PARA USUARIOS

Cerrar

Mi biblioteca
Mi biblioteca

+ Añadir a la biblioteca

Buscar
Buscar

Soporte
Soporte 24 horas | Normas de contactar

Escribir

una solicitud al rellenar un formulario

Llamar

+7 (495) 789-45-86

Foro

Sus solicitudes

Crear una nueva solicitud

Llamar

+7 (495) 789-45-86

Perfil

ES

RU CN DE EN ES FR IT JP KZ UZ PL BY
Cerrar
Servicios
Escáneres
Dr.Web vxCube
Demo
Peritaje de IIV
Biblioteca de virus
Base de conocimiento

Tecnologías

Términos

Formación y educación

Mitos

Noticias

Trojan.KillFiles.62195

Added to the Dr.Web virus database: 2018-01-14

Virus description added:

Technical Information

To ensure autorun and distribution:
Creates or modifies the following files:
  • %WINDIR%\system.ini
Creates the following files on removable media:
  • <Drive name for removable media>:\FILE1.[maykolin1234@aol.com]
  • <Drive name for removable media>:\README.maykolin1234@aol.com.txt
Malicious functions:
To complicate detection of its presence in the operating system,
deletes volume shadow copies.
Modifies file system:
Creates the following files:
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcirt.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcirt.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll.[maykolin1234@aol.com]
  • %WINDIR%\XXInstall\Scripts\WindowsKiller.ini.[maykolin1234@aol.com]
  • <WINDOWS_KILLER>.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc0\rtcres.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2180.cat.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3\7.0.2600.2180.Policy.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3\7.0.2600.2180.cat.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2180.Policy.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\5.2.2.3.cat.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f\5.2.2.3.Policy.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f\5.2.2.3.cat.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.42.policy.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.42.cat.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.3053.policy.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.762.cat.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_x-ww_5f0bbcff\8.0.50727.762.policy.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_x-ww_5f0bbcff\8.0.50727.762.cat.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.762.policy.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\5.2.2.3.Policy.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7.Manifest.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7.cat.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Manifests\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5.manifest.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Manifests\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474.cat.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Manifests\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca.manifest.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Manifests\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca.cat.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Manifests\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474.manifest.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac\1.0.2600.2180.cat.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510\5.1.2600.2000.Policy.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510\5.1.2600.2000.cat.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac\1.0.2600.2180.Policy.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Manifests\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e.manifest.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\Microsoft.Workflow.Compiler.exe.