PARA USUARIOS

Cerrar

Mi biblioteca
Mi biblioteca

+ Añadir a la biblioteca

Buscar
Buscar

Soporte
Soporte 24 horas | Normas de contactar

Escribir

una solicitud al rellenar un formulario

Llamar

+7 (495) 789-45-86

Foro

Sus solicitudes

Crear una nueva solicitud

Llamar

+7 (495) 789-45-86

Perfil

ES

RU CN DE EN ES FR IT JP KZ UZ PL BY
Cerrar
Servicios
Escáneres
Dr.Web vxCube
Demo
Peritaje de IIV
Biblioteca de virus
Base de conocimiento

Tecnologías

Términos

Formación y educación

Mitos

Noticias

Trojan.Siggen13.566

Added to the Dr.Web virus database: 2021-04-02

Virus description added:

Technical Information

To ensure autorun and distribution
Modifies the following registry keys
  • [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] 'GrpConv' = 'grpconv -o'
Modifies file system
Creates the following files
  • %LOCALAPPDATA%\clientsetup.exe
  • D:\98ec3815d27a2e396d\de\eula.rtf
  • D:\98ec3815d27a2e396d\da\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\da\wuau.adm
  • D:\98ec3815d27a2e396d\da\msxml3r.dll
  • D:\98ec3815d27a2e396d\da\eula.rtf
  • D:\98ec3815d27a2e396d\cs\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\cs\wuau.adm
  • D:\98ec3815d27a2e396d\de\msxml3r.dll
  • D:\98ec3815d27a2e396d\cs\msxml3r.dll
  • D:\98ec3815d27a2e396d\ar\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\ar\wuau.adm
  • D:\98ec3815d27a2e396d\ar\msxml3r.dll
  • D:\98ec3815d27a2e396d\ar\eula.rtf
  • D:\98ec3815d27a2e396d\wuweb.dll
  • D:\98ec3815d27a2e396d\wusetup.inf
  • D:\98ec3815d27a2e396d\wusetup.exe
  • D:\98ec3815d27a2e396d\cs\eula.rtf
  • D:\98ec3815d27a2e396d\de\wuau.adm
  • D:\98ec3815d27a2e396d\de\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\el\eula.rtf
  • D:\98ec3815d27a2e396d\fr\msxml3r.dll
  • D:\98ec3815d27a2e396d\fr\eula.rtf
  • D:\98ec3815d27a2e396d\fi\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\fi\wuau.adm
  • D:\98ec3815d27a2e396d\fi\msxml3r.dll
  • D:\98ec3815d27a2e396d\fi\eula.rtf
  • D:\98ec3815d27a2e396d\es\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\es\wuau.adm
  • D:\98ec3815d27a2e396d\es\msxml3r.dll
  • D:\98ec3815d27a2e396d\es\eula.rtf
  • D:\98ec3815d27a2e396d\en\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\en\wuau.adm
  • D:\98ec3815d27a2e396d\en\msxml3r.dll
  • D:\98ec3815d27a2e396d\en\eula.rtf
  • D:\98ec3815d27a2e396d\el\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\el\wuau.adm
  • D:\98ec3815d27a2e396d\el\msxml3r.dll
  • D:\98ec3815d27a2e396d\wups2.dll
  • D:\98ec3815d27a2e396d\wuauhelp.chm_he
  • D:\98ec3815d27a2e396d\wups.dll
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_zhcn
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_ar
  • D:\98ec3815d27a2e396d\wucltui.dll
  • D:\98ec3815d27a2e396d\wuauserv.dll
  • D:\98ec3815d27a2e396d\wuauhelp.chm_zhtw
  • D:\98ec3815d27a2e396d\wuauhelp.chm_zhcn
  • D:\98ec3815d27a2e396d\wuauhelp.chm_tr
  • D:\98ec3815d27a2e396d\wuauhelp.chm_sv
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_cs
  • D:\98ec3815d27a2e396d\wuauhelp.chm_ru
  • D:\98ec3815d27a2e396d\wuauhelp.chm_pt
  • D:\98ec3815d27a2e396d\wuauhelp.chm_pl
  • D:\98ec3815d27a2e396d\wuauhelp.chm_no
  • D:\98ec3815d27a2e396d\wuauhelp.chm_nl
  • D:\98ec3815d27a2e396d\wuauhelp.chm_ko
  • D:\98ec3815d27a2e396d\wuauhelp.chm_ja
  • D:\98ec3815d27a2e396d\wuauhelp.chm_it
  • D:\98ec3815d27a2e396d\wuauhelp.chm_ptbr
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_da
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_de
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_el
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_tr
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_sv
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_ru
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_ptbr
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_pt
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_pl
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_no
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_nl
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_ko
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_ja
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_it
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_hu
