Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\backup.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\backup.exe
- hidden files
- file extensions
- Registry Editor (RegEdit)
- C:\Far2\Plugins\7-Zip\backup.exe C:\Far2\Plugins\7-Zip\
- %HOMEPATH%\Start Menu\Programs\Startup\backup.exe %HOMEPATH%\Start Menu\Programs\Startup\
- %HOMEPATH%\Start Menu\Programs\Accessories\Entertainment\backup.exe %HOMEPATH%\Start Menu\Programs\Accessories\Entertainment\
- C:\Far2\Plugins\backup.exe C:\Far2\Plugins\
- %CommonProgramFiles%\Microsoft Shared\DW\1028\backup.exe %CommonProgramFiles%\Microsoft Shared\DW\1028\
- %CommonProgramFiles%\Microsoft Shared\DW\1031\backup.exe %CommonProgramFiles%\Microsoft Shared\DW\1031\
- %CommonProgramFiles%\MSSoap\data.exe %CommonProgramFiles%\MSSoap\
- C:\Far2\Plugins\arclite\backup.exe C:\Far2\Plugins\arclite\
- %CommonProgramFiles%\Microsoft Shared\DW\1033\backup.exe %CommonProgramFiles%\Microsoft Shared\DW\1033\
- C:\Far2\Plugins\Align\backup.exe C:\Far2\Plugins\Align\
- %PROGRAM_FILES%\ComPlus Applications\backup.exe %PROGRAM_FILES%\ComPlus Applications\
- %HOMEPATH%\Start Menu\Programs\Accessories\Accessibility\backup.exe %HOMEPATH%\Start Menu\Programs\Accessories\Accessibility\
- C:\Far2\Documentation\rus\backup.exe C:\Far2\Documentation\rus\
- %HOMEPATH%\Start Menu\Programs\backup.exe %HOMEPATH%\Start Menu\Programs\
- %CommonProgramFiles%\Microsoft Shared\backup.exe %CommonProgramFiles%\Microsoft Shared\
- %HOMEPATH%\Start Menu\backup.exe %HOMEPATH%\Start Menu\
- C:\Far2\Documentation\eng\backup.exe C:\Far2\Documentation\eng\
- %CommonProgramFiles%\Microsoft Shared\DAO\backup.exe %CommonProgramFiles%\Microsoft Shared\DAO\
- C:\Far2\FExcept\backup.exe C:\Far2\FExcept\
- %CommonProgramFiles%\Microsoft Shared\DW\1025\data.exe %CommonProgramFiles%\Microsoft Shared\DW\1025\
- %CommonProgramFiles%\Microsoft Shared\DW\backup.exe %CommonProgramFiles%\Microsoft Shared\DW\
- C:\Far2\Encyclopedia\backup.exe C:\Far2\Encyclopedia\
- %HOMEPATH%\Start Menu\Programs\Accessories\backup.exe %HOMEPATH%\Start Menu\Programs\Accessories\
- %PROGRAM_FILES%\FireFox\backup.exe %PROGRAM_FILES%\FireFox\
- %CommonProgramFiles%\ODBC\backup.exe %CommonProgramFiles%\ODBC\
- %PROGRAM_FILES%\Internet Explorer\backup.exe %PROGRAM_FILES%\Internet Explorer\
- C:\Far2\PluginSDK\Headers.c\backup.exe C:\Far2\PluginSDK\Headers.c\
- %CommonProgramFiles%\Microsoft Shared\DW\1041\backup.exe %CommonProgramFiles%\Microsoft Shared\DW\1041\
- C:\Far2\Plugins\Colorer\backup.exe C:\Far2\Plugins\Colorer\
- %CommonProgramFiles%\Microsoft Shared\Speech\1033\backup.exe %CommonProgramFiles%\Microsoft Shared\Speech\1033\
- %PROGRAM_FILES%\FireFox\components\backup.exe %PROGRAM_FILES%\FireFox\components\
- %CommonProgramFiles%\Microsoft Shared\DW\1042\backup.exe %CommonProgramFiles%\Microsoft Shared\DW\1042\
- %PROGRAM_FILES%\FireFox\chrome\browser\content\backup.exe %PROGRAM_FILES%\FireFox\chrome\browser\content\