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\msvcp60.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42u.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_x-ww_6ad67377\9.0.30729.4148.cat.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_x-ww_4ee8bb30\9.0.30729.4148.policy.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_x-ww_4ee8bb30\9.0.30729.4148.cat.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_x-ww_6ad67377\9.0.30729.4148.policy.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\atl.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_x-ww_b8438ace\9.0.30729.4148.cat.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_x-ww_0f75c32e\8.0.50727.762.cat.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_x-ww_7d81c9f9\8.0.50727.762.policy.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_x-ww_7d81c9f9\8.0.50727.762.cat.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_x-ww_0f75c32e\8.0.50727.762.policy.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.3053.cat.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_x-ww_caeee150\8.0.50727.762.policy.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_x-ww_caeee150\8.0.50727.762.cat.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-ww_b7353f75\9.0.21022.8.policy.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-ww_b7353f75\9.0.21022.8.cat.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_x-ww_b8438ace\9.0.30729.4148.policy.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-ww_b7353f75\9.0.30729.4148.cat.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_x-ww_9e7eb501\9.0.30729.4148.policy.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_x-ww_9e7eb501\9.0.30729.4148.cat.[maykolin1234@aol.com]
  • %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-ww_b7353f75\9.0.30729.4148.policy.[maykolin1234@aol.com]
  • %WINDIR%\XXInstall\Scripts\taskmgr.reg.[maykolin1234@aol.com]
  • %WINDIR%\Rhododendron.bmp.[maykolin1234@aol.com]
  • %WINDIR%\regopt.log.[maykolin1234@aol.com]
  • %WINDIR%\REGLOCS.OLD.[maykolin1234@aol.com]
  • %WINDIR%\River Sumida.bmp.[maykolin1234@aol.com]
  • %WINDIR%\SET3.tmp.[maykolin1234@aol.com]
  • %WINDIR%\sessmgr.setup.log.[maykolin1234@aol.com]
  • %WINDIR%\Santa Fe Stucco.bmp.[maykolin1234@aol.com]
  • %WINDIR%\ODBCINST.INI.[maykolin1234@aol.com]
  • %WINDIR%\ocmsn.log.[maykolin1234@aol.com]
  • %WINDIR%\ocgen.log.[maykolin1234@aol.com]
  • %WINDIR%\hh.exe.new
  • %WINDIR%\regedit.exe.[maykolin1234@aol.com]
  • %WINDIR%\Prairie Wind.bmp.[maykolin1234@aol.com]
  • %WINDIR%\OEWABLog.txt.[maykolin1234@aol.com]
  • %WINDIR%\SET4.tmp.[maykolin1234@aol.com]
  • %WINDIR%\TASKMAN.EXE.[maykolin1234@aol.com]
  • %WINDIR%\tabletoc.log.[maykolin1234@aol.com]
  • %WINDIR%\spupdsvc.log.[maykolin1234@aol.com]
  • %WINDIR%\notepad.exe.new
  • %WINDIR%\regedit.exe.new
  • <SYSTEM32>\dllcache\hh.exe.new
  • %WINDIR%\tsoc.log.[maykolin1234@aol.com]
  • %WINDIR%\setupapi.log.[maykolin1234@aol.com]
  • %WINDIR%\setupact.log.[maykolin1234@aol.com]
  • %WINDIR%\SET8.tmp.[maykolin1234@aol.com]
  • %WINDIR%\setuplog.txt.[maykolin1234@aol.com]
  • %WINDIR%\Soap Bubbles.bmp.[maykolin1234@aol.com]
  • %WINDIR%\sleep.exe.[maykolin1234@aol.com]
  • %WINDIR%\sfk.exe.[maykolin1234@aol.com]
  • %WINDIR%\COM+.log.[maykolin1234@aol.com]
  • %WINDIR%\Coffee Bean.bmp.[maykolin1234@aol.com]
  • %WINDIR%\clock.avi.[maykolin1234@aol.com]
  • %WINDIR%\comsetup.log.[maykolin1234@aol.com]
  • %WINDIR%\FaxSetup.log.[maykolin1234@aol.com]
  • <Current directory>\del0.txt
  • %WINDIR%\explorer.exe.[maykolin1234@aol.com]
  • C:\temp0.tmp
  • <Current directory>\crypt2.txt
  • <Current directory>\crypt0.txt
  • <Current directory>\errors0.txt
  • %WINDIR%\bootstat.dat.[maykolin1234@aol.com]
  • %WINDIR%\Blue Lace 16.bmp.[maykolin1234@aol.com]