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_he
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_fr
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_fi
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_es
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_en
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_zhtw
  • D:\98ec3815d27a2e396d\wuauhelp.chm_hu
  • D:\98ec3815d27a2e396d\fr\wuau.adm
  • D:\98ec3815d27a2e396d\it\eula.rtf
  • D:\98ec3815d27a2e396d\zhtw\msxml3r.dll
  • D:\98ec3815d27a2e396d\zhtw\eula.rtf
  • D:\98ec3815d27a2e396d\zhcn\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\zhcn\wuau.adm
  • D:\98ec3815d27a2e396d\zhcn\msxml3r.dll
  • D:\98ec3815d27a2e396d\zhcn\eula.rtf
  • D:\98ec3815d27a2e396d\tr\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\zhtw\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\zhtw\wuau.adm
  • D:\98ec3815d27a2e396d\tr\eula.rtf
  • D:\98ec3815d27a2e396d\sv\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\sv\wuau.adm
  • D:\98ec3815d27a2e396d\sv\msxml3r.dll
  • D:\98ec3815d27a2e396d\sv\eula.rtf
  • D:\98ec3815d27a2e396d\ru\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\ru\wuau.adm
  • D:\98ec3815d27a2e396d\tr\wuau.adm
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_tr
  • D:\98ec3815d27a2e396d\$shtdwn$.req
  • %ProgramFiles(x86)%\microsoft forefront\client security\client\logs\clientsetup.log
  • %WINDIR%\kb927891.log
  • D:\f03d793ea603acfb99\$shtdwn$.req
  • D:\f03d793ea603acfb99\_sfx_0003._p
  • D:\f03d793ea603acfb99\_sfx_0008._p
  • D:\f03d793ea603acfb99\_sfx_0009._p
  • D:\f03d793ea603acfb99\_sfx_0001._p
  • D:\f03d793ea603acfb99\_sfx_0000._p
  • D:\f03d793ea603acfb99\_sfx_0004._p
  • D:\f03d793ea603acfb99\_sfx_0006._p
  • D:\f03d793ea603acfb99\_sfx_0011._p
  • D:\f03d793ea603acfb99\_sfx_0010._p
  • D:\f03d793ea603acfb99\_sfx_0012._p
  • D:\f03d793ea603acfb99\_sfx_0005._p
  • D:\f03d793ea603acfb99\_sfx_0007._p
  • D:\f03d793ea603acfb99\_sfx_0002._p
  • D:\f03d793ea603acfb99\_sfx_.dll
  • D:\98ec3815d27a2e396d\ru\msxml3r.dll
  • D:\98ec3815d27a2e396d\tr\msxml3r.dll
  • D:\98ec3815d27a2e396d\he\eula.rtf
  • D:\98ec3815d27a2e396d\fr\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\ptbr\wuau.adm
  • D:\98ec3815d27a2e396d\it\msxml3r.dll
  • D:\98ec3815d27a2e396d\ja\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\ja\wuau.adm
  • D:\98ec3815d27a2e396d\ja\msxml3r.dll
  • D:\98ec3815d27a2e396d\ja\eula.rtf
  • D:\98ec3815d27a2e396d\it\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\it\wuau.adm
  • D:\98ec3815d27a2e396d\ko\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\ko\msxml3r.dll
  • D:\98ec3815d27a2e396d\ko\wuau.adm
  • D:\98ec3815d27a2e396d\hu\wuau.adm
  • D:\98ec3815d27a2e396d\hu\msxml3r.dll
  • D:\98ec3815d27a2e396d\hu\eula.rtf
  • D:\98ec3815d27a2e396d\he\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\he\wuau.adm
  • D:\98ec3815d27a2e396d\he\msxml3r.dll
  • D:\98ec3815d27a2e396d\hu\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\nl\eula.rtf
  • D:\98ec3815d27a2e396d\ptbr\msxml3r.dll
  • D:\98ec3815d27a2e396d\ptbr\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\ko\eula.rtf
  • D:\98ec3815d27a2e396d\ptbr\eula.rtf
  • D:\98ec3815d27a2e396d\pt\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\pt\wuau.adm
  • D:\98ec3815d27a2e396d\pt\msxml3r.dll
  • D:\98ec3815d27a2e396d\pt\eula.rtf
  • D:\98ec3815d27a2e396d\pl\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\pl\wuau.adm
  • D:\98ec3815d27a2e396d\pl\msxml3r.dll
  • D:\98ec3815d27a2e396d\pl\eula.rtf
  • D:\98ec3815d27a2e396d\no\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\no\wuau.adm
  • D:\98ec3815d27a2e396d\no\msxml3r.dll
  • D:\98ec3815d27a2e396d\no\eula.rtf
  • D:\98ec3815d27a2e396d\nl\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\nl\wuau.adm
  • D:\98ec3815d27a2e396d\nl\msxml3r.dll
  • D:\98ec3815d27a2e396d\ru\eula.rtf
  • D:\98ec3815d27a2e396d\wuauhelp.chm_fr
  • D:\98ec3815d27a2e396d\wuauhelp.chm_fi
  • D:\98ec3815d27a2e396d\wuauhelp.chm_es
  • D:\a413d72f3a98fe96f17be1b779\msiexec.exe
  • D:\a413d72f3a98fe96f17be1b779\msisip.dll
  • D:\a413d72f3a98fe96f17be1b779\msimsg.dll
  • D:\a413d72f3a98fe96f17be1b779\msihnd.dll
