PARA USUARIOS

Cerrar

Mi biblioteca
Mi biblioteca

+ Añadir a la biblioteca

Buscar
Buscar

Soporte
Soporte 24 horas | Normas de contactar

Escribir

una solicitud al rellenar un formulario

Llamar

+7 (495) 789-45-86

Foro

Sus solicitudes

Crear una nueva solicitud

Llamar

+7 (495) 789-45-86

Perfil

ES

RU CN DE EN ES FR IT JP KZ UZ PL BY
Cerrar
Servicios
Escáneres
Dr.Web vxCube
Demo
Peritaje de IIV
Biblioteca de virus
Base de conocimiento

Tecnologías

Términos

Formación y educación

Mitos

Noticias

Win32.HLLW.Autoruner1.23692

Added to the Dr.Web virus database: 2012-07-21

Virus description added:

Technical Information

To ensure autorun and distribution:
Modifies the following registry keys:
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Explorer' = '<DRIVERS>\svchosL.exe'
Creates or modifies the following files:
  • %WINDIR%\Tasks\SA.DAT
Creates the following files on removable media:
  • <Drive name for removable media>:\autorun.inf
  • <Drive name for removable media>:\ЎЎЎЎЎЎ.exe
Malicious functions:
To complicate detection of its presence in the operating system,
forces the system hide from view:
  • hidden files
Creates and executes the following:
  • <DRIVERS>\svchosL.exe
Executes the following:
  • <SYSTEM32>\cmd.exe /c %TEMP%\del17$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del10$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del53$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del5$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del46$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del81$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del45$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del3$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del21$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del78$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del8$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del66$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del32$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del27$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del62$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del55$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del23$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del80$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del20$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del93$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del51$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del88$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del34$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del70$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del94$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del63$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del16$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del49$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del97$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del82$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del57$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del86$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del60$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del96$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del1$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del90$$.bat
  • <SYSTEM32>\net1.exe share A$ /del /y
  • <SYSTEM32>\cmd.exe /c %TEMP%\del14$$.bat
  • <SYSTEM32>\net1.exe share C$ /del /y
  • <SYSTEM32>\net1.exe share admin$ /del /y
  • <SYSTEM32>\cmd.exe /c %TEMP%\del52$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del79$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del47$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del75$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del73$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del37$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del98$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\22$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del69$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del99$$.bat
  • <SYSTEM32>\net1.exe share Z$ /del /y
  • <SYSTEM32>\net1.exe share E$ /del /y
  • <SYSTEM32>\cmd.exe /c %TEMP%\del89$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del92$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del56$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del95$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del26$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del68$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del12$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del72$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del42$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del74$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del39$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del31$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del58$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del91$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del77$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del65$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del35$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del71$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del40$$.bat
  • <SYSTEM32>\cmd.exe /c %TEMP%\del50$$.bat
Injects code into
the following system processes:
  • <SYSTEM32>\svchost.exe
Modifies file system :
Creates the following files:
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\alerts\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\Desktop_.ini
  • %TEMP%\del3$$.bat
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\checkbox\Desktop_.ini
  • %TEMP%\del21$$.bat
