Mi biblioteca
Mi biblioteca

+ Añadir a la biblioteca

Soporte
Soporte 24 horas | Normas de contactar

Sus solicitudes

Perfil

Trojan.DownLoader10.50822

Added to the Dr.Web virus database: 2013-11-19

Virus description added:

Technical Information

To ensure autorun and distribution:
Modifies the following registry keys:
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'EanthologyApp' = '%CommonProgramFiles%\eAcceleration\EANTHO~1.EXE /b Startup'
Malicious functions:
Creates and executes the following:
  • '%CommonProgramFiles%\eAcceleration\eanthology.exe' /k unlock
  • '%CommonProgramFiles%\eAcceleration\eanthology.exe' /RegServer
  • '%TEMP%\EAC3183578062_00000000\regsvr32.exe' /s "%CommonProgramFiles%\eAcceleration\dware.dll"
  • '%CommonProgramFiles%\eAcceleration\eanthology.exe' /b
  • '%CommonProgramFiles%\eAcceleration\eanthology.exe' /c %TEMP%\EAC3183578062_00000000\setup.exe /Cmd <Full path to virus> <Full path to virus>
  • '%TEMP%\EAC00000000\setup.exe'
  • '%TEMP%\EAC3183578062_00000000\setup.exe' /Cmd <Full path to virus> <Full path to virus>
  • '%TEMP%\EAC3183578062_00000000\syscheck.exe'
  • '%TEMP%\EAC3183578062_00000000\eAnthology.exe' /k WaitConfig
  • '%CommonProgramFiles%\eAcceleration\eAnthology_updater2.exe'
  • '%TEMP%\EAC3183578062_00000000\eAnthology.exe' /k lock
Modifies file system :
Creates the following files:
  • %CommonProgramFiles%\eAcceleration\trojaninfolite.htm
  • %CommonProgramFiles%\eAcceleration\virusinfolite.htm
  • %CommonProgramFiles%\eAcceleration\stop-sign01.gif
  • %CommonProgramFiles%\eAcceleration\style_virusinfo.css
  • %CommonProgramFiles%\eAcceleration\spywarecookieinfolite.htm
  • %CommonProgramFiles%\eAcceleration\spywareinfolite.htm
  • %CommonProgramFiles%\eAcceleration\free.htm
  • %CommonProgramFiles%\eAcceleration\worminfolite.htm
  • %CommonProgramFiles%\eAcceleration\loveletterinfolite2.htm
  • %CommonProgramFiles%\eAcceleration\macrovirusinfolite.htm
  • %CommonProgramFiles%\eAcceleration\klez4infolite2.htm
  • %CommonProgramFiles%\eAcceleration\loveletterinfolite.htm
  • %CommonProgramFiles%\eAcceleration\roroinfolite2.htm
  • %CommonProgramFiles%\eAcceleration\scriptvirusinfolite.htm
  • %CommonProgramFiles%\eAcceleration\nimdainfolite.htm
  • %CommonProgramFiles%\eAcceleration\roroinfolite.htm
  • %CommonProgramFiles%\eAcceleration\spywareproginfolite.htm
  • %CommonProgramFiles%\eAcceleration\pai_gow_poker.gif
  • %CommonProgramFiles%\eAcceleration\roulette.gif
  • %CommonProgramFiles%\eAcceleration\craps.gif
  • %CommonProgramFiles%\eAcceleration\keno.gif
  • %CommonProgramFiles%\eAcceleration\baccarat.gif
  • %CommonProgramFiles%\eAcceleration\casino00.gif
  • %CommonProgramFiles%\eAcceleration\slots.gif
  • %CommonProgramFiles%\eAcceleration\video_poker.gif
  • %CommonProgramFiles%\eAcceleration\board00.gif
  • %CommonProgramFiles%\eAcceleration\cards00.gif
  • %CommonProgramFiles%\eAcceleration\antivirus00.ini