  • C:\startup_local.bat.[maykolin1234@aol.com]
  • %WINDIR%\FeatherTexture.bmp.[maykolin1234@aol.com]
  • %WINDIR%\msgsocm.log.[maykolin1234@aol.com]
  • %WINDIR%\msdfmap.ini.[maykolin1234@aol.com]
  • %WINDIR%\MedCtrOC.log.[maykolin1234@aol.com]
  • %WINDIR%\msmqinst.log.[maykolin1234@aol.com]
  • %WINDIR%\ntdtcsetup.log.[maykolin1234@aol.com]
  • %WINDIR%\NOTEPAD.EXE.[maykolin1234@aol.com]
  • %WINDIR%\netfxocm.log.[maykolin1234@aol.com]
  • %WINDIR%\hh.exe.[maykolin1234@aol.com]
  • %WINDIR%\Greenstone.bmp.[maykolin1234@aol.com]
  • %WINDIR%\Gone Fishing.bmp.[maykolin1234@aol.com]
  • %WINDIR%\iis6.log.[maykolin1234@aol.com]
  • %WINDIR%\KB942288-v3.log.[maykolin1234@aol.com]
  • %WINDIR%\imsins.log.[maykolin1234@aol.com]
  • %WINDIR%\imsins.BAK.[maykolin1234@aol.com]
  • %WINDIR%\XXInstall\Scripts\apply_theme.vbs.[maykolin1234@aol.com]
  • %WINDIR%\XXInstall\Scripts\antivm.exe.[maykolin1234@aol.com]
  • <SYSTEM32>\dllcache\taskman.exe.new
  • %WINDIR%\XXInstall\Scripts\bcode-start-stop.vbs.[maykolin1234@aol.com]
  • %WINDIR%\XXInstall\Scripts\eventmon-setup.vbs.[maykolin1234@aol.com]
  • %WINDIR%\XXInstall\Scripts\CompleteDump.reg.[maykolin1234@aol.com]
  • %WINDIR%\XXInstall\Scripts\bcode-stop.vbs.[maykolin1234@aol.com]
  • %WINDIR%\twunk_16.exe.new
  • %WINDIR%\twain_32.dll.new
  • %WINDIR%\twain.dll.new
  • %WINDIR%\twunk_32.exe.new
  • %WINDIR%\winhlp32.exe.new
  • %WINDIR%\winhelp.exe.new
  • %WINDIR%\vmmreg32.dll.new
  • %WINDIR%\XXInstall\Scripts\eventmon-startlog.vbs.[maykolin1234@aol.com]
  • <SYSTEM32>\dllcache\winhelp.exe.new
  • <SYSTEM32>\dllcache\vmmreg32.dll.new
  • <SYSTEM32>\dllcache\twunk_32.exe.new
  • <SYSTEM32>\dllcache\winhlp32.exe.new
  • %WINDIR%\XXInstall\Scripts\startup_bsod.bat.[maykolin1234@aol.com]
  • %WINDIR%\XXInstall\Scripts\smart_assembly_fix.reg.[maykolin1234@aol.com]
  • %WINDIR%\XXInstall\Scripts\prefs.js.[maykolin1234@aol.com]
  • %WINDIR%\XXInstall\Scripts\kill_windows.vbs.[maykolin1234@aol.com]
  • %WINDIR%\XXInstall\Scripts\kill_saves.vbs.[maykolin1234@aol.com]
  • %WINDIR%\XXInstall\Scripts\KernelDump.reg.[maykolin1234@aol.com]
  • %WINDIR%\XXInstall\Scripts\LanDisabler.vbs.[maykolin1234@aol.com]
  • <SYSTEM32>\dllcache\twunk_16.exe.new
  • <SYSTEM32>\dllcache\twain_32.dll.new
  • <SYSTEM32>\dllcache\twain.dll.new
  • %WINDIR%\winhelp.exe.[maykolin1234@aol.com]
  • %WINDIR%\WindowsUpdate.log.[maykolin1234@aol.com]
  • %WINDIR%\win.ini.[maykolin1234@aol.com]
  • %WINDIR%\winhlp32.exe.[maykolin1234@aol.com]
  • <SYSTEM32>\dllcache\notepad.exe.new
  • %WINDIR%\taskman.exe.new
  • %WINDIR%\wmsetup.log.[maykolin1234@aol.com]
  • %WINDIR%\twunk_16.exe.[maykolin1234@aol.com]
  • %WINDIR%\twain_32.dll.[maykolin1234@aol.com]
  • %WINDIR%\twain.dll.[maykolin1234@aol.com]
  • %WINDIR%\twunk_32.exe.[maykolin1234@aol.com]
  • %WINDIR%\wiadebug.log.[maykolin1234@aol.com]
  • %WINDIR%\vmmreg32.dll.[maykolin1234@aol.com]
  • %WINDIR%\updspapi.log.[maykolin1234@aol.com]
  • %WINDIR%\WMSysPr9.prx.[maykolin1234@aol.com]
  • %WINDIR%\XXInstall\install_small.bat.[maykolin1234@aol.com]
  • %WINDIR%\XXInstall\install_ar.bat.[maykolin1234@aol.com]
  • %WINDIR%\XXInstall\install.bat.[maykolin1234@aol.com]
  • %WINDIR%\XXInstall\ps.exe.[maykolin1234@aol.com]
  • <SYSTEM32>\dllcache\regedit.exe.new
  • %WINDIR%\XXInstall\vminstall.exe.[maykolin1234@aol.com]
  • %WINDIR%\XXInstall\screen.exe.[maykolin1234@aol.com]
  • %WINDIR%\XXInstall\cmdow.exe.[maykolin1234@aol.com]
  • %WINDIR%\_default.pif.[maykolin1234@aol.com]
  • %WINDIR%\Zapotec.bmp.[maykolin1234@aol.com]
  • %WINDIR%\XXInstall\devcon.exe.[maykolin1234@aol.com]
  • %WINDIR%\XXInstall\hashdeep.exe.[maykolin1234@aol.com]
  • %WINDIR%\XXInstall\exdir.exe.[maykolin1234@aol.com]
  • %WINDIR%\XXInstall\events.exe.[maykolin1234@aol.com]
