Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Trojan.Hosts.48075

Added to the Dr.Web virus database: 2020-10-30

Virus description added:

Technical Information

Modifies file system
Creates the following files
  • %TEMP%\qgxrhfd.exe
  • %TEMP%\dslooq.nls
  • %WINDIR%\lgnetbmt.exe
  • %TEMP%\btqdri.exe
  • %WINDIR%\fsdcjccd\gnehv\mnexg.exe
  • %TEMP%\ldmfmjx.txt
  • %WINDIR%\xulxgmoa.dll
  • %WINDIR%\gyignx.exe
  • %WINDIR%\fsdcjccd\dwzou\qwxdx.exe
  • %TEMP%\lsgyjxw.txt
  • %WINDIR%\fsdcjccd\dwzou\qwxdx.txt
  • %WINDIR%\fsdcjccd\gnehv\mnexg.txt
  • %WINDIR%\fsdcjccd\flist.bin
  • %WINDIR%\fsdcjccd\nblbec.dll
  • %WINDIR%\fsdcjccd\nqzbjk.dll
  • %WINDIR%\fsdcjccd\ienikcck.exe
  • %TEMP%\urtpvr.dll
  • %TEMP%\faeaf17d554ad2ded894af11243d8b303aeb8.tmp
Deletes the following files
  • %TEMP%\qgxrhfd.exe
  • %WINDIR%\fsdcjccd\flist.bin
  • %WINDIR%\fsdcjccd\dwzou\qwxdx.exe
  • %TEMP%\btqdri.exe
Modifies the HOSTS file.
Moves itself
  • from <Full path to file> to %TEMP%\....\1047297
Network activity
TCP
HTTP GET requests
  • http://lm.##wangba.com/GetCfg?V=####################################################
  • http://xf.###ospital.com/pap/f20201022.txt?ve############################################################################################################
  • http://xf.###ospital.com/pap/t20201023.txt?ve############################################################################################################
  • http://ap#.uf1.cn/v5/box/32/10177585/0
  • http://wx#.#inaimg.cn/large/0082blolly1gk4xq4kc0xg300g00gh13.gif
  • http://cd#.#oluobl.cn/appi/appi/lashushu
  • http://ap##.#ame.qq.com/comm-htdocs/ip/get_ip.php
  • http://20####.ip138.com/
  • http://ap#.#bbtv.xyz/c.php?pi###################################
HTTP POST requests
  • http://47.##.143.174/AddReport
  • http://da##.58pap.com/AddReport
  • http://da##.58pap.com/addATP
  • 'sd#####gfg.xyzs666.xyz':2653
  • 'sp#.#aidu.com':443
  • '10#.#33.130.243':6663
  • UDP
    • DNS ASK lm.##0down.cn
    • DNS ASK lo#.uf1.cn
    • DNS ASK ap##.#ame.qq.com
    • DNS ASK wx#.#inaimg.cn
    • DNS ASK me##jfsgeyl
    • DNS ASK cd#.#oluobl.cn
    • DNS ASK sd#####gfg.xyzs666.xyz
    • DNS ASK sp#.#aidu.com
    • DNS ASK ap#.uf1.cn
    • DNS ASK xf.###ospital.com
    • DNS ASK bd.###ospital.com
    • DNS ASK 20####.ip138.com
    • DNS ASK ap#.#bbtv.xyz
    • DNS ASK lm.##wangba.com
    • DNS ASK da##.58pap.com
    • '<LOCALNET>.57.145':6582
    • '<LOCALNET>.57.144':6582
    • '<LOCALNET>.57.143':6582
    • '<LOCALNET>.57.142':6582
    • '<LOCALNET>.57.141':6582
    • '<LOCALNET>.57.133':6582
    • '<LOCALNET>.57.134':6582
    • '<LOCALNET>.57.132':6582
    • '<LOCALNET>.57.131':6582
    • '<LOCALNET>.57.130':6582
    • '<LOCALNET>.57.135':6582
    • '<LOCALNET>.57.146':6582
    • '<LOCALNET>.57.154':6582
    • '<LOCALNET>.57.149':6582
    • '<LOCALNET>.57.150':6582
    • '<LOCALNET>.57.151':6582
