ПОЛЬЗОВАТЕЛЯМ

Закрыть

Поиск

Поиск

Поддержка
Круглосуточная поддержка

Напишите

Запрос через форму

Позвоните

Бесплатно по России:
8-800-333-79-32

ЧаВо | Форум

Напишите

Задать вопрос в поддержку

Ваши запросы

  • Все: -
  • Незакрытые: -
  • Последний: -

Позвоните

Бесплатно по России:
8-800-333-79-32

Свяжитесь с нами Незакрытые запросы: 

Профиль

Профиль

BY

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Закрыть
Сервисы
Сканеры
Dr.Web vxCube
Демо
Экспертиза ВКИ
Вирусная библиотека
База знаний

Технологии

Термины

Обучение и просвещение

Мифы

Новости

Trojan.Encoder.43563

Добавлен в вирусную базу Dr.Web: 2025-10-31

Описание добавлено:

Technical Information

To ensure autorun and distribution
Creates the following files on removable media
  • <Drive name for removable media>:\how_to_decrypt.txt
  • <Drive name for removable media>:\correct.avi
  • <Drive name for removable media>:\join.avi
  • <Drive name for removable media>:\delete.avi
  • <Drive name for removable media>:\pmd.cer
  • <Drive name for removable media>:\sdksampleunprivdeveloper.cer
  • <Drive name for removable media>:\sdksampleprivdeveloper.cer
  • <Drive name for removable media>:\testee.cer
  • <Drive name for removable media>:\ovp25012015.doc
  • <Drive name for removable media>:\february_catalogue__2015.doc
  • <Drive name for removable media>:\lisp_success.doc
  • <Drive name for removable media>:\file_p_00000000_1371597592.docx
  • <Drive name for removable media>:\aoc_saq_d_v3_merchant.docx
  • <Drive name for removable media>:\issi2013_template_for_posters.docx
  • <Drive name for removable media>:\holycrosschurchinstructions.docx
  • <Drive name for removable media>:\glidescope_review_rev_010.docx
  • <Drive name for removable media>:\sdszfo.docx
  • <Drive name for removable media>:\browse.htm
  • <Drive name for removable media>:\trivial-merge.htm
  • <Drive name for removable media>:\alert.htm
  • <Drive name for removable media>:\tree_view.htm
  • <Drive name for removable media>:\about.htm
  • <Drive name for removable media>:\advice_process.htm
  • <Drive name for removable media>:\64bit_notes.htm
  • <Drive name for removable media>:\browse.html
  • <Drive name for removable media>:\alert.html
  • <Drive name for removable media>:\api-hashmap.html
  • <Drive name for removable media>:\tree_view.html
  • <Drive name for removable media>:\adadsi.html
  • <Drive name for removable media>:\region-north-karelia.jpeg
  • <Drive name for removable media>:\1189.jpeg
  • <Drive name for removable media>:\210252809.jpeg
  • <Drive name for removable media>:\13.jpeg
  • <Drive name for removable media>:\168.jpeg
  • <Drive name for removable media>:\3.jpg
  • <Drive name for removable media>:\1189.jpg
  • <Drive name for removable media>:\spanner.mov
  • <Drive name for removable media>:\etc6_m_1.mov
  • <Drive name for removable media>:\dag2_panel1_320_ref.mov
  • <Drive name for removable media>:\video_1.mp4
  • <Drive name for removable media>:\spib_pima.pdf
  • <Drive name for removable media>:\fil_20060629111052.pdf
  • <Drive name for removable media>:\dualectls.pdf
  • <Drive name for removable media>:\10thingscondoms.pdf
  • <Drive name for removable media>:\2015-02-patients-topic-work-related-asthma-jobs.pdf
  • <Drive name for removable media>:\2015-02-worms-nanoparticle-toxicity.pdf
  • <Drive name for removable media>:\ck_ugo.pem
  • <Drive name for removable media>:\systisoft.pem
  • <Drive name for removable media>:\irgeek.pem
  • <Drive name for removable media>:\cert.pem
  • <Drive name for removable media>:\cleanlyrics.png
  • <Drive name for removable media>:\calibre.png
  • <Drive name for removable media>:\cbz.png
  • <Drive name for removable media>:\dissolveanother.png
  • <Drive name for removable media>:\sacs_presentation_sacs_qep_improving_rt_education_final.ppt
  • <Drive name for removable media>:\ksearch_esa_talk.ppt
  • <Drive name for removable media>:\file1.ppt
  • <Drive name for removable media>:\writingcompletesarnarrative_1103.ppt
  • <Drive name for removable media>:\accountsreceivable.ppt
  • <Drive name for removable media>:\proposaltemplates.ppt
  • <Drive name for removable media>:\roozenedowebinar.pptx
  • <Drive name for removable media>:\samieee_obiee_presentation.pptx
  • <Drive name for removable media>:\stoc13_ml_quoc_le.pptx
  • <Drive name for removable media>:\waterresourcesag.pptx
  • <Drive name for removable media>:\iso27k_isms_implementation_and_certification_process_overview_v2.pptx
  • <Drive name for removable media>:\hypothyroidism_slides.pptx
  • <Drive name for removable media>:\indogerman2010.pptx
