Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Trojan.Encoder.13562

Added to the Dr.Web virus database: 2017-08-08

Virus description added:

Technical Information

To ensure autorun and distribution:
Modifies the following registry keys:
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Acrobt32.exe' = '%APPDATA%\Adb\Acrobt32.exe'
Malicious functions:
Creates and executes the following:
  • '<LS_APPDATA>\Win\Winmap.exe' <Full path to file>
Modifies file system:
Creates the following files:
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\places\places.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\places\moveBookmarks.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\places\treeView.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\places\tree.xml.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\places\editBookmarkOverlay.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\places\controller.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\places\menu.xml.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\places\history-panel.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\cookies.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\content.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\handlers.xml.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\fonts.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\applicationManager.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\advanced.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\connection.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\applications.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\feeds\subscribe.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\bookmarks\sidebarUtils.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\migration\migration.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\feeds\subscribe.xml.rat
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\secmod.db.rat
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\prefs.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\bookmarks\bookmarksPanel.js.rat
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\sessionstore.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\pageinfo\security.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\pageinfo\permissions.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\places\browserPlacesViews.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\places\bookmarkProperties.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\pageinfo\feeds.xml.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\pageinfo\feeds.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\pageinfo\pageInfo.xml.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\pageinfo\pageInfo.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\languages.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\editor.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\dialog.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\filefield.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\expander.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\checkbox.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\button.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\datetimepicker.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\colorpicker.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\menulist.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\menu.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\numberbox.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\notification.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\general.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\findbar.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\listbox.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\groupbox.xml.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\selectBookmark.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\security.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\tabs.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\sync.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\permissions.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\main.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\privacy.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\preferences\permissionsutils.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\alerts\alert.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\skin\classic\browser\keyhole-forward-mask.svg.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\browser.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\autocomplete.xml.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\search\engineManager.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\safebrowsing\sb-loader.js.rat
  • <SYSTEM32>\dllcache\sam.sdf.new
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\search\search.xml.rat