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\media\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\icons\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\console\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\dirListing\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\content\mozapps\xpinstall\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\content\passwordmgr\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\content\mozapps\update\Desktop_.ini
  • %TEMP%\del10$$.bat
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\content\mozapps\profile\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\content\satchel\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\Desktop_.ini
  • %TEMP%\del46$$.bat
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\content\xbl-marquee\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\res\Desktop_.ini
  • %TEMP%\del82$$.bat
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\mozapps\plugins\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\mozapps\places\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\mozapps\handling\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\mozapps\passwordmgr\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\mozapps\profile\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\alerts\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\mozapps\xpinstall\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\mozapps\update\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\mozapps\viewsource\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\splitter\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\toolbar\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\scrollbar\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\printpreview\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\radio\Desktop_.ini
  • %TEMP%\del81$$.bat
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\mozapps\downloads\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\mozapps\extensions\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\mozapps\Desktop_.ini
  • %TEMP%\del45$$.bat
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\tree\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\necko\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\passwordmgr\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\mozapps\xpinstall\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\mozapps\profile\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\mozapps\update\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\pipnss\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\feedback\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\pippki\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\services\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\pippki\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\places\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global-region\Desktop_.ini
  • %TEMP%\del80$$.bat
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global-platform\win\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global-platform\mac\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global-platform\unix\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\mozapps\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\mozapps\plugins\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\mozapps\preferences\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\mozapps\handling\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\mozapps\downloads\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\mozapps\extensions\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\content\global\xml\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\content\mozapps\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\content\global\svg\Desktop_.ini
  • %TEMP%\del53$$.bat
  • %TEMP%\del5$$.bat
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\content\mozapps\downloads\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\content\mozapps\preferences\Desktop_.ini
  • %TEMP%\del17$$.bat
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\content\mozapps\plugins\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\content\mozapps\extensions\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\content\mozapps\handling\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\content\Desktop_.ini
  • %TEMP%\del62$$.bat
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\pippki\content\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\pippki\content\pippki\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\content\cookie\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\content\global\bindings\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\content\global\cpow\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\content\global\alerts\Desktop_.ini
  • %TEMP%\del55$$.bat
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\content\global\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\arrow\Desktop_.ini
  • %TEMP%\95$$.Ico
  • %TEMP%\29$$.Ico
  • %TEMP%\del93$$.bat
  • %TEMP%\del20$$.bat
  • %PROGRAM_FILES%\FireFox\uninstall\Desktop_.ini
  • %TEMP%\del34$$.bat
  • %PROGRAM_FILES%\MSBuild\Microsoft\Desktop_.ini
  • %PROGRAM_FILES%\MSBuild\Microsoft\Windows Workflow Foundation\Desktop_.ini
  • %PROGRAM_FILES%\MSBuild\Desktop_.ini
  • %PROGRAM_FILES%\Microsoft.NET\Desktop_.ini
  • %PROGRAM_FILES%\Microsoft.NET\RedistList\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\plugins\Desktop_.ini
  • %TEMP%\del88$$.bat
