FOR CUSTOMERS

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY
Close
Support services
Scanners
Dr.Web vxCube
Trial
VCI investigations
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

BackDoor.Bifrost.30825

Added to the Dr.Web virus database: 2020-01-26

Virus description added:

Technical Information

Malicious functions
Executes the following
  • '<SYSTEM32>\taskkill.exe' /f /im node.exe
  • '<SYSTEM32>\taskkill.exe' /f /im cmd.exe
Terminates or attempts to terminate
the following system processes:
  • <SYSTEM32>\cmd.exe
Modifies file system
Creates the following files
  • %TEMP%\8094.tmp\8095.tmp\8096.vbs
  • %APPDATA%\discord'\node_modules\inherits\inherits.js
  • %APPDATA%\discord'\node_modules\inflight\readme.md
  • %APPDATA%\discord'\node_modules\inflight\package.json
  • %APPDATA%\discord'\node_modules\inflight\license
  • %APPDATA%\discord'\node_modules\inflight\inflight.js
  • %APPDATA%\discord'\node_modules\glob\sync.js
  • %APPDATA%\discord'\node_modules\glob\readme.md
  • %APPDATA%\discord'\node_modules\glob\package.json
  • %APPDATA%\discord'\node_modules\glob\license
  • %APPDATA%\discord'\node_modules\glob\glob.js
  • %APPDATA%\discord'\node_modules\glob\common.js
  • %APPDATA%\discord'\node_modules\glob\changelog.md
  • %APPDATA%\discord'\node_modules\fs.realpath\readme.md
  • %APPDATA%\discord'\node_modules\fs.realpath\package.json
  • %APPDATA%\discord'\node_modules\fs.realpath\old.js
  • %APPDATA%\discord'\node_modules\fs.realpath\license
  • %APPDATA%\discord'\node_modules\fs.realpath\index.js
  • %APPDATA%\discord'\node_modules\fs\readme.md
  • %APPDATA%\discord'\node_modules\fs\package.json
  • %APPDATA%\discord'\node_modules\event-target-shim\readme.md
  • %APPDATA%\discord'\node_modules\event-target-shim\package.json
  • %APPDATA%\discord'\node_modules\event-target-shim\license
  • %APPDATA%\discord'\node_modules\event-target-shim\index.d.ts
  • %APPDATA%\discord'\node_modules\inherits\inherits_browser.js
  • %APPDATA%\discord'\node_modules\inherits\license
  • %APPDATA%\discord'\node_modules\inherits\package.json
  • %APPDATA%\discord'\node_modules\inherits\readme.md
  • %APPDATA%\discord'\node_modules\node-fetch\browser.js
  • %APPDATA%\discord'\node_modules\minimatch\readme.md
  • %APPDATA%\discord'\node_modules\minimatch\package.json
  • %APPDATA%\discord'\node_modules\minimatch\minimatch.js
  • %APPDATA%\discord'\node_modules\minimatch\license
  • %APPDATA%\discord'\node_modules\mime-types\readme.md
  • %APPDATA%\discord'\node_modules\mime-types\package.json
  • %APPDATA%\discord'\node_modules\mime-types\license
  • %APPDATA%\discord'\node_modules\mime-types\index.js
  • %APPDATA%\discord'\node_modules\mime-types\history.md
  • %APPDATA%\discord'\node_modules\mime-db\readme.md
  • %APPDATA%\discord'\node_modules\mime-db\license
  • %APPDATA%\discord'\node_modules\mime-db\package.json
  • %APPDATA%\discord'\node_modules\mime-db\index.js
  • %APPDATA%\discord'\node_modules\mime-db\history.md
  • %APPDATA%\discord'\node_modules\mime-db\db.json
  • %APPDATA%\discord'\node_modules\ip\test\api-test.js
  • %APPDATA%\discord'\node_modules\ip\readme.md
  • %APPDATA%\discord'\node_modules\ip\package.json
  • %APPDATA%\discord'\node_modules\ip\lib\ip.js
  • %APPDATA%\discord'\node_modules\ip\.travis.yml
  • %APPDATA%\discord'\node_modules\ip\.npmignore
  • %APPDATA%\discord'\node_modules\ip\.jshintrc
  • %APPDATA%\discord'\node_modules\ip\.jscsrc
  • %APPDATA%\discord'\node_modules\node-fetch\changelog.md
  • %APPDATA%\discord'\node_modules\event-target-shim\dist\event-target-shim.umd.js.map
  • %APPDATA%\discord'\node_modules\event-target-shim\dist\event-target-shim.umd.js
  • %APPDATA%\discord'\node_modules\event-target-shim\dist\event-target-shim.mjs.map
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\user.js
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\textchannel.js
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\teammember.js
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\team.js
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\storechannel.js
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\role.js
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\reactionemoji.js
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\reactioncollector.js
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\presence.js
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\permissionoverwrites.js
