FOR CUSTOMERS

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY
Close
Support services
Scanners
Dr.Web vxCube
Trial
VCI investigations
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Trojan.Siggen9.54677

Added to the Dr.Web virus database: 2020-06-17

Virus description added:

Technical Information

To ensure autorun and distribution
Modifies the following registry keys
  • [<HKCU>\Software\Classes\BSPlayerFile.MPG\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayerPro\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSP.plist\shell\open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayerPro\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\Applications\bsplayer.exe\shell\open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayerPro\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.BSB\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayerPro\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.3GP\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayerPro\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.PLS\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayerPro\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.WMA\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayerPro\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.SWF\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayerPro\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.WAV\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayerPro\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.FLV\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayerPro\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.FLAC\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayerPro\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.APE\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayerPro\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.MP3\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayerPro\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.OGM\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayerPro\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.OGG\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayerPro\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.DIVX\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayerPro\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.MTS\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayerPro\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.M2TS\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayerPro\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.MKV\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayerPro\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.M2V\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayerPro\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.MP4\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayerPro\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.WMV\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayerPro\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.VOB\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayerPro\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.ASF\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayerPro\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.AVI\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayerPro\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.ASX\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayerPro\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.MPEG\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayerPro\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.MPE\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayerPro\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSP.inif\shell\open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayerPro\bsplayer.exe "%L"'
  • [<HKCU>\Software\Classes\BSPlayerFile.English\shell\Open\command] '' = '%ProgramFiles(x86)%\Webteh\BSplayerPro\bsplayer.exe "%L"'
Malicious functions
Executes the following
  • '%WINDIR%\syswow64\taskkill.exe' /f /im "codecmanager.exe"
Modifies file system
Creates the following files
  • %CommonProgramFiles(x86)%\~juatkdp.tmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\btnplayn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\btnpauseu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\btnpausen.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\btnpaused.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\btnnextu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\btnnextn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\btnnextd.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\btnminu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\voldn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\btnminn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\btnmind.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\btnmaxn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\btnmaxd.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\btncloseu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\btnclosen.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\btnclosed.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\btnaddpln.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\btnaddn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\btnplayd.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\btnplayu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\main.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\bgmedia.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\btnprevd.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\ml_video_defaultbg.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\ltbm.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\img_bar1.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\ede.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\edb.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\dvdsec_big.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\dvdsec.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\ctrlsimg.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\busy.mng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\btnshufn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\btnshufa.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\btnrestu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\btnrestn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\btnrestd.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\btnrepn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\btnrepa.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\btnprevu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\btnprevn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\bottomsec.ini
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\btnmaxu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\audiosec_big.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\audiosec.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\media_tv_sep_top.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\seek.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\stopd.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\skinfst.ini
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fsseekut.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fsseekt.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fsmaint.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\skinfs.ini
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\skin.ini
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\seeku.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\rgnfs.dat
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\stopu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\rgn.dat
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\prevu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\prevn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\prevd.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\plist.ini
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\playu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\playn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\voldd.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\pauseu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\voldu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\volume.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\arru.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\stopn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\arrn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\arr2u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\arr2n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\smenun.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\smenuu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\smenud.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\sm_minn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\sm_minu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\sm_mind.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\sm_maxn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\sm_maxu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\sm_maxd.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\sm_closen.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\sm_closeu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\sm_closed.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\voluu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\volun.