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\pluginreg.dat.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\crashes.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\contentAreaUtils.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\customizeToolbar.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\customizeCharset.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\config.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\commonDialog.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\consoleBindings.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\console.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\globalOverlay.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\findUtils.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\notfound.wav.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\inlineSpellCheckUI.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\editMenuOverlay.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\dialogOverlay.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\finddialog.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\filepicker.js.rat
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\pippki.js.rat
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\password.js.rat
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\protectedAuth.js.rat
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\pref-crlupdate.js.rat
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\escrowWarn.js.rat
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\editcerts.js.rat
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\formsigning.js.rat
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\exceptionDialog.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\aboutSupport.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\aboutMemory.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\charsetOverlay.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\appPicker.js.rat
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\serverCrlNextupdate.js.rat
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\resetpassword.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\cookie\cookieAcceptDialog.js.rat
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\viewCertDetails.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\nsClipboard.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\passwordmgr\passwordManagerCommon.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\passwordmgr\passwordManager.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\satchel\formSubmitListener.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\passwordmgr\passwordManagerExceptions.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\viewSourceUtils.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\viewSource.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\XPCNativeWrapper.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\viewZoomOverlay.js.rat
  • %CommonProgramFiles%\SpeechEngines\Microsoft\TTS\1033\sam.sdf.new
  • %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\Client.xml.rat
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\key3.db.rat
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\cert8.db.rat
  • %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\xbl-marquee\xbl-marquee.xml.rat
  • %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml.rat
  • %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList\Client.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\printPreviewBindings.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\printPageSetup.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\printProgress.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\printPreviewProgress.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\nsUserSettings.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\nsDragAndDrop.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\printdialog.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\platformHTMLBindings.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\test-ipcbrowser-chrome.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\tabprompts.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\viewPartialSource.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\test-ipcbrowser-content.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\remote-test-ipc.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\printUtils.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\strres.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\selectDialog.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\popup.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\splitter\grip-top.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\splitter\grip-right.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\tree\columnpicker.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\toolbar\chevron.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\scrollbar\slider.