    • '<LOCALNET>.57.152':6582
    • '<LOCALNET>.57.153':6582
    • '<LOCALNET>.57.1':6580
    • '<LOCALNET>.57.155':6582
    • '<LOCALNET>.57.156':6582
    • '<LOCALNET>.57.157':6582
    • '<LOCALNET>.57.158':6582
    • '<LOCALNET>.57.147':6582
    • '<LOCALNET>.57.148':6582
    • '<LOCALNET>.57.159':6582
    • '<LOCALNET>.57.122':6582
    • '<LOCALNET>.57.126':6582
    • '<LOCALNET>.57.101':6582
    • '<LOCALNET>.57.102':6582
    • '<LOCALNET>.57.103':6582
    • '<LOCALNET>.57.104':6582
    • '<LOCALNET>.57.105':6582
    • '<LOCALNET>.57.106':6582
    • '<LOCALNET>.57.107':6582
    • '<LOCALNET>.57.108':6582
    • '<LOCALNET>.57.109':6582
    • '<LOCALNET>.57.110':6582
    • '<LOCALNET>.57.128':6582
    • '<LOCALNET>.57.129':6582
    • '<LOCALNET>.57.113':6582
    • '<LOCALNET>.57.116':6582
    • '<LOCALNET>.57.117':6582
    • '<LOCALNET>.57.118':6582
    • '<LOCALNET>.57.119':6582
    • '<LOCALNET>.57.120':6582
    • '<LOCALNET>.57.121':6582
    • '<LOCALNET>.57.115':6582
    • '<LOCALNET>.57.123':6582
    • '<LOCALNET>.57.124':6582
    • '<LOCALNET>.57.125':6582
    • '<LOCALNET>.57.160':6582
    • '<LOCALNET>.57.114':6582
    • '<LOCALNET>.57.161':6582
    • '<LOCALNET>.57.170':6582
    • '<LOCALNET>.57.164':6582
    • '<LOCALNET>.57.193':6582
    • '<LOCALNET>.57.194':6582
    • '<LOCALNET>.57.195':6582
    • '<LOCALNET>.57.196':6582
    • '<LOCALNET>.57.197':6582
    • '<LOCALNET>.57.198':6582
    • '<LOCALNET>.57.199':6582
    • '<LOCALNET>.57.200':6582
    • '<LOCALNET>.57.201':6582
    • '<LOCALNET>.57.202':6582
    • '<LOCALNET>.57.191':6582
    • '<LOCALNET>.57.192':6582
    • '<LOCALNET>.57.205':6582
    • '<LOCALNET>.57.208':6582
    • '<LOCALNET>.57.209':6582
    • '<LOCALNET>.57.210':6582
    • '<LOCALNET>.57.211':6582
    • '<LOCALNET>.57.212':6582
    • '<LOCALNET>.57.213':6582
    • '<LOCALNET>.57.214':6582
    • '<LOCALNET>.57.215':6582
    • '<LOCALNET>.57.216':6582
    • '<LOCALNET>.57.217':6582
    • '<LOCALNET>.57.99':6582
    • '<LOCALNET>.57.207':6582
    • '<LOCALNET>.57.163':6582
    • '<LOCALNET>.57.206':6582
    • '<LOCALNET>.57.100':6582
    • '<LOCALNET>.57.165':6582
    • '<LOCALNET>.57.166':6582
    • '<LOCALNET>.57.167':6582
    • '<LOCALNET>.57.168':6582
    • '<LOCALNET>.57.169':6582
    • '<LOCALNET>.57.127':6582
    • '<LOCALNET>.57.171':6582
    • '<LOCALNET>.57.172':6582
    • '<LOCALNET>.57.173':6582
    • '<LOCALNET>.57.174':6582
    • '<LOCALNET>.57.188':6582
    • '<LOCALNET>.57.189':6582
    • '<LOCALNET>.57.177':6582
    • '<LOCALNET>.57.178':6582
    • '<LOCALNET>.57.179':6582
    • '<LOCALNET>.57.180':6582
    • '<LOCALNET>.57.181':6582
    • '<LOCALNET>.57.182':6582
    • '<LOCALNET>.57.183':6582
    • '<LOCALNET>.57.184':6582
    • '<LOCALNET>.57.185':6582
    • '<LOCALNET>.57.186':6582
    • '<LOCALNET>.57.187':6582
    • '<LOCALNET>.57.175':6582
    • '<LOCALNET>.57.190':6582