  • <Drive name for removable media>:\foaf.rdf
  • <Drive name for removable media>:\contenttypes.rdf
  • <Drive name for removable media>:\swc_2009-03-02.rdf
  • <Drive name for removable media>:\elvisimp.rdf
  • <Drive name for removable media>:\20140114.rdf
  • <Drive name for removable media>:\fungalnameauthors.rtf
  • <Drive name for removable media>:\military_callsigns_0311.rtf
  • <Drive name for removable media>:\static_electricity_easy_and_quick_activities.rtf
  • <Drive name for removable media>:\pandp.rtf
  • <Drive name for removable media>:\pubnet_855.rtf
  • <Drive name for removable media>:\router_manual.rtf
  • <Drive name for removable media>:\myhrvoldhanssenbiharfamine.rtf
  • <Drive name for removable media>:\phytoremediation.rtf
  • <Drive name for removable media>:\babyboymaintoscenesbackground.wmv
  • <Drive name for removable media>:\testwmv.wmv
  • <Drive name for removable media>:\passport_pal.wmv
  • <Drive name for removable media>:\babyboymaintonotesbackground_pal.wmv
  • <Drive name for removable media>:\price030215.xls
  • <Drive name for removable media>:\productos.xls
  • <Drive name for removable media>:\fiche_inscription_2015.xls
  • <Drive name for removable media>:\excel_example.xls
  • <Drive name for removable media>:\subjectclassification.xls
  • <Drive name for removable media>:\1sm_price.xls
  • <Drive name for removable media>:\applicant.xlsx
  • <Drive name for removable media>:\trtf_matrix2012_oct.xlsx
  • <Drive name for removable media>:\suspendedcompanies.xlsx
  • <Drive name for removable media>:\national_autism_preparation_programs.xlsx
  • <Drive name for removable media>:\price.zip
  • <Drive name for removable media>:\productos.zip
  • <Drive name for removable media>:\removedtitles_records.zip
  • <Drive name for removable media>:\excel_example.zip
  • <Drive name for removable media>:\trial-recovery.uz7182f4a135i00x6d96784ri.t4a1xby9r.-encrypted
  • <Drive name for removable media>:\trial-recovery.hwb5d26s76vpz2.bmr.-encrypted
  • <Drive name for removable media>:\trial-recovery.c1915260888809hb3187s226o5lmv78cjlxp.324dtr.-encrypted
  • <Drive name for removable media>:\trial-recovery.6xz483135020sze1s4e41d8800m23at1bn213j44.or.-encrypted
  • <Drive name for removable media>:\trial-recovery.npc9t55.1r.-encrypted
  • <Drive name for removable media>:\trial-recovery.hvsf6432920yr3zz7orlyu0kd9636dr1a87.5r.-encrypted
  • <Drive name for removable media>:\trial-recovery.624e18031rj1fctk494sg9rp090.31lz65uwr.-encrypted
  • <Drive name for removable media>:\trial-recovery.h5s37febwc031cc381ob31t0m156dip0x9m16b8w02.55r.-encrypted
  • <Drive name for removable media>:\trial-recovery.8.63r49j73yr.-encrypted
  • <Drive name for removable media>:\trial-recovery.2f72yyb9yo710agpfj5uh1k7m16e89lucgs97j698i102d.45pqr.-encrypted
  • <Drive name for removable media>:\trial-recovery.2q516r09vs4139546vf877w2xs054yu1684l6t.d5r.-encrypted
  • <Drive name for removable media>:\trial-recovery.k76yur6v8t6jepf621v54ev0t.1kr.-encrypted
  • <Drive name for removable media>:\trial-recovery.6231z9ds3m9tx616e74f916qctwy1.h68ur.-encrypted
  • <Drive name for removable media>:\trial-recovery.89y9q9j3st3d06m1zkt30f75on4d504016q.22s82iv8r.-encrypted
  • <Drive name for removable media>:\trial-recovery.k45u.69p6q043lr.-encrypted
  • <Drive name for removable media>:\098ahb.525qgcr.-encrypted
  • <Drive name for removable media>:\trial-recovery.jsy5mem1htji344vb31a25nbb43v0252tsx0x9w6l.ylrroa9j3r.-encrypted
  • <Drive name for removable media>:\trial-recovery.rpoxdl6ip4yl5ume54a2m.4hy9b6g5r.-encrypted
  • <Drive name for removable media>:\trial-recovery.c0seo5s5rjhx8q1r0tg4m5yf7f01c7.p4ey55r.-encrypted
  • <Drive name for removable media>:\trial-recovery.79hhbm016fmwwud31e44vn6.nr.-encrypted
  • <Drive name for removable media>:\trial-recovery.78.9ehr.-encrypted
  • <Drive name for removable media>:\trial-recovery.r6ks85rydy4.yi5ayr.-encrypted
  • <Drive name for removable media>:\3y2r682gb4psf6eaco7nn6q1u207.fyd10r.-encrypted
  • <Drive name for removable media>:\2wt2mi.iplm0fedr.-encrypted
  • <Drive name for removable media>:\6837b8l7432913yyl2m3szi9dd7.xbu635046cr.-encrypted
  • <Drive name for removable media>:\4np67sb9clne31qh5w939q1078u3sw6p.em7r.-encrypted
  • <Drive name for removable media>:\e4esi3w48j0s606.2z5ir.-encrypted
  • <Drive name for removable media>:\e53hw50hsxe3vg440t05ts851r734f5.zh92cr.-encrypted
  • <Drive name for removable media>:\r67.3378kr.-encrypted
  • <Drive name for removable media>:\01vz7t.381r.-encrypted
  • <Drive name for removable media>:\60x60mbtn7cb7x9pb36.8f867kr.-encrypted