Deletes the following files:
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
  • %WINDIR%\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
  • %WINDIR%\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
  • %WINDIR%\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcirt.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
  • %WINDIR%\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
  • %WINDIR%\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f\5.2.2.3.cat
  • %WINDIR%\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2180.Policy
  • %WINDIR%\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2180.cat
  • %WINDIR%\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\5.2.2.3.Policy
  • %WINDIR%\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\5.2.2.3.cat
  • %WINDIR%\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f\5.2.2.3.Policy
  • %WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_x-ww_5f0bbcff\8.0.50727.762.cat
  • %WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.762.policy
  • %WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.762.cat
  • %WINDIR%\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3\7.0.2600.2180.Policy
  • %WINDIR%\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3\7.0.2600.2180.cat
  • %WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_x-ww_5f0bbcff\8.0.50727.762.policy
  • %WINDIR%\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510\5.1.2600.2000.cat
  • %WINDIR%\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7.Manifest
  • %WINDIR%\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7.cat
  • %WINDIR%\WinSxS\Manifests\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5.manifest
  • %WINDIR%\WinSxS\Manifests\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca.cat
  • %WINDIR%\WinSxS\Manifests\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474.manifest
  • %WINDIR%\WinSxS\Manifests\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474.cat
  • %WINDIR%\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac\1.0.2600.2180.Policy
  • %WINDIR%\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac\1.0.2600.2180.cat
  • %WINDIR%\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510\5.1.2600.2000.Policy
  • %WINDIR%\WinSxS\Manifests\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e.manifest
  • %WINDIR%\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
  • %WINDIR%\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\Microsoft.Workflow.Compiler.exe
  • %WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.42.policy
  • %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_x-ww_b8438ace\9.0.30729.4148.cat
  • %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_x-ww_4ee8bb30\9.0.30729.4148.policy
  • %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_x-ww_4ee8bb30\9.0.30729.4148.cat
  • %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-ww_b7353f75\9.0.21022.8.policy
  • %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-ww_b7353f75\9.0.21022.8.cat
  • %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_x-ww_b8438ace\9.0.30729.4148.policy
  • %WINDIR%\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42u.dll
  • %WINDIR%\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42.dll
  • %WINDIR%\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\atl.dll
  • %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_x-ww_6ad67377\9.0.30729.4148.policy
  • %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_x-ww_6ad67377\9.0.30729.4148.cat
  • %WINDIR%\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\msvcp60.dll
  • %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-ww_b7353f75\9.0.30729.4148.cat