    • '<LOCALNET>.57.162':6582
    • '<LOCALNET>.57.176':6582
    • '<LOCALNET>.57.94':6582
    • '<LOCALNET>.57.98':6582
    • '<LOCALNET>.57.10':6582
    • '<LOCALNET>.57.11':6582
    • '<LOCALNET>.57.12':6582
    • '<LOCALNET>.57.13':6582
    • '<LOCALNET>.57.14':6582
    • '<LOCALNET>.57.15':6582
    • '<LOCALNET>.57.16':6582
    • '<LOCALNET>.57.17':6582
    • '<LOCALNET>.57.18':6582
    • '<LOCALNET>.57.21':6582
    • '<LOCALNET>.57.35':6582
    • '<LOCALNET>.57.9':6582
    • '<LOCALNET>.57.8':6582
    • '<LOCALNET>.57.25':6582
    • '<LOCALNET>.57.26':6582
    • '<LOCALNET>.57.27':6582
    • '<LOCALNET>.57.28':6582
    • '<LOCALNET>.57.29':6582
    • '<LOCALNET>.57.30':6582
    • '<LOCALNET>.57.31':6582
    • '<LOCALNET>.57.32':6582
    • '<LOCALNET>.57.33':6582
    • '<LOCALNET>.57.34':6582
    • '<LOCALNET>.57.22':6582
    • '<LOCALNET>.57.24':6582
    • '<LOCALNET>.57.36':6582
    • '<LOCALNET>.57.23':6582
    • '<LOCALNET>.57.247':6581
    • '<LOCALNET>.57.236':6581
    • '<LOCALNET>.57.237':6581
    • '<LOCALNET>.57.238':6581
    • '<LOCALNET>.57.239':6581
    • '<LOCALNET>.57.240':6581
    • '<LOCALNET>.57.241':6581
    • '<LOCALNET>.57.242':6581
    • '<LOCALNET>.57.243':6581
    • '<LOCALNET>.57.244':6581
    • '<LOCALNET>.57.245':6581
    • '<LOCALNET>.57.5':6582
    • '<LOCALNET>.57.7':6582
    • '<LOCALNET>.57.6':6582
    • '<LOCALNET>.57.249':6581
    • '<LOCALNET>.57.250':6581
    • '<LOCALNET>.57.251':6581
    • '<LOCALNET>.57.252':6581
    • '<LOCALNET>.57.253':6581
    • '<LOCALNET>.57.254':6581
    • '<LOCALNET>.57.1':6582
    • '<LOCALNET>.57.2':6582
    • '<LOCALNET>.57.3':6582
    • '<LOCALNET>.57.4':6582
    • '<LOCALNET>.57.246':6581
    • '<LOCALNET>.57.248':6581
    • '<LOCALNET>.57.37':6582
    • '<LOCALNET>.57.38':6582
    • '<LOCALNET>.57.40':6582
    • '<LOCALNET>.57.75':6582
    • '<LOCALNET>.57.76':6582
    • '<LOCALNET>.57.77':6582
    • '<LOCALNET>.57.78':6582
    • '<LOCALNET>.57.79':6582
    • '<LOCALNET>.57.80':6582
    • '<LOCALNET>.57.81':6582
    • '<LOCALNET>.57.82':6582
    • '<LOCALNET>.57.83':6582
    • '<LOCALNET>.57.72':6582
    • '<LOCALNET>.57.84':6582
    • '<LOCALNET>.57.74':6582
    • '<LOCALNET>.57.86':6582
    • '<LOCALNET>.57.88':6582
    • '<LOCALNET>.57.89':6582
    • '<LOCALNET>.57.90':6582
    • '<LOCALNET>.57.91':6582
    • '<LOCALNET>.57.92':6582
    • '<LOCALNET>.57.93':6582
    • '<LOCALNET>.57.219':6582
    • '<LOCALNET>.57.95':6582
    • '<LOCALNET>.57.96':6582
    • '<LOCALNET>.57.85':6582
    • '<LOCALNET>.57.218':6582
    • '<LOCALNET>.57.87':6582
    • '<LOCALNET>.57.73':6582
    • '<LOCALNET>.57.71':6582
    • '<LOCALNET>.57.70':6582
    • '<LOCALNET>.57.41':6582
    • '<LOCALNET>.57.42':6582
    • '<LOCALNET>.57.43':6582
    • '<LOCALNET>.57.49':6582
    • '<LOCALNET>.57.50':6582
    • '<LOCALNET>.57.51':6582
    • '<LOCALNET>.57.52':6582
    • '<LOCALNET>.57.53':6582
    • '<LOCALNET>.57.54':6582