  • <Drive name for removable media>:\ee0l7fsdl9hj22nd1zuzul1yo3p479uk9t8171150l13f1.km6r.-encrypted
  • <Drive name for removable media>:\9727n0lz2u417790309qid79wokj0ve.5ze0970z9r.-encrypted
  • <Drive name for removable media>:\050va267z85ylm7n5uw3j984493myuyh497nc3.2g6j4p7r.-encrypted
  • <Drive name for removable media>:\75y4sxcj6oh7d.a2r.-encrypted
  • <Drive name for removable media>:\a5gc122n4u3adq070on92aqra.v90san8g3r.-encrypted
  • <Drive name for removable media>:\v45ugu72wqlrh3q.8r.-encrypted
  • <Drive name for removable media>:\51982nzks7i3st81vl95496w8l356cz486j0.0l1m2o98zr.-encrypted
  • <Drive name for removable media>:\5nd33rbwi5e4vrmlz.a7r46x15r.-encrypted
  • <Drive name for removable media>:\4y181184u4pzqw9299lfda6uruf8hyxwu2xj7p8lg.6fm72w6xr.-encrypted
  • <Drive name for removable media>:\447ozmhl7xtw.sir.-encrypted
  • <Drive name for removable media>:\u95f5dg5s9l7alnlcd3l0i9033w47e.fr.-encrypted
  • <Drive name for removable media>:\trial-recovery.uc18763457582t15ll9254726yx59st1md847r26br23n9ddn.zb8wk674r.-encrypted
  • <Drive name for removable media>:\trial-recovery.4vf7.5135r.-encrypted
  • <Drive name for removable media>:\trial-recovery.h7a4o692dg7486j210g6dd.30h1i28439r.-encrypted
  • <Drive name for removable media>:\trial-recovery.5j84sf5tk42vj8x1t3so0z4vw8x36k2a.yp48r.-encrypted
  • <Drive name for removable media>:\trial-recovery.45k77iy823a9p5o9o706guz.9f5er.-encrypted
  • <Drive name for removable media>:\trial-recovery.r8.y6u6kr.-encrypted
  • <Drive name for removable media>:\trial-recovery.5vsf4l9hh9.8h0pwikjtxr.-encrypted
  • <Drive name for removable media>:\trial-recovery.ugn86427zt5j5g0865c40ta996.m65xt12f2vr.-encrypted
  • <Drive name for removable media>:\trial-recovery.x7cxt.s64689171qr.-encrypted
  • <Drive name for removable media>:\trial-recovery.1w401k037948.g5wir.-encrypted
  • <Drive name for removable media>:\trial-recovery.1597qsvbl0po590x4o3fx5qztse47eqr21poidcpy7zwqh.v694r.-encrypted
  • <Drive name for removable media>:\trial-recovery.f60e0t3r094os833ae3u6mp15vh585bwd.9wt6r.-encrypted
  • <Drive name for removable media>:\trial-recovery.0s3b9mj711g40a4m8bv7m92y34o8812j0160n18rr8r37j849.7m1r.-encrypted
  • <Drive name for removable media>:\trial-recovery.88vxtnfwa2y1jsv07v1cgr4m.1w1r.-encrypted
  • <Drive name for removable media>:\trial-recovery.rl.aef941r.-encrypted
  • <Drive name for removable media>:\trial-recovery.aect7lcz8p828s042d735j12s502.52rb610dr.-encrypted
  • <Drive name for removable media>:\trial-recovery.5t9ekgfce29u4zu83896202gau.oann4tur.-encrypted
  • <Drive name for removable media>:\trial-recovery.37j631645rygggqx5b0v39.gl18kxr.-encrypted
  • <Drive name for removable media>:\trial-recovery.g.24r.-encrypted
  • <Drive name for removable media>:\trial-recovery.b1722035ce5840mi1y38kl1as218.38r.-encrypted
  • <Drive name for removable media>:\trial-recovery.2jg153t7j73mkbq9hzqfzg35n43eob611.a75thr.-encrypted
  • <Drive name for removable media>:\trial-recovery.5jrd8g61z37snd98456e06t579i5pl02brnil0c2f.f6sggur.-encrypted
  • <Drive name for removable media>:\trial-recovery.53ym2x5a5v5zj9ixaswcn50r40smp292r99871x2678.c4yj7m81r.-encrypted
  • <Drive name for removable media>:\trial-recovery.2t782qexn1vu9ndztf56wu4801bfbzk396dn79.x0j3gr.-encrypted
  • <Drive name for removable media>:\trial-recovery.6a10uev46n0xan73w2o1ehl9o4m30l48728p7v7mf36b1.flt4otr.-encrypted
  • <Drive name for removable media>:\trial-recovery.39000jjn21nv2o5w16446wm8.rgc319lr.-encrypted
  • <Drive name for removable media>:\trial-recovery.a4v36i4ud3048581ns.213r.-encrypted
  • <Drive name for removable media>:\trial-recovery.afta835205o50v8a4uq94bm90gp21r86.cjn780r.-encrypted
  • <Drive name for removable media>:\trial-recovery.3t5d6f49t1ge06frcqvq.5503rr.-encrypted
  • <Drive name for removable media>:\trial-recovery.7ocfbkoc2z532tyswt7627.5f5960e3r.-encrypted
  • <Drive name for removable media>:\trial-recovery.57g0ww56qcp6g8mas8x0td859.k07bj7a6r.-encrypted
  • <Drive name for removable media>:\trial-recovery.q15c2d4b086mdapy0.8w84r.-encrypted
  • <Drive name for removable media>:\f9n819o72g29666csvm3l0um0gyql53z.1r.-encrypted
  • <Drive name for removable media>:\phb859umeesle4.g15t64r.-encrypted
  • <Drive name for removable media>:\6cap66z06933l4b86qjaqw5nut6013646omrc2xbf.cr.-encrypted
  • <Drive name for removable media>:\8i1n2108m29l7961n69lue3k36323999ydplk350c7.8vl463a71r.-encrypted
  • <Drive name for removable media>:\a3k1257.qr.-encrypted
  • <Drive name for removable media>:\72s4e2m6278o6bq64f21ji66g40.qr.-encrypted
  • <Drive name for removable media>:\trial-recovery.10k4k264q1cy3g1r1.3s2675tur.-encrypted