  • %PROGRAM_FILES%\FireFox\modules\tabview\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\modules\services-sync\engines\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\modules\services-sync\ext\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\res\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\res\html\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\searchplugins\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\res\fonts\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\res\dtd\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\res\entityTables\Desktop_.ini
  • %PROGRAM_FILES%\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\Desktop_.ini
  • %PROGRAM_FILES%\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\Desktop_.ini
  • %TEMP%\del70$$.bat
  • %PROGRAM_FILES%\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList\Desktop_.ini
  • %PROGRAM_FILES%\Reference Assemblies\Microsoft\Framework\v3.5\Desktop_.ini
  • %PROGRAM_FILES%\Uninstall Information\Desktop_.ini
  • C:\RECYCLER\S-1-5-21-2052111302-484763869-725345543-1003\Desktop_.ini
  • %TEMP%\del94$$.bat
  • C:\RECYCLER\Desktop_.ini
  • %PROGRAM_FILES%\xerox\Desktop_.ini
  • %PROGRAM_FILES%\xerox\nwwia\Desktop_.ini
  • %TEMP%\del63$$.bat
  • %PROGRAM_FILES%\Online Services\Desktop_.ini
  • %PROGRAM_FILES%\MSN Gaming Zone\Desktop_.ini
  • %PROGRAM_FILES%\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Desktop_.ini
  • %PROGRAM_FILES%\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Desktop_.ini
  • %PROGRAM_FILES%\Reference Assemblies\Desktop_.ini
  • %PROGRAM_FILES%\Reference Assemblies\Microsoft\Framework\v3.0\Desktop_.ini
  • %PROGRAM_FILES%\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\Desktop_.ini
  • %PROGRAM_FILES%\Reference Assemblies\Microsoft\Framework\Desktop_.ini
  • %TEMP%\del16$$.bat
  • %PROGRAM_FILES%\Reference Assemblies\Microsoft\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\toolbar\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\tree\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\splitter\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\radio\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\scrollbar\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\mozapps\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\mozapps\handling\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\mozapps\passwordmgr\Desktop_.ini
  • %TEMP%\del90$$.bat
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\mozapps\downloads\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\mozapps\extensions\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\checkbox\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\console\Desktop_.ini
  • %TEMP%\del97$$.bat
  • %TEMP%\del57$$.bat
  • %TEMP%\del49$$.bat
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\dirListing\Desktop_.ini
  • %TEMP%\del1$$.bat
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\printpreview\Desktop_.ini
  • %TEMP%\del86$$.bat
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\icons\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\media\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\defaults\profile\chrome\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\dictionaries\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\defaults\profile\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\defaults\autoconfig\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\defaults\pref\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\extensions\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\modules\services-crypto\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\modules\services-sync\Desktop_.ini
  • %TEMP%\del51$$.bat
  • %PROGRAM_FILES%\FireFox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\modules\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\mozapps\update\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\mozapps\viewsource\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\mozapps\profile\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\mozapps\places\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\mozapps\plugins\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\mozapps\xpinstall\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\defaults\Desktop_.ini
  • %TEMP%\del96$$.bat
  • %TEMP%\78$$.Ico
  • %PROGRAM_FILES%\FireFox\components\Desktop_.ini
  • %TEMP%\del60$$.bat
  • C:\Far2\Plugins\ExtSearch\keys\Desktop_.ini
  • C:\Far2\Plugins\ExtSearch\sources\Desktop_.ini
  • C:\Far2\Plugins\ExtSearch\doc\Desktop_.ini
  • C:\Far2\Plugins\EMenu\Desktop_.ini
  • C:\Far2\Plugins\ExtSearch\Desktop_.ini
  • %TEMP%\del31$$.bat
  • C:\Far2\Plugins\FarCmds\Desktop_.ini
  • C:\Far2\Plugins\FileCase\Desktop_.ini
  • C:\Far2\Plugins\ExtSearch\sources\RegExp\Desktop_.ini
  • %TEMP%\del58$$.bat
  • %TEMP%\del65$$.bat
  • %TEMP%\del77$$.bat
  • C:\Far2\Plugins\Colorer\hrc\auto\types\Desktop_.ini
  • %TEMP%\del91$$.bat
  • C:\Far2\Plugins\Colorer\hrc\Desktop_.ini
  • C:\Far2\Plugins\Colorer\hrc\auto\Desktop_.ini
  • C:\Far2\Plugins\Colorer\hrd\Desktop_.ini
  • C:\Far2\Plugins\DrawLine\Desktop_.ini
  • C:\Far2\Plugins\EditCase\Desktop_.ini
  • C:\Far2\Plugins\Compare\Desktop_.ini
  • C:\Far2\Plugins\Colorer\hrd\console\Desktop_.ini
  • C:\Far2\Plugins\Colorer\hrd\console\contrib\Desktop_.ini
  • C:\Far2\Plugins\WinSCP\far\Desktop_.ini
  • C:\Far2\Plugins\WinSCP\fari\Desktop_.ini
  • C:\Far2\Plugins\WinSCP\dragext\Desktop_.ini
  • C:\Far2\Plugins\WinSCP\console\Desktop_.ini
  • C:\Far2\Plugins\WinSCP\core\Desktop_.ini
  • C:\Far2\Plugins\WinSCP\filezilla\Desktop_.ini
  • C:\Far2\Plugins\WinSCP\packages\Desktop_.ini
  • C:\Far2\Plugins\WinSCP\packages\dragndrop\Desktop_.ini
  • C:\Far2\Plugins\WinSCP\lib\Desktop_.ini
  • C:\Far2\Plugins\WinSCP\filezilla\misc\Desktop_.ini
  • C:\Far2\Plugins\WinSCP\forms\Desktop_.ini
  • C:\Far2\Plugins\MacroView\Desktop_.ini
  • C:\Far2\Plugins\Network\Desktop_.ini
  • C:\Far2\Plugins\HlfViewer\Desktop_.ini
  • C:\Far2\Plugins\FTP\Desktop_.ini
  • C:\Far2\Plugins\FTP\lib\Desktop_.ini