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\radio\radio-check.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\splitter\grip-left.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\splitter\grip-bottom.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-lft-dis.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-dn.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-lft-sharp-end.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-lft-hov.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-dn-dis.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\mozapps\extensions\extensions.svg.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-dn-sharp.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-dn-hov.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-up.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-up-sharp.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\arrow\panelarrow-vertical.svg.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\arrow\panelarrow-horizontal.svg.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-rit.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-rit-sharp.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-up-hov.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-up-dis.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\icons\Minimize.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\icons\Close.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\radio\radio-check-dis.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\icons\Restore.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\checkbox\cbox-check.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\checkbox\cbox-check-dis.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\console\console-error-dash.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\console\console-error-caret.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-lft-sharp.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\scrollbar\slider.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\radio\radio-check.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\splitter\grip-left.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\splitter\grip-bottom.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\icons\Minimize.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\icons\Close.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\radio\radio-check-dis.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\icons\Restore.gif.rat
  • %APPDATA%\System32Work\EncryptedFileList.txt
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\mozapps\extensions\extensions.svg.rat
  • %APPDATA%\System32Work\dr
  • %APPDATA%\System32Work\Address.txt
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\splitter\grip-top.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\splitter\grip-right.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\tree\columnpicker.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\toolbar\chevron.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-rit.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-rit-sharp.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-up-hov.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-up-dis.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-rit-dis.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-lft.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-rit-sharp-end.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-rit-hov.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\checkbox\cbox-check.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\checkbox\cbox-check-dis.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\console\console-error-dash.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\console\console-error-caret.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-up.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-up-sharp.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\panelarrow-vertical.svg.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\panelarrow-horizontal.svg.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-rit-sharp-end.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\downloads\download.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\xml\XMLPrettyPrint.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\downloads\downloads.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\downloads\DownloadProgressListener.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\videocontrols.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\tree.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\svg\svgBindings.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\wizard.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\extensions\extensions-content.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\extensions\eula.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\extensions\extensions.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\extensions\extensions.