  • <Drive name for removable media>:\trial-recovery.330gx3u1uzyk16o.q0y336r.-encrypted
  • <Drive name for removable media>:\trial-recovery.b07oc83j.ygr.-encrypted
  • <Drive name for removable media>:\trial-recovery.138c2m3g0dd5d9050133q6qfvlo4j07ja1p.299cr.-encrypted
  • <Drive name for removable media>:\trial-recovery.cz0hqy3swyjq879fv826znto6136e641b8.79d8cb9r.-encrypted
  • <Drive name for removable media>:\trial-recovery.42f.39k4n34r.-encrypted
  • <Drive name for removable media>:\trial-recovery.7l7h2vdnbv1rao27a4k9tt7zsd77z.frr.-encrypted
  • <Drive name for removable media>:\trial-recovery.835q7svw2558qlu.6r.-encrypted
  • <Drive name for removable media>:\trial-recovery.jp087eiry73757h030025i87of7oj4hiqb22czrp6zh29.877tdr.-encrypted
  • <Drive name for removable media>:\trial-recovery.n3sv2bnh8igpc7xi.7yh48l5yr.-encrypted
  • <Drive name for removable media>:\trial-recovery.x3n95s542i89u2nc83sc6h6mvrtvzg.m8kar.-encrypted
  • <Drive name for removable media>:\trial-recovery.9qgedit0lp3r3e11li48fn3g21t.4jg4znr.-encrypted
  • <Drive name for removable media>:\h19lg6734373m0l541g236y0p55k29ztrjvhgcgou00x4.hr.-encrypted
  • <Drive name for removable media>:\53b247x48ka6552vno097zobd992wk065qwawq85860pn83n.2r.-encrypted
  • <Drive name for removable media>:\74w9czzr42mq7.6r.-encrypted
  • <Drive name for removable media>:\hz55o0e2ll2940pid7ikzqitpsdb4h8t55b5x5skv4.i7g7008sar.-encrypted
  • <Drive name for removable media>:\3q9s4uegf498gpq5x0498736gbj4748bnb96j002f4cbz8ij2.49dr.-encrypted
Malicious functions
To complicate detection of its presence in the operating system,
blocks the following features:
  • System Restore (SR)
deletes volume shadow copies.
Modifies file system
Creates the following files
  • D:\how_to_decrypt.txt
  • D:\$recycle.bin\how_to_decrypt.txt
  • D:\$recycle.bin\s-1-5-21-4226853953-3309226944-3078887307-1000\how_to_decrypt.txt
Modifies the following files
  • D:\$recycle.bin\s-1-5-21-4226853953-3309226944-3078887307-1000\desktop.ini
  • <Drive name for removable media>:\correct.avi
  • <Drive name for removable media>:\join.avi
  • <Drive name for removable media>:\delete.avi
  • <Drive name for removable media>:\pmd.cer
  • <Drive name for removable media>:\sdksampleunprivdeveloper.cer
  • <Drive name for removable media>:\sdksampleprivdeveloper.cer
  • <Drive name for removable media>:\testee.cer
  • <Drive name for removable media>:\ovp25012015.doc
  • <Drive name for removable media>:\february_catalogue__2015.doc
  • <Drive name for removable media>:\lisp_success.doc
  • <Drive name for removable media>:\file_p_00000000_1371597592.docx
  • <Drive name for removable media>:\aoc_saq_d_v3_merchant.docx
  • <Drive name for removable media>:\issi2013_template_for_posters.docx
  • <Drive name for removable media>:\holycrosschurchinstructions.docx
  • <Drive name for removable media>:\glidescope_review_rev_010.docx
  • <Drive name for removable media>:\sdszfo.docx
  • D:\$recycle.bin\s-1-5-21-4226853953-3309226944-3078887307-1000\5jp0231ahhn47n3l86s44ipx.k9kxum4d13r.-encrypted
  • <Drive name for removable media>:\trial-recovery.uz7182f4a135i00x6d96784ri.t4a1xby9r.-encrypted
  • <Drive name for removable media>:\trial-recovery.hwb5d26s76vpz2.bmr.-encrypted
  • <Drive name for removable media>:\trial-recovery.c1915260888809hb3187s226o5lmv78cjlxp.324dtr.-encrypted
  • <Drive name for removable media>:\trial-recovery.6xz483135020sze1s4e41d8800m23at1bn213j44.or.-encrypted
  • <Drive name for removable media>:\trial-recovery.npc9t55.1r.-encrypted
  • <Drive name for removable media>:\trial-recovery.hvsf6432920yr3zz7orlyu0kd9636dr1a87.5r.-encrypted
  • <Drive name for removable media>:\trial-recovery.624e18031rj1fctk494sg9rp090.31lz65uwr.-encrypted
  • <Drive name for removable media>:\trial-recovery.h5s37febwc031cc381ob31t0m156dip0x9m16b8w02.55r.-encrypted
  • <Drive name for removable media>:\trial-recovery.8.63r49j73yr.-encrypted
  • <Drive name for removable media>:\trial-recovery.2f72yyb9yo710agpfj5uh1k7m16e89lucgs97j698i102d.45pqr.-encrypted
  • <Drive name for removable media>:\trial-recovery.2q516r09vs4139546vf877w2xs054yu1684l6t.d5r.-encrypted
Modifies multiple files.
Modifies user data files (Trojan.Encoder).
Network activity
UDP
  • DNS ASK fi#####.###tings.services.mozilla.com
  • DNS ASK 1.##.#.10.in-addr.arpa
  • DNS ASK 0.##.#.10.in-addr.arpa
  • DNS ASK 2.##.#.10.in-addr.arpa
  • DNS ASK 3.##.#.10.in-addr.arpa
  • DNS ASK 4.##.#.10.in-addr.arpa
  • DNS ASK 5.##.#.10.in-addr.arpa
  • DNS ASK 6.##.#.10.in-addr.arpa
  • DNS ASK 7.##.#.10.in-addr.arpa