  • %CommonProgramFiles%\eAcceleration\arcade00.gif
  • %CommonProgramFiles%\eAcceleration\caribbean_poker.gif
  • %CommonProgramFiles%\eAcceleration\casino00.htm
  • %CommonProgramFiles%\eAcceleration\puzzle00.gif
  • %CommonProgramFiles%\eAcceleration\blackjack.gif
  • %CommonProgramFiles%\eAcceleration\lightsout.gif
  • %CommonProgramFiles%\eAcceleration\oodlzmatch.gif
  • %CommonProgramFiles%\eAcceleration\freecell.gif
  • %CommonProgramFiles%\eAcceleration\klondike.gif
  • %CommonProgramFiles%\eAcceleration\tileslide.gif
  • %CommonProgramFiles%\eAcceleration\wordsearch.gif
  • %CommonProgramFiles%\eAcceleration\reversi.gif
  • %CommonProgramFiles%\eAcceleration\spaceblast.gif
  • %CommonProgramFiles%\eAcceleration\puzzle00.htm
  • %CommonProgramFiles%\eAcceleration\mahjongg.gif
  • %CommonProgramFiles%\eAcceleration\board00.htm
  • %CommonProgramFiles%\eAcceleration\cards00.htm
  • %CommonProgramFiles%\eAcceleration\ducksinarow.gif
  • %CommonProgramFiles%\eAcceleration\fourinarow.gif
  • %CommonProgramFiles%\eAcceleration\blocks.gif
  • %CommonProgramFiles%\eAcceleration\checkers.gif
  • %CommonProgramFiles%\eAcceleration\oodlzrevenge.gif
  • %CommonProgramFiles%\eAcceleration\batchvirusinfolite.htm
  • %CommonProgramFiles%\eAcceleration\bugbearinfolite.htm
  • %CommonProgramFiles%\eAcceleration\ispnum02.dat
  • %CommonProgramFiles%\eAcceleration\backdoortrojaninfolite.htm
  • %CommonProgramFiles%\eAcceleration\ircvirusinfolite.htm
  • %CommonProgramFiles%\eAcceleration\klez4infolite.htm
  • %CommonProgramFiles%\eAcceleration\bugbearinfolite2.htm
  • %CommonProgramFiles%\eAcceleration\combootinfolite.htm
  • %CommonProgramFiles%\eAcceleration\na_arcade00.htm
  • %CommonProgramFiles%\eAcceleration\na_board00.htm
  • %CommonProgramFiles%\eAcceleration\trans.gif
  • %CommonProgramFiles%\eAcceleration\bg_screen.gif
  • %CommonProgramFiles%\eAcceleration\konx.dll
  • %CommonProgramFiles%\eAcceleration\ispnum01.dat
  • %CommonProgramFiles%\eAcceleration\na_cards00.htm
  • %CommonProgramFiles%\eAcceleration\na_puzzle00.htm
  • %CommonProgramFiles%\eAcceleration\froogle.htm
  • %CommonProgramFiles%\eAcceleration\roger4056infolite2.htm
  • %CommonProgramFiles%\eAcceleration\sdbotinfolite.htm
  • %CommonProgramFiles%\eAcceleration\redlofinfolite.htm
  • %CommonProgramFiles%\eAcceleration\roger4056infolite.htm
  • %CommonProgramFiles%\eAcceleration\reterasinfolite2.htm
  • %CommonProgramFiles%\eAcceleration\syscheck.dll
  • %CommonProgramFiles%\eAcceleration\tanked14infolite.htm
  • %CommonProgramFiles%\eAcceleration\reterasinfolite.htm
  • %CommonProgramFiles%\eAcceleration\cult15360infolite2.htm
  • %CommonProgramFiles%\eAcceleration\generic145infolite.htm
  • %CommonProgramFiles%\eAcceleration\clonerinfolite.htm
  • %CommonProgramFiles%\eAcceleration\cult15360infolite.htm
  • %CommonProgramFiles%\eAcceleration\mimicinfolite.htm
  • %CommonProgramFiles%\eAcceleration\opasoftinfolite.htm