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\partialgroupdmchannel.js
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\newschannel.js
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\messagereaction.js
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\messagementions.js
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\messageembed.js
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\messagecollector.js
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\messageattachment.js
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\message.js
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\invite.js
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\interfaces\textbasedchannel.js
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\interfaces\collector.js
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\integration.js
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\guildpreviewemoji.js
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\voicechannel.js
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\voiceregion.js
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\voicestate.js
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\webhook.js
  • %APPDATA%\discord'\node_modules\event-target-shim\dist\event-target-shim.js.map
  • %APPDATA%\discord'\node_modules\event-target-shim\dist\event-target-shim.js
  • %APPDATA%\discord'\node_modules\discord.js\webpack\discord.min.js.license.txt
  • %APPDATA%\discord'\node_modules\discord.js\webpack\discord.min.js
  • %APPDATA%\discord'\node_modules\discord.js\webpack\discord.js.license.txt
  • %APPDATA%\discord'\node_modules\discord.js\webpack\discord.js
  • %APPDATA%\discord'\node_modules\discord.js\typings\index.ts
  • %APPDATA%\discord'\node_modules\discord.js\typings\index.d.ts
  • %APPDATA%\discord'\node_modules\discord.js\src\websocket.js
  • %APPDATA%\discord'\node_modules\discord.js\src\util\util.js
  • %APPDATA%\discord'\node_modules\discord.js\src\util\userflags.js
  • %APPDATA%\discord'\node_modules\discord.js\src\util\structures.js
  • %APPDATA%\discord'\node_modules\discord.js\src\util\systemchannelflags.js
  • %APPDATA%\discord'\node_modules\discord.js\src\util\speaking.js
  • %APPDATA%\discord'\node_modules\discord.js\src\util\snowflake.js
  • %APPDATA%\discord'\node_modules\discord.js\src\util\permissions.js
  • %APPDATA%\discord'\node_modules\discord.js\src\util\messageflags.js
  • %APPDATA%\discord'\node_modules\discord.js\src\util\limitedcollection.js
  • %APPDATA%\discord'\node_modules\discord.js\src\util\intents.js
  • %APPDATA%\discord'\node_modules\discord.js\src\util\dataresolver.js
  • %APPDATA%\discord'\node_modules\discord.js\src\util\constants.js
  • %APPDATA%\discord'\node_modules\discord.js\src\util\collection.js
  • %APPDATA%\discord'\node_modules\discord.js\src\util\bitfield.js
  • %APPDATA%\discord'\node_modules\discord.js\src\util\activityflags.js
  • %APPDATA%\discord'\node_modules\event-target-shim\dist\event-target-shim.mjs
  • %APPDATA%\discord'\node_modules\node-fetch\lib\index.es.js
  • %APPDATA%\discord'\node_modules\node-fetch\lib\index.js
  • %APPDATA%\discord'\node_modules\node-fetch\lib\index.mjs
  • %APPDATA%\discord'\node_modules\wrappy\package.json
  • %APPDATA%\discord'\node_modules\wrappy\license
  • %APPDATA%\discord'\node_modules\tweetnacl\readme.md
  • %APPDATA%\discord'\node_modules\tweetnacl\pull_request_template.md
  • %APPDATA%\discord'\node_modules\tweetnacl\package.json
  • %APPDATA%\discord'\node_modules\tweetnacl\nacl.min.js
  • %APPDATA%\discord'\node_modules\tweetnacl\nacl.js
  • %APPDATA%\discord'\node_modules\tweetnacl\nacl.d.ts
  • %APPDATA%\discord'\node_modules\tweetnacl\nacl-fast.min.js
  • %APPDATA%\discord'\node_modules\tweetnacl\nacl-fast.js
  • %APPDATA%\discord'\node_modules\tweetnacl\license
  • %APPDATA%\discord'\node_modules\tweetnacl\authors.md
  • %APPDATA%\discord'\node_modules\wrappy\wrappy.js
  • %APPDATA%\discord'\node_modules\temp\readme.md
  • %APPDATA%\discord'\node_modules\temp\package.json
  • %APPDATA%\discord'\node_modules\temp\license
  • %APPDATA%\discord'\node_modules\temp\lib\temp.js
  • %APPDATA%\discord'\node_modules\setimmediate\setimmediate.js
  • %APPDATA%\discord'\node_modules\setimmediate\package.json
  • %APPDATA%\discord'\node_modules\setimmediate\license.txt
  • %APPDATA%\discord'\node_modules\screenshot-desktop\test.js
  • %APPDATA%\discord'\node_modules\screenshot-desktop\renovate.json