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\extensions\about.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\downloads\helperApps.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\extensions\blocklist.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\extensions\blocklist.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\scale.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\richlistbox.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\scrollbox.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\scrollbar.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\progressmeter.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\preferences.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\resizer.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\radio.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\textbox.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\text.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\toolbarbutton.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\toolbar.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\splitter.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\spinbuttons.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\tabbox.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\global\bindings\stringbundle.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\extensions\list.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-dn-dis.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\aero\global\globalBindings.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-dn-sharp.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-dn-hov.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\xpinstall\xpinstallItem.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\xpinstall\xpinstallConfirm.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\skin\classic\aero\browser\keyhole-forward-mask.svg.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\globalBindings.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-lft.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-lft-sharp.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-rit-hov.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-rit-dis.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-lft-dis.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-dn.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-lft-sharp-end.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-lft-hov.gif.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\plugins\pluginInstallerWizard.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\plugins\pluginInstallerService.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\preferences\changemp.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\plugins\pluginProblem.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\handling\dialog.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\extensions\update.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\plugins\pluginInstallerDatasource.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\handling\handler.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\update\history.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\profile\profileSelection.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\update\updates.xml.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\update\updates.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\preferences\ocsp.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\preferences\fontbuilder.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\profile\createProfileWizard.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\content\mozapps\preferences\removemp.js.rat
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\downloadcert.js.rat
  • %ProgramFiles%\FireFox\components\nsLoginInfo.js.rat
  • %ProgramFiles%\FireFox\components\nsLivemarkService.js.rat
  • %ProgramFiles%\FireFox\components\nsLoginManagerPrompter.js.rat
  • %ProgramFiles%\FireFox\components\nsLoginManager.js.rat
  • %ProgramFiles%\FireFox\components\nsHelperAppDlg.js.rat
  • %ProgramFiles%\FireFox\components\nsHandlerService.js.rat
  • %ProgramFiles%\FireFox\components\nsInputListAutoComplete.js.rat
  • %ProgramFiles%\FireFox\components\nsINIProcessor.js.rat
  • %ProgramFiles%\FireFox\components\nsProxyAutoConfig.js.rat
  • %ProgramFiles%\FireFox\components\nsPrompter.js.rat
  • %ProgramFiles%\FireFox\components\nsSearchService.js.rat
  • %ProgramFiles%\FireFox\components\nsSafebrowsingApplication.js.rat
  • %ProgramFiles%\FireFox\components\nsPlacesAutoComplete.js.rat
  • %ProgramFiles%\FireFox\components\nsMicrosummaryService.js.rat
  • %ProgramFiles%\FireFox\components\nsPrivateBrowsingService.js.rat
  • %ProgramFiles%\FireFox\components\nsPlacesExpiration.js.rat
  • %ProgramFiles%\FireFox\components\NetworkGeolocationProvider.js.rat
  • %ProgramFiles%\FireFox\components\messageWakeupService.js.rat