  • %CommonProgramFiles%\eAcceleration\generic145infolite2.htm
  • %CommonProgramFiles%\eAcceleration\lovgateinfolite.htm
  • %CommonProgramFiles%\eAcceleration\ispnum03.dat
  • %CommonProgramFiles%\eAcceleration\dware.dll
  • %CommonProgramFiles%\eAcceleration\eac_install00.dat
  • %ALLUSERSPROFILE%\Start Menu\Programs\eAnthology\Kon-X\Check Email.lnk
  • %HOMEPATH%\Desktop\kon-X Online Connections Service.lnk
  • %TEMP%\EanthComponents\threatscan_setup.exe
  • %CommonProgramFiles%\eAcceleration\EanthComponents\threatscan_setup.exe
  • %TEMP%\EanthComponents\StopSign_install-r.exe
  • %CommonProgramFiles%\eAcceleration\EanthComponents\StopSign_install-r.exe
  • %TEMP%\EAC00000000\eAnthMngr.dll
  • %CommonProgramFiles%\eAcceleration\eanthmngr.dll
  • %TEMP%\EAC00000000\setup.exe
  • %TEMP%\EAC00000000\eanthmngr_update.exe.chk
  • %ALLUSERSPROFILE%\Start Menu\Programs\eAnthology\eAnthology Manager.lnk
  • %APPDATA%\Microsoft\Internet Explorer\Quick Launch\eAnthology Manager.lnk
  • %CommonProgramFiles%\eAcceleration\eanthmngr_update.exe.chk
  • %CommonProgramFiles%\eAcceleration\mypartyinfolite.htm
  • %CommonProgramFiles%\eAcceleration\datominfolite.htm
  • %CommonProgramFiles%\eAcceleration\iframeexecinfolite.htm
  • %CommonProgramFiles%\eAcceleration\maybeinfectedinfolite.htm
  • %CommonProgramFiles%\eAcceleration\aluriaInfolite.htm
  • %CommonProgramFiles%\eAcceleration\avrilinfolite.htm
  • %CommonProgramFiles%\eAcceleration\yahainfolite.htm
  • %CommonProgramFiles%\eAcceleration\yahainfolite2.htm
  • %CommonProgramFiles%\eAcceleration\images.htm
  • %CommonProgramFiles%\eAcceleration\googlenews.htm
  • %CommonProgramFiles%\eAcceleration\google.htm
  • %CommonProgramFiles%\eAcceleration\groups.htm
  • %CommonProgramFiles%\eAcceleration\avrilinfolite2.htm
  • %CommonProgramFiles%\eAcceleration\comtsrcryptinfolite.htm
  • %CommonProgramFiles%\eAcceleration\eanth_konx_chat00.htm
  • %CommonProgramFiles%\eAcceleration\infolite.dat
  • %CommonProgramFiles%\eAcceleration\pool01.gif
  • %CommonProgramFiles%\eAcceleration\magistr29188infolite.htm
  • %CommonProgramFiles%\eAcceleration\magistr29188infolite2.htm
  • %CommonProgramFiles%\eAcceleration\comtsr.htm
  • %CommonProgramFiles%\eAcceleration\hanta24064infolite.htm
  • %CommonProgramFiles%\eAcceleration\trojanappactxcomp.htm
  • %CommonProgramFiles%\eAcceleration\vienna648infolite.htm
  • %CommonProgramFiles%\eAcceleration\mardinfolite.htm
  • %CommonProgramFiles%\eAcceleration\nocloseinfolite.htm
  • %CommonProgramFiles%\eAcceleration\domino.gif
  • %CommonProgramFiles%\eAcceleration\go.gif
  • %CommonProgramFiles%\eAcceleration\pool02.gif
  • %CommonProgramFiles%\eAcceleration\chess.gif
  • %CommonProgramFiles%\eAcceleration\wikipedia.gif
  • %CommonProgramFiles%\eAcceleration\backdoorircbasedinfolite.htm
  • %CommonProgramFiles%\eAcceleration\shogi.gif
  • %CommonProgramFiles%\eAcceleration\wikipedia.htm
  • %CommonProgramFiles%\eAcceleration\arcade00.htm
