FOR CUSTOMERS

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Trojan.Zadved.649

Added to the Dr.Web virus database: 2016-08-30

Virus description added:

Technical Information

Modifies file system
Creates the following files
  • %ALLUSERSPROFILE%\mail.ru\id
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\thumbnails\games.mail.ru.jpeg
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\thumbnails\mail.ru.jpeg
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\thumbnails\news.mail.ru.jpeg
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\thumbnails\torg.mail.ru.jpeg
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\thumbnails\travel.mail.ru.jpeg
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\01.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\02.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\03.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\04.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\wood_2.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\thumbnails\calendar.mail.ru.jpeg
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\05.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\08.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\09.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\10.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\11.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\application_core\file-system.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\application_core\jquery-core.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\application_core\sqlitestorage.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\application_core\visibletab.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\config\config.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\06.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\07.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\libs\jquery-ui.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\google-analytics.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\themes__theme-fade-wrong.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\_flax.jpg
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\_mosaic.jpg
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\_wall.jpg
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-1.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-10.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-11.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-13.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-3.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\wall.jpg
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\_cookies.jpg
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\wood.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-4.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-8.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-9.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\leather.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\wood.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\wood_2.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\themes__arrow-left.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\themes__arrow-right.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\themes__theme-fade-ok.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-5.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-6.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-7.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\favicon.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\libs\jquery.js
  • %TEMP%\00aa-1785-fcf4-d3e9
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\homepage@mail.ru\meta-inf\mozilla.rsa
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\homepage@mail.ru\meta-inf\mozilla.sf
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\homepage@mail.ru\bootstrap.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\homepage@mail.ru\chrome.manifest
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\homepage@mail.ru\content\fx-metrics.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\homepage@mail.ru\content\loader.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\homepage@mail.ru\install.rdf
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\homepage@mail.ru\skin\mail48.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\lib\version.js
  • %TEMP%\2010-96b2-6881-1d1a
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\homepage@mail.ru\meta-inf\manifest.mf
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\history\low\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\history\low\history.ie5\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\index.dat
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\agp37hp2\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\f36o23yc\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\bk65g7lz\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\008j009p\desktop.ini
  • %APPDATA%\microsoft\windows\cookies\low\index.dat
  • %TEMP%\amigo_ldir_792_28869\2010-96b2-6881-1d1a
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\install.rdf
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\desktop.ini
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\skin\vb-logo.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\visual-bookmarks.html
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\libs\suggests.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\bookmarks\drag_drop.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\bookmarks\edit-dialog.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\bookmarks\layout.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\bookmarks\remove-dialog.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\bookmarks\updates.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\currency.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\geo-monitoring.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\mail-counter.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\news.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\odnoklassniki-counter.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\main.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\searchbar.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\traffic.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\weather.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\proto\informer.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\proto\pane.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\proto\slider.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\proto\tab-strip.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\sandbox\facade.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\utils\utils.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\manifest.json
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\mosaic.jpg
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\themes.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\_fabric.jpg
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\leather.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\flax.jpg
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\fabric.jpg
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\customscrollbar.css
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\dialog.css
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\general.css
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\grid.css
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\informers.css
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\menu.css
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\news.css
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\searchbar.css
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\background\background.html
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\newtabhomepage.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\background\modules.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\slide.css
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\themes.css
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\128x128.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\16x16.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\48x48.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\add_button.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\ajax_loader_mc.gif
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\clock.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\close.v2.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\splash.css
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\suggests.css