- %CommonProgramFiles%\MSSoap\Binaries\Resources\1033\backup.exe %CommonProgramFiles%\MSSoap\Binaries\Resources\1033\
- %WINDIR%\addins\backup.exe %WINDIR%\addins\
- %WINDIR%\backup.exe %WINDIR%\
- %CommonProgramFiles%\Microsoft Shared\MSInfo\backup.exe %CommonProgramFiles%\Microsoft Shared\MSInfo\
- %PROGRAM_FILES%\FireFox\chrome\backup.exe %PROGRAM_FILES%\FireFox\chrome\
- %CommonProgramFiles%\MSSoap\Binaries\System Restore.exe %CommonProgramFiles%\MSSoap\Binaries\
- %CommonProgramFiles%\Microsoft Shared\DW\1036\backup.exe %CommonProgramFiles%\Microsoft Shared\DW\1036\
- C:\Far2\Plugins\AutoWrap\backup.exe C:\Far2\Plugins\AutoWrap\
- %CommonProgramFiles%\Microsoft Shared\DW\1040\backup.exe %CommonProgramFiles%\Microsoft Shared\DW\1040\
- %CommonProgramFiles%\MSSoap\Binaries\Resources\backup.exe %CommonProgramFiles%\MSSoap\Binaries\Resources\
- %PROGRAM_FILES%\FireFox\chrome\browser\backup.exe %PROGRAM_FILES%\FireFox\chrome\browser\
- %CommonProgramFiles%\Microsoft Shared\Speech\backup.exe %CommonProgramFiles%\Microsoft Shared\Speech\
- C:\Far2\PluginSDK\backup.exe C:\Far2\PluginSDK\
- C:\Far2\Plugins\Brackets\backup.exe C:\Far2\Plugins\Brackets\
- C:\Far2\Addons\XLat\Russian\backup.exe C:\Far2\Addons\XLat\Russian\
- %ALLUSERSPROFILE%\Start Menu\Programs\backup.exe %ALLUSERSPROFILE%\Start Menu\Programs\
- %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\backup.exe %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\
- %ALLUSERSPROFILE%\Start Menu\backup.exe %ALLUSERSPROFILE%\Start Menu\
- %ALLUSERSPROFILE%\Documents\My Videos\backup.exe %ALLUSERSPROFILE%\Documents\My Videos\
- %ALLUSERSPROFILE%\Favorites\backup.exe %ALLUSERSPROFILE%\Favorites\
- %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Accessibility\update.exe %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Accessibility\
- %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Entertainment\backup.exe %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Entertainment\
- C:\Far2\Addons\backup.exe C:\Far2\Addons\
- %HOMEPATH%\backup.exe %HOMEPATH%\
- %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Communications\backup.exe %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Communications\
- C:\Far2\backup.exe C:\Far2\
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\backup.exe %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\
- %ALLUSERSPROFILE%\Desktop\backup.exe %ALLUSERSPROFILE%\Desktop\
- %ALLUSERSPROFILE%\Documents\backup.exe %ALLUSERSPROFILE%\Documents\
- %ALLUSERSPROFILE%\backup.exe %ALLUSERSPROFILE%\
- C:\backup.exe \
- C:\Documents and Settings\backup.exe C:\Documents and Settings\
- %ALLUSERSPROFILE%\Documents\My Music\backup.exe %ALLUSERSPROFILE%\Documents\My Music\
- %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\0338E140\backup.exe %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\0338E140\