    • '<LOCALNET>.57.55':6582
    • '<LOCALNET>.57.39':6582
    • '<LOCALNET>.57.56':6582
    • '<LOCALNET>.57.58':6582
    • '<LOCALNET>.57.59':6582
    • '<LOCALNET>.57.60':6582
    • '<LOCALNET>.57.61':6582
    • '<LOCALNET>.57.62':6582
    • '<LOCALNET>.57.63':6582
    • '<LOCALNET>.57.64':6582
    • '<LOCALNET>.57.65':6582
    • '<LOCALNET>.57.66':6582
    • '<LOCALNET>.57.67':6582
    • '<LOCALNET>.57.68':6582
    • '<LOCALNET>.57.57':6582
    • '<LOCALNET>.57.69':6582
    • '<LOCALNET>.57.97':6582
    • '<LOCALNET>.57.221':6582
    • '<LOCALNET>.57.233':6582
    • '<LOCALNET>.57.223':6582
    • '<LOCALNET>.57.117':6583
    • '<LOCALNET>.57.118':6583
    • '<LOCALNET>.57.119':6583
    • '<LOCALNET>.57.120':6583
    • '<LOCALNET>.57.121':6583
    • '<LOCALNET>.57.122':6583
    • '<LOCALNET>.57.123':6583
    • '<LOCALNET>.57.124':6583
    • '<LOCALNET>.57.125':6583
    • '<LOCALNET>.57.126':6583
    • '<LOCALNET>.57.115':6583
    • '<LOCALNET>.57.116':6583
    • '<LOCALNET>.57.127':6583
    • '<LOCALNET>.57.132':6583
    • '<LOCALNET>.57.133':6583
    • '<LOCALNET>.57.134':6583
    • '<LOCALNET>.57.135':6583
    • '<LOCALNET>.57.136':6583
    • '<LOCALNET>.57.137':6583
    • '<LOCALNET>.57.138':6583
    • '<LOCALNET>.57.139':6583
    • '<LOCALNET>.57.140':6583
    • '<LOCALNET>.57.141':6583
    • '<LOCALNET>.57.128':6583
    • '<LOCALNET>.57.129':6583
    • '<LOCALNET>.57.143':6583
    • '<LOCALNET>.57.142':6583
    • '<LOCALNET>.57.112':6583
    • '<LOCALNET>.57.90':6583
    • '<LOCALNET>.57.91':6583
    • '<LOCALNET>.57.92':6583
    • '<LOCALNET>.57.93':6583
    • '<LOCALNET>.57.94':6583
    • '<LOCALNET>.57.95':6583
    • '<LOCALNET>.57.96':6583
    • '<LOCALNET>.57.97':6583
    • '<LOCALNET>.57.98':6583
    • '<LOCALNET>.57.113':6583
    • '<LOCALNET>.57.88':6583
    • '<LOCALNET>.57.114':6583
    • '<LOCALNET>.57.99':6583
    • '<LOCALNET>.57.103':6583
    • '<LOCALNET>.57.104':6583
    • '<LOCALNET>.57.105':6583
    • '<LOCALNET>.57.106':6583
    • '<LOCALNET>.57.107':6583
    • '<LOCALNET>.57.108':6583
    • '<LOCALNET>.57.109':6583
    • '<LOCALNET>.57.110':6583
    • '<LOCALNET>.57.111':6583
    • '<LOCALNET>.57.100':6583
    • '<LOCALNET>.57.101':6583
    • '<LOCALNET>.57.102':6583
    • '<LOCALNET>.57.233':6581
    • '<LOCALNET>.57.144':6583
    • '<LOCALNET>.57.180':6583
    • '<LOCALNET>.57.182':6583
    • '<LOCALNET>.57.183':6583
    • '<LOCALNET>.57.184':6583
    • '<LOCALNET>.57.185':6583
    • '<LOCALNET>.57.186':6583
    • '<LOCALNET>.57.187':6583
    • '<LOCALNET>.57.188':6583
    • '<LOCALNET>.57.189':6583
    • '<LOCALNET>.57.190':6583
    • '<LOCALNET>.57.179':6583
    • '<LOCALNET>.57.191':6583
    • '<LOCALNET>.57.181':6583
    • '<LOCALNET>.57.193':6583
    • '<LOCALNET>.57.195':6583
    • '<LOCALNET>.57.255':6587
    • '<LOCALNET>.57.255':6586
    • '<LOCALNET>.57.255':6585
    • '<LOCALNET>.57.255':6584