  • C:\Far2\Plugins\ProcList\Desktop_.ini
  • C:\Far2\Plugins\WinSCP\Desktop_.ini
  • C:\Far2\Plugins\WinSCP\components\Desktop_.ini
  • %TEMP%\del50$$.bat
  • C:\Far2\Plugins\TmpPanel\Desktop_.ini
  • %TEMP%\del40$$.bat
  • %TEMP%\del37$$.bat
  • C:\Far2\Addons\XLat\Desktop_.ini
  • C:\Far2\Addons\Shell\Desktop_.ini
  • %TEMP%\del69$$.bat
  • C:\Far2\Addons\SetUp\Desktop_.ini
  • C:\Far2\Addons\XLat\Russian\Desktop_.ini
  • C:\Far2\Documentation\Desktop_.ini
  • C:\Far2\Documentation\eng\Desktop_.ini
  • C:\autorun.inf
  • C:\ЎЎЎЎЎЎ.exe
  • %TEMP%\del98$$.bat
  • <Current directory>\Desktop_.ini
  • %TEMP%\58$$.Ico
  • <DRIVERS>\svchosL.exe
  • <Current directory>\їјЗЪПµНі.exe.exe
  • %TEMP%\22$$.bat
  • C:\Far2\Desktop_.ini
  • C:\Far2\Addons\Colors\Default Highlighting\Desktop_.ini
  • C:\Far2\Addons\Macros\Desktop_.ini
  • C:\Far2\Addons\Colors\Custom Highlighting\Desktop_.ini
  • C:\Far2\Addons\Desktop_.ini
  • C:\Far2\Addons\Colors\Desktop_.ini
  • C:\Far2\Plugins\Desktop_.ini
  • C:\Far2\Plugins\7-Zip\Desktop_.ini
  • C:\Far2\FExcept\Desktop_.ini
  • %TEMP%\del79$$.bat
  • %TEMP%\del47$$.bat
  • C:\Far2\Plugins\Align\Desktop_.ini
  • C:\Far2\Plugins\Colorer\Desktop_.ini
  • C:\Far2\Plugins\Colorer\bin\Desktop_.ini
  • C:\Far2\Plugins\Brackets\Desktop_.ini
  • C:\Far2\Plugins\arclite\Desktop_.ini
  • C:\Far2\Plugins\AutoWrap\Desktop_.ini
  • %TEMP%\38$$.Ico
  • %TEMP%\del89$$.bat
  • %TEMP%\del99$$.bat
  • C:\Far2\Documentation\rus\Desktop_.ini
  • C:\Far2\Encyclopedia\Desktop_.ini
  • %TEMP%\del92$$.bat
  • %TEMP%\del75$$.bat
  • %TEMP%\del73$$.bat
  • %TEMP%\del52$$.bat
  • %TEMP%\myUPdatetxt.txt
  • %TEMP%\del14$$.bat
  • C:\Far2\Plugins\WinSCP\packages\filemng\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\communicator\Desktop_.ini
  • %TEMP%\del32$$.bat
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\browser\tabview\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\branding\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\browser\migration\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\browser\places\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\browser\feeds\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\browser\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\browser\downloads\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\aero\browser\tabbrowser\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\aero\browser\tabview\Desktop_.ini
  • %TEMP%\del42$$.bat
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\aero\browser\preferences\Desktop_.ini
  • %TEMP%\del72$$.bat
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\browser\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\browser\tabbrowser\Desktop_.ini
  • %TEMP%\del66$$.bat
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\browser\preferences\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\browser\feeds\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\browser\places\Desktop_.ini
  • %TEMP%\del23$$.bat
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global\search\Desktop_.ini
  • %TEMP%\del27$$.bat
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global\layout\Desktop_.ini
  • %TEMP%\del8$$.bat
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global\security\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global\xslt\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global-platform\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global\xpinstall\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global\svg\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global\xml\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\browser\sidebar\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\browser-region\Desktop_.ini
  • %TEMP%\del78$$.bat
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\browser\preferences\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\browser\safebrowsing\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global\dom\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\cookie\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\alerts\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\autoconfig\Desktop_.ini
  • <Auxiliary element>
  • %TEMP%\del68$$.bat
  • C:\Far2\PluginSDK\Headers.pas\Desktop_.ini
  • C:\Far2\PluginSDK\Desktop_.ini
  • C:\Far2\PluginSDK\Headers.c\Desktop_.ini
  • %TEMP%\del56$$.bat
  • %PROGRAM_FILES%\FireFox\chrome\browser\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\content\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\Desktop_.ini
  • %PROGRAM_FILES%\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\Desktop_.ini
  • C:\Far2\Plugins\WinSCP\packages\theme\Desktop_.ini
  • %TEMP%\del35$$.bat
  • C:\Far2\Plugins\WinSCP\packages\tbx\Desktop_.ini
  • C:\Far2\Plugins\WinSCP\packages\my\Desktop_.ini
  • C:\Far2\Plugins\WinSCP\packages\tb2k\Desktop_.ini
  • C:\Far2\Plugins\WinSCP\putty\Desktop_.ini
  • C:\Far2\Plugins\WinSCP\release\Desktop_.ini
  • C:\Far2\Plugins\WinSCP\resource\Desktop_.ini
  • %TEMP%\del26$$.bat
  • %TEMP%\del71$$.bat
  • C:\Far2\Plugins\WinSCP\putty\charset\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\content\browser\search\Desktop_.ini
  • %TEMP%\del39$$.bat
  • %TEMP%\del74$$.bat
  • %PROGRAM_FILES%\FireFox\chrome\browser\content\browser\preferences\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\content\browser\safebrowsing\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\aero\browser\feeds\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\aero\browser\places\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\aero\browser\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\aero\Desktop_.ini
  • %TEMP%\del95$$.bat