- %ALLUSERSPROFILE%\Documents\My Pictures\backup.exe %ALLUSERSPROFILE%\Documents\My Pictures\
- %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\backup.exe %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\
- %ALLUSERSPROFILE%\Documents\My Music\My Playlists\backup.exe %ALLUSERSPROFILE%\Documents\My Music\My Playlists\
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\backup.exe %ALLUSERSPROFILE%\Documents\My Music\Sample Music\
- %HOMEPATH%\Cookies\backup.exe %HOMEPATH%\Cookies\
- C:\Far2\Addons\Shell\backup.exe C:\Far2\Addons\Shell\
- <Auxiliary element> <Auxiliary element>
- %HOMEPATH%\My Documents\My Music\backup.exe %HOMEPATH%\My Documents\My Music\
- %HOMEPATH%\My Documents\Downloads\backup.exe %HOMEPATH%\My Documents\Downloads\
- C:\Far2\Addons\SetUp\backup.exe C:\Far2\Addons\SetUp\
- %HOMEPATH%\My Documents\My Pictures\backup.exe %HOMEPATH%\My Documents\My Pictures\
- %HOMEPATH%\My Documents\My Received Files\backup.exe %HOMEPATH%\My Documents\My Received Files\
- %CommonProgramFiles%\backup.exe %CommonProgramFiles%\
- C:\Far2\Documentation\backup.exe C:\Far2\Documentation\
- %PROGRAM_FILES%\data.exe %PROGRAM_FILES%\
- C:\Far2\Addons\XLat\backup.exe C:\Far2\Addons\XLat\
- C:\Far2\Addons\Macros\backup.exe C:\Far2\Addons\Macros\
- %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools\backup.exe %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools\
- %HOMEPATH%\Favorites\backup.exe %HOMEPATH%\Favorites\
- C:\Far2\Addons\Colors\backup.exe C:\Far2\Addons\Colors\
- %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\System Tools\backup.exe %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\System Tools\
- %HOMEPATH%\Desktop\backup.exe %HOMEPATH%\Desktop\
- %ALLUSERSPROFILE%\Start Menu\Programs\Games\System Restore.exe %ALLUSERSPROFILE%\Start Menu\Programs\Games\
- C:\Far2\Addons\Colors\Default Highlighting\backup.exe C:\Far2\Addons\Colors\Default Highlighting\
- %HOMEPATH%\My Documents\backup.exe %HOMEPATH%\My Documents\
- %HOMEPATH%\Favorites\Links\backup.exe %HOMEPATH%\Favorites\Links\
- C:\Far2\Addons\Colors\Custom Highlighting\backup.exe C:\Far2\Addons\Colors\Custom Highlighting\
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\backup.exe %ALLUSERSPROFILE%\Start Menu\Programs\Startup\
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] 'NoFolderOptions' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFolderOptions' = '00000001'
- C:\Far2\Plugins\7-Zip\backup.exe
- %CommonProgramFiles%\Microsoft Shared\DW\1031\backup.exe
- C:\Far2\Plugins\Align\backup.exe
- C:\Far2\Plugins\backup.exe
- %CommonProgramFiles%\Microsoft Shared\DW\1028\backup.exe
- %HOMEPATH%\Start Menu\Programs\Accessories\Entertainment\backup.exe
- %CommonProgramFiles%\MSSoap\data.exe
- %PROGRAM_FILES%\FireFox\backup.exe
- %CommonProgramFiles%\Microsoft Shared\DW\1036\backup.exe
- %PROGRAM_FILES%\ComPlus Applications\backup.exe
- %CommonProgramFiles%\Microsoft Shared\DW\1033\backup.exe
