FOR CUSTOMERS

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY
Close
Support services
Scanners
Dr.Web vxCube
Trial
VCI investigations
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Trojan.DownLoader34.65496

Added to the Dr.Web virus database: 2020-10-13

Virus description added:

Technical Information

To ensure autorun and distribution
Sets the following service settings
  • [<HKLM>\System\CurrentControlSet\Services\XT800SDKService] 'ImagePath' = '"%ProgramFiles(x86)%\STVncManager\STRemoteLibrary\Bin\XTService.exe" -service'
Creates the following services
  • 'XT800SDKService' "%ProgramFiles(x86)%\STVncManager\STRemoteLibrary\Bin\XTService.exe" -service
Modifies file system
Creates the following files
  • %TEMP%\nsw11ad.tmp\nsprocess.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\xtmainremotewnd.xml
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\xtloginflashwnd_mini.xml
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\xtlocalfilelistwnd.xml
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\xthtmlwnd.xml
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\xthtmlagentwnd.xml
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\xthistorywnd.xml
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\xtfoldersharewnd.xml
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\xtfiletransuiwnd.xml
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\xtnotifywnd.xml
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\xtcontactorwnd.xml
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\xtcontactortreeproperty.xml
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\xtcontactoroutlimit.xml
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\xtauthwnd.xml
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\xtaddpeoplenotifywnd.xml
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\xstringres.eng.xml
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\xtflatcontactorwnd.xml
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\window\main_tab1.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\xtqueuestatewnd.xml
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\desktophook.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\data.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\common.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\atl110.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\appcore.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\xtvipnotifydlg.xml
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\xtsinglechatwnd.xml
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\xstringres.chs.xml
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\xtmainsharewnd.xml
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\xtremotestatewnd.xml
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\xtremoterequestwndwithoutinput.xml
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\xtremoterequestwnd.xml
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\xtremotelimit.xml
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\xtremoteheaderwnd_android.xml
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\xtremoteheaderwnd.xml
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\xtremotefilemgrwnd.xml
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\xtremoteviewerframe.xml
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\xtremotefilelistwnd.xml
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\xresources.xml
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\window\window_close.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\window\window_btn_setting.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\share\icon_up.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\splashwnd\textfield_disable.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\splashwnd\splash_splitline.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\splashwnd\splash_picture.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\splashwnd\splash_bg3.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\splashwnd\splash_bg2.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\splashwnd\splash_bg1.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\gdiplus.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\window\bg_fileshare.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\share\icon_shareset.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\share\icon_refresh.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\share\icon_home.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\share\icon_forward.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\share\icon_download.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\share\icon_del.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\share\icon_back.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\share\icon_view.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\xtsimpleloginwnd.xml
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\window\bg_fileshare_bottom.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\window\bg_gray.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\window\bg_fileshare_toolbar.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\window\window_btn_restore.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\window\window_btn_mini.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\window\window_btn_max.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\window\window_btn_close.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\window\pub_btn.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\window\popmsg_arrow.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\window\bg_foldershare_bottom.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\window\menu_arrow.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\window\bg_blue.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\window\logo_personal.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\window\icon_setting.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\window\icon_help.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\window\icon_btn.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\window\bg_history_bottom.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\window\bg_gray_2.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\window\main_tab2.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xtpipeproxy.dll
  • %ALLUSERSPROFILE%\1101 mini xt files\usr\10801166\setting.xcfg
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\log.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k3_64\driver\mv2.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k3\setupdrv.exe
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k3\driver\mv2.sys
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k3\driver\mv2.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k\setupdrv.exe
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k\driver\mv2.sys
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k\driver\mv2.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xtupdatechecker.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k3_64\setupdrv.exe
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xtunit.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xtuimgr.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xtui.exe
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xtsysinfo.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xtsetting.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xtservice.exe
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xt_.exe
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\httpclient.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k8\driver\mv2.dll
  • %ALLUSERSPROFILE%\1101 mini xt files\machinelogin.dat
  • %ALLUSERSPROFILE%\xt mini common files\xtmainuilog\10-13.log
  • %ALLUSERSPROFILE%\.xt private files\.private.m.v6.data
  • %ALLUSERSPROFILE%\1101 mini xt files\log\10-13.log
  • %ALLUSERSPROFILE%\xtsystemp\xt_.startup
  • %ProgramFiles(x86)%\stvncmanager\update_tmp\stremotelibrary.7z
  • %ProgramFiles(x86)%\stvncmanager\update_tmp\file_config.txt
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xtscreengrabapp.exe
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k3_64\driver\mv2.sys
  • %ALLUSERSPROFILE%\xt common files\xtlocalsrvlog\10-13.log
  • %ProgramFiles(x86)%\stvncmanager\log\stvnc\stvnclog20201013.log