  • %APPDATA%\discord'\node_modules\screenshot-desktop\readme.md
  • %APPDATA%\discord'\node_modules\tweetnacl\changelog.md
  • %APPDATA%\discord'\steal.bat
  • %APPDATA%\discord'\node_modules\ws\browser.js
  • %APPDATA%\discord'\starter.vbs
  • %APPDATA%\discord'\starter.bat
  • %APPDATA%\discord'\spamhide.vbs
  • %APPDATA%\discord'\spam.bat
  • %APPDATA%\discord'\refresh.bat
  • %APPDATA%\discord'\prohide.vbs
  • %APPDATA%\discord'\package.json
  • %APPDATA%\discord'\package-lock.json
  • %APPDATA%\discord'\node_need.vbs
  • %APPDATA%\discord'\node_modules\ws\readme.md
  • %APPDATA%\discord'\node_modules\ws\package.json
  • %APPDATA%\discord'\node_modules\screenshot-desktop\package.json
  • %APPDATA%\discord'\node_modules\wrappy\readme.md
  • %APPDATA%\discord'\node_modules\ws\lib\websocket-server.js
  • %APPDATA%\discord'\node_modules\ws\lib\validation.js
  • %APPDATA%\discord'\node_modules\ws\lib\stream.js
  • %APPDATA%\discord'\node_modules\ws\lib\sender.js
  • %APPDATA%\discord'\node_modules\ws\lib\receiver.js
  • %APPDATA%\discord'\node_modules\ws\lib\permessage-deflate.js
  • %APPDATA%\discord'\node_modules\ws\lib\limiter.js
  • %APPDATA%\discord'\node_modules\ws\lib\extension.js
  • %APPDATA%\discord'\node_modules\ws\lib\event-target.js
  • %APPDATA%\discord'\node_modules\ws\lib\constants.js
  • %APPDATA%\discord'\node_modules\ws\lib\buffer-util.js
  • %APPDATA%\discord'\node_modules\ws\lib\websocket.js
  • %APPDATA%\discord'\node_modules\ws\index.js
  • %APPDATA%\discord'\node_modules\screenshot-desktop\lib\win32\screencapture_1.3.2.exe
  • %APPDATA%\discord'\node_modules\screenshot-desktop\lib\win32\screencapture_1.3.2.bat
  • %APPDATA%\discord'\node_modules\screenshot-desktop\lib\win32\index.js
  • %APPDATA%\discord'\node_modules\pinkie\index.js
  • %APPDATA%\discord'\node_modules\prism-media\src\core\ffmpeg.js
  • %APPDATA%\discord'\node_modules\prism-media\readme.md
  • %APPDATA%\discord'\node_modules\prism-media\package.json
  • %APPDATA%\discord'\node_modules\prism-media\license
  • %APPDATA%\discord'\node_modules\pinkie-promise\readme.md
  • %APPDATA%\discord'\node_modules\pinkie-promise\package.json
  • %APPDATA%\discord'\node_modules\pinkie-promise\license
  • %APPDATA%\discord'\node_modules\pinkie-promise\index.js
  • %APPDATA%\discord'\node_modules\pinkie\readme.md
  • %APPDATA%\discord'\node_modules\pinkie\package.json
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\guildpreview.js
  • %APPDATA%\discord'\node_modules\prism-media\src\core\volumetransformer.js
  • %APPDATA%\discord'\node_modules\path-is-absolute\readme.md
  • %APPDATA%\discord'\node_modules\path-is-absolute\package.json
  • %APPDATA%\discord'\node_modules\path-is-absolute\license
  • %APPDATA%\discord'\node_modules\path-is-absolute\index.js
  • %APPDATA%\discord'\node_modules\once\readme.md
  • %APPDATA%\discord'\node_modules\once\package.json
  • %APPDATA%\discord'\node_modules\once\once.js
  • %APPDATA%\discord'\node_modules\once\license
  • %APPDATA%\discord'\node_modules\node-fetch\readme.md
  • %APPDATA%\discord'\node_modules\node-fetch\package.json
  • %APPDATA%\discord'\node_modules\node-fetch\license.md
  • %APPDATA%\discord'\node_modules\pinkie\license
  • %APPDATA%\discord'\node_modules\rimraf\package.json
  • %APPDATA%\discord'\node_modules\prism-media\src\core\webmbase.js
  • %APPDATA%\discord'\node_modules\prism-media\src\opus\oggdemuxer.js
  • %APPDATA%\discord'\node_modules\prism-media\src\index.js
  • %APPDATA%\discord'\node_modules\screenshot-desktop\lib\win32\app.manifest
  • %APPDATA%\discord'\node_modules\screenshot-desktop\lib\utils.js
  • %APPDATA%\discord'\node_modules\screenshot-desktop\lib\linux\index.js
  • %APPDATA%\discord'\node_modules\screenshot-desktop\lib\darwin\index.js
  • %APPDATA%\discord'\node_modules\screenshot-desktop\index.js
  • %APPDATA%\discord'\node_modules\screenshot-desktop\examples\multiscreens.js
  • %APPDATA%\discord'\node_modules\screenshot-desktop\examples\example.js
  • %APPDATA%\discord'\node_modules\screenshot-desktop\.travis.yml
  • %APPDATA%\discord'\node_modules\screenshot-desktop\.github\issue_template\feature_request.md
  • %APPDATA%\discord'\node_modules\screenshot-desktop\.github\issue_template\bug_report.md
  • %APPDATA%\discord'\node_modules\prism-media\src\opus\index.js
  • %APPDATA%\discord'\node_modules\rimraf\rimraf.js
  • %APPDATA%\discord'\node_modules\prism-media\src\core\index.js
  • %APPDATA%\discord'\node_modules\rimraf\license