  • %TEMP%\EAC3183578062_00000000\loveletterinfolite.htm
  • %TEMP%\EAC3183578062_00000000\loveletterinfolite2.htm
  • %TEMP%\EAC3183578062_00000000\klez4infolite.htm
  • %TEMP%\EAC3183578062_00000000\klez4infolite2.htm
  • %TEMP%\EAC3183578062_00000000\roroinfolite.htm
  • %TEMP%\EAC3183578062_00000000\roroinfolite2.htm
  • %TEMP%\EAC3183578062_00000000\macrovirusinfolite.htm
  • %TEMP%\EAC3183578062_00000000\nimdainfolite.htm
  • %TEMP%\EAC3183578062_00000000\ispnum03.dat
  • %TEMP%\EAC3183578062_00000000\batchvirusinfolite.htm
  • %TEMP%\EAC3183578062_00000000\ispnum01.dat
  • %TEMP%\EAC3183578062_00000000\ispnum02.dat
  • %TEMP%\EAC3183578062_00000000\combootinfolite.htm
  • %TEMP%\EAC3183578062_00000000\ircvirusinfolite.htm
  • %TEMP%\EAC3183578062_00000000\bugbearinfolite.htm
  • %TEMP%\EAC3183578062_00000000\bugbearinfolite2.htm
  • %TEMP%\EAC3183578062_00000000\scriptvirusinfolite.htm
  • %TEMP%\EAC3183578062_00000000\spywareinfolite.htm
  • %TEMP%\EAC3183578062_00000000\spywareproginfolite.htm
  • %TEMP%\EAC3183578062_00000000\wikipedia.htm
  • %TEMP%\EAC3183578062_00000000\wikipedia.gif
  • %TEMP%\EAC3183578062_00000000\arcade00.gif
  • %TEMP%\EAC3183578062_00000000\board00.gif
  • %TEMP%\EAC3183578062_00000000\antivirus00.ini
  • %TEMP%\EAC3183578062_00000000\infolite.dat
  • %TEMP%\EAC3183578062_00000000\style_virusinfo.css
  • %TEMP%\EAC3183578062_00000000\trojaninfolite.htm
  • %TEMP%\EAC3183578062_00000000\backdoortrojaninfolite.htm
  • %TEMP%\EAC3183578062_00000000\stop-sign01.gif
  • %TEMP%\EAC3183578062_00000000\worminfolite.htm
  • %TEMP%\EAC3183578062_00000000\spywarecookieinfolite.htm
  • %TEMP%\EAC3183578062_00000000\virusinfolite.htm
  • %TEMP%\EAC3183578062_00000000\free.htm
  • %TEMP%\EAC3183578062_00000000\puzzle00.htm
  • %TEMP%\EAC3183578062_00000000\blocks.gif
  • %TEMP%\EAC3183578062_00000000\board00.htm
  • %TEMP%\EAC3183578062_00000000\cards00.htm
  • %TEMP%\EAC3183578062_00000000\fourinarow.gif
  • %TEMP%\EAC3183578062_00000000\freecell.gif
  • %TEMP%\EAC3183578062_00000000\checkers.gif
  • %TEMP%\EAC3183578062_00000000\ducksinarow.gif
  • %TEMP%\EAC3183578062_00000000\license.txt
  • %TEMP%\EAC3183578062_00000000\setup.ini
  • %TEMP%\EAC3183578062_00000000\regsvr32.exe
  • %TEMP%\EAC3183578062_00000000\setup.exe
  • %TEMP%\EAC3183578062_00000000\syscheck.exe
  • %TEMP%\EAC3183578062_00000000\arcade00.htm
  • %TEMP%\EAC3183578062_00000000\EanthologyApp_update.exe.chk
  • %TEMP%\EAC3183578062_00000000\eAnthology.exe
  • %TEMP%\EAC3183578062_00000000\lightsout.gif
  • %TEMP%\EAC3183578062_00000000\na_board00.htm
  • %TEMP%\EAC3183578062_00000000\na_cards00.htm
  • %TEMP%\EAC3183578062_00000000\bg_screen.gif
  • %TEMP%\EAC3183578062_00000000\na_arcade00.htm
  • %TEMP%\EAC3183578062_00000000\eanth_konx_chat00.htm
  • %TEMP%\EAC3183578062_00000000\konx_logo.gif
  • %TEMP%\EAC3183578062_00000000\na_puzzle00.htm
  • %TEMP%\EAC3183578062_00000000\konx.dll