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\sas.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k8_64\setupdrv.exe
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k8_64\driver\mv2.sys
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k8_64\driver\mv2.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k8\setupdrv.exe
  • %ALLUSERSPROFILE%\xt mini common files\xt.startup
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k8\driver\mv2.sys
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xtscreengrab.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xtresource.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xtremotefile.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\vccorlib110.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xtfiletrans.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xtcommon.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xtchat.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xtauth.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xt.exe
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xskin.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\httpdownload.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xtfiletransui.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\uachelper.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\plugin_task.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\plugin_alert.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\network.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\msvcr110.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\msvcp110.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\mfc110u.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xmppcore.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\share\icon_add.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xtfoldershare.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xtlog.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xthistory.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xtremote.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xtreditpic.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xtrcviewer.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xtrcserver.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xtqueueui.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xtqueue.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xtlocalsrv.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xtprop.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xtfiletranslogic.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xtpaint.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xtnotify.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xtmsgpipe.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xtmsgbox.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xtmain.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xtlogin.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xtplugin.dll
  • %ALLUSERSPROFILE%\xt mini common files\xtservicelog\10-13.log
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\remotefile\icon_up.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\remote\remote_icon_lock.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\history\nohistory.htm
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\history\historypage.htm
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\history\history.ini
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\extendcfg.ini
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\ext\app_32.ico
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\ext\app_16.ico
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k8_64\uninstall_silent.bat
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k8_64\license.txt
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\icon\xt_m.ico
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k8_64\install_silent.bat
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k8_64\install.bat
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k8_64\driver\mv2.inf
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k8_64\driver\mv2.cat
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k8\uninstall_silent.bat
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k8\uninstall.bat
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k8_64\uninstall.bat
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k3\uninstall_silent.bat
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\setting.ini
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\common\bg_blue_hl.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\common\bg_blue.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\common\background.bmp
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\chat\toolbar_splitline_1.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\chat\toolbar_bg.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\chat\icon_sendfile.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\chat\icon_screenshot.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k8\license.txt
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\icon\xt.ico
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\chat\icon_link.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\chat\icon_chat.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\chat\icon_btn.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\chat\bg_chat_input_2.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\chat\bg_chat_input_1.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\ext\app_32.ico
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\ext\app_16.ico
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\chat\icon_redir.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\xt_m.ico
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k8\install_silent.bat
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k8\install.bat
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k8\driver\mv2.inf
  • %ProgramFiles(x86)%\stvncmanager\logo.ico
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k\driver\mv2.cat
  • %HOMEPATH%\desktop\如意远程主控端.lnk
  • %HOMEPATH%\desktop\èçòâô¶³ìö÷¿ø¶ë.lnk
  • %ProgramFiles(x86)%\stvncmanager\version.ini
  • %ProgramFiles(x86)%\stvncmanager\tvnviewer.exe
  • %ProgramFiles(x86)%\stvncmanager\msvcr100.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\common\bg_line.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k\install.bat
  • %ProgramFiles(x86)%\stvncmanager\stvnc.ini
  • %ProgramFiles(x86)%\stvncmanager\stvncmanagerlauncher.exe
  • %ProgramFiles(x86)%\stvncmanager\stvncmanager.exe
  • %ProgramFiles(x86)%\stvncmanager\stvnc.dll
  • %ProgramFiles(x86)%\stvncmanager\stuilib.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary.7z
  • %ProgramFiles(x86)%\stvncmanager\7za.exe
  • %ProgramFiles(x86)%\stvncmanager\msvcp100.dll
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\chat\icon_remote.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k\install_silent.bat
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k\uninstall_silent.bat
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k\license.txt
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k8\driver\mv2.cat
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k3_64\uninstall_silent.bat
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k3_64\uninstall.bat
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k3_64\license.txt
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k3_64\install_silent.bat
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k3_64\install.bat
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k\uninstall.bat
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k3_64\driver\mv2.inf
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k\driver\mv2.inf
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k3\uninstall.bat
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k3\license.txt
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k3\install_silent.bat
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k3\install.bat
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k3\driver\mv2.inf
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k3\driver\mv2.cat
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\data\driver\w2k3_64\driver\mv2.cat