  • DNS ASK 9.##.#.10.in-addr.arpa
  • DNS ASK 10.##.#.10.in-addr.arpa
  • DNS ASK 11.##.#.10.in-addr.arpa
  • DNS ASK 12.##.#.10.in-addr.arpa
  • DNS ASK 13.##.#.10.in-addr.arpa
  • DNS ASK 14.##.#.10.in-addr.arpa
  • DNS ASK 15.##.#.10.in-addr.arpa
  • DNS ASK 16.##.#.10.in-addr.arpa
  • DNS ASK 17.##.#.10.in-addr.arpa
  • DNS ASK 18.##.#.10.in-addr.arpa
  • DNS ASK 19.##.#.10.in-addr.arpa
  • DNS ASK 20.##.#.10.in-addr.arpa
  • DNS ASK 21.##.#.10.in-addr.arpa
  • DNS ASK 22.##.#.10.in-addr.arpa
  • DNS ASK 23.##.#.10.in-addr.arpa
  • DNS ASK 24.##.#.10.in-addr.arpa
  • DNS ASK 25.##.#.10.in-addr.arpa
  • DNS ASK 26.##.#.10.in-addr.arpa
  • DNS ASK 27.##.#.10.in-addr.arpa
  • DNS ASK 28.##.#.10.in-addr.arpa
  • DNS ASK 29.##.#.10.in-addr.arpa
  • DNS ASK 30.##.#.10.in-addr.arpa
  • DNS ASK 31.##.#.10.in-addr.arpa
  • DNS ASK 32.##.#.10.in-addr.arpa
  • DNS ASK 33.##.#.10.in-addr.arpa
  • DNS ASK 34.##.#.10.in-addr.arpa
  • DNS ASK 35.##.#.10.in-addr.arpa
  • DNS ASK 36.##.#.10.in-addr.arpa
  • DNS ASK 37.##.#.10.in-addr.arpa
  • DNS ASK 38.##.#.10.in-addr.arpa
  • DNS ASK 39.##.#.10.in-addr.arpa
  • DNS ASK 40.##.#.10.in-addr.arpa
  • DNS ASK 41.##.#.10.in-addr.arpa
  • DNS ASK 42.##.#.10.in-addr.arpa
  • DNS ASK 43.##.#.10.in-addr.arpa
  • DNS ASK 44.##.#.10.in-addr.arpa
  • DNS ASK 45.##.#.10.in-addr.arpa
  • DNS ASK 46.##.#.10.in-addr.arpa
  • DNS ASK 47.##.#.10.in-addr.arpa
  • DNS ASK 48.##.#.10.in-addr.arpa
  • DNS ASK 49.##.#.10.in-addr.arpa
  • DNS ASK 50.##.#.10.in-addr.arpa
  • DNS ASK 51.##.#.10.in-addr.arpa
  • DNS ASK 52.##.#.10.in-addr.arpa
  • DNS ASK 53.##.#.10.in-addr.arpa
  • DNS ASK 54.##.#.10.in-addr.arpa
  • DNS ASK 55.##.#.10.in-addr.arpa
  • DNS ASK 56.##.#.10.in-addr.arpa
  • DNS ASK 57.##.#.10.in-addr.arpa
  • DNS ASK 58.##.#.10.in-addr.arpa
  • DNS ASK 59.##.#.10.in-addr.arpa
  • DNS ASK 60.##.#.10.in-addr.arpa
  • DNS ASK 61.##.#.10.in-addr.arpa
  • DNS ASK 62.##.#.10.in-addr.arpa
  • DNS ASK 63.##.#.10.in-addr.arpa
  • DNS ASK 64.##.#.10.in-addr.arpa
  • DNS ASK 65.##.#.10.in-addr.arpa
  • DNS ASK 66.##.#.10.in-addr.arpa
  • DNS ASK 67.##.#.10.in-addr.arpa
  • DNS ASK 68.##.#.10.in-addr.arpa
  • DNS ASK 69.##.#.10.in-addr.arpa
  • DNS ASK 70.##.#.10.in-addr.arpa
  • DNS ASK 71.##.#.10.in-addr.arpa
  • DNS ASK 72.##.#.10.in-addr.arpa
  • DNS ASK 73.##.#.10.in-addr.arpa
  • DNS ASK 74.##.#.10.in-addr.arpa
  • DNS ASK 75.##.#.10.in-addr.arpa
  • DNS ASK 76.##.#.10.in-addr.arpa
  • DNS ASK 77.##.#.10.in-addr.arpa
  • DNS ASK 78.##.#.10.in-addr.arpa
  • DNS ASK 79.##.#.10.in-addr.arpa
  • DNS ASK 80.##.#.10.in-addr.arpa
  • DNS ASK 81.##.#.10.in-addr.arpa
  • DNS ASK 82.##.#.10.in-addr.arpa
  • DNS ASK 83.##.#.10.in-addr.arpa
  • DNS ASK 84.##.#.10.in-addr.arpa
  • DNS ASK 85.##.#.10.in-addr.arpa
  • DNS ASK 86.##.#.10.in-addr.arpa
  • DNS ASK 87.##.#.10.in-addr.arpa
  • DNS ASK 88.##.#.10.in-addr.arpa
  • DNS ASK 89.##.#.10.in-addr.arpa
  • DNS ASK 90.##.#.10.in-addr.arpa
  • DNS ASK 91.##.#.10.in-addr.arpa
  • DNS ASK 92.##.#.10.in-addr.arpa
  • DNS ASK 93.##.#.10.in-addr.arpa
  • DNS ASK 94.##.#.10.in-addr.arpa
  • DNS ASK 95.##.#.10.in-addr.arpa
  • DNS ASK 96.##.#.10.in-addr.arpa
  • DNS ASK 97.##.#.10.in-addr.arpa
  • DNS ASK 98.##.#.10.in-addr.arpa
  • DNS ASK 99.##.#.10.in-addr.arpa
  • DNS ASK 10#.##.#.10.in-addr.arpa
  • DNS ASK 11#.##.#.10.in-addr.arpa
  • DNS ASK 12#.##.#.10.in-addr.arpa
  • DNS ASK 13#.##.#.10.in-addr.arpa
  • DNS ASK 14#.##.#.10.in-addr.arpa
  • DNS ASK 15#.##.#.10.in-addr.arpa
  • DNS ASK 16#.##.#.10.in-addr.arpa
  • DNS ASK 17#.##.#.10.in-addr.arpa
  • DNS ASK 18#.##.#.10.in-addr.arpa
  • DNS ASK 19#.##.#.10.in-addr.arpa
  • DNS ASK 20#.##.#.10.in-addr.arpa
  • DNS ASK 21#.##.#.10.in-addr.arpa
  • DNS ASK 22#.##.#.10.in-addr.arpa
  • DNS ASK 23#.##.#.10.in-addr.arpa
  • DNS ASK 24#.##.#.10.in-addr.arpa
  • DNS ASK 25#.##.#.10.in-addr.arpa
  • DNS ASK 0.#.#.#24.in-addr.arpa
  • DNS ASK 1.#.#.#24.in-addr.arpa
  • DNS ASK 2.#.#.#24.in-addr.arpa
  • DNS ASK 3.#.#.#24.in-addr.arpa
  • DNS ASK 4.#.#.#24.in-addr.arpa
  • DNS ASK 5.#.#.#24.in-addr.arpa
  • DNS ASK 6.#.#.#24.in-addr.arpa
  • DNS ASK 7.#.#.#24.in-addr.arpa
  • DNS ASK 8.#.#.#24.in-addr.arpa
  • DNS ASK 9.#.#.#24.in-addr.arpa
  • DNS ASK 10.#.#.224.in-addr.arpa
  • DNS ASK 11.#.#.224.in-addr.arpa
  • DNS ASK 12.#.#.224.in-addr.arpa
  • DNS ASK 13.#.#.224.in-addr.arpa
  • DNS ASK 14.#.#.224.in-addr.arpa
  • DNS ASK 15.#.#.224.in-addr.arpa
  • DNS ASK 16.#.#.224.in-addr.arpa
  • DNS ASK 17.#.#.224.in-addr.arpa
  • DNS ASK 18.#.#.224.in-addr.arpa
  • DNS ASK 19.#.#.224.in-addr.arpa
  • DNS ASK 20.#.#.224.in-addr.arpa
  • DNS ASK 21.#.#.224.in-addr.arpa
