlb
  • '%WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe' /codebase Bullzip.PdfWriter.InternalExt.dll /tlb
  • '%WINDIR%\syswow64\regsvr32.exe' /s "<SYSTEM32>\TabStripCtlU.ocx"
  • '%WINDIR%\syswow64\regsvr32.exe' /s "<SYSTEM32>\LblCtlsU.ocx"
  • '%WINDIR%\syswow64\regsvr32.exe' /s "<SYSTEM32>\ExLvwU.ocx"
  • '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\7zx.bat
  • '%WINDIR%\syswow64\cmd.exe' /c <Current directory>\BULLZIP\BullzipInstallScript.bat
  • '<SYSTEM32>\net1.exe' STOP SPOOLER /Y
  • '<SYSTEM32>\net.exe' start spooler
  • '<SYSTEM32>\net1.exe' start spooler
  • '<SYSTEM32>\spoolsv.exe'
  • '%WINDIR%\syswow64\rundll32.exe' "%WINDIR%\syswow64\WININET.dll",DispatchAPICall 1
  • '%WINDIR%\syswow64\regsvr32.exe' /s "<SYSTEM32>\msxml6.dll"
  • '<SYSTEM32>\regsvr32.exe' /s "%WINDIR%\SysWOW64\msscript.ocx"
  • '%WINDIR%\syswow64\regsvr32.exe' /s "<SYSTEM32>\comdlg32.OCX"
  • '%WINDIR%\syswow64\regsvr32.exe' /s "<SYSTEM32>\mscomctl.ocx"
  • '%WINDIR%\syswow64\regsvr32.exe' /s "<SYSTEM32>\BtnCtlsU.ocx"
  • '%WINDIR%\syswow64\regsvr32.exe' /s "<SYSTEM32>\CBLCtlsU.ocx"
  • '%WINDIR%\syswow64\regsvr32.exe' /s "<SYSTEM32>\EditCtlsU.ocx"
  • '<SYSTEM32>\regsvr32.exe' /s "<SYSTEM32>\msxml6.dll"
  • '%WINDIR%\syswow64\regsvr32.exe' /u /s "%WINDIR%\SysWOW64\mscomctl.ocx"
  • '%WINDIR%\syswow64\regsvr32.exe' /s "%WINDIR%\SysWOW64\mscomctl.ocx"

Рекомендации по лечению

  1. В случае если операционная система способна загрузиться (в штатном режиме или режиме защиты от сбоев), скачайте лечащую утилиту Dr.Web CureIt! и выполните с ее помощью полную проверку вашего компьютера, а также используемых вами переносных носителей информации.
  2. Если загрузка операционной системы невозможна, измените настройки BIOS вашего компьютера, чтобы обеспечить возможность загрузки ПК с компакт-диска или USB-накопителя. Скачайте образ аварийного диска восстановления системы Dr.Web® LiveDisk или утилиту записи Dr.Web® LiveDisk на USB-накопитель, подготовьте соответствующий носитель. Загрузив компьютер с использованием данного носителя, выполните его полную проверку и лечение обнаруженных угроз.
Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Выполните полную проверку системы с использованием Антивируса Dr.Web Light для macOS. Данный продукт можно загрузить с официального сайта Apple App Store.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Скачать Dr.Web с Apple Store

На загруженной ОС выполните полную проверку всех дисковых разделов с использованием продукта Антивирус Dr.Web для Linux.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

  1. Если мобильное устройство функционирует в штатном режиме, загрузите и установите на него бесплатный антивирусный продукт Dr.Web для Android Light. Выполните полную проверку системы и используйте рекомендации по нейтрализации обнаруженных угроз.
  2. Если мобильное устройство заблокировано троянцем-вымогателем семейства Android.Locker (на экране отображается обвинение в нарушении закона, требование выплаты определенной денежной суммы или иное сообщение, мешающее нормальной работе с устройством), выполните следующие действия:
    • загрузите свой смартфон или планшет в безопасном режиме (в зависимости от версии операционной системы и особенностей конкретного мобильного устройства эта процедура может быть выполнена различными способами; обратитесь за уточнением к инструкции, поставляемой вместе с приобретенным аппаратом, или напрямую к его производителю);
    • после активации безопасного режима установите на зараженное устройство бесплатный антивирусный продукт Dr.Web для Android Light и произведите полную проверку системы, выполнив рекомендации по нейтрализации обнаруженных угроз;
    • выключите устройство и включите его в обычном режиме.

Подробнее о Dr.Web для Android

Демо бесплатно на 14 дней

Выдаётся при установке

Скачать с сайта
Скачать с Google Play