  • %WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_x-ww_caeee150\8.0.50727.762.policy
  • %WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_x-ww_caeee150\8.0.50727.762.cat
  • %WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_x-ww_0f75c32e\8.0.50727.762.policy
  • %WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.42.cat
  • %WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.3053.policy
  • %WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.3053.cat
  • %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_x-ww_9e7eb501\9.0.30729.4148.policy
  • %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_x-ww_9e7eb501\9.0.30729.4148.cat
  • %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-ww_b7353f75\9.0.30729.4148.policy
  • %WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_x-ww_0f75c32e\8.0.50727.762.cat
  • %WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_x-ww_7d81c9f9\8.0.50727.762.policy
  • %WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_x-ww_7d81c9f9\8.0.50727.762.cat
  • %WINDIR%\Santa Fe Stucco.bmp
  • %WINDIR%\River Sumida.bmp
  • %WINDIR%\Rhododendron.bmp
  • %WINDIR%\SET4.tmp
  • %WINDIR%\SET3.tmp
  • %WINDIR%\sessmgr.setup.log
  • %WINDIR%\Prairie Wind.bmp
  • %WINDIR%\OEWABLog.txt
  • %WINDIR%\ODBCINST.INI
  • %WINDIR%\regopt.log
  • %WINDIR%\REGLOCS.OLD
  • %WINDIR%\regedit.exe
  • %WINDIR%\SET8.tmp
  • %WINDIR%\TASKMAN.EXE
  • %WINDIR%\tabletoc.log
  • %WINDIR%\spupdsvc.log
  • %WINDIR%\twain_32.dll
  • %WINDIR%\twain.dll
  • %WINDIR%\tsoc.log
  • %WINDIR%\setuplog.txt
  • %WINDIR%\setupapi.log
  • %WINDIR%\setupact.log
  • %WINDIR%\Soap Bubbles.bmp
  • %WINDIR%\sleep.exe
  • %WINDIR%\sfk.exe
  • %WINDIR%\ocmsn.log
  • %WINDIR%\FaxSetup.log
  • %WINDIR%\explorer.exe
  • %WINDIR%\comsetup.log
  • %WINDIR%\Greenstone.bmp
  • %WINDIR%\Gone Fishing.bmp
  • %WINDIR%\FeatherTexture.bmp
  • %WINDIR%\bootstat.dat
  • %WINDIR%\Blue Lace 16.bmp
  • C:\temp0.tmp
  • %WINDIR%\COM+.log
  • %WINDIR%\Coffee Bean.bmp
  • %WINDIR%\clock.avi
  • %WINDIR%\hh.exe
  • %WINDIR%\netfxocm.log
  • %WINDIR%\msmqinst.log
  • %WINDIR%\msgsocm.log
  • %WINDIR%\ocgen.log
  • %WINDIR%\ntdtcsetup.log
  • %WINDIR%\NOTEPAD.EXE
  • %WINDIR%\imsins.log
  • %WINDIR%\imsins.BAK
  • %WINDIR%\iis6.log
  • %WINDIR%\msdfmap.ini
  • %WINDIR%\MedCtrOC.log
  • %WINDIR%\KB942288-v3.log
  • %WINDIR%\XXInstall\Scripts\LanDisabler.vbs
  • %WINDIR%\XXInstall\Scripts\kill_windows.vbs
  • %WINDIR%\XXInstall\Scripts\kill_saves.vbs
  • %WINDIR%\XXInstall\Scripts\startup_bsod.bat
  • %WINDIR%\XXInstall\Scripts\smart_assembly_fix.reg
  • %WINDIR%\XXInstall\Scripts\prefs.js
  • %WINDIR%\XXInstall\Scripts\CompleteDump.reg
  • %WINDIR%\XXInstall\Scripts\bcode-stop.vbs
  • %WINDIR%\XXInstall\Scripts\bcode-start-stop.vbs
  • %WINDIR%\XXInstall\Scripts\KernelDump.reg
  • %WINDIR%\XXInstall\Scripts\eventmon-startlog.vbs
  • %WINDIR%\XXInstall\Scripts\eventmon-setup.vbs
  • %WINDIR%\XXInstall\Scripts\taskmgr.reg
  • %WINDIR%\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll
  • %WINDIR%\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll
  • %WINDIR%\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll
  • %WINDIR%\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
  • %WINDIR%\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcirt.dll
  • %WINDIR%\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll
  • %WINDIR%\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
  • %WINDIR%\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
  • %WINDIR%\XXInstall\Scripts\WindowsKiller.ini
  • %WINDIR%\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc0\rtcres.dll
  • %WINDIR%\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
  • %WINDIR%\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