  • DNS ASK 22.#.#.224.in-addr.arpa
  • DNS ASK 23.#.#.224.in-addr.arpa
  • DNS ASK 24.#.#.224.in-addr.arpa
  • DNS ASK 25.#.#.224.in-addr.arpa
  • DNS ASK 26.#.#.224.in-addr.arpa
  • DNS ASK 27.#.#.224.in-addr.arpa
  • DNS ASK 28.#.#.224.in-addr.arpa
  • DNS ASK 29.#.#.224.in-addr.arpa
  • DNS ASK 30.#.#.224.in-addr.arpa
  • DNS ASK 31.#.#.224.in-addr.arpa
  • DNS ASK 32.#.#.224.in-addr.arpa
  • DNS ASK 33.#.#.224.in-addr.arpa
  • DNS ASK 34.#.#.224.in-addr.arpa
  • DNS ASK 35.#.#.224.in-addr.arpa
  • DNS ASK 36.#.#.224.in-addr.arpa
  • DNS ASK 37.#.#.224.in-addr.arpa
  • DNS ASK 38.#.#.224.in-addr.arpa
  • DNS ASK 39.#.#.224.in-addr.arpa
  • DNS ASK 40.#.#.224.in-addr.arpa
  • DNS ASK 41.#.#.224.in-addr.arpa
  • DNS ASK 42.#.#.224.in-addr.arpa
  • DNS ASK 43.#.#.224.in-addr.arpa
  • DNS ASK 44.#.#.224.in-addr.arpa
  • DNS ASK 45.#.#.224.in-addr.arpa
  • DNS ASK 46.#.#.224.in-addr.arpa
  • DNS ASK 47.#.#.224.in-addr.arpa
  • DNS ASK 48.#.#.224.in-addr.arpa
  • DNS ASK 49.#.#.224.in-addr.arpa
  • DNS ASK 50.#.#.224.in-addr.arpa
  • DNS ASK 51.#.#.224.in-addr.arpa
  • DNS ASK 52.#.#.224.in-addr.arpa
  • DNS ASK 53.#.#.224.in-addr.arpa
  • DNS ASK 54.#.#.224.in-addr.arpa
  • DNS ASK 55.#.#.224.in-addr.arpa
  • DNS ASK 56.#.#.224.in-addr.arpa
  • DNS ASK 57.#.#.224.in-addr.arpa
  • DNS ASK 58.#.#.224.in-addr.arpa
  • DNS ASK 59.#.#.224.in-addr.arpa
  • DNS ASK 60.#.#.224.in-addr.arpa
  • DNS ASK 61.#.#.224.in-addr.arpa
  • DNS ASK 62.#.#.224.in-addr.arpa
  • DNS ASK 63.#.#.224.in-addr.arpa
  • DNS ASK 64.#.#.224.in-addr.arpa
  • DNS ASK 65.#.#.224.in-addr.arpa
  • DNS ASK 66.#.#.224.in-addr.arpa
  • DNS ASK 67.#.#.224.in-addr.arpa
  • DNS ASK 68.#.#.224.in-addr.arpa
  • DNS ASK 69.#.#.224.in-addr.arpa
  • DNS ASK 70.#.#.224.in-addr.arpa
  • DNS ASK 71.#.#.224.in-addr.arpa
  • DNS ASK 72.#.#.224.in-addr.arpa
  • DNS ASK 73.#.#.224.in-addr.arpa
  • DNS ASK 74.#.#.224.in-addr.arpa
  • DNS ASK 75.#.#.224.in-addr.arpa
  • DNS ASK 76.#.#.224.in-addr.arpa
  • DNS ASK 77.#.#.224.in-addr.arpa
  • DNS ASK 78.#.#.224.in-addr.arpa
  • DNS ASK 79.#.#.224.in-addr.arpa
  • DNS ASK 80.#.#.224.in-addr.arpa
  • DNS ASK 81.#.#.224.in-addr.arpa
  • DNS ASK 82.#.#.224.in-addr.arpa
  • DNS ASK 83.#.#.224.in-addr.arpa
  • DNS ASK 84.#.#.224.in-addr.arpa
  • DNS ASK 85.#.#.224.in-addr.arpa
  • DNS ASK 86.#.#.224.in-addr.arpa
  • DNS ASK 87.#.#.224.in-addr.arpa
  • DNS ASK 88.#.#.224.in-addr.arpa
  • DNS ASK 89.#.#.224.in-addr.arpa
  • DNS ASK 90.#.#.224.in-addr.arpa
  • DNS ASK 91.#.#.224.in-addr.arpa
  • DNS ASK 92.#.#.224.in-addr.arpa
  • DNS ASK 93.#.#.224.in-addr.arpa
  • DNS ASK 94.#.#.224.in-addr.arpa
  • DNS ASK 95.#.#.224.in-addr.arpa
  • DNS ASK 96.#.#.224.in-addr.arpa
  • DNS ASK 97.#.#.224.in-addr.arpa
  • DNS ASK 98.#.#.224.in-addr.arpa
  • DNS ASK 99.#.#.224.in-addr.arpa
  • DNS ASK 10#.#.#.224.in-addr.arpa
  • DNS ASK 11#.#.#.224.in-addr.arpa
  • DNS ASK 12#.#.#.224.in-addr.arpa
  • DNS ASK 13#.#.#.224.in-addr.arpa
  • DNS ASK 14#.#.#.224.in-addr.arpa
  • DNS ASK 15#.#.#.224.in-addr.arpa
  • DNS ASK 16#.#.#.224.in-addr.arpa
  • DNS ASK 17#.#.#.224.in-addr.arpa
  • DNS ASK 18#.#.#.224.in-addr.arpa
  • DNS ASK 19#.#.#.224.in-addr.arpa
  • DNS ASK 20#.#.#.224.in-addr.arpa
  • DNS ASK 21#.#.#.224.in-addr.arpa
  • DNS ASK 22#.#.#.224.in-addr.arpa
  • DNS ASK 23#.#.#.224.in-addr.arpa
  • DNS ASK 24#.#.#.224.in-addr.arpa
  • DNS ASK 25#.#.#.224.in-addr.arpa
  • DNS ASK 0.###.##5.239.in-addr.arpa
  • DNS ASK 1.###.##5.239.in-addr.arpa
  • DNS ASK 2.###.##5.239.in-addr.arpa
  • DNS ASK 3.###.##5.239.in-addr.arpa
  • DNS ASK 4.###.##5.239.in-addr.arpa
  • DNS ASK 5.###.##5.239.in-addr.arpa
  • DNS ASK 6.###.##5.239.in-addr.arpa
  • DNS ASK 7.###.##5.239.in-addr.arpa
  • DNS ASK 8.###.##5.239.in-addr.arpa
  • DNS ASK 9.###.##5.239.in-addr.arpa
  • DNS ASK 10.###.#55.239.in-addr.arpa
  • DNS ASK 11.###.#55.239.in-addr.arpa
  • DNS ASK 12.###.#55.239.in-addr.arpa
  • DNS ASK 13.###.#55.239.in-addr.arpa
  • DNS ASK 14.###.#55.239.in-addr.arpa
  • DNS ASK 15.###.#55.239.in-addr.arpa
  • DNS ASK 16.###.#55.239.in-addr.arpa
  • DNS ASK 17.###.#55.239.in-addr.arpa
  • DNS ASK 18.###.#55.239.in-addr.arpa
  • DNS ASK 19.###.#55.239.in-addr.arpa
  • DNS ASK 20.###.#55.239.in-addr.arpa
  • DNS ASK 21.###.#55.239.in-addr.arpa
  • DNS ASK 22.###.#55.239.in-addr.arpa
  • DNS ASK 23.###.#55.239.in-addr.arpa
  • DNS ASK 24.###.#55.239.in-addr.arpa
  • DNS ASK 25.###.#55.239.in-addr.arpa
  • DNS ASK 26.###.#55.239.in-addr.arpa
  • DNS ASK 27.###.#55.239.in-addr.arpa
  • DNS ASK 28.###.#55.239.in-addr.arpa
  • DNS ASK 29.###.#55.239.in-addr.arpa
  • DNS ASK 30.###.#55.239.in-addr.arpa