- C:\Far2\Plugins\arclite\backup.exe
- %HOMEPATH%\Start Menu\Programs\Accessories\Accessibility\backup.exe
- %CommonProgramFiles%\Microsoft Shared\backup.exe
- %HOMEPATH%\Start Menu\Programs\backup.exe
- C:\Far2\Documentation\rus\backup.exe
- C:\Far2\Addons\XLat\Russian\backup.exe
- C:\Far2\Documentation\eng\backup.exe
- %HOMEPATH%\Start Menu\backup.exe
- %CommonProgramFiles%\Microsoft Shared\DW\backup.exe
- C:\Far2\FExcept\backup.exe
- %CommonProgramFiles%\Microsoft Shared\DW\1025\data.exe
- %CommonProgramFiles%\Microsoft Shared\DAO\backup.exe
- C:\Far2\Encyclopedia\backup.exe
- %HOMEPATH%\Start Menu\Programs\Accessories\backup.exe
- %CommonProgramFiles%\MSSoap\Binaries\System Restore.exe
- %PROGRAM_FILES%\Internet Explorer\backup.exe
- %PROGRAM_FILES%\FireFox\chrome\browser\content\backup.exe
- %WINDIR%\addins\backup.exe
- %CommonProgramFiles%\Microsoft Shared\Speech\1033\backup.exe
- %CommonProgramFiles%\MSSoap\Binaries\Resources\1033\backup.exe
- %CommonProgramFiles%\ODBC\backup.exe
- C:\Far2\PluginSDK\Headers.pas\backup.exe
- %CommonProgramFiles%\ODBC\Data Sources\backup.exe
- %PROGRAM_FILES%\Internet Explorer\Connection Wizard\backup.exe
- %CommonProgramFiles%\Microsoft Shared\DW\1042\backup.exe
- %PROGRAM_FILES%\FireFox\components\backup.exe
- C:\Far2\Plugins\Colorer\bin\backup.exe
- C:\Far2\Plugins\Colorer\backup.exe
- %CommonProgramFiles%\Microsoft Shared\DW\1040\backup.exe
- %CommonProgramFiles%\MSSoap\Binaries\Resources\backup.exe
- C:\Far2\Plugins\Brackets\backup.exe
- C:\Far2\Plugins\AutoWrap\backup.exe
- %PROGRAM_FILES%\FireFox\chrome\backup.exe
- %CommonProgramFiles%\Microsoft Shared\MSInfo\backup.exe
- %WINDIR%\backup.exe
- %CommonProgramFiles%\Microsoft Shared\DW\1041\backup.exe
- C:\Far2\PluginSDK\Headers.c\backup.exe
- C:\Far2\PluginSDK\backup.exe
- %CommonProgramFiles%\Microsoft Shared\Speech\backup.exe
- %PROGRAM_FILES%\FireFox\chrome\browser\backup.exe
- %CommonProgramFiles%\backup.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\backup.exe
- %ALLUSERSPROFILE%\Documents\My Videos\backup.exe
- %ALLUSERSPROFILE%\Favorites\backup.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\backup.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\0338E140\backup.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\backup.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Accessibility\update.exe
- <Current directory>\<Virus name>.zip
- %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Communications\backup.exe
- %ALLUSERSPROFILE%\Start Menu\backup.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\backup.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\backup.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\backup.exe
- <Current directory>\73a02856
- <Current directory>\<Virus name>.dat
- C:\backup.exe
- <Current directory>\backup.exe
- <Current directory>\temp.zip
- %ALLUSERSPROFILE%\Documents\backup.exe