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\volud.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\playd.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\ml_adddn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\seekbg.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\macedonian.lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\serbian (cyrillic).lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\serbian (latin).lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\turkish.lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\uzbek.lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\croatian.lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\breton.lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\estonian.lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\hebrew.lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\lithuanian.lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\french.lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\slovak.lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\galician.lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\chinese_traditional.lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\chinese_simplified.lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\bulgarian.lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\dutch.lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\portuguese_brazilian.lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\portuguese.lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\czech.lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\catalan.lng
  • %APPDATA%\microsoft\internet explorer\quick launch\bs.player pro.lnk
  • %PROGRAMDATA%\microsoft\windows\start menu\programs\webteh\bs.player pro\uninstall bs.player pro.lnk
  • %PROGRAMDATA%\microsoft\windows\start menu\programs\webteh\bs.player pro\bs.player pro subtitle editor.lnk
  • %PROGRAMDATA%\microsoft\windows\start menu\programs\webteh\bs.player pro\bs.player pro capture.lnk
  • %PROGRAMDATA%\microsoft\windows\start menu\programs\webteh\bs.player pro\bs.player pro.lnk
  • C:\users\public\desktop\bs.player pro.lnk
  • %APPDATA%\bsplayer pro\bsplayer.xml
  • %ProgramFiles(x86)%\webteh\bsplayerpro\uninstall.exe
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\lang_changes.txt
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\japanese.lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\swedish.lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\valenciГ .lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\arabic2.lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\arabic.lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\latvian.lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\norwegian.lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\danish.lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\bosnian.lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\belarusian.lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\ukrainian.lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\russian.lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\italian.lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\spanish.lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exvbtn3n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\ml_adddu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\searchbtn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\radiosec_big.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\radiosec.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\podsec_big.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\podsec.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\pic_place.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\othersec.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\ml_refru.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\ml_refrn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\ml_playu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\ml_playn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\ml_pauseu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\ml_pausen.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\ml_addlu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\ml_addln.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\ml_addfu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\ml_addfn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\ml_addflu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\seek.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\ml_addfln.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\seekbtnd.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\seekbtnn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\seekbtnu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\romanian.lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\polish.lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\hungarian.lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\greek.lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\finnish.lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\english.lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\german.lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\btnrefresha.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\btnrefreshn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\volume.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\videosec_big.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\videosec.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\tvsec_big.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\tvsec.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\thumbbga.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\thumbbg.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\thumbaudio.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\medialib\skin.ini
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\slovenian.lng
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\pausen.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\paused.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\openu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\btncolorn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\balbtnn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\b8n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\b8.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\b7n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\b6n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\b5u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\btnmenun.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\btn_dn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\b5n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\b4u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\b4n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\b4d.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\b4a.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\b3u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\b3n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\b3d.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\b5d.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\b5a.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exdbtn1n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\btn_ln.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exaudioa.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exabtn4u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exabtn4n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exabtn3u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exabtn3n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exabtn2u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exabtn2n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exabtn1u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exabtn1n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\eqmain.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\eqbtnn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\eqbtn2u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\eqbtn2n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\eqbtn1n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\eqbtn1a.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\eq.ini
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\btn_un.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\btn_rn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\b3a.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\actvolbg.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\btnmenuu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\actsubpbg.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\actsubbg.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\sdk\plugins\c\sample\sample_plugin.def
  • %ProgramFiles(x86)%\webteh\bsplayerpro\bsrendv2.dll
  • %ProgramFiles(x86)%\webteh\bsplayerpro\sdk\plugins\bspplg.pas
  • %ProgramFiles(x86)%\webteh\bsplayerpro\sdk\plugins\bspplg.h
  • %ProgramFiles(x86)%\webteh\bsplayerpro\sdk\bsp.h
  • %ProgramFiles(x86)%\webteh\bsplayerpro\sdk\bsp.pas
  • %ProgramFiles(x86)%\webteh\bsplayerpro\bsplayer.exe.manifest
  • %ProgramFiles(x86)%\webteh\bsplayerpro\bspfilters.sam
  • %ProgramFiles(x86)%\webteh\bsplayerpro\mmkeybsupp.dll
  • %ProgramFiles(x86)%\webteh\bsplayerpro\bpchelper.dll
  • %ProgramFiles(x86)%\webteh\bsplayerpro\changes.txt