  • %PROGRAM_FILES%\FireFox\chrome\browser\content\browser\certerror\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\content\browser\bookmarks\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\content\branding\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\content\browser\Desktop_.ini
  • %TEMP%\del12$$.bat
  • %PROGRAM_FILES%\FireFox\chrome\browser\content\browser\pageinfo\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\content\browser\places\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\content\browser\migration\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\content\browser\feeds\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\content\browser\history\Desktop_.ini
Sets the 'hidden' attribute to the following files:
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\checkbox\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\alerts\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\icons\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\media\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\console\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\dirListing\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\content\passwordmgr\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\content\satchel\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\content\mozapps\update\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\content\mozapps\xpinstall\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\content\xbl-marquee\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\res\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\printpreview\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\mozapps\plugins\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\mozapps\profile\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\mozapps\passwordmgr\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\mozapps\places\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\mozapps\xpinstall\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\mozapps\update\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\mozapps\viewsource\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\mozapps\handling\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\splitter\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\toolbar\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\radio\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\scrollbar\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\mozapps\downloads\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\mozapps\extensions\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\tree\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\mozapps\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\pipnss\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\pippki\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\necko\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\passwordmgr\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\feedback\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\pippki\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\places\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\services\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\mozapps\xpinstall\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\mozapps\extensions\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\mozapps\handling\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\mozapps\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\mozapps\downloads\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\mozapps\profile\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\mozapps\update\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\mozapps\plugins\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\mozapps\preferences\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\pippki\content\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\content\mozapps\downloads\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\content\mozapps\extensions\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\content\global\xml\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\content\mozapps\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\content\mozapps\preferences\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\content\mozapps\profile\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\content\mozapps\handling\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\content\mozapps\plugins\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\content\global\svg\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\content\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\content\cookie\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\pippki\content\pippki\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\content\global\bindings\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\content\global\cpow\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\content\global\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\content\global\alerts\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\uninstall\Desktop_.ini
  • %PROGRAM_FILES%\Microsoft.NET\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\res\html\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\searchplugins\Desktop_.ini
  • %PROGRAM_FILES%\MSBuild\Microsoft\Desktop_.ini
  • %PROGRAM_FILES%\MSBuild\Microsoft\Windows Workflow Foundation\Desktop_.ini
  • %PROGRAM_FILES%\Microsoft.NET\RedistList\Desktop_.ini