  • %APPDATA%\discord'\node_modules\rimraf\bin.js
  • %APPDATA%\discord'\node_modules\prism-media\typings\vorbis.d.ts
  • %APPDATA%\discord'\node_modules\prism-media\typings\opus.d.ts
  • %APPDATA%\discord'\node_modules\prism-media\typings\index.d.ts
  • %APPDATA%\discord'\node_modules\prism-media\src\vorbis\webmdemuxer.js
  • %APPDATA%\discord'\node_modules\prism-media\src\vorbis\index.js
  • %APPDATA%\discord'\node_modules\prism-media\src\util\loader.js
  • %APPDATA%\discord'\node_modules\prism-media\src\opus\webmdemuxer.js
  • %APPDATA%\discord'\node_modules\prism-media\src\opus\opus.js
  • %APPDATA%\discord'\node_modules\rimraf\readme.md
  • %APPDATA%\discord'\node_modules\ws\license
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\guildmember.js
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\apimessage.js
  • %APPDATA%\discord'\node_modules\delayed-stream\makefile
  • %APPDATA%\discord'\node_modules\delayed-stream\license
  • %APPDATA%\discord'\node_modules\delayed-stream\lib\delayed_stream.js
  • %APPDATA%\discord'\node_modules\delayed-stream\.npmignore
  • %APPDATA%\discord'\node_modules\concat-map\test\map.js
  • %APPDATA%\discord'\node_modules\concat-map\readme.markdown
  • %APPDATA%\discord'\node_modules\concat-map\package.json
  • %APPDATA%\discord'\node_modules\concat-map\license
  • %APPDATA%\discord'\node_modules\concat-map\index.js
  • %APPDATA%\discord'\node_modules\concat-map\example\map.js
  • %APPDATA%\discord'\node_modules\concat-map\.travis.yml
  • %APPDATA%\discord'\node_modules\combined-stream\yarn.lock
  • %APPDATA%\discord'\node_modules\combined-stream\readme.md
  • %APPDATA%\discord'\node_modules\combined-stream\package.json
  • %APPDATA%\discord'\node_modules\combined-stream\license
  • %APPDATA%\discord'\node_modules\combined-stream\lib\combined_stream.js
  • %APPDATA%\discord'\node_modules\brace-expansion\readme.md
  • %APPDATA%\discord'\node_modules\brace-expansion\package.json
  • %APPDATA%\discord'\node_modules\brace-expansion\license
  • %APPDATA%\discord'\node_modules\brace-expansion\index.js
  • %APPDATA%\discord'\node_modules\balanced-match\readme.md
  • %APPDATA%\discord'\node_modules\balanced-match\package.json
  • %APPDATA%\discord'\node_modules\balanced-match\license.md
  • %APPDATA%\discord'\node_modules\delayed-stream\package.json
  • %APPDATA%\discord'\node_modules\delayed-stream\readme.md
  • %APPDATA%\discord'\node_modules\discord.js\.tern-project
  • %APPDATA%\discord'\node_modules\discord.js\esm\discord.mjs
  • %APPDATA%\discord'\node_modules\discord.js\src\client\actions\invitecreate.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\actions\guildupdate.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\actions\guildroleupdate.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\actions\guildrolespositionupdate.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\actions\guildroledelete.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\actions\guildrolecreate.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\actions\guildmemberremove.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\actions\guildintegrationsupdate.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\actions\guildemojiupdate.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\actions\guildemojisupdate.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\actions\guildemojidelete.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\actions\guilddelete.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\actions\guildemojicreate.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\actions\guildchannelspositionupdate.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\actions\guildbanremove.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\actions\channelupdate.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\actions\channeldelete.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\actions\channelcreate.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\actions\actionsmanager.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\actions\action.js
  • %APPDATA%\discord'\node_modules\discord.js\readme.md
  • %APPDATA%\discord'\node_modules\discord.js\package.json
  • %APPDATA%\discord'\node_modules\discord.js\license
  • %APPDATA%\discord'\node_modules\discord.js\jsdoc.json
  • %APPDATA%\discord'\node_modules\discord.js\src\client\actions\invitedelete.js
  • %APPDATA%\discord'\node_modules\balanced-match\index.js