  • D:\a413d72f3a98fe96f17be1b779\msi.dll
  • D:\a413d72f3a98fe96f17be1b779\empty.cat
  • D:\a413d72f3a98fe96f17be1b779\update\kb893803v2_w2k.cat
  • %WINDIR%\kb914882.log
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0004._p
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0001._p
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0022._p
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0003._p
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0013._p
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0000._p
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0005._p
  • D:\6d36adec915011347d7795ddf5c2\$shtdwn$.req
  • D:\a413d72f3a98fe96f17be1b779\update\kb893803v2_wxp.cat
  • D:\a413d72f3a98fe96f17be1b779\update\updatebr.inf
  • D:\a413d72f3a98fe96f17be1b779\update\update.ver
  • D:\98ec3815d27a2e396d\winhttp.dll
  • D:\98ec3815d27a2e396d\msxml3.dll
  • D:\98ec3815d27a2e396d\cdm.dll
  • D:\98ec3815d27a2e396d\wuclient-selfupdate-core-toplevel.cab
  • D:\98ec3815d27a2e396d\wuclient-selfupdate-aux-toplevel.cab
  • D:\98ec3815d27a2e396d\wuclient-selfupdate-activex.cab
  • %WINDIR%\kb893803v2.log
  • D:\a413d72f3a98fe96f17be1b779\$shtdwn$.req
  • D:\a413d72f3a98fe96f17be1b779\update\eula.txt
  • D:\a413d72f3a98fe96f17be1b779\update\update_wxp.inf
  • D:\a413d72f3a98fe96f17be1b779\update\update_win2k.inf
  • D:\a413d72f3a98fe96f17be1b779\update\update_w2k3.inf
  • D:\a413d72f3a98fe96f17be1b779\update\update.exe
  • D:\a413d72f3a98fe96f17be1b779\spuninst.exe
  • D:\a413d72f3a98fe96f17be1b779\update\updspapi.dll
  • D:\a413d72f3a98fe96f17be1b779\spmsg.dll
  • D:\a413d72f3a98fe96f17be1b779\update\spcustom.dll
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0010._p
  • D:\98ec3815d27a2e396d\wsus3setup.cat
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0020._p
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0002._p
  • %LOCALAPPDATA%\windowsinstaller-kb893803-v2-x86.exe
  • %LOCALAPPDATA%\reg.exe
  • %LOCALAPPDATA%\muweb.inf
  • %LOCALAPPDATA%\muweb.dll
  • %LOCALAPPDATA%\muweb.cat
  • %LOCALAPPDATA%\mp_ambits_kb979536.msi
  • %LOCALAPPDATA%\mp_ambits_kb976668.msi
  • %LOCALAPPDATA%\windowsupdate_pc_100816.reg
  • %LOCALAPPDATA%\mp_ambits.msi
  • %LOCALAPPDATA%\fcsssa.msi
  • %LOCALAPPDATA%\fcslocalpolicytool.exe
  • %LOCALAPPDATA%\fcsinstall2.ini
  • %LOCALAPPDATA%\fcsinstall.ini
  • %LOCALAPPDATA%\fcsinstall.exe
  • %LOCALAPPDATA%\fcs_policy_pc_100817.reg
  • %LOCALAPPDATA%\eula.rtf
  • %LOCALAPPDATA%\fcsssa-kb975962-x86-kor.exe
  • %LOCALAPPDATA%\windowsupdateagent30-x86.exe
  • %LOCALAPPDATA%\windowsxp-kb914882-x86-kor.exe
  • %LOCALAPPDATA%\windowsxp-kb927891-v3-x86-kor.exe
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0009._p
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0007._p
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0019._p
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0006._p
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0008._p
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0018._p
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0021._p
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0011._p
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0014._p
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0016._p
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0015._p
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0017._p
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0023._p
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0012._p
  • D:\6d36adec915011347d7795ddf5c2\_sfx_.dll
  • D:\6d36adec915011347d7795ddf5c2\sp2gdr\ntkrnlpa.exe
  • %TEMP%\163f1c.bat
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0024._p
  • D:\98ec3815d27a2e396d\wuapi.dll
  • D:\a413d72f3a98fe96f17be1b779\update\kb893803v2_net.cat
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_ar
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_fr
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_cs
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_fi
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_es
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_en
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_el