  • %TEMP%\EAC3183578062_00000000\reversi.gif
  • %TEMP%\EAC3183578062_00000000\spaceblast.gif
  • %TEMP%\EAC3183578062_00000000\klondike.gif
  • %TEMP%\EAC3183578062_00000000\oodlzmatch.gif
  • %TEMP%\EAC3183578062_00000000\oodlzrevenge.gif
  • %TEMP%\EAC3183578062_00000000\trans.gif
  • %TEMP%\EAC3183578062_00000000\tileslide.gif
  • %TEMP%\EAC3183578062_00000000\wordsearch.gif
  • %TEMP%\EAC3183578062_00000000\cards00.gif
  • %TEMP%\EAC3183578062_00000000\cult15360infolite2.htm
  • %TEMP%\EAC3183578062_00000000\generic145infolite.htm
  • %TEMP%\EAC3183578062_00000000\clonerinfolite.htm
  • %TEMP%\EAC3183578062_00000000\cult15360infolite.htm
  • %TEMP%\EAC3183578062_00000000\mimicinfolite.htm
  • %TEMP%\EAC3183578062_00000000\opasoftinfolite.htm
  • %TEMP%\EAC3183578062_00000000\generic145infolite2.htm
  • %TEMP%\EAC3183578062_00000000\lovgateinfolite.htm
  • %TEMP%\EAC3183578062_00000000\dware.dll
  • %TEMP%\EAC3183578062_00000000\backdoorircbasedinfolite.htm
  • %TEMP%\EAC3183578062_00000000\go.gif
  • %TEMP%\EAC3183578062_00000000\shogi.gif
  • %TEMP%\EAC3183578062_00000000\magistr29188infolite.htm
  • %TEMP%\EAC3183578062_00000000\magistr29188infolite2.htm
  • %TEMP%\EAC3183578062_00000000\comtsr.htm
  • %TEMP%\EAC3183578062_00000000\hanta24064infolite.htm
  • %TEMP%\EAC3183578062_00000000\redlofinfolite.htm
  • %TEMP%\EAC3183578062_00000000\eAnthology_updater2.exe
  • %CommonProgramFiles%\eAcceleration\regsvr32.exe
  • %TEMP%\EAC3183578062_00000000\datominfolite.htm
  • %TEMP%\EAC3183578062_00000000\syscheck.dll
  • %CommonProgramFiles%\eAcceleration\EanthologyApp_Update.exe.chk
  • %CommonProgramFiles%\eAcceleration\eAnthology_updater2.exe
  • %CommonProgramFiles%\eAcceleration\license.txt
  • %CommonProgramFiles%\eAcceleration\eanthology.exe
  • %TEMP%\EAC3183578062_00000000\sdbotinfolite.htm
  • %TEMP%\EAC3183578062_00000000\tanked14infolite.htm
  • %TEMP%\EAC3183578062_00000000\roger4056infolite.htm
  • %TEMP%\EAC3183578062_00000000\roger4056infolite2.htm
  • %TEMP%\EAC3183578062_00000000\trojanappactxcomp.htm
  • %TEMP%\EAC3183578062_00000000\vienna648infolite.htm
  • %TEMP%\EAC3183578062_00000000\mardinfolite.htm
  • %TEMP%\EAC3183578062_00000000\nocloseinfolite.htm
  • %TEMP%\EAC3183578062_00000000\video_poker.gif
  • %TEMP%\EAC3183578062_00000000\casino00.gif
  • %TEMP%\EAC3183578062_00000000\roulette.gif
  • %TEMP%\EAC3183578062_00000000\slots.gif
  • %TEMP%\EAC3183578062_00000000\groups.htm
  • %TEMP%\EAC3183578062_00000000\images.htm
  • %TEMP%\EAC3183578062_00000000\google.htm
  • %TEMP%\EAC3183578062_00000000\froogle.htm
  • %TEMP%\EAC3183578062_00000000\blackjack.gif
  • %TEMP%\EAC3183578062_00000000\caribbean_poker.gif
  • %TEMP%\EAC3183578062_00000000\puzzle00.gif
  • %TEMP%\EAC3183578062_00000000\baccarat.gif
  • %TEMP%\EAC3183578062_00000000\keno.gif
  • %TEMP%\EAC3183578062_00000000\pai_gow_poker.gif
  • %TEMP%\EAC3183578062_00000000\casino00.htm