  • %APPDATA%\discord'\node_modules\balanced-match\.npmignore
  • %APPDATA%\discord'\node_modules\asynckit\stream.js
  • %APPDATA%\discord'\node_modules\abort-controller\dist\abort-controller.js
  • %APPDATA%\discord'\node_modules\abort-controller\dist\abort-controller.d.ts
  • %APPDATA%\discord'\node_modules\abort-controller\browser.mjs
  • %APPDATA%\discord'\node_modules\abort-controller\browser.js
  • %APPDATA%\discord'\node_modules\@discordjs\form-data\readme.md
  • %APPDATA%\discord'\node_modules\@discordjs\form-data\package.json
  • %APPDATA%\discord'\node_modules\@discordjs\form-data\license
  • %APPDATA%\discord'\node_modules\@discordjs\form-data\lib\populate.js
  • %APPDATA%\discord'\node_modules\@discordjs\form-data\lib\form_data.js
  • %APPDATA%\discord'\node_modules\@discordjs\form-data\lib\browser.js
  • %APPDATA%\discord'\node_modules\@discordjs\form-data\index.d.ts
  • %APPDATA%\discord'\node_modules\@discordjs\collection\readme.md
  • %APPDATA%\discord'\node_modules\@discordjs\collection\package.json
  • %APPDATA%\discord'\node_modules\@discordjs\collection\license
  • %APPDATA%\discord'\node_modules\@discordjs\collection\dist\index.js
  • %APPDATA%\discord'\node_modules\@discordjs\collection\dist\index.d.ts
  • %APPDATA%\discord'\node_modules\.bin\rimraf.ps1
  • %APPDATA%\discord'\node_modules\.bin\rimraf.cmd
  • %APPDATA%\discord'\node_modules\.bin\rimraf
  • %APPDATA%\discord'\main.js
  • %APPDATA%\discord'\editer.bat
  • %APPDATA%\discord'\crash.bat
  • %APPDATA%\discord'\alert.txt
  • %APPDATA%\discord'\node_modules\abort-controller\dist\abort-controller.js.map
  • %APPDATA%\discord'\node_modules\abort-controller\dist\abort-controller.mjs
  • %APPDATA%\discord'\node_modules\abort-controller\dist\abort-controller.mjs.map
  • %APPDATA%\discord'\node_modules\abort-controller\dist\abort-controller.umd.js
  • %APPDATA%\discord'\node_modules\asynckit\serial.js
  • %APPDATA%\discord'\node_modules\asynckit\readme.md
  • %APPDATA%\discord'\node_modules\asynckit\parallel.js
  • %APPDATA%\discord'\node_modules\asynckit\package.json
  • %APPDATA%\discord'\node_modules\asynckit\license
  • %APPDATA%\discord'\node_modules\asynckit\lib\terminator.js
  • %APPDATA%\discord'\node_modules\asynckit\lib\streamify.js
  • %APPDATA%\discord'\node_modules\asynckit\lib\state.js
  • %APPDATA%\discord'\node_modules\asynckit\lib\readable_serial_ordered.js
  • %APPDATA%\discord'\node_modules\asynckit\lib\readable_serial.js
  • %APPDATA%\discord'\node_modules\asynckit\lib\readable_parallel.js
  • %APPDATA%\discord'\node_modules\asynckit\lib\iterate.js
  • %APPDATA%\discord'\node_modules\asynckit\lib\readable_asynckit.js
  • %APPDATA%\discord'\node_modules\asynckit\lib\defer.js
  • %APPDATA%\discord'\node_modules\asynckit\lib\async.js
  • %APPDATA%\discord'\node_modules\asynckit\lib\abort.js
  • %APPDATA%\discord'\node_modules\asynckit\index.js
  • %APPDATA%\discord'\node_modules\asynckit\bench.js
  • %APPDATA%\discord'\node_modules\abort-controller\readme.md
  • %APPDATA%\discord'\node_modules\abort-controller\polyfill.mjs
  • %APPDATA%\discord'\node_modules\abort-controller\polyfill.js
  • %APPDATA%\discord'\node_modules\abort-controller\package.json
  • %APPDATA%\discord'\node_modules\abort-controller\license
  • %APPDATA%\discord'\node_modules\abort-controller\dist\abort-controller.umd.js.map
  • %APPDATA%\discord'\node_modules\asynckit\serialordered.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\actions\messagecreate.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\actions\messagedelete.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\actions\messagedeletebulk.js
  • %APPDATA%\discord'\node_modules\discord.js\src\managers\guildmemberrolemanager.js
  • %APPDATA%\discord'\node_modules\discord.js\src\managers\guildmembermanager.js
  • %APPDATA%\discord'\node_modules\discord.js\src\managers\guildmanager.js
  • %APPDATA%\discord'\node_modules\discord.js\src\managers\guildemojirolemanager.js
  • %APPDATA%\discord'\node_modules\discord.js\src\managers\guildemojimanager.js
  • %APPDATA%\discord'\node_modules\discord.js\src\managers\guildchannelmanager.js
  • %APPDATA%\discord'\node_modules\discord.js\src\managers\channelmanager.js
  • %APPDATA%\discord'\node_modules\discord.js\src\managers\basemanager.js
  • %APPDATA%\discord'\node_modules\discord.js\src\index.js
  • %APPDATA%\discord'\node_modules\discord.js\src\errors\messages.js