  • %ProgramFiles%\FireFox\components\nsBlocklistService.js.rat
  • %ProgramFiles%\FireFox\components\nsBadCertHandler.js.rat
  • %ProgramFiles%\FireFox\components\fuelApplication.js.rat
  • %ProgramFiles%\FireFox\components\FeedWriter.js.rat
  • %ProgramFiles%\FireFox\components\jsconsole-clhandler.js.rat
  • %ProgramFiles%\FireFox\components\GPSDGeolocationProvider.js.rat
  • %ProgramFiles%\FireFox\components\nsDownloadManagerUI.js.rat
  • %ProgramFiles%\FireFox\components\nsDefaultCLH.js.rat
  • %ProgramFiles%\FireFox\components\nsFormHistory.js.rat
  • %ProgramFiles%\FireFox\components\nsFormAutoComplete.js.rat
  • %ProgramFiles%\FireFox\components\nsBrowserGlue.js.rat
  • %ProgramFiles%\FireFox\components\nsBrowserContentHandler.js.rat
  • %ProgramFiles%\FireFox\components\nsContentPrefService.js.rat
  • %ProgramFiles%\FireFox\components\nsContentDispatchChooser.js.rat
  • %ProgramFiles%\FireFox\components\nsSearchSuggestions.js.rat
  • %ProgramFiles%\FireFox\modules\distribution.js.rat
  • %ProgramFiles%\FireFox\modules\debug.js.rat
  • %ProgramFiles%\FireFox\modules\SpatialNavigation.js.rat
  • %ProgramFiles%\FireFox\modules\Microformats.js.rat
  • %ProgramFiles%\FireFox\components\txEXSLTRegExFunctions.js.rat
  • %ProgramFiles%\FireFox\components\storage-mozStorage.js.rat
  • %ProgramFiles%\FireFox\components\WebContentConverter.js.rat
  • %ProgramFiles%\FireFox\components\Weave.js.rat
  • %ProgramFiles%\FireFox\res\table-add-column-before-active.gif.rat
  • %ProgramFiles%\FireFox\res\table-add-column-after.gif.rat
  • %ProgramFiles%\FireFox\res\table-add-column-before.gif.rat
  • %ProgramFiles%\FireFox\res\table-add-column-before-hover.gif.rat
  • %ProgramFiles%\FireFox\res\grabber.gif.rat
  • %ProgramFiles%\FireFox\modules\utils.js.rat
  • %ProgramFiles%\FireFox\res\table-add-column-after-hover.gif.rat
  • %ProgramFiles%\FireFox\res\table-add-column-after-active.gif.rat
  • %ProgramFiles%\FireFox\components\nsTryToClose.js.rat
  • %ProgramFiles%\FireFox\components\nsTaggingService.js.rat
  • %ProgramFiles%\FireFox\components\nsUpdateServiceStub.js.rat
  • %ProgramFiles%\FireFox\components\nsUpdateService.js.rat
  • %ProgramFiles%\FireFox\components\nsSessionStore.js.rat
  • %ProgramFiles%\FireFox\components\nsSessionStartup.js.rat
  • %ProgramFiles%\FireFox\components\nsSidebar.js.rat
  • %ProgramFiles%\FireFox\components\nsSetDefaultBrowser.js.rat
  • %ProgramFiles%\FireFox\components\PlacesCategoriesStarter.js.rat
  • %ProgramFiles%\FireFox\components\nsWebHandlerApp.js.rat
  • %ProgramFiles%\FireFox\components\storage-Legacy.js.rat
  • %ProgramFiles%\FireFox\components\PlacesProtocolHandler.js.rat
  • %ProgramFiles%\FireFox\components\nsUrlClassifierLib.js.rat
  • %ProgramFiles%\FireFox\components\nsUpdateTimerManager.js.rat
  • %ProgramFiles%\FireFox\components\nsURLFormatter.js.rat
  • %ProgramFiles%\FireFox\components\nsUrlClassifierListManager.js.rat
  • %ProgramFiles%\FireFox\components\FeedProcessor.js.rat
  • %ProgramFiles%\NetMeeting\TestSnd.wav.rat
  • %ProgramFiles%\NetMeeting\Blip.wav.rat
  • %ProgramFiles%\Windows Media Player\npdrmv2.zip.rat
  • %ProgramFiles%\Outlook Express\msoe.txt.rat
  • %ProgramFiles%\Messenger\newemail.wav.rat
  • %ProgramFiles%\Messenger\newalert.wav.rat
  • %ProgramFiles%\Messenger\type.wav.rat
  • %ProgramFiles%\Messenger\online.wav.rat
  • C:\Documents and Settings\Default User\Templates\sndrec.wav.rat
  • C:\Documents and Settings\Default User\Templates\powerpnt.ppt.rat
  • C:\Documents and Settings\Default User\Templates\winword2.doc.rat
  • C:\Documents and Settings\Default User\Templates\winword.doc.rat
  • C:\Documents and Settings\Default User\Cookies\index.dat.rat
  • %ProgramFiles%\Windows Media Player\npds.zip.rat
  • C:\Documents and Settings\Default User\Templates\excel4.xls.rat
  • C:\Documents and Settings\Default User\Templates\excel.xls.rat
  • <STUBS_DIR>\proc_banks.txt.rat
  • <STUBS_DIR>\proc_av.txt.rat
  • <STUBS_DIR>\proc_fake.txt.rat
  • <STUBS_DIR>\proc_browsers.txt.rat
  • <LS_APPDATA>\Win\Winmap.exe
  • %APPDATA%\Adb\Acrobt32.exe
  • <STUBS_DIR>\list_short.txt.rat
  • <STUBS_DIR>\list_full.txt.rat
  • %ProgramFiles%\FireFox\README.txt.rat
  • %ProgramFiles%\FireFox\greprefs.js.rat
  • %ProgramFiles%\Messenger\lvback.gif.rat
  • %ProgramFiles%\Messenger\logowin.gif.rat
  • <STUBS_DIR>\proc_im.txt.rat
  • <STUBS_DIR>\proc_games.txt.rat
  • %ProgramFiles%\FireFox\blocklist.xml.rat
  • <STUBS_DIR>\proc_tools.txt.rat
  • %HOMEPATH%\Cookies\index.dat.rat
  • C:\Far2\Plugins\FTP\FtpCmds_rus.txt.rat
  • C:\Far2\Plugins\FTP\FtpCmds.txt.rat
  • C:\Far2\Plugins\FTP\Notes_rus.txt.rat
  • C:\Far2\Plugins\FTP\Notes.txt.rat
  • C:\Far2\Documentation\rus\TechInfo.txt.rat
  • C:\Far2\Documentation\rus\Plugins.Review.txt.rat
  • C:\Far2\Plugins\Colorer\catalog.xml.rat
  • C:\Far2\Plugins\7-Zip\far7z.txt.rat
  • %ProgramFiles%\FireFox\components\contentSecurityPolicy.js.rat
  • %ProgramFiles%\FireFox\components\contentAreaDropListener.js.rat
  • %ProgramFiles%\FireFox\components\FeedConverter.js.rat