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\contactor\contactlist_bg2.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\remotefile\icon_newfolder.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\common\chat_menuarrow.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\menu\menu_arrow.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\main\main_tab2.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\main\main_tab1.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\main\icon_expand.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\main\icon_combin.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\filetransui\pb_bg.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\filetransui\pb.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\filetransui\file_icon_start.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\menu\menu_bar_item_bg.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\filetransui\file_icon_recived.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\filetransui\file_icon_pause.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\filetransui\file_icon_del.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\filetransui\file_icon_alert.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\contactor\title.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\contactor\icon_viewshare.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\filetransui\icon_view.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\common\bg_white.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\menu\menu_bg.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\remotefile\icon_home.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\remotefile\icon_delfolder.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\remotefile\icon_delete.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\remote\remote_toolbar_bg.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\remote\remote_icon_unlock.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\remote\remote_icon_setting.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\remote\remote_icon_sendfile.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\contactor\icon_sendfile.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\menu\menu_bar_bg.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\remote\remote_icon_exitfullscreen.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\remote\remote_icon_close.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\remote\remote_icon_chat.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\notify\popmsg_close.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\notify\popmsg_bg.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\menu\menu_separator.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\menu\menu_select.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\remote\remote_icon_fullscreen.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\menu\menu_btn.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\contactor\icon_right.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\contactor\icon_remote.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\contactor\icon_jumpwnd.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\common\icon_info_32.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\common\machine_picture.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\common\logo_32.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\common\icon_sys_state_24.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\common\icon_sys_state_16.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\common\icon_search.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\common\icon_refresh.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\common\bg_white_center.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\common\menu_btn.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\common\icon_info_2.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\common\icon_info.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\common\icon_delete.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\common\icon_combin_btn.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\common\icon_btn.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\common\common_wnd_bg.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\common\common_btn_flat.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\common\icon_man.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\remotefile\icon_refresh.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\common\popmsg_arrow.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\common\pub_tab_2.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\common\popmsg_bg.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\contactor\icon_combinwnd.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\contactor\icon_chat.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\contactor\icon_addpeople.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\contactor\icon.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\contactor\contactlist_iconline.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\contactor\contactlist_bg_top.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\common\pub_tab_1.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\contactor\contactlist_bg_bottom.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\common\main_picture.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\contactor\contactlist_bg1.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\contactor\contact-list-top.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\common\window_toolbar_bg.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\common\usrstate_round.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\common\receive_img.gif
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\common\put_btn_bkg.png
  • %ProgramFiles(x86)%\stvncmanager\stremotelibrary\skin\images\contactor\contactlist_bg_2.png
  • %ALLUSERSPROFILE%\1101 mini xt files\userlist.xml
Deletes the following files
  • %TEMP%\nsw11ad.tmp\nsprocess.dll
Network activity
TCP
HTTP GET requests
  • http://go##.stnts.com/ziphost/downapp/STVncManager/file_config.txt
  • http://go##.stnts.com/ziphost/downapp/STVncManager/STRemoteLibrary.7z
  • http://rd###.#tnts.com:1220/reg?v=###############################################################################################################################################################...
  • 'ma#####nc.yileyoo.com':443
  • 'rd###.stnts.com':1222
    • UDP
    • DNS ASK re#####ruyi.yileyoo.com
    • DNS ASK go##.stnts.com
    • DNS ASK ma#####nc.yileyoo.com
    • DNS ASK rd###.stnts.com
    Miscellaneous
    Creates and executes the following
    • '%ProgramFiles(x86)%\stvncmanager\stvncmanagerlauncher.exe'
    • '%ProgramFiles(x86)%\stvncmanager\7za.exe' x "TeamViewer.7z" -y -o"./"
    • '%ProgramFiles(x86)%\stvncmanager\7za.exe' x "STRemoteLibrary.7z" -y -o"./"
    • '%ProgramFiles(x86)%\stvncmanager\stvncmanager.exe' -k:F08D9C16
    • '%ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xtservice.exe' -service
    • '%ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xt.exe' -service_run
    • '%ProgramFiles(x86)%\stvncmanager\stremotelibrary\bin\xtui.exe' -service_run
    • '%ProgramFiles(x86)%\stvncmanager\7za.exe' x "TeamViewer.7z" -y -o"./"' (with hidden window)
    • '%ProgramFiles(x86)%\stvncmanager\7za.exe' x "STRemoteLibrary.7z" -y -o"./"' (with hidden window)

    Curing recommendations

    1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
    2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
    Free trial

     

    Download Dr.Web

    Download by serial number

    Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

    Free trial

     

    Download Dr.Web

    Download by serial number

    Download on App Store

    After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

    Free trial

     

    Download Dr.Web

    Download by serial number

    1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
    2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
      • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
      • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
      • Switch off your device and turn it on as normal.

    Find out more about Dr.Web for Android

    Free trial

    14 days

    Download now
    Get it on Google Play