  • %APPDATA%\discord'\node_modules\discord.js\src\errors\index.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\websocket\websocketshard.js
  • %APPDATA%\discord'\node_modules\discord.js\src\managers\presencemanager.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\websocket\websocketmanager.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\websocket\handlers\webhooks_update.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\websocket\handlers\voice_state_update.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\websocket\handlers\voice_server_update.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\websocket\handlers\user_update.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\websocket\handlers\typing_start.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\websocket\handlers\resumed.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\websocket\handlers\ready.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\websocket\handlers\presence_update.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\websocket\handlers\message_update.js
  • %APPDATA%\discord'\node_modules\discord.js\src\errors\djserror.js
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\guildchannel.js
  • %APPDATA%\discord'\node_modules\discord.js\src\managers\reactionmanager.js
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\guildauditlogs.js
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\guild.js
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\emoji.js
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\dmchannel.js
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\clientuser.js
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\clientpresence.js
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\clientapplication.js
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\channel.js
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\categorychannel.js
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\baseguildemoji.js
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\base.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\websocket\handlers\message_reaction_remove_emoji.js
  • %APPDATA%\discord'\node_modules\discord.js\src\managers\messagemanager.js
  • %APPDATA%\discord'\node_modules\discord.js\src\sharding\shardclientutil.js
  • %APPDATA%\discord'\node_modules\discord.js\src\sharding\shard.js
  • %APPDATA%\discord'\node_modules\discord.js\src\rest\restmanager.js
  • %APPDATA%\discord'\node_modules\discord.js\src\rest\requesthandler.js
  • %APPDATA%\discord'\node_modules\discord.js\src\rest\httperror.js
  • %APPDATA%\discord'\node_modules\discord.js\src\rest\discordapierror.js
  • %APPDATA%\discord'\node_modules\discord.js\src\rest\apirouter.js
  • %APPDATA%\discord'\node_modules\discord.js\src\rest\apirequest.js
  • %APPDATA%\discord'\node_modules\discord.js\src\managers\voicestatemanager.js
  • %APPDATA%\discord'\node_modules\discord.js\src\managers\usermanager.js
  • %APPDATA%\discord'\node_modules\discord.js\src\managers\rolemanager.js
  • %APPDATA%\discord'\node_modules\discord.js\src\sharding\shardingmanager.js
  • %APPDATA%\discord'\node_modules\discord.js\src\managers\reactionusermanager.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\websocket\handlers\message_reaction_remove_all.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\websocket\handlers\message_reaction_remove.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\websocket\handlers\message_reaction_add.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\voice\clientvoicemanager.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\voice\util\secretbox.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\voice\util\playinterface.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\voice\receiver\receiver.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\voice\receiver\packethandler.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\voice\player\broadcastaudioplayer.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\voice\player\baseplayer.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\voice\player\audioplayer.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\voice\networking\voicewebsocket.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\voice\networking\voiceudpclient.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\voice\dispatcher\streamdispatcher.js