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exaudiou.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\bspadmin.exe
  • %ProgramFiles(x86)%\webteh\bsplayerpro\codecmanager.exe
  • %ProgramFiles(x86)%\webteh\bsplayerpro\bplay.exe
  • %ProgramFiles(x86)%\webteh\bsplayerpro\bsplay.exe
  • %ProgramFiles(x86)%\webteh\bsplayerpro\bsplayer.exe
  • %TEMP%\nsu68cf.tmp\plg.ini
  • %TEMP%\nsu68cf.tmp\otheropt.ini
  • %ProgramFiles(x86)%\webteh\bsplayerpro\sdk\plugins\c\sample\sample_plugin.dsp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\sdk\plugins\c\sample\sample_plugin.dsw
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exaudion.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\sdk\plugins\c\sample_subtitles\sample_sub.def
  • %ProgramFiles(x86)%\webteh\bsplayerpro\sdk\plugins\c\sample_subtitles\sample_sub.c
  • %ProgramFiles(x86)%\webteh\bsplayerpro\sdk\plugins\c\sample\sampleplugin.c
  • %ProgramFiles(x86)%\webteh\bsplayerpro\bslib\bslib.dll
  • %APPDATA%\bsplayer pro\eq.xml
  • %APPDATA%\bsplayer pro\bslib\bspmlib2.dat
  • %APPDATA%\bsplayer pro\bslib\bspmlib.dat
  • %ProgramFiles(x86)%\webteh\bsplayerpro\insfiles\eq.xml
  • %ProgramFiles(x86)%\webteh\bsplayerpro\insfiles\bspmlib2.dat
  • %ProgramFiles(x86)%\webteh\bsplayerpro\insfiles\bspmlib.dat
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\bsplayer.v1.bsz
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\bat lite.bsz
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\mediabox v-1.bsz
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\mediabox v-2.bsz
  • %ProgramFiles(x86)%\webteh\bsplayerpro\plugins\oldskin.dll
  • %ProgramFiles(x86)%\webteh\bsplayerpro\doc\cmdline.txt
  • %ProgramFiles(x86)%\webteh\bsplayerpro\doc\ini_files.html
  • %ProgramFiles(x86)%\webteh\bsplayerpro\sdk\plugins\delphi\sample_subtitles\sample_sub.dpr
  • %ProgramFiles(x86)%\webteh\bsplayerpro\sdk\plugins\delphi\sample\sample_plugin.dpr
  • %ProgramFiles(x86)%\webteh\bsplayerpro\sdk\plugins\c\sample_subtitles\sample_subtitles.dsw
  • %ProgramFiles(x86)%\webteh\bsplayerpro\sdk\plugins\c\sample_subtitles\sample_subtitles.dsp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\actaspbg.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\btngrp1bg.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exdbtn1u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fsplayn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fsb3u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fsplayd.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fspauseu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fspausen.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fspaused.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fsopenu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fsopenn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fsopend.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fsnextu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fsnextn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fsnextd.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fsn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fsmain.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fsb5u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fsb5n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fsb5d.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fsb4u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fsb4n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fsb4d.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exdbtn2n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fsplayu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fsprevd.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fsprevn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fsprevu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\opend.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\nextu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\nextn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\nextd.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\muteu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\muten.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\muted.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\mutea.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\minimizeu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\minimizen.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\main.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\grp2.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fsu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fsstopu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fsstopn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fsstopd.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fsseeku.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fsseek.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\openn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\lang\esperanto.lng
  • %PROGRAMDATA%\microsoft\windows\start menu\bs.player pro.lnk
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fsb2u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exitu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exvbtn1a.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\extvu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\extvn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\extva.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\extbg.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exradiou.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exradion.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exradioa.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exitn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exvbtn2n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exdvdu.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exdvdn.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exdvda.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exdbtn4u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exdbtn4n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exdbtn3u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exdbtn3n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exdbtn2u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fsb3d.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fsb3n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exvbtn2u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exvbtn4n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exvbtn1n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fsb2n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fsb2d.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fsb1u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fsb1n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fsb1d.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\fsactbg.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exvideou.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exvideon.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exvideoa.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exvbtn8u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exvbtn8n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exvbtn7u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exvbtn7n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exvbtn6u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exvbtn6n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exvbtn5u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exvbtn5n.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exvbtn4u.bmp
  • %ProgramFiles(x86)%\webteh\bsplayerpro\skins\base\exvbtn3u.bmp
  • %APPDATA%\bsplayer pro\key.reg
Deletes the following files
  • %TEMP%\nsu68cf.tmp\otheropt.ini
  • %TEMP%\nsu68cf.tmp\plg.ini
  • %CommonProgramFiles(x86)%\~juatkdp.tmp
Network activity
TCP
HTTP GET requests
  • http://www.bs###yer.com/html/version.php?ve#################################################################################################
UDP
  • DNS ASK bs###yer.com
Miscellaneous
Searches for the following windows
  • ClassName: 'BSPlayer' WindowName: ''
  • ClassName: 'STATIC' WindowName: '000007E4_PID_FastMM'
  • ClassName: 'MS_WINHELP' WindowName: ''
  • ClassName: 'STATIC' WindowName: '00000614_PID_FastMM'
  • ClassName: 'STATIC' WindowName: '00000968_PID_FastMM'
  • ClassName: 'BSCDCDLWINCLASS' WindowName: ''
  • ClassName: '' WindowName: ''
  • ClassName: 'STATIC' WindowName: '000003F4_PID_FastMM'
  • ClassName: 'STATIC' WindowName: '00000454_PID_FastMM'
  • ClassName: 'STATIC' WindowName: '00000A38_PID_FastMM'
  • ClassName: 'STATIC' WindowName: '00000380_PID_FastMM'
  • ClassName: 'STATIC' WindowName: '00000A9C_PID_FastMM'
Creates and executes the following
  • '%CommonProgramFiles(x86)%\~juatkdp.tmp' /S
  • '%ProgramFiles(x86)%\webteh\bsplayerpro\bsplayer.exe' "-SLNG" "English" "S" "4" "V"
  • '%ProgramFiles(x86)%\webteh\bsplayerpro\codecmanager.exe' /UNINSTALL
  • '%ProgramFiles(x86)%\webteh\bsplayerpro\bsplayer.exe'
  • '%ProgramFiles(x86)%\webteh\bsplayerpro\codecmanager.exe' /STARTCHKF
  • '%ProgramFiles(x86)%\webteh\bsplayerpro\bsplayer.exe' "-SEXT" "English" "S" "5" "E"
  • '%ProgramFiles(x86)%\webteh\bsplayerpro\bsplayer.exe' /PRONRUN
  • '%WINDIR%\syswow64\cmd.exe' /C taskkill /f /im "codecmanager.exe"' (with hidden window)
Executes the following
  • '%WINDIR%\syswow64\cmd.exe' /C taskkill /f /im "codecmanager.exe"

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play