    • '<LOCALNET>.57.255':6583
    • '<LOCALNET>.57.255':6582
    • '<LOCALNET>.57.255':6581
    • '<LOCALNET>.57.255':6580
    • '<LOCALNET>.57.192':6583
    • '<LOCALNET>.57.178':6583
    • '<LOCALNET>.57.194':6583
    • '<LOCALNET>.57.177':6583
    • '<LOCALNET>.57.176':6583
    • '<LOCALNET>.57.146':6583
    • '<LOCALNET>.57.148':6583
    • '<LOCALNET>.57.149':6583
    • '<LOCALNET>.57.150':6583
    • '<LOCALNET>.57.151':6583
    • '<LOCALNET>.57.152':6583
    • '<LOCALNET>.57.153':6583
    • '<LOCALNET>.57.154':6583
    • '<LOCALNET>.57.160':6583
    • '<LOCALNET>.57.161':6583
    • '<LOCALNET>.57.162':6583
    • '<LOCALNET>.57.163':6583
    • '<LOCALNET>.57.147':6583
    • '<LOCALNET>.57.164':6583
    • '<LOCALNET>.57.166':6583
    • '<LOCALNET>.57.167':6583
    • '<LOCALNET>.57.168':6583
    • '<LOCALNET>.57.169':6583
    • '<LOCALNET>.57.170':6583
    • '<LOCALNET>.57.171':6583
    • '<LOCALNET>.57.172':6583
    • '<LOCALNET>.57.173':6583
    • '<LOCALNET>.57.174':6583
    • '<LOCALNET>.57.175':6583
    • '<LOCALNET>.57.87':6583
    • '<LOCALNET>.57.165':6583
    • '<LOCALNET>.57.89':6583
    • '<LOCALNET>.57.234':6581
    • '<LOCALNET>.57.220':6582
    • '<LOCALNET>.57.84':6583
    • '<LOCALNET>.57.3':6583
    • '<LOCALNET>.57.4':6583
    • '<LOCALNET>.57.5':6583
    • '<LOCALNET>.57.6':6583
    • '<LOCALNET>.57.7':6583
    • '<LOCALNET>.57.8':6583
    • '<LOCALNET>.57.9':6583
    • '<LOCALNET>.57.10':6583
    • '<LOCALNET>.57.11':6583
    • '<LOCALNET>.57.254':6582
    • '<LOCALNET>.57.253':6582
    • '<LOCALNET>.57.2':6583
    • '<LOCALNET>.57.12':6583
    • '<LOCALNET>.57.16':6583
    • '<LOCALNET>.57.17':6583
    • '<LOCALNET>.57.18':6583
    • '<LOCALNET>.57.19':6583
    • '<LOCALNET>.57.20':6583
    • '<LOCALNET>.57.21':6583
    • '<LOCALNET>.57.22':6583
    • '<LOCALNET>.57.23':6583
    • '<LOCALNET>.57.24':6583
    • '<LOCALNET>.57.13':6583
    • '<LOCALNET>.57.14':6583
    • '<LOCALNET>.57.15':6583
    • '<LOCALNET>.57.27':6583
    • '<LOCALNET>.57.25':6583
    • '<LOCALNET>.57.26':6583
    • '<LOCALNET>.57.224':6582
    • '<LOCALNET>.57.225':6582
    • '<LOCALNET>.57.226':6582
    • '<LOCALNET>.57.227':6582
    • '<LOCALNET>.57.235':6581
    • '<LOCALNET>.57.234':6582
    • '<LOCALNET>.57.235':6582
    • '<LOCALNET>.57.236':6582
    • '<LOCALNET>.57.237':6582
    • '<LOCALNET>.57.252':6582
    • '<LOCALNET>.57.222':6582
    • '<LOCALNET>.57.251':6582
    • '<LOCALNET>.57.238':6582
    • '<LOCALNET>.57.242':6582
    • '<LOCALNET>.57.243':6582
    • '<LOCALNET>.57.244':6582
    • '<LOCALNET>.57.245':6582
    • '<LOCALNET>.57.246':6582
    • '<LOCALNET>.57.247':6582
    • '<LOCALNET>.57.248':6582
    • '<LOCALNET>.57.249':6582
    • '<LOCALNET>.57.250':6582
    • '<LOCALNET>.57.239':6582
    • '<LOCALNET>.57.240':6582
    • '<LOCALNET>.57.241':6582
    • '<LOCALNET>.57.28':6583
    • '<LOCALNET>.57.60':6583
    • '<LOCALNET>.57.31':6583