  • %WINDIR%\XXInstall\Scripts\apply_theme.vbs
  • %WINDIR%\winhlp32.exe
  • %WINDIR%\winhelp.exe
  • %WINDIR%\WindowsUpdate.log
  • %WINDIR%\Zapotec.bmp
  • %WINDIR%\WMSysPr9.prx
  • %WINDIR%\wmsetup.log
  • %WINDIR%\updspapi.log
  • %WINDIR%\twunk_32.exe
  • %WINDIR%\twunk_16.exe
  • %WINDIR%\win.ini
  • %WINDIR%\wiadebug.log
  • %WINDIR%\vmmreg32.dll
  • %WINDIR%\_default.pif
  • %WINDIR%\XXInstall\ps.exe
  • %WINDIR%\XXInstall\install_small.bat
  • %WINDIR%\XXInstall\install_ar.bat
  • %WINDIR%\XXInstall\Scripts\antivm.exe
  • %WINDIR%\XXInstall\vminstall.exe
  • %WINDIR%\XXInstall\screen.exe
  • %WINDIR%\XXInstall\events.exe
  • %WINDIR%\XXInstall\devcon.exe
  • %WINDIR%\XXInstall\cmdow.exe
  • %WINDIR%\XXInstall\install.bat
  • %WINDIR%\XXInstall\hashdeep.exe
  • %WINDIR%\XXInstall\exdir.exe
Moves the following system files:
  • from %WINDIR%\XXInstall\Scripts\ipv6_disable.reg to %WINDIR%\XXInstall\Scripts\ipv6_disable.reg.[maykolin1234@aol.com]
  • from %WINDIR%\XXInstall\Scripts\ncsi_disable.reg to %WINDIR%\XXInstall\Scripts\ncsi_disable.reg.[maykolin1234@aol.com]
  • from %WINDIR%\XXInstall\Scripts\noballon.reg to %WINDIR%\XXInstall\Scripts\noballon.reg.[maykolin1234@aol.com]
  • from %WINDIR%\wiaservc.log to %WINDIR%\wiaservc.log.[maykolin1234@aol.com]
  • from %WINDIR%\XXInstall\Scripts\antivm.bat to %WINDIR%\XXInstall\Scripts\antivm.bat.[maykolin1234@aol.com]
  • from %WINDIR%\XXInstall\Scripts\bcode-start.vbs to %WINDIR%\XXInstall\Scripts\bcode-start.vbs.[maykolin1234@aol.com]
  • from %WINDIR%\XXInstall\Scripts\reboot_on_bsod.reg to %WINDIR%\XXInstall\Scripts\reboot_on_bsod.reg.[maykolin1234@aol.com]
  • from %WINDIR%\XXInstall\Scripts\safely.reg to %WINDIR%\XXInstall\Scripts\safely.reg.[maykolin1234@aol.com]
  • from %WINDIR%\XXInstall\Scripts\startup_ar.bat to %WINDIR%\XXInstall\Scripts\startup_ar.bat.[maykolin1234@aol.com]
  • from %WINDIR%\XXInstall\Scripts\norun.reg to %WINDIR%\XXInstall\Scripts\norun.reg.[maykolin1234@aol.com]
  • from %WINDIR%\XXInstall\Scripts\not_collect_offline.reg to %WINDIR%\XXInstall\Scripts\not_collect_offline.reg.[maykolin1234@aol.com]
  • from %WINDIR%\XXInstall\Scripts\perf.reg to %WINDIR%\XXInstall\Scripts\perf.reg.[maykolin1234@aol.com]
  • from %WINDIR%\desktop.ini to %WINDIR%\desktop.ini.[maykolin1234@aol.com]
  • from %WINDIR%\DtcInstall.log to %WINDIR%\DtcInstall.log.[maykolin1234@aol.com]
  • from %WINDIR%\explorer.scf to %WINDIR%\explorer.scf.[maykolin1234@aol.com]
  • from %WINDIR%\0.log to %WINDIR%\0.log.[maykolin1234@aol.com]
  • from %WINDIR%\cmsetacl.log to %WINDIR%\cmsetacl.log.[maykolin1234@aol.com]
  • from %WINDIR%\control.ini to %WINDIR%\control.ini.[maykolin1234@aol.com]
  • from %WINDIR%\system.ini to %WINDIR%\system.ini.[maykolin1234@aol.com]
  • from %WINDIR%\vb.ini to %WINDIR%\vb.ini.[maykolin1234@aol.com]
  • from %WINDIR%\vbaddin.ini to %WINDIR%\vbaddin.ini.[maykolin1234@aol.com]
  • from %WINDIR%\nsreg.dat to %WINDIR%\nsreg.dat.[maykolin1234@aol.com]
  • from %WINDIR%\setuperr.log to %WINDIR%\setuperr.log.[maykolin1234@aol.com]
  • from %WINDIR%\Sti_Trace.log to %WINDIR%\Sti_Trace.log.[maykolin1234@aol.com]
Substitutes the following files:
  • <SYSTEM32>\dllcache\twunk_32.exe.new
  • <SYSTEM32>\dllcache\twunk_16.exe.new
  • <SYSTEM32>\dllcache\twain_32.dll.new
  • <SYSTEM32>\dllcache\winhlp32.exe.new
  • <SYSTEM32>\dllcache\winhelp.exe.new
  • <SYSTEM32>\dllcache\vmmreg32.dll.new
  • <SYSTEM32>\dllcache\notepad.exe.new
  • <SYSTEM32>\dllcache\hh.exe.new
  • C:\temp0.tmp
  • <SYSTEM32>\dllcache\twain.dll.new
  • <SYSTEM32>\dllcache\taskman.exe.new
  • <SYSTEM32>\dllcache\regedit.exe.new
Miscellaneous:
Executes the following:
  • '<SYSTEM32>\cmd.exe' /c vssadmin Delete Shadows /All /Quiet

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play