  • DNS ASK 31.###.#55.239.in-addr.arpa
  • DNS ASK 32.###.#55.239.in-addr.arpa
  • DNS ASK 33.###.#55.239.in-addr.arpa
  • DNS ASK 34.###.#55.239.in-addr.arpa
  • DNS ASK 35.###.#55.239.in-addr.arpa
  • DNS ASK 36.###.#55.239.in-addr.arpa
  • DNS ASK 37.###.#55.239.in-addr.arpa
  • DNS ASK 38.###.#55.239.in-addr.arpa
  • DNS ASK 39.###.#55.239.in-addr.arpa
  • DNS ASK 40.###.#55.239.in-addr.arpa
  • DNS ASK 41.###.#55.239.in-addr.arpa
  • DNS ASK 42.###.#55.239.in-addr.arpa
  • DNS ASK 43.###.#55.239.in-addr.arpa
  • DNS ASK 44.###.#55.239.in-addr.arpa
  • DNS ASK 45.###.#55.239.in-addr.arpa
  • DNS ASK 46.###.#55.239.in-addr.arpa
  • DNS ASK 47.###.#55.239.in-addr.arpa
  • DNS ASK 48.###.#55.239.in-addr.arpa
  • DNS ASK 49.###.#55.239.in-addr.arpa
  • DNS ASK 50.###.#55.239.in-addr.arpa
  • DNS ASK 51.###.#55.239.in-addr.arpa
  • DNS ASK 52.###.#55.239.in-addr.arpa
  • DNS ASK 53.###.#55.239.in-addr.arpa
  • DNS ASK 54.###.#55.239.in-addr.arpa
  • DNS ASK 55.###.#55.239.in-addr.arpa
  • DNS ASK 56.###.#55.239.in-addr.arpa
  • DNS ASK 57.###.#55.239.in-addr.arpa
  • DNS ASK 58.###.#55.239.in-addr.arpa
  • DNS ASK 59.###.#55.239.in-addr.arpa
  • DNS ASK 60.###.#55.239.in-addr.arpa
  • DNS ASK 61.###.#55.239.in-addr.arpa
  • DNS ASK 62.###.#55.239.in-addr.arpa
  • DNS ASK 63.###.#55.239.in-addr.arpa
  • DNS ASK 64.###.#55.239.in-addr.arpa
  • DNS ASK 65.###.#55.239.in-addr.arpa
  • DNS ASK 66.###.#55.239.in-addr.arpa
  • DNS ASK 67.###.#55.239.in-addr.arpa
  • DNS ASK 68.###.#55.239.in-addr.arpa
  • DNS ASK 69.###.#55.239.in-addr.arpa
  • DNS ASK 70.###.#55.239.in-addr.arpa
  • DNS ASK 71.###.#55.239.in-addr.arpa
  • DNS ASK 72.###.#55.239.in-addr.arpa
  • DNS ASK 73.###.#55.239.in-addr.arpa
  • DNS ASK 74.###.#55.239.in-addr.arpa
  • DNS ASK 75.###.#55.239.in-addr.arpa
  • DNS ASK 76.###.#55.239.in-addr.arpa
  • DNS ASK 77.###.#55.239.in-addr.arpa
  • DNS ASK 78.###.#55.239.in-addr.arpa
  • DNS ASK 79.###.#55.239.in-addr.arpa
  • DNS ASK 80.###.#55.239.in-addr.arpa
  • DNS ASK 81.###.#55.239.in-addr.arpa
  • DNS ASK 82.###.#55.239.in-addr.arpa
  • DNS ASK 83.###.#55.239.in-addr.arpa
  • DNS ASK 84.###.#55.239.in-addr.arpa
  • DNS ASK 85.###.#55.239.in-addr.arpa
  • DNS ASK 86.###.#55.239.in-addr.arpa
  • DNS ASK 87.###.#55.239.in-addr.arpa
  • DNS ASK 88.###.#55.239.in-addr.arpa
  • DNS ASK 89.###.#55.239.in-addr.arpa
  • DNS ASK 90.###.#55.239.in-addr.arpa
  • DNS ASK 91.###.#55.239.in-addr.arpa
  • DNS ASK 92.###.#55.239.in-addr.arpa
  • DNS ASK 93.###.#55.239.in-addr.arpa
  • DNS ASK 94.###.#55.239.in-addr.arpa
  • DNS ASK 95.###.#55.239.in-addr.arpa
  • DNS ASK 96.###.#55.239.in-addr.arpa
  • DNS ASK 97.###.#55.239.in-addr.arpa
  • DNS ASK 98.###.#55.239.in-addr.arpa
  • DNS ASK 99.###.#55.239.in-addr.arpa
  • DNS ASK 10#.###.#55.239.in-addr.arpa
  • DNS ASK 11#.###.#55.239.in-addr.arpa
  • DNS ASK 12#.###.#55.239.in-addr.arpa
  • DNS ASK 13#.###.#55.239.in-addr.arpa
  • DNS ASK 14#.###.#55.239.in-addr.arpa
  • DNS ASK 15#.###.#55.239.in-addr.arpa
  • DNS ASK 16#.###.#55.239.in-addr.arpa
  • DNS ASK 17#.###.#55.239.in-addr.arpa
  • DNS ASK 18#.###.#55.239.in-addr.arpa
  • DNS ASK 19#.###.#55.239.in-addr.arpa
  • DNS ASK 20#.###.#55.239.in-addr.arpa
  • DNS ASK 21#.###.#55.239.in-addr.arpa
  • DNS ASK 22#.###.#55.239.in-addr.arpa
Miscellaneous
Executes the following
  • '<SYSTEM32>\cmd.exe' /c "vssadmin delete shadows /all /quiet"
  • '<SYSTEM32>\cmd.exe' /c "wbadmin DELETE SYSTEMSTATEBACKUP -keepVersions:0"
  • '<SYSTEM32>\cmd.exe' /c "wbadmin DELETE BACKUP -keepVersions:0"
  • '<SYSTEM32>\cmd.exe' /c "wmic SHADOWCOPY DELETE"
  • '<SYSTEM32>\cmd.exe' /c "bcdedit /set {default} recoveryenabled No"
  • '<SYSTEM32>\wbadmin.exe' DELETE SYSTEMSTATEBACKUP -keepVersions:0
  • '<SYSTEM32>\cmd.exe' /c "bcdedit /set {default} bootstatuspolicy ignoreallfailures"
  • '<SYSTEM32>\wbadmin.exe' DELETE BACKUP -keepVersions:0
  • '<SYSTEM32>\bcdedit.exe' /set {default} bootstatuspolicy ignoreallfailures
  • '<SYSTEM32>\wbengine.exe'
  • '<SYSTEM32>\vds.exe'
  • '<SYSTEM32>\cmd.exe' /c "vssadmin delete shadows /all /quiet"' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c "wbadmin DELETE SYSTEMSTATEBACKUP -keepVersions:0"' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c "wbadmin DELETE BACKUP -keepVersions:0"' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c "wmic SHADOWCOPY DELETE"' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c "bcdedit /set {default} recoveryenabled No"' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c "bcdedit /set {default} bootstatuspolicy ignoreallfailures"' (with hidden window)