    • '<LOCALNET>.57.63':6583
    • '<LOCALNET>.57.64':6583
    • '<LOCALNET>.57.65':6583
    • '<LOCALNET>.57.66':6583
    • '<LOCALNET>.57.67':6583
    • '<LOCALNET>.57.68':6583
    • '<LOCALNET>.57.69':6583
    • '<LOCALNET>.57.70':6583
    • '<LOCALNET>.57.59':6583
    • '<LOCALNET>.57.71':6583
    • '<LOCALNET>.57.73':6583
    • '<LOCALNET>.57.62':6583
    • '<LOCALNET>.57.74':6583
    • '<LOCALNET>.57.76':6583
    • '<LOCALNET>.57.77':6583
    • '<LOCALNET>.57.78':6583
    • '<LOCALNET>.57.79':6583
    • '<LOCALNET>.57.80':6583
    • '<LOCALNET>.57.81':6583
    • '<LOCALNET>.57.82':6583
    • '<LOCALNET>.57.83':6583
    • '<LOCALNET>.57.72':6583
    • '<LOCALNET>.57.58':6583
    • '<LOCALNET>.57.1':6583
    • '<LOCALNET>.57.75':6583
    • '<LOCALNET>.57.61':6583
    • '<LOCALNET>.57.57':6583
    • '<LOCALNET>.57.56':6583
    • '<LOCALNET>.57.32':6583
    • '<LOCALNET>.57.33':6583
    • '<LOCALNET>.57.34':6583
    • '<LOCALNET>.57.35':6583
    • '<LOCALNET>.57.36':6583
    • '<LOCALNET>.57.37':6583
    • '<LOCALNET>.57.38':6583
    • '<LOCALNET>.57.39':6583
    • '<LOCALNET>.57.40':6583
    • '<LOCALNET>.57.41':6583
    • '<LOCALNET>.57.30':6583
    • '<LOCALNET>.57.44':6583
    • '<LOCALNET>.57.46':6583
    • '<LOCALNET>.57.47':6583
    • '<LOCALNET>.57.48':6583
    • '<LOCALNET>.57.49':6583
    • '<LOCALNET>.57.50':6583
    • '<LOCALNET>.57.48':6581
    • '<LOCALNET>.57.52':6583
    • '<LOCALNET>.57.53':6583
    • '<LOCALNET>.57.54':6583
    • '<LOCALNET>.57.55':6583
    • '<LOCALNET>.57.85':6583
    • '<LOCALNET>.57.45':6583
    • '<LOCALNET>.57.29':6583
    • '<LOCALNET>.57.86':6583
    • '<LOCALNET>.57.255':6589
    • '<LOCALNET>.57.228':6581
    • '<LOCALNET>.57.231':6581
    • '<LOCALNET>.57.149':6580
    • '<LOCALNET>.57.150':6580
    • '<LOCALNET>.57.151':6580
    • '<LOCALNET>.57.152':6580
    • '<LOCALNET>.57.153':6580
    • '<LOCALNET>.57.154':6580
    • '<LOCALNET>.57.157':6580
    • '<LOCALNET>.57.158':6580
    • '<LOCALNET>.57.159':6580
    • '<LOCALNET>.57.160':6580
    • '<LOCALNET>.57.147':6580
    • '<LOCALNET>.57.174':6580
    • '<LOCALNET>.57.146':6580
    • '<LOCALNET>.57.164':6580
    • '<LOCALNET>.57.165':6580
    • '<LOCALNET>.57.166':6580
    • '<LOCALNET>.57.167':6580
    • '<LOCALNET>.57.168':6580
    • '<LOCALNET>.57.169':6580
    • '<LOCALNET>.57.170':6580
    • '<LOCALNET>.57.171':6580
    • '<LOCALNET>.57.172':6580
    • '<LOCALNET>.57.173':6580
    • '<LOCALNET>.57.162':6580
    • '<LOCALNET>.57.161':6580
    • '<LOCALNET>.57.163':6580
    • '<LOCALNET>.57.144':6580
    • '<LOCALNET>.57.133':6580
    • '<LOCALNET>.57.121':6580
    • '<LOCALNET>.57.122':6580
    • '<LOCALNET>.57.123':6580
    • '<LOCALNET>.57.124':6580
    • '<LOCALNET>.57.125':6580
    • '<LOCALNET>.57.126':6580
    • '<LOCALNET>.57.127':6580
    • '<LOCALNET>.57.128':6580
    • '<LOCALNET>.57.129':6580
    • '<LOCALNET>.57.130':6580