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_de
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_da
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_it
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_he
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_hu
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_zhtw
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_zhcn
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_tr
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_sv
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_ru
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_ptbr
  • D:\98ec3815d27a2e396d\wuaueng.dll
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_ja
  • D:\98ec3815d27a2e396d\wuauhelp.chm_en
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_pt
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_no
  • D:\98ec3815d27a2e396d\wuauhelp.chm_el
  • D:\98ec3815d27a2e396d\wuauhelp.chm_de
  • D:\98ec3815d27a2e396d\wuauhelp.chm_da
  • D:\98ec3815d27a2e396d\wuauhelp.chm_cs
  • D:\98ec3815d27a2e396d\wuauhelp.chm_ar
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_zhtw
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_zhcn
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_tr
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_sv
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_ru
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_ptbr
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_pt
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_pl
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_no
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_nl
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_ko
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_ar
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_pl
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_nl
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_cs
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_hu
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_pt
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_pl
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_no
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_nl
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_ko
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_ja
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_it
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_he
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_ru
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_fr
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_fi
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_es
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_en
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_el
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_de
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_da
  • %TEMP%\msi7a67b.log
  • D:\f03d793ea603acfb99\update\update.ver
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_sv
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_zhtw
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_ptbr
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_ko
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_ja
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_it
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_hu
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_he
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_fr
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_fi
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_es
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_en
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_el
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_de
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_da
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_cs
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_ar
  • D:\98ec3815d27a2e396d\wuaucpl.cpl
  • D:\98ec3815d27a2e396d\wuauclt.exe
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_zhcn
  • %TEMP%\msi7a9a6.log
Sets the 'hidden' attribute to the following files
  • %TEMP%\163f1c.bat
Deletes the following files