- %ALLUSERSPROFILE%\Documents\My Music\backup.exe
- %ALLUSERSPROFILE%\Documents\My Music\My Playlists\backup.exe
- C:\Documents and Settings\backup.exe
- %ALLUSERSPROFILE%\backup.exe
- %ALLUSERSPROFILE%\Desktop\backup.exe
- C:\Far2\backup.exe
- C:\Far2\Addons\SetUp\backup.exe
- %HOMEPATH%\My Documents\My Music\backup.exe
- C:\Far2\Addons\Shell\backup.exe
- %HOMEPATH%\My Documents\backup.exe
- C:\Far2\Addons\Macros\backup.exe
- %HOMEPATH%\My Documents\Downloads\backup.exe
- %PROGRAM_FILES%\data.exe
- C:\Far2\Documentation\backup.exe
- %HOMEPATH%\My Documents\My Received Files\backup.exe
- <Auxiliary element>
- %HOMEPATH%\My Documents\My Pictures\backup.exe
- C:\Far2\Addons\XLat\backup.exe
- C:\Far2\Addons\Colors\Default Highlighting\backup.exe
- %HOMEPATH%\Cookies\backup.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\System Tools\backup.exe
- C:\Far2\Addons\Colors\backup.exe
- %HOMEPATH%\backup.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Entertainment\backup.exe
- C:\Far2\Addons\backup.exe
- C:\Far2\Addons\Colors\Custom Highlighting\backup.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Games\System Restore.exe
- %HOMEPATH%\Favorites\Links\backup.exe
- %HOMEPATH%\Desktop\backup.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools\backup.exe
- %HOMEPATH%\Favorites\backup.exe
- <Current directory>\<Virus name>.zip
- <Current directory>\temp.zip
- %TEMP%\~DF1F1D.tmp
- %TEMP%\~DFB4D.tmp
- %TEMP%\~DF9AD6.tmp
- %TEMP%\~DFFB76.tmp
- %TEMP%\~DF92FB.tmp
- %TEMP%\~DFCDE5.tmp
- %TEMP%\~DF87FA.tmp
- %TEMP%\~DFBD66.tmp
- %TEMP%\~DF3B82.tmp
- %TEMP%\~DF42B9.tmp
- %TEMP%\~DF8397.tmp
- %TEMP%\~DF6430.tmp
- %TEMP%\~DFEAEE.tmp
- %TEMP%\~DFC9C6.tmp
- %TEMP%\~DF780D.tmp
- %TEMP%\~DFA10D.tmp
- %TEMP%\~DF9A4B.tmp
- %TEMP%\~DF67AC.tmp
- %TEMP%\~DFC673.tmp
- %TEMP%\~DF7594.tmp
- %TEMP%\~DFA286.tmp
- %TEMP%\~DFD1D1.tmp
- %TEMP%\~DF9AC0.tmp
- %TEMP%\~DFED5F.tmp
- %TEMP%\~DFB8B8.tmp
- %TEMP%\~DF2AEA.tmp
- %TEMP%\~DF73E2.tmp
- %TEMP%\~DF6AED.tmp
- %TEMP%\~DF42D4.tmp
- %TEMP%\~DFEF84.tmp
- %TEMP%\~DF1784.tmp
- %TEMP%\~DF462D.tmp
- %TEMP%\~DFA745.tmp
- %TEMP%\~DF1DCA.tmp
- <Current directory>\<Virus name>.dat
- %TEMP%\~DF987.tmp
- %TEMP%\~DF98F5.tmp
- %TEMP%\~DF8257.tmp
- %TEMP%\~DF998C.tmp
- %TEMP%\~DF52BC.tmp
- %TEMP%\~DF6480.tmp
- %TEMP%\~DFB801.tmp
- %TEMP%\~DFD7C2.tmp
- <Current directory>\temp.zip
- %TEMP%\~DFABF2.tmp
- %TEMP%\~DFE530.tmp
- %TEMP%\~DFF857.tmp
- %TEMP%\~DFA0CE.tmp
- %TEMP%\~DFCB37.tmp
- %TEMP%\~DFA027.tmp
- %TEMP%\~DF1BD.tmp
- %TEMP%\~DFB9A0.tmp
- %TEMP%\~DFD9DC.tmp
- %TEMP%\~DFFEAC.tmp
- %TEMP%\~DF584B.tmp
- %TEMP%\~DF6313.tmp
- %TEMP%\~DF8AEB.tmp
- %TEMP%\~DF2832.tmp
- %TEMP%\~DFB91C.tmp
- %TEMP%\~DFE580.tmp
- %TEMP%\~DF4795.tmp
- %TEMP%\~DFBEC7.tmp
- %TEMP%\~DF3F41.tmp
- %TEMP%\~DF2E2D.tmp
- %TEMP%\~DFDEA0.tmp
- %TEMP%\~DF901.tmp
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ExploreWClass' WindowName: ''
- ClassName: 'CabinetWClass' WindowName: ''