    • '<LOCALNET>.57.145':6580
    • '<LOCALNET>.57.175':6580
    • '<LOCALNET>.57.120':6580
    • '<LOCALNET>.57.134':6580
    • '<LOCALNET>.57.135':6580
    • '<LOCALNET>.57.136':6580
    • '<LOCALNET>.57.137':6580
    • '<LOCALNET>.57.138':6580
    • '<LOCALNET>.57.139':6580
    • '<LOCALNET>.57.140':6580
    • '<LOCALNET>.57.141':6580
    • '<LOCALNET>.57.142':6580
    • '<LOCALNET>.57.143':6580
    • '<LOCALNET>.57.132':6580
    • '<LOCALNET>.57.131':6580
    • '<LOCALNET>.57.176':6580
    • '<LOCALNET>.57.177':6580
    • '<LOCALNET>.57.212':6580
    • '<LOCALNET>.57.214':6580
    • '<LOCALNET>.57.215':6580
    • '<LOCALNET>.57.216':6580
    • '<LOCALNET>.57.217':6580
    • '<LOCALNET>.57.218':6580
    • '<LOCALNET>.57.219':6580
    • '<LOCALNET>.57.220':6580
    • '<LOCALNET>.57.221':6580
    • '<LOCALNET>.57.222':6580
    • '<LOCALNET>.57.211':6580
    • '<LOCALNET>.57.223':6580
    • '<LOCALNET>.57.213':6580
    • '<LOCALNET>.57.225':6580
    • '<LOCALNET>.57.227':6580
    • '<LOCALNET>.57.228':6580
    • '<LOCALNET>.57.229':6580
    • '<LOCALNET>.57.230':6580
    • '<LOCALNET>.57.231':6580
    • '<LOCALNET>.57.232':6580
    • '<LOCALNET>.57.233':6580
    • '<LOCALNET>.57.234':6580
    • '<LOCALNET>.57.235':6580
    • '<LOCALNET>.57.224':6580
    • '<LOCALNET>.57.210':6580
    • '<LOCALNET>.57.226':6580
    • '<LOCALNET>.57.209':6580
    • '<LOCALNET>.57.208':6580
    • '<LOCALNET>.57.178':6580
    • '<LOCALNET>.57.185':6580
    • '<LOCALNET>.57.186':6580
    • '<LOCALNET>.57.187':6580
    • '<LOCALNET>.57.188':6580
    • '<LOCALNET>.57.189':6580
    • '<LOCALNET>.57.190':6580
    • '<LOCALNET>.57.191':6580
    • '<LOCALNET>.57.192':6580
    • '<LOCALNET>.57.193':6580
    • '<LOCALNET>.57.194':6580
    • '<LOCALNET>.57.195':6580
    • '<LOCALNET>.57.179':6580
    • '<LOCALNET>.57.196':6580
    • '<LOCALNET>.57.198':6580
    • '<LOCALNET>.57.199':6580
    • '<LOCALNET>.57.200':6580
    • '<LOCALNET>.57.201':6580
    • '<LOCALNET>.57.202':6580
    • '<LOCALNET>.57.203':6580
    • '<LOCALNET>.57.237':6580
    • '<LOCALNET>.57.205':6580
    • '<LOCALNET>.57.206':6580
    • '<LOCALNET>.57.207':6580
    • '<LOCALNET>.57.119':6580
    • '<LOCALNET>.57.197':6580
    • '<LOCALNET>.57.236':6580
    • '<LOCALNET>.57.118':6580
    • '<LOCALNET>.57.204':6580
    • '<LOCALNET>.57.57':6580
    • '<LOCALNET>.57.31':6580
    • '<LOCALNET>.57.32':6580
    • '<LOCALNET>.57.33':6580
    • '<LOCALNET>.57.34':6580
    • '<LOCALNET>.57.35':6580
    • '<LOCALNET>.57.36':6580
    • '<LOCALNET>.57.37':6580
    • '<LOCALNET>.57.38':6580
    • '<LOCALNET>.57.39':6580
    • '<LOCALNET>.57.40':6580
    • '<LOCALNET>.57.29':6580
    • '<LOCALNET>.57.54':6580
    • '<LOCALNET>.57.28':6580
    • '<LOCALNET>.57.44':6580
    • '<LOCALNET>.57.45':6580
    • '<LOCALNET>.57.46':6580
    • '<LOCALNET>.57.47':6580
    • '<LOCALNET>.57.48':6580
    • '<LOCALNET>.57.49':6580
    • '<LOCALNET>.57.55':6580