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0000._p
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_fi
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_fr
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_he
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_hu
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_it
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_ja
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_ko
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_no
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_en
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_pl
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_pt
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_ptbr
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_ru
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_sv
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_tr
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_nl
  • D:\98ec3815d27a2e396d\wuauhelp.chm_hu
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_el
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_ja
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_ko
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_nl
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_no
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_pl
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_pt
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_ptbr
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_zhcn
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_es
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_tr
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_zhcn
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_zhtw
  • D:\98ec3815d27a2e396d\wuaueng.dll
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_ar
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_cs
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_da
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_sv
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_de
  • D:\98ec3815d27a2e396d\wuaueng.dll.mui_zhtw
  • D:\98ec3815d27a2e396d\wuauhelp.chm_ar
  • D:\98ec3815d27a2e396d\wuauhelp.chm_cs
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_el
  • D:\98ec3815d27a2e396d\wuauhelp.chm_zhtw
  • D:\98ec3815d27a2e396d\wuauserv.dll
  • D:\98ec3815d27a2e396d\wucltui.dll
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_ar
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_cs
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_da
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_it
  • D:\98ec3815d27a2e396d\wuauhelp.chm_tr
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_en
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_es
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_fi
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_fr
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_he
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_hu
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_it
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_de
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_ru
  • D:\98ec3815d27a2e396d\wuauhelp.chm_sv
  • D:\98ec3815d27a2e396d\wuauhelp.chm_pt
  • D:\98ec3815d27a2e396d\wuauhelp.chm_ru
  • D:\98ec3815d27a2e396d\wuauhelp.chm_da
  • D:\98ec3815d27a2e396d\wuauhelp.chm_de
  • D:\98ec3815d27a2e396d\wuauhelp.chm_el
  • D:\98ec3815d27a2e396d\wuauhelp.chm_en
  • D:\98ec3815d27a2e396d\wuauhelp.chm_es
  • D:\98ec3815d27a2e396d\wuauhelp.chm_fi
  • D:\98ec3815d27a2e396d\wuauhelp.chm_ptbr
  • D:\98ec3815d27a2e396d\wuauhelp.chm_fr
  • D:\98ec3815d27a2e396d\wuauhelp.chm_zhcn
  • D:\98ec3815d27a2e396d\wuauhelp.chm_it
  • D:\98ec3815d27a2e396d\wuauhelp.chm_ja
  • D:\98ec3815d27a2e396d\wuauhelp.chm_ko
  • D:\98ec3815d27a2e396d\wuauhelp.chm_nl
  • D:\98ec3815d27a2e396d\wuauhelp.chm_no
  • D:\98ec3815d27a2e396d\wuauhelp.chm_pl
  • D:\98ec3815d27a2e396d\wuauhelp.chm_he
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_hu
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_he
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_fr
  • D:\f03d793ea603acfb99\_sfx_.dll