  • %PROGRAM_FILES%\MSBuild\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\res\fonts\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\modules\services-sync\ext\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\modules\tabview\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\modules\services-sync\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\modules\services-sync\engines\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\res\dtd\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\res\entityTables\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\plugins\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\res\Desktop_.ini
  • %PROGRAM_FILES%\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Desktop_.ini
  • %PROGRAM_FILES%\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\Desktop_.ini
  • %PROGRAM_FILES%\Uninstall Information\Desktop_.ini
  • %PROGRAM_FILES%\Reference Assemblies\Microsoft\Framework\v3.5\Desktop_.ini
  • %PROGRAM_FILES%\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\Desktop_.ini
  • C:\RECYCLER\Desktop_.ini
  • C:\RECYCLER\S-1-5-21-2052111302-484763869-725345543-1003\Desktop_.ini
  • %PROGRAM_FILES%\xerox\Desktop_.ini
  • %PROGRAM_FILES%\xerox\nwwia\Desktop_.ini
  • %PROGRAM_FILES%\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList\Desktop_.ini
  • %PROGRAM_FILES%\Online Services\Desktop_.ini
  • %PROGRAM_FILES%\Reference Assemblies\Desktop_.ini
  • %PROGRAM_FILES%\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Desktop_.ini
  • %PROGRAM_FILES%\MSN Gaming Zone\Desktop_.ini
  • %PROGRAM_FILES%\Reference Assemblies\Microsoft\Framework\v3.0\Desktop_.ini
  • %PROGRAM_FILES%\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\Desktop_.ini
  • %PROGRAM_FILES%\Reference Assemblies\Microsoft\Desktop_.ini
  • %PROGRAM_FILES%\Reference Assemblies\Microsoft\Framework\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\toolbar\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\tree\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\scrollbar\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\splitter\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\mozapps\extensions\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\mozapps\handling\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\mozapps\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\mozapps\downloads\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\radio\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\checkbox\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\console\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\alerts\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\arrow\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\media\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\printpreview\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\dirListing\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\icons\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\mozapps\passwordmgr\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\defaults\profile\chrome\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\dictionaries\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\defaults\pref\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\defaults\profile\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\modules\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\modules\services-crypto\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\extensions\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\defaults\autoconfig\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\mozapps\profile\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\mozapps\update\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\mozapps\places\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\mozapps\plugins\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\components\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\defaults\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\mozapps\viewsource\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\mozapps\xpinstall\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global-region\Desktop_.ini
  • C:\Far2\Plugins\FTP\lib\Desktop_.ini
  • C:\Far2\Plugins\HlfViewer\Desktop_.ini
  • C:\Far2\Plugins\FileCase\Desktop_.ini
  • C:\Far2\Plugins\FTP\Desktop_.ini
  • C:\Far2\Plugins\ProcList\Desktop_.ini
  • C:\Far2\Plugins\TmpPanel\Desktop_.ini
  • C:\Far2\Plugins\MacroView\Desktop_.ini
  • C:\Far2\Plugins\Network\Desktop_.ini
  • C:\Far2\Plugins\FarCmds\Desktop_.ini
  • C:\Far2\Plugins\EMenu\Desktop_.ini
  • C:\Far2\Plugins\ExtSearch\Desktop_.ini
  • C:\Far2\Plugins\DrawLine\Desktop_.ini
  • C:\Far2\Plugins\EditCase\Desktop_.ini
  • C:\Far2\Plugins\ExtSearch\sources\Desktop_.ini
  • C:\Far2\Plugins\ExtSearch\sources\RegExp\Desktop_.ini
  • C:\Far2\Plugins\ExtSearch\doc\Desktop_.ini
  • C:\Far2\Plugins\ExtSearch\keys\Desktop_.ini
  • C:\Far2\Plugins\WinSCP\Desktop_.ini
  • C:\Far2\Plugins\WinSCP\packages\dragndrop\Desktop_.ini
  • C:\Far2\Plugins\WinSCP\packages\filemng\Desktop_.ini
  • C:\Far2\Plugins\WinSCP\lib\Desktop_.ini
  • C:\Far2\Plugins\WinSCP\packages\Desktop_.ini
  • C:\Far2\Plugins\WinSCP\packages\tbx\Desktop_.ini
  • C:\Far2\Plugins\WinSCP\packages\theme\Desktop_.ini
  • C:\Far2\Plugins\WinSCP\packages\my\Desktop_.ini
  • C:\Far2\Plugins\WinSCP\packages\tb2k\Desktop_.ini
  • C:\Far2\Plugins\WinSCP\forms\Desktop_.ini
  • C:\Far2\Plugins\WinSCP\core\Desktop_.ini
  • C:\Far2\Plugins\WinSCP\dragext\Desktop_.ini
  • C:\Far2\Plugins\WinSCP\components\Desktop_.ini
  • C:\Far2\Plugins\WinSCP\console\Desktop_.ini
  • C:\Far2\Plugins\WinSCP\filezilla\Desktop_.ini
  • C:\Far2\Plugins\WinSCP\filezilla\misc\Desktop_.ini
  • C:\Far2\Plugins\WinSCP\far\Desktop_.ini
  • C:\Far2\Plugins\WinSCP\fari\Desktop_.ini
  • <Drive name for removable media>:\autorun.inf
  • C:\Far2\Addons\XLat\Russian\Desktop_.ini
  • C:\Far2\Addons\XLat\Desktop_.ini
  • <Drive name for removable media>:\ЎЎЎЎЎЎ.exe
  • C:\Far2\Documentation\Desktop_.ini