  • %TEMP%\EAC3183578062_00000000\craps.gif
  • %TEMP%\EAC3183578062_00000000\googlenews.htm
  • %TEMP%\EAC3183578062_00000000\yahainfolite2.htm
  • %TEMP%\EAC3183578062_00000000\pool01.gif
  • %TEMP%\EAC3183578062_00000000\reterasinfolite2.htm
  • %TEMP%\EAC3183578062_00000000\yahainfolite.htm
  • %TEMP%\EAC3183578062_00000000\mahjongg.gif
  • %TEMP%\EAC3183578062_00000000\domino.gif
  • %TEMP%\EAC3183578062_00000000\pool02.gif
  • %TEMP%\EAC3183578062_00000000\chess.gif
  • %TEMP%\EAC3183578062_00000000\avrilinfolite2.htm
  • %TEMP%\EAC3183578062_00000000\comtsrcryptinfolite.htm
  • %TEMP%\EAC3183578062_00000000\aluriaInfolite.htm
  • %TEMP%\EAC3183578062_00000000\avrilinfolite.htm
  • %TEMP%\EAC3183578062_00000000\mypartyinfolite.htm
  • %TEMP%\EAC3183578062_00000000\reterasinfolite.htm
  • %TEMP%\EAC3183578062_00000000\iframeexecinfolite.htm
  • %TEMP%\EAC3183578062_00000000\maybeinfectedinfolite.htm
Deletes the following files:
  • %TEMP%\EAC3183578062_00000000\opasoftinfolite.htm
  • %TEMP%\EAC3183578062_00000000\oodlzrevenge.gif
  • %TEMP%\EAC3183578062_00000000\pool01.gif
  • %TEMP%\EAC3183578062_00000000\pai_gow_poker.gif
  • %TEMP%\EAC3183578062_00000000\nimdainfolite.htm
  • %TEMP%\EAC3183578062_00000000\na_puzzle00.htm
  • %TEMP%\EAC3183578062_00000000\oodlzmatch.gif
  • %TEMP%\EAC3183578062_00000000\nocloseinfolite.htm
  • %TEMP%\EAC3183578062_00000000\reterasinfolite.htm
  • %TEMP%\EAC3183578062_00000000\regsvr32.exe
  • %TEMP%\EAC3183578062_00000000\reversi.gif
  • %TEMP%\EAC3183578062_00000000\reterasinfolite2.htm
  • %TEMP%\EAC3183578062_00000000\puzzle00.gif
  • %TEMP%\EAC3183578062_00000000\pool02.gif
  • %TEMP%\EAC3183578062_00000000\redlofinfolite.htm
  • %TEMP%\EAC3183578062_00000000\puzzle00.htm
  • %TEMP%\EAC3183578062_00000000\macrovirusinfolite.htm
  • %TEMP%\EAC3183578062_00000000\lovgateinfolite.htm
  • %TEMP%\EAC3183578062_00000000\magistr29188infolite2.htm
  • %TEMP%\EAC3183578062_00000000\magistr29188infolite.htm
  • %TEMP%\EAC3183578062_00000000\lightsout.gif
  • %TEMP%\EAC3183578062_00000000\license.txt
  • %TEMP%\EAC3183578062_00000000\loveletterinfolite2.htm
  • %TEMP%\EAC3183578062_00000000\loveletterinfolite.htm
  • %TEMP%\EAC3183578062_00000000\na_arcade00.htm
  • %TEMP%\EAC3183578062_00000000\mypartyinfolite.htm
  • %TEMP%\EAC3183578062_00000000\na_cards00.htm
  • %TEMP%\EAC3183578062_00000000\na_board00.htm
  • %TEMP%\EAC3183578062_00000000\mardinfolite.htm
  • %TEMP%\EAC3183578062_00000000\mahjongg.gif
  • %TEMP%\EAC3183578062_00000000\mimicinfolite.htm
  • %TEMP%\EAC3183578062_00000000\maybeinfectedinfolite.htm
  • %TEMP%\EAC3183578062_00000000\roger4056infolite.htm
  • %TEMP%\EAC3183578062_00000000\trojanappactxcomp.htm
  • %TEMP%\EAC3183578062_00000000\trans.gif
  • %TEMP%\EAC3183578062_00000000\video_poker.gif
  • %TEMP%\EAC3183578062_00000000\trojaninfolite.htm
  • %TEMP%\EAC3183578062_00000000\syscheck.exe
  • %TEMP%\EAC3183578062_00000000\syscheck.dll