  • %APPDATA%\discord'\node_modules\discord.js\src\structures\guildemoji.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\voice\util\volumeinterface.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\client.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\baseclient.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\actions\webhooksupdate.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\actions\voicestateupdate.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\actions\userupdate.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\actions\presenceupdate.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\actions\messageupdate.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\actions\messagereactionremoveemoji.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\actions\messagereactionremoveall.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\actions\messagereactionremove.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\actions\messagereactionadd.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\voice\dispatcher\broadcastdispatcher.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\websocket\handlers\guild_member_add.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\voice\voicebroadcast.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\websocket\handlers\channel_create.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\voice\voiceconnection.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\websocket\handlers\message_delete_bulk.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\websocket\handlers\message_delete.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\websocket\handlers\message_create.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\websocket\handlers\invite_delete.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\websocket\handlers\invite_create.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\websocket\handlers\index.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\websocket\handlers\guild_update.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\websocket\handlers\guild_role_update.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\websocket\handlers\guild_role_delete.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\websocket\handlers\guild_role_create.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\webhookclient.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\websocket\handlers\guild_member_update.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\voice\util\silence.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\websocket\handlers\guild_members_chunk.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\websocket\handlers\guild_integrations_update.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\websocket\handlers\guild_emojis_update.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\websocket\handlers\guild_delete.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\websocket\handlers\guild_create.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\websocket\handlers\guild_ban_remove.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\websocket\handlers\guild_ban_add.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\websocket\handlers\channel_update.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\websocket\handlers\channel_pins_update.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\websocket\handlers\channel_delete.js
  • %APPDATA%\discord'\node_modules\discord.js\src\client\websocket\handlers\guild_member_remove.js
  • %APPDATA%\discord'\worm.vbs
Deletes the following files
  • %TEMP%\8094.tmp\8095.tmp\8096.vbs
Miscellaneous
Searches for the following windows
  • ClassName: '' WindowName: ''
Creates and executes the following
  • '<SYSTEM32>\wscript.exe' %TEMP%\8094.tmp\8095.tmp\8096.vbs //Nologo
  • '<SYSTEM32>\wscript.exe' %TEMP%\8094.tmp\8095.tmp\8096.vbs //Nologo' (with hidden window)
  • '<SYSTEM32>\taskkill.exe' /f /im node.exe' (with hidden window)
  • '<SYSTEM32>\taskkill.exe' /f /im cmd.exe' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c ""%APPDATA%\discord'\steal.bat" "' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c ""%APPDATA%\discord'\refresh.bat" "' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c ""%APPDATA%\discord'\editer.bat" "' (with hidden window)
Executes the following
  • '<SYSTEM32>\cmd.exe' /c ""%APPDATA%\discord'\steal.bat" "
  • '<SYSTEM32>\cmd.exe' /c ""%APPDATA%\discord'\refresh.bat" "
  • '<SYSTEM32>\cmd.exe' /c ""%APPDATA%\discord'\editer.bat" "

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play