  • C:\Far2\Documentation\eng\Desktop_.ini
  • C:\ЎЎЎЎЎЎ.exe
  • C:\autorun.inf
  • C:\Far2\Addons\Shell\Desktop_.ini
  • C:\Far2\Addons\Desktop_.ini
  • C:\Far2\Addons\Colors\Desktop_.ini
  • <Current directory>\Desktop_.ini
  • C:\Far2\Desktop_.ini
  • C:\Far2\Addons\Macros\Desktop_.ini
  • C:\Far2\Addons\SetUp\Desktop_.ini
  • C:\Far2\Addons\Colors\Custom Highlighting\Desktop_.ini
  • C:\Far2\Addons\Colors\Default Highlighting\Desktop_.ini
  • C:\Far2\Documentation\rus\Desktop_.ini
  • C:\Far2\Plugins\Colorer\hrc\auto\Desktop_.ini
  • C:\Far2\Plugins\Colorer\hrc\auto\types\Desktop_.ini
  • C:\Far2\Plugins\Colorer\bin\Desktop_.ini
  • C:\Far2\Plugins\Colorer\hrc\Desktop_.ini
  • C:\Far2\Plugins\Colorer\hrd\console\contrib\Desktop_.ini
  • C:\Far2\Plugins\Compare\Desktop_.ini
  • C:\Far2\Plugins\Colorer\hrd\Desktop_.ini
  • C:\Far2\Plugins\Colorer\hrd\console\Desktop_.ini
  • C:\Far2\Plugins\Colorer\Desktop_.ini
  • C:\Far2\Plugins\Desktop_.ini
  • C:\Far2\Plugins\7-Zip\Desktop_.ini
  • C:\Far2\Encyclopedia\Desktop_.ini
  • C:\Far2\FExcept\Desktop_.ini
  • C:\Far2\Plugins\AutoWrap\Desktop_.ini
  • C:\Far2\Plugins\Brackets\Desktop_.ini
  • C:\Far2\Plugins\Align\Desktop_.ini
  • C:\Far2\Plugins\arclite\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\browser\feeds\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\browser\migration\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\browser\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\browser\downloads\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\browser\safebrowsing\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\browser\sidebar\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\browser\places\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\browser\preferences\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\branding\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\browser\preferences\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\browser\tabbrowser\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\browser\feeds\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\browser\places\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\browser\tabview\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\communicator\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\browser-region\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global\xpinstall\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global\xslt\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global\svg\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global\xml\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global-platform\unix\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global-platform\win\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global-platform\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global-platform\mac\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global\security\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\autoconfig\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\cookie\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\alerts\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global\layout\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global\search\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global\dom\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\content\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\content\browser\bookmarks\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\content\browser\certerror\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\content\branding\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\content\browser\Desktop_.ini
  • %PROGRAM_FILES%\Desktop_.ini
  • C:\Far2\Plugins\WinSCP\release\Desktop_.ini
  • C:\Far2\Plugins\WinSCP\resource\Desktop_.ini
  • C:\Far2\Plugins\WinSCP\putty\Desktop_.ini
  • C:\Far2\Plugins\WinSCP\putty\charset\Desktop_.ini
  • C:\Far2\PluginSDK\Headers.pas\Desktop_.ini
  • <Auxiliary element>
  • C:\Far2\PluginSDK\Desktop_.ini
  • C:\Far2\PluginSDK\Headers.c\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\content\browser\feeds\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\aero\browser\feeds\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\aero\browser\places\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\aero\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\aero\browser\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\aero\browser\tabview\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\browser\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\aero\browser\preferences\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\aero\browser\tabbrowser\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\content\browser\pageinfo\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\content\browser\places\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\content\browser\history\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\content\browser\migration\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\content\browser\search\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\skin\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\content\browser\preferences\Desktop_.ini
  • %PROGRAM_FILES%\FireFox\chrome\browser\content\browser\safebrowsing\Desktop_.ini
Deletes the following files:
  • %TEMP%\95$$.Ico
  • %TEMP%\29$$.Ico
  • %TEMP%\78$$.Ico
  • %TEMP%\58$$.Ico
  • %TEMP%\38$$.Ico
Deletes itself.
Network activity:
Connects to:
  • 'www.da###ng08.com':80
  • '<Private IP address>':445
  • '<Private IP address>':139
TCP:
HTTP GET requests:
  • www.da###ng08.com/down/down.txt
UDP:
  • DNS ASK www.da###ng08.com
Miscellaneous:
Searches for the following windows:
  • ClassName: 'Indicator' WindowName: ''