  • %TEMP%\EAC3183578062_00000000\tileslide.gif
  • %TEMP%\EAC3183578062_00000000\tanked14infolite.htm
  • %TEMP%\EAC3183578062_00000000\worminfolite.htm
  • %TEMP%\EAC3183578062_00000000\wordsearch.gif
  • %TEMP%\EAC3183578062_00000000\yahainfolite2.htm
  • %TEMP%\EAC3183578062_00000000\yahainfolite.htm
  • %TEMP%\EAC3183578062_00000000\virusinfolite.htm
  • %TEMP%\EAC3183578062_00000000\vienna648infolite.htm
  • %TEMP%\EAC3183578062_00000000\wikipedia.htm
  • %TEMP%\EAC3183578062_00000000\wikipedia.gif
  • %TEMP%\EAC3183578062_00000000\sdbotinfolite.htm
  • %TEMP%\EAC3183578062_00000000\scriptvirusinfolite.htm
  • %TEMP%\EAC3183578062_00000000\setup.ini
  • %TEMP%\EAC3183578062_00000000\setup.exe
  • %TEMP%\EAC3183578062_00000000\roroinfolite.htm
  • %TEMP%\EAC3183578062_00000000\roger4056infolite2.htm
  • %TEMP%\EAC3183578062_00000000\roulette.gif
  • %TEMP%\EAC3183578062_00000000\roroinfolite2.htm
  • %TEMP%\EAC3183578062_00000000\spywareproginfolite.htm
  • %TEMP%\EAC3183578062_00000000\spywareinfolite.htm
  • %TEMP%\EAC3183578062_00000000\style_virusinfo.css
  • %TEMP%\EAC3183578062_00000000\stop-sign01.gif
  • %TEMP%\EAC3183578062_00000000\slots.gif
  • %TEMP%\EAC3183578062_00000000\shogi.gif
  • %TEMP%\EAC3183578062_00000000\spywarecookieinfolite.htm
  • %TEMP%\EAC3183578062_00000000\spaceblast.gif
  • %TEMP%\EAC3183578062_00000000\konx_logo.gif
  • %TEMP%\EAC3183578062_00000000\cards00.htm
  • %TEMP%\EAC3183578062_00000000\cards00.gif
  • %TEMP%\EAC3183578062_00000000\casino00.gif
  • %TEMP%\EAC3183578062_00000000\caribbean_poker.gif
  • %TEMP%\EAC3183578062_00000000\board00.htm
  • %TEMP%\EAC3183578062_00000000\board00.gif
  • %TEMP%\EAC3183578062_00000000\bugbearinfolite2.htm
  • %TEMP%\EAC3183578062_00000000\bugbearinfolite.htm
  • %TEMP%\EAC3183578062_00000000\comtsr.htm
  • %TEMP%\EAC3183578062_00000000\combootinfolite.htm
  • %TEMP%\EAC3183578062_00000000\craps.gif
  • %TEMP%\EAC3183578062_00000000\comtsrcryptinfolite.htm
  • %TEMP%\EAC3183578062_00000000\checkers.gif
  • %TEMP%\EAC3183578062_00000000\casino00.htm
  • %TEMP%\EAC3183578062_00000000\clonerinfolite.htm
  • %TEMP%\EAC3183578062_00000000\chess.gif
  • %TEMP%\EAC3183578062_00000000\arcade00.gif
  • %TEMP%\EAC3183578062_00000000\antivirus00.ini
  • %TEMP%\EAC3183578062_00000000\avrilinfolite.htm
  • %TEMP%\EAC3183578062_00000000\arcade00.htm
  • %TEMP%\EAC00000000\eanthmngr_update.exe.chk
  • %TEMP%\EAC00000000\eAnthMngr.dll
  • %TEMP%\EAC3183578062_00000000\aluriaInfolite.htm
  • %TEMP%\EAC00000000\setup.exe
  • %TEMP%\EAC3183578062_00000000\bg_screen.gif
  • %TEMP%\EAC3183578062_00000000\batchvirusinfolite.htm
  • %TEMP%\EAC3183578062_00000000\blocks.gif
  • %TEMP%\EAC3183578062_00000000\blackjack.gif
  • %TEMP%\EAC3183578062_00000000\baccarat.gif
  • %TEMP%\EAC3183578062_00000000\avrilinfolite2.htm
  • %TEMP%\EAC3183578062_00000000\backdoortrojaninfolite.htm
  • %TEMP%\EAC3183578062_00000000\backdoorircbasedinfolite.htm