  • D:\f03d793ea603acfb99\_sfx_0012._p
  • D:\f03d793ea603acfb99\_sfx_0011._p
  • D:\f03d793ea603acfb99\_sfx_0010._p
  • D:\f03d793ea603acfb99\_sfx_0009._p
  • D:\f03d793ea603acfb99\_sfx_0008._p
  • D:\f03d793ea603acfb99\_sfx_0007._p
  • D:\f03d793ea603acfb99\update\update.ver
  • D:\f03d793ea603acfb99\_sfx_0006._p
  • D:\f03d793ea603acfb99\_sfx_0004._p
  • D:\f03d793ea603acfb99\_sfx_0003._p
  • D:\f03d793ea603acfb99\_sfx_0002._p
  • D:\f03d793ea603acfb99\_sfx_0001._p
  • D:\f03d793ea603acfb99\_sfx_0000._p
  • D:\98ec3815d27a2e396d\wuclient-selfupdate-activex.cab
  • D:\98ec3815d27a2e396d\wuclient-selfupdate-aux-toplevel.cab
  • D:\f03d793ea603acfb99\_sfx_0005._p
  • %LOCALAPPDATA%\mp_ambits_kb976668.msi
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_ja
  • %LOCALAPPDATA%\clientsetup.exe
  • %LOCALAPPDATA%\windowsupdateagent30-x86.exe
  • %LOCALAPPDATA%\windowsupdate_pc_100816.reg
  • %LOCALAPPDATA%\windowsinstaller-kb893803-v2-x86.exe
  • %LOCALAPPDATA%\reg.exe
  • %LOCALAPPDATA%\muweb.inf
  • %LOCALAPPDATA%\muweb.dll
  • %LOCALAPPDATA%\muweb.cat
  • D:\98ec3815d27a2e396d\wuclient-selfupdate-core-toplevel.cab
  • %LOCALAPPDATA%\mp_ambits_kb979536.msi
  • %LOCALAPPDATA%\mp_ambits.msi
  • %LOCALAPPDATA%\fcsssa-kb975962-x86-kor.exe
  • %LOCALAPPDATA%\fcsssa.msi
  • %LOCALAPPDATA%\fcslocalpolicytool.exe
  • %LOCALAPPDATA%\fcsinstall.exe
  • %LOCALAPPDATA%\fcs_policy_pc_100817.reg
  • %LOCALAPPDATA%\eula.rtf
  • %LOCALAPPDATA%\fcsinstall.ini
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_es
  • D:\98ec3815d27a2e396d\cdm.dll
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_no
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_ptbr
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_ru
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_sv
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_tr
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_zhcn
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_zhtw
  • D:\98ec3815d27a2e396d\wuauclt.exe
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_pt
  • D:\98ec3815d27a2e396d\wuaucpl.cpl
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_cs
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_da
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_de
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_el
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_en
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_es
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_fi
  • D:\98ec3815d27a2e396d\wuaucpl.cpl.mui_ar
  • %LOCALAPPDATA%\windowsxp-kb914882-x86-kor.exe
  • D:\98ec3815d27a2e396d\winhttp.dll
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_nl
  • D:\98ec3815d27a2e396d\wsus3setup.cat
  • D:\98ec3815d27a2e396d\wuapi.dll
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_ar
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_cs
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_da
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_de
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_el
  • D:\98ec3815d27a2e396d\msxml3.dll
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_en
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_fi
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_fr
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_he
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_hu
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_it
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_ja
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_ko
  • D:\98ec3815d27a2e396d\wuapi.dll.mui_pl
  • %TEMP%\163f1c.bat
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_ko
  • D:\98ec3815d27a2e396d\cs\eula.rtf
  • D:\98ec3815d27a2e396d\tr\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\zhcn\eula.rtf
  • D:\98ec3815d27a2e396d\zhcn\msxml3r.dll
  • D:\98ec3815d27a2e396d\zhcn\wuau.adm
  • D:\98ec3815d27a2e396d\zhcn\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\zhtw\eula.rtf
  • D:\98ec3815d27a2e396d\zhtw\msxml3r.dll
  • D:\98ec3815d27a2e396d\zhtw\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\tr\msxml3r.dll
  • D:\a413d72f3a98fe96f17be1b779\empty.cat
  • D:\a413d72f3a98fe96f17be1b779\msi.dll