  • %ProgramFiles%\FireFox\components\crypto-SDR.js.rat
  • %ProgramFiles%\FireFox\components\amContentHandler.js.rat
  • %ProgramFiles%\FireFox\components\addonManager.js.rat
  • %ProgramFiles%\FireFox\components\ConsoleAPI.js.rat
  • %ProgramFiles%\FireFox\components\amWebInstallListener.js.rat
  • %HOMEPATH%\Templates\winword2.doc.rat
  • %HOMEPATH%\Templates\winword.doc.rat
  • C:\Far2\Documentation\eng\Bug.Report.txt.rat
  • C:\Far2\Documentation\eng\Arc.Support.txt.rat
  • %HOMEPATH%\Templates\excel4.xls.rat
  • %HOMEPATH%\Templates\excel.xls.rat
  • %HOMEPATH%\Templates\sndrec.wav.rat
  • %HOMEPATH%\Templates\powerpnt.ppt.rat
  • C:\Far2\Documentation\rus\Bug.Report.txt.rat
  • C:\Far2\Documentation\rus\Arc.Support.txt.rat
  • C:\Far2\Documentation\rus\Plugins.Install.txt.rat
  • C:\Far2\Documentation\rus\Far.FAQ.txt.rat
  • C:\Far2\Documentation\eng\Plugins.Install.txt.rat
  • C:\Far2\Documentation\eng\Far.FAQ.txt.rat
  • C:\Far2\Documentation\eng\TechInfo.txt.rat
  • C:\Far2\Documentation\eng\Plugins.Review.txt.rat
  • %ProgramFiles%\FireFox\res\table-add-row-after-active.gif.rat
  • %ProgramFiles%\FireFox\modules\services-sync\engines\passwords.js.rat
  • %ProgramFiles%\FireFox\modules\services-sync\engines\history.js.rat
  • %ProgramFiles%\FireFox\modules\services-sync\engines\tabs.js.rat
  • %ProgramFiles%\FireFox\modules\services-sync\engines\prefs.js.rat
  • %ProgramFiles%\FireFox\modules\services-sync\engines\bookmarks.js.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\res\arrowd.gif.rat
  • %ProgramFiles%\FireFox\modules\services-sync\engines\forms.js.rat
  • %ProgramFiles%\FireFox\modules\services-sync\engines\clients.js.rat
  • C:\Far2\Plugins\Colorer\hrc\auto\types\auto.jar.rat
  • %HOMEPATH%\Local Settings\History\History.IE5\MSHist012011111020111111\index.dat.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\aboutDialog.js.rat
  • %CommonProgramFiles%\SpeechEngines\Microsoft\TTS\1033\sam.sdf.rat
  • %ProgramFiles%\FireFox\modules\services-sync\ext\Preferences.js.rat
  • %ProgramFiles%\FireFox\modules\services-sync\ext\Observers.js.rat
  • %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml.rat
  • %ProgramFiles%\FireFox\modules\services-sync\ext\StringBundle.js.rat
  • %ProgramFiles%\MSN\MSNCoreFiles\Install\cinfo.xml.rat
  • %ProgramFiles%\Movie Maker\Shared\Profiles\Blank.txt.rat
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.rat
  • %ProgramFiles%\MSN\MSNCoreFiles\Install\xfp.xml.rat
  • %ProgramFiles%\FireFox\modules\services-sync\service.js.rat
  • %ProgramFiles%\FireFox\modules\services-sync\resource.js.rat
  • %ProgramFiles%\FireFox\modules\services-sync\util.js.rat
  • %ProgramFiles%\FireFox\modules\services-sync\status.js.rat
  • %HOMEPATH%\Local Settings\History\History.IE5\index.dat.rat
  • %APPDATA%\Microsoft\Internet Explorer\brndlog.txt.rat
  • %ProgramFiles%\FireFox\chrome\toolkit\res\arrow.gif.rat
  • %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\index.dat.rat
  • C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.txt.rat
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.rat
  • C:\Documents and Settings\Default User\Local Settings\<INETFILES>\Content.IE5\index.dat.rat
  • C:\Documents and Settings\Default User\Local Settings\History\History.IE5\index.dat.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\aboutHome.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\web-panels.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\utilityOverlay.js.rat
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\certManager.js.rat
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\certerror.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\tabbrowser.xml.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\syncUtils.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\urlbarBindings.xml.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\tabview.js.rat
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\crlManager.js.rat
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\crlImportDialog.js.rat
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\device_manager.js.rat
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\deletecert.js.rat
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\choosetoken.js.rat
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\certpicker.js.rat
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\createCertInfo.js.rat