Рекомендации по лечению

  1. В случае если операционная система способна загрузиться (в штатном режиме или режиме защиты от сбоев), скачайте лечащую утилиту Dr.Web CureIt! и выполните с ее помощью полную проверку вашего компьютера, а также используемых вами переносных носителей информации.
  2. Если загрузка операционной системы невозможна, измените настройки BIOS вашего компьютера, чтобы обеспечить возможность загрузки ПК с компакт-диска или USB-накопителя. Скачайте образ аварийного диска восстановления системы Dr.Web® LiveDisk или утилиту записи Dr.Web® LiveDisk на USB-накопитель, подготовьте соответствующий носитель. Загрузив компьютер с использованием данного носителя, выполните его полную проверку и лечение обнаруженных угроз.
Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Выполните полную проверку системы с использованием Антивируса Dr.Web Light для macOS. Данный продукт можно загрузить с официального сайта Apple App Store.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Скачать Dr.Web с Apple Store

На загруженной ОС выполните полную проверку всех дисковых разделов с использованием продукта Антивирус Dr.Web для Linux.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

  1. Если мобильное устройство функционирует в штатном режиме, загрузите и установите на него бесплатный антивирусный продукт Dr.Web для Android Light. Выполните полную проверку системы и используйте рекомендации по нейтрализации обнаруженных угроз.
  2. Если мобильное устройство заблокировано троянцем-вымогателем семейства Android.Locker (на экране отображается обвинение в нарушении закона, требование выплаты определенной денежной суммы или иное сообщение, мешающее нормальной работе с устройством), выполните следующие действия:
    • загрузите свой смартфон или планшет в безопасном режиме (в зависимости от версии операционной системы и особенностей конкретного мобильного устройства эта процедура может быть выполнена различными способами; обратитесь за уточнением к инструкции, поставляемой вместе с приобретенным аппаратом, или напрямую к его производителю);
    • после активации безопасного режима установите на зараженное устройство бесплатный антивирусный продукт Dr.Web для Android Light и произведите полную проверку системы, выполнив рекомендации по нейтрализации обнаруженных угроз;
    • выключите устройство и включите его в обычном режиме.

Подробнее о Dr.Web для Android

Демо бесплатно на 14 дней

Выдаётся при установке

Скачать с сайта
Скачать с Google Play