  • D:\a413d72f3a98fe96f17be1b779\msihnd.dll
  • D:\a413d72f3a98fe96f17be1b779\msimsg.dll
  • D:\a413d72f3a98fe96f17be1b779\msisip.dll
  • D:\a413d72f3a98fe96f17be1b779\msiexec.exe
  • D:\98ec3815d27a2e396d\zhtw\wuau.adm
  • D:\a413d72f3a98fe96f17be1b779\update\update_wxp.inf
  • D:\98ec3815d27a2e396d\tr\eula.rtf
  • D:\98ec3815d27a2e396d\pl\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\pt\eula.rtf
  • D:\98ec3815d27a2e396d\pt\msxml3r.dll
  • D:\98ec3815d27a2e396d\pt\wuau.adm
  • D:\98ec3815d27a2e396d\pt\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\ptbr\eula.rtf
  • D:\98ec3815d27a2e396d\ptbr\msxml3r.dll
  • D:\a413d72f3a98fe96f17be1b779\update\kb893803v2_net.cat
  • D:\98ec3815d27a2e396d\tr\wuau.adm
  • D:\98ec3815d27a2e396d\ru\eula.rtf
  • D:\98ec3815d27a2e396d\ru\msxml3r.dll
  • D:\98ec3815d27a2e396d\ru\wuau.adm
  • D:\98ec3815d27a2e396d\ru\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\sv\eula.rtf
  • D:\98ec3815d27a2e396d\sv\msxml3r.dll
  • D:\98ec3815d27a2e396d\sv\wuau.adm
  • D:\98ec3815d27a2e396d\ptbr\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\sv\wusetup.exe.mui
  • D:\a413d72f3a98fe96f17be1b779\update\kb893803v2_w2k.cat
  • D:\a413d72f3a98fe96f17be1b779\update\kb893803v2_wxp.cat
  • D:\a413d72f3a98fe96f17be1b779\update\updatebr.inf
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0008._p
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0015._p
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0014._p
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0013._p
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0012._p
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0011._p
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0010._p
  • D:\98ec3815d27a2e396d\pl\wuau.adm
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0017._p
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0007._p
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0006._p
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0005._p
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0004._p
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0003._p
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0002._p
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0001._p
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0009._p
  • D:\98ec3815d27a2e396d\ptbr\wuau.adm
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0018._p
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0021._p
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0019._p
  • D:\a413d72f3a98fe96f17be1b779\update\update.ver
  • D:\a413d72f3a98fe96f17be1b779\update\spcustom.dll
  • D:\a413d72f3a98fe96f17be1b779\spmsg.dll
  • D:\a413d72f3a98fe96f17be1b779\update\updspapi.dll
  • D:\a413d72f3a98fe96f17be1b779\spuninst.exe
  • D:\a413d72f3a98fe96f17be1b779\update\update.exe
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0020._p
  • D:\a413d72f3a98fe96f17be1b779\update\update_w2k3.inf
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0016._p
  • D:\a413d72f3a98fe96f17be1b779\update\eula.txt
  • D:\6d36adec915011347d7795ddf5c2\sp2gdr\ntkrnlpa.exe
  • D:\6d36adec915011347d7795ddf5c2\_sfx_.dll
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0024._p
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0023._p
  • D:\6d36adec915011347d7795ddf5c2\_sfx_0022._p
  • D:\a413d72f3a98fe96f17be1b779\update\update_win2k.inf
  • D:\98ec3815d27a2e396d\pl\msxml3r.dll
  • D:\98ec3815d27a2e396d\pl\eula.rtf
  • D:\98ec3815d27a2e396d\no\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\cs\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\da\eula.rtf
  • D:\98ec3815d27a2e396d\da\msxml3r.dll
  • D:\98ec3815d27a2e396d\da\wuau.adm
  • D:\98ec3815d27a2e396d\da\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\de\eula.rtf
  • D:\98ec3815d27a2e396d\de\msxml3r.dll
  • D:\98ec3815d27a2e396d\cs\wuau.adm
  • D:\98ec3815d27a2e396d\de\wuau.adm
  • D:\98ec3815d27a2e396d\el\eula.rtf
  • D:\98ec3815d27a2e396d\el\msxml3r.dll
  • D:\98ec3815d27a2e396d\el\wuau.adm
  • D:\98ec3815d27a2e396d\el\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\en\eula.rtf
  • D:\98ec3815d27a2e396d\en\msxml3r.dll
  • D:\98ec3815d27a2e396d\en\wuau.adm