  • %ProgramFiles%\FireFox\chrome\pippki\content\pippki\clientauthask.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\nsContextMenu.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\browser.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\safeMode.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\openLocation.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\aboutSyncTabs-bindings.xml.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\aboutSessionRestore.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\browser-tabPreviews.xml.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\aboutSyncTabs.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\syncNotification.xml.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\syncGenericChange.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\syncSetup.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\syncQuota.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\sanitizeDialog.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\sanitize.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\syncAddDevice.js.rat
  • %ProgramFiles%\FireFox\chrome\browser\content\browser\setDesktopBackground.js.rat
  • %ProgramFiles%\FireFox\modules\services-sync\record.js.rat
  • C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat.rat
  • %ProgramFiles%\Movie Maker\Shared\Filters.xml.rat
  • C:\Far2\Plugins\Colorer\hrc\changes.txt.rat
  • <LS_APPDATA>\IconCache.db.rat
  • %ProgramFiles%\Microsoft.NET\RedistList\AssemblyList_4_client.xml.rat
  • %ProgramFiles%\FireFox\searchplugins\yahoo.xml.rat
  • %ProgramFiles%\Movie Maker\Shared\Empty.txt.rat
  • %ProgramFiles%\Microsoft.NET\RedistList\AssemblyList_4_extended.xml.rat
  • C:\Far2\Plugins\ExtSearch\sources\ExtClipBoard.cpp.rat
  • C:\Far2\Plugins\ExtSearch\sources\ExtChCase.cpp.rat
  • C:\Far2\Plugins\ExtSearch\sources\ExtRegExp.cpp.rat
  • C:\Far2\Plugins\ExtSearch\sources\ExtMenu.cpp.rat
  • C:\Far2\Plugins\Colorer\hrd\catalog-console.xml.rat
  • C:\Far2\Plugins\Colorer\hrc\common.jar.rat
  • C:\Far2\Plugins\Colorer\hrd\catalog-text.xml.rat
  • C:\Far2\Plugins\Colorer\hrd\catalog-rgb.xml.rat
  • %ProgramFiles%\FireFox\res\table-remove-column-active.gif.rat
  • %ProgramFiles%\FireFox\res\table-add-row-before.gif.rat
  • %ProgramFiles%\FireFox\res\table-remove-column.gif.rat
  • %ProgramFiles%\FireFox\res\table-remove-column-hover.gif.rat
  • %ProgramFiles%\FireFox\res\table-add-row-after.gif.rat
  • %ProgramFiles%\FireFox\res\table-add-row-after-hover.gif.rat
  • %ProgramFiles%\FireFox\res\table-add-row-before-hover.gif.rat
  • %ProgramFiles%\FireFox\res\table-add-row-before-active.gif.rat
  • %ProgramFiles%\FireFox\searchplugins\eBay.xml.rat
  • %ProgramFiles%\FireFox\searchplugins\bing.xml.rat
  • %ProgramFiles%\FireFox\searchplugins\wikipedia.xml.rat
  • %ProgramFiles%\FireFox\searchplugins\google.xml.rat
  • %ProgramFiles%\FireFox\res\table-remove-row-hover.gif.rat
  • %ProgramFiles%\FireFox\res\table-remove-row-active.gif.rat
  • %ProgramFiles%\FireFox\searchplugins\amazondotcom.xml.rat
  • %ProgramFiles%\FireFox\res\table-remove-row.gif.rat
  • C:\Far2\Plugins\ExtSearch\sources\ExtSearch.cpp.rat
  • %ProgramFiles%\FireFox\defaults\pref\firefox.js.rat
  • %ProgramFiles%\FireFox\defaults\pref\firefox-l10n.js.rat
  • %ProgramFiles%\FireFox\defaults\profile\prefs.js.rat
  • %ProgramFiles%\FireFox\defaults\pref\services-sync.js.rat
  • %ProgramFiles%\FireFox\defaults\autoconfig\prefcalls.js.rat
  • %ProgramFiles%\FireFox\defaults\autoconfig\platform.js.rat
  • %ProgramFiles%\FireFox\defaults\pref\firefox-branding.js.rat
  • %ProgramFiles%\FireFox\defaults\pref\channel-prefs.js.rat
  • %ProgramFiles%\FireFox\modules\services-sync\log4moz.js.rat
  • %ProgramFiles%\FireFox\modules\services-sync\jpakeclient.js.rat
  • %ProgramFiles%\FireFox\modules\services-sync\notifications.js.rat
  • %ProgramFiles%\FireFox\modules\services-sync\main.js.rat
  • %ProgramFiles%\FireFox\modules\services-sync\constants.js.rat
  • %ProgramFiles%\FireFox\modules\services-crypto\WeaveCrypto.js.rat
  • %ProgramFiles%\FireFox\modules\services-sync\identity.js.rat
  • %ProgramFiles%\FireFox\modules\services-sync\engines.js.rat
  • %CommonProgramFiles%\Microsoft Shared\Stationery\aswrule.gif.rat
  • %CommonProgramFiles%\Microsoft Shared\Stationery\anabnr2.gif.rat
  • %CommonProgramFiles%\Microsoft Shared\Stationery\Btzhsepa.gif.rat
  • %CommonProgramFiles%\Microsoft Shared\Stationery\Blank Bkgrd.gif.rat
  • C:\Far2\Plugins\ExtSearch\sources\ExtSearchReg.cpp.rat
  • C:\Far2\Plugins\ExtSearch\sources\ExtSearchMix.cpp.rat
  • %CommonProgramFiles%\Microsoft Shared\Stationery\amaizrul.gif.rat
  • %CommonProgramFiles%\Microsoft Shared\Stationery\aleabanr.gif.rat
  • %CommonProgramFiles%\Microsoft Shared\Stationery\sunbannA.gif.rat
  • %CommonProgramFiles%\Microsoft Shared\Stationery\Network Blitz Bkgrd.gif.rat
  • %CommonProgramFiles%\Microsoft Shared\Stationery\tech.gif.rat
  • %CommonProgramFiles%\Microsoft Shared\Stationery\Sweets Bkgrd.gif.rat
  • %CommonProgramFiles%\Microsoft Shared\Stationery\Citrus Punch Bkgrd.gif.rat
  • %CommonProgramFiles%\Microsoft Shared\Stationery\citbannA.gif.rat
  • %CommonProgramFiles%\Microsoft Shared\Stationery\Ivy.gif.rat
  • %CommonProgramFiles%\Microsoft Shared\Stationery\fieruled.gif.rat
Changes user data files extensions (Trojan.Encoder).

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

© Doctor Web
2003 — 2022

Doctor Web is a cybersecurity company focused on threat detection, prevention and response technologies