  • %TEMP%\EAC3183578062_00000000\cult15360infolite.htm
  • %TEMP%\EAC3183578062_00000000\images.htm
  • %TEMP%\EAC3183578062_00000000\iframeexecinfolite.htm
  • %TEMP%\EAC3183578062_00000000\ircvirusinfolite.htm
  • %TEMP%\EAC3183578062_00000000\infolite.dat
  • %TEMP%\EAC3183578062_00000000\googlenews.htm
  • %TEMP%\EAC3183578062_00000000\google.htm
  • %TEMP%\EAC3183578062_00000000\hanta24064infolite.htm
  • %TEMP%\EAC3183578062_00000000\groups.htm
  • %TEMP%\EAC3183578062_00000000\klez4infolite2.htm
  • %TEMP%\EAC3183578062_00000000\klez4infolite.htm
  • %TEMP%\EAC3183578062_00000000\konx.dll
  • %TEMP%\EAC3183578062_00000000\klondike.gif
  • %TEMP%\EAC3183578062_00000000\ispnum02.dat
  • %TEMP%\EAC3183578062_00000000\ispnum01.dat
  • %TEMP%\EAC3183578062_00000000\keno.gif
  • %TEMP%\EAC3183578062_00000000\ispnum03.dat
  • %TEMP%\EAC3183578062_00000000\eAnthology.exe
  • %TEMP%\EAC3183578062_00000000\dware.dll
  • %TEMP%\EAC3183578062_00000000\eAnthology_updater2.exe
  • %TEMP%\EAC3183578062_00000000\EanthologyApp_update.exe.chk
  • %TEMP%\EAC3183578062_00000000\datominfolite.htm
  • %TEMP%\EAC3183578062_00000000\cult15360infolite2.htm
  • %TEMP%\EAC3183578062_00000000\ducksinarow.gif
  • %TEMP%\EAC3183578062_00000000\domino.gif
  • %TEMP%\EAC3183578062_00000000\generic145infolite.htm
  • %TEMP%\EAC3183578062_00000000\froogle.htm
  • %TEMP%\EAC3183578062_00000000\go.gif
  • %TEMP%\EAC3183578062_00000000\generic145infolite2.htm
  • %TEMP%\EAC3183578062_00000000\fourinarow.gif
  • %TEMP%\EAC3183578062_00000000\eanth_konx_chat00.htm
  • %TEMP%\EAC3183578062_00000000\freecell.gif
  • %TEMP%\EAC3183578062_00000000\free.htm
Network activity:
Connects to:
  • 'ra###.veloz.com':80
  • 'www.bu###nware.net':80
  • 'de########ccounts.eacceleration.com':80
TCP:
HTTP GET requests:
  • ra###.veloz.com/pub/download/StopSign_install-r.exe
  • ra###.veloz.com/pub/download/threatscan_setup.exe
  • www.bu###nware.net/ping/?b=##########################################################################################################################################################
  • www.bu###nware.net/ping/?b=############################################################################################################################################################
HTTP POST requests:
  • de########ccounts.eacceleration.com/lcgi-bin/ACCT/empi.cgi
UDP:
  • DNS ASK ra###.veloz.com
  • DNS ASK www.bu###nware.net
  • DNS ASK de########ccounts.eacceleration.com
Miscellaneous:
Searches for the following windows:
  • ClassName: 'Shell_TrayWnd' WindowName: '(null)'
  • ClassName: 'Class_ContolPanelWindow_Eanthology_Application' WindowName: 'eAnthology Features'
  • ClassName: 'Class_BackgroundWindow_Eanthology_Application' WindowName: '(null)'
  • ClassName: 'Class_ContolPanelWindow_Eanthology_Application' WindowName: '(null)'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android