  • D:\98ec3815d27a2e396d\de\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\wups.dll
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_nl
  • D:\98ec3815d27a2e396d\ar\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_pl
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_pt
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_ptbr
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_ru
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_sv
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_tr
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_zhcn
  • D:\98ec3815d27a2e396d\en\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_zhtw
  • D:\98ec3815d27a2e396d\wups2.dll
  • D:\98ec3815d27a2e396d\wusetup.exe
  • D:\98ec3815d27a2e396d\wusetup.inf
  • D:\98ec3815d27a2e396d\wuweb.dll
  • D:\98ec3815d27a2e396d\ar\eula.rtf
  • D:\98ec3815d27a2e396d\ar\msxml3r.dll
  • D:\98ec3815d27a2e396d\ar\wuau.adm
  • D:\98ec3815d27a2e396d\cs\msxml3r.dll
  • D:\98ec3815d27a2e396d\fr\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\es\eula.rtf
  • D:\98ec3815d27a2e396d\it\eula.rtf
  • D:\98ec3815d27a2e396d\it\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\ja\eula.rtf
  • D:\98ec3815d27a2e396d\ja\msxml3r.dll
  • D:\98ec3815d27a2e396d\ja\wuau.adm
  • D:\98ec3815d27a2e396d\ja\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\ko\eula.rtf
  • D:\98ec3815d27a2e396d\ko\msxml3r.dll
  • D:\98ec3815d27a2e396d\it\wuau.adm
  • D:\98ec3815d27a2e396d\ko\wuau.adm
  • D:\98ec3815d27a2e396d\nl\eula.rtf
  • D:\98ec3815d27a2e396d\nl\msxml3r.dll
  • D:\98ec3815d27a2e396d\nl\wuau.adm
  • D:\98ec3815d27a2e396d\nl\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\no\eula.rtf
  • D:\98ec3815d27a2e396d\no\msxml3r.dll
  • D:\98ec3815d27a2e396d\no\wuau.adm
  • D:\98ec3815d27a2e396d\ko\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\wucltui.dll.mui_no
  • D:\98ec3815d27a2e396d\es\wuau.adm
  • D:\98ec3815d27a2e396d\hu\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\es\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\fi\eula.rtf
  • D:\98ec3815d27a2e396d\fi\msxml3r.dll
  • D:\98ec3815d27a2e396d\fi\wuau.adm
  • D:\98ec3815d27a2e396d\fi\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\fr\eula.rtf
  • D:\98ec3815d27a2e396d\fr\msxml3r.dll
  • D:\98ec3815d27a2e396d\es\msxml3r.dll
  • D:\98ec3815d27a2e396d\fr\wuau.adm
  • D:\98ec3815d27a2e396d\he\eula.rtf
  • D:\98ec3815d27a2e396d\he\msxml3r.dll
  • D:\98ec3815d27a2e396d\he\wuau.adm
  • D:\98ec3815d27a2e396d\he\wusetup.exe.mui
  • D:\98ec3815d27a2e396d\hu\eula.rtf
  • D:\98ec3815d27a2e396d\hu\msxml3r.dll
  • D:\98ec3815d27a2e396d\hu\wuau.adm
  • D:\98ec3815d27a2e396d\it\msxml3r.dll
  • %LOCALAPPDATA%\windowsxp-kb927891-v3-x86-kor.exe
Modifies the following files
  • %LOCALAPPDATA%\microsoft\windows\explorer\explorerstartuplog_runonce.etl
Substitutes the following files
  • %LOCALAPPDATA%\fcsinstall.ini
Network activity
Connects to
  • 'microsoft.com':80
UDP
  • DNS ASK microsoft.com
Miscellaneous
Searches for the following windows
  • ClassName: 'RegEdit_RegEdit' WindowName: ''
Creates and executes the following
  • '%LOCALAPPDATA%\windowsxp-kb914882-x86-kor.exe' /quiet /norestart
  • '%LOCALAPPDATA%\windowsinstaller-kb893803-v2-x86.exe' /quiet /norestart
  • 'D:\a413d72f3a98fe96f17be1b779\update\update.exe' /quiet /norestart
  • '%LOCALAPPDATA%\windowsupdateagent30-x86.exe' /quiet /norestart
  • 'D:\98ec3815d27a2e396d\wusetup.exe' /quiet /norestart
  • '%LOCALAPPDATA%\windowsxp-kb927891-v3-x86-kor.exe' /quiet /norestart
  • '%LOCALAPPDATA%\clientsetup.exe' /NOMOM
  • '%LOCALAPPDATA%\fcsinstall.exe'
  • '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\163F1C.bat" "<Full path to file>" "' (with hidden window)
Executes the following
  • '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\163F1C.bat" "<Full path to file>" "
  • '%WINDIR%\syswow64\rundll32.exe' syssetup,SetupInfObjectInstallAction DefaultInstall 128 .\muweb.inf
  • '%WINDIR%\syswow64\runonce.exe' -r
  • '%WINDIR%\syswow64\grpconv.exe' -o
  • '%WINDIR%\syswow64\regedit.exe' /s FCS_Policy_PC_100817.reg
  • '%WINDIR%\syswow64\regedit.exe' /s WindowsUpdate_PC_100816.reg

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play