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\tabs.css
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\overlay.xul
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\main.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\cross.png
  • %WINDIR%\syswow64\grouppolicy\gpt.ini
  • %LOCALAPPDATA%\mail.ru\gochromiumnativehost\manifest.json
  • %TEMP%\2726-92dc-7248-9d95
  • %LOCALAPPDATA%\mail.ru\gochromiumnativehost\native_host_app.exe
  • %TEMP%\f90f-bbb5-daa0-22bc
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\search@mail.ru\meta-inf\manifest.mf
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\search@mail.ru\meta-inf\mozilla.rsa
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\search@mail.ru\meta-inf\mozilla.sf
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\search@mail.ru\bootstrap.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\search@mail.ru\chrome.manifest
  • %TEMP%\updbc9a.tmp
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\search@mail.ru\content\fx-metrics.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\search@mail.ru\install.rdf
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\search@mail.ru\skin\mail48.png
  • %TEMP%\9647-a22e-67ea-cbd7
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\meta-inf\manifest.mf
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\meta-inf\mozilla.rsa
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\meta-inf\mozilla.sf
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome.manifest
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\utils.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\fx-metrics.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\loader.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\search@mail.ru\content\loader.js
  • %LOCALAPPDATA%\microsoft\windows\history\low\history.ie5\index.dat
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\libs\knockout-2.2.1.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\dialog\close.v2.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\exchange\exchange-3.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\searchbar.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\searchbar__button.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\sgmus.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\slide__control\slide__control-delete-hover.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\slide__control\slide__control-delete.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\slide__control\slide__control-edit-hover.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\slide__control\slide__control-edit.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\slider-arrow.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\pane-arrow.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-1.jpg
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\search_bg.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-11.jpg
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-3.jpg
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-4.jpg
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-5.jpg
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-6.jpg
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-7.jpg
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-8.jpg
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-9.jpg
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\cookies.jpg
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-10.jpg
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\background\background.js
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-13.jpg
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\reg1.bg.v2.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\p-main_sub__gradient.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\no_photo.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\traffic\informers__traffic-jam.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\01.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\02.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\03.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\04.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\05.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\06.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\07.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\08.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\exchange\exchange-2.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\09.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\11.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\leftright.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\loader.gif
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\loading.gif
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\logo.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\logo_bg.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\menu__item\menu__item-1.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\menu__item\menu__item-2.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\menu__item\menu__item-3.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\menu__item\menu__item-4.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\10.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\multiauth.gif
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\exchange\exchange-1.png
  • %TEMP%\amigo_scoped_dir_1602476743\2010-96b2-6881-1d1a.dul!
Sets the 'hidden' attribute to the following files
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\agp37hp2\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\f36o23yc\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\bk65g7lz\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\008j009p\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\history\low\history.ie5\desktop.ini
Deletes the following files
  • %TEMP%\2726-92dc-7248-9d95
  • %TEMP%\f90f-bbb5-daa0-22bc
  • %TEMP%\9647-a22e-67ea-cbd7
  • %TEMP%\00aa-1785-fcf4-d3e9
  • %TEMP%\2010-96b2-6881-1d1a
Network activity
Connects to
  • 'ar###il.adv.biz':80
TCP
HTTP GET requests
  • http://xm#.###update.mail.ru/switcher/conf.mrdj?co###############################################################################################################################################...
  • http://mr##.mail.ru/update/2/version.txt?ty######################################################################################################################################################...
  • http://mr##.mail.ru/update/2/version.txt?GU###############################################################################
  • http://am###dl.mail.ru/AmigoInstallerD1.exe
  • 'go####dl.mail.ru':443
  • 'am###.mail.ru':443
  • UDP
    • DNS ASK go####dl.mail.ru
    • DNS ASK xm#.###update.mail.ru
    • DNS ASK mr##.mail.ru
    • DNS ASK ar###il.adv.biz
    • DNS ASK xt#####ru.cdnmail.ru
    • DNS ASK am###.mail.ru
    • DNS ASK am###dl.mail.ru
    Miscellaneous
    Creates and executes the following
    • '%TEMP%\updbc9a.tmp' --binded_data="AAAAAQAABA0AAAEAeyJwYXNzX3BheWxvYWQiOiB0cnVlLCAiY29tbWFuZF9saW5lIjogIiIsICJ0cyI6IDE0NzAyMzU0ODAsICJxdWVyeV9zdHJpbmciOiAicmZyPTgxMTY0MiZwYXJ0bmVyaWQ9ODExNjQyJnBhcnRuZXJfbmV3X3VybD...
    • '%TEMP%\2010-96b2-6881-1d1a' --with-updater --ils=12 --no-gui --rfr=811642 --partner_new_url=http://ar###il.adv.biz/productApi/amigo?pr#######################################################################################...
    • '%TEMP%\amigo_ldir_792_28869\2010-96b2-6881-1d1a' --ils=12 --rfr=811642 --partner_new_url=http://ar###il.adv.biz/productApi/amigo?pr###############################################################################################################...
    Executes the following
    • '%WINDIR%\syswow64\rundll32.exe' "%WINDIR%\syswow64\wininet.dll",DispatchAPICall 1

    Curing recommendations

    1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
    2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
    Download Dr.Web

    Download by serial number

    Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

    After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

    Download Dr.Web

    Download by serial number

    1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
    2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
      • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
      • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
      • Switch off your device and turn it on as normal.

    Find out more about Dr.Web for Android

    © Doctor Web
    2003 — 2022

    Doctor Web is a cybersecurity company focused on threat detection, prevention and response technologies