    • '<LOCALNET>.57.51':6580
    • '<LOCALNET>.57.52':6580
    • '<LOCALNET>.57.53':6580
    • '<LOCALNET>.57.42':6580
    • '<LOCALNET>.57.41':6580
    • '<LOCALNET>.57.43':6580
    • '<LOCALNET>.57.50':6580
    • '<LOCALNET>.57.15':6580
    • '<LOCALNET>.57.12':6580
    • '<LOCALNET>.57.11':6580
    • '<LOCALNET>.57.10':6580
    • '<LOCALNET>.57.9':6580
    • '<LOCALNET>.57.8':6580
    • '<LOCALNET>.57.5':6580
    • '<LOCALNET>.57.6':6580
    • '<LOCALNET>.57.4':6580
    • '<LOCALNET>.57.3':6580
    • '<LOCALNET>.57.27':6580
    • '<LOCALNET>.57.7':6580
    • '<LOCALNET>.57.26':6580
    • '<LOCALNET>.57.13':6580
    • '<LOCALNET>.57.16':6580
    • '<LOCALNET>.57.17':6580
    • '<LOCALNET>.57.18':6580
    • '<LOCALNET>.57.19':6580
    • '<LOCALNET>.57.20':6580
    • '<LOCALNET>.57.2':6580
    • '<LOCALNET>.57.22':6580
    • '<LOCALNET>.57.23':6580
    • '<LOCALNET>.57.24':6580
    • '<LOCALNET>.57.25':6580
    • '<LOCALNET>.57.14':6580
    • '<LOCALNET>.57.21':6580
    • '<LOCALNET>.57.56':6580
    • '<LOCALNET>.57.98':6580
    • '<LOCALNET>.57.87':6580
    • '<LOCALNET>.57.94':6580
    • '<LOCALNET>.57.95':6580
    • '<LOCALNET>.57.96':6580
    • '<LOCALNET>.57.97':6580
    • '<LOCALNET>.57.30':6580
    • '<LOCALNET>.57.99':6580
    • '<LOCALNET>.57.100':6580
    • '<LOCALNET>.57.101':6580
    • '<LOCALNET>.57.102':6580
    • '<LOCALNET>.57.86':6580
    • '<LOCALNET>.57.103':6580
    • '<LOCALNET>.57.93':6580
    • '<LOCALNET>.57.105':6580
    • '<LOCALNET>.57.107':6580
    • '<LOCALNET>.57.108':6580
    • '<LOCALNET>.57.109':6580
    • '<LOCALNET>.57.110':6580
    • '<LOCALNET>.57.111':6580
    • '<LOCALNET>.57.112':6580
    • '<LOCALNET>.57.113':6580
    • '<LOCALNET>.57.114':6580
    • '<LOCALNET>.57.115':6580
    • '<LOCALNET>.57.104':6580
    • '<LOCALNET>.57.85':6580
    • '<LOCALNET>.57.106':6580
    • '<LOCALNET>.57.84':6580
    • '<LOCALNET>.57.83':6580
    • '<LOCALNET>.57.58':6580
    • '<LOCALNET>.57.60':6580
    • '<LOCALNET>.57.61':6580
    • '<LOCALNET>.57.62':6580
    • '<LOCALNET>.57.63':6580
    • '<LOCALNET>.57.64':6580
    • '<LOCALNET>.57.65':6580
    • '<LOCALNET>.57.66':6580
    • '<LOCALNET>.57.67':6580
    • '<LOCALNET>.57.68':6580
    • '<LOCALNET>.57.69':6580
    • '<LOCALNET>.57.70':6580
    • '<LOCALNET>.57.59':6580
    • '<LOCALNET>.57.71':6580
    • '<LOCALNET>.57.73':6580
    • '<LOCALNET>.57.74':6580
    • '<LOCALNET>.57.75':6580
    • '<LOCALNET>.57.76':6580
    • '<LOCALNET>.57.77':6580
    • '<LOCALNET>.57.78':6580
    • '<LOCALNET>.57.79':6580
    • '<LOCALNET>.57.80':6580
    • '<LOCALNET>.57.81':6580
    • '<LOCALNET>.57.82':6580
    • '<LOCALNET>.57.117':6580
    • '<LOCALNET>.57.72':6580
    • '<LOCALNET>.57.116':6580
    • '<LOCALNET>.57.238':6580
    • '<LOCALNET>.57.148':6581
    • '<LOCALNET>.57.143':6581
    • '<LOCALNET>.57.145':6581
    • '<LOCALNET>.57.146':6581
    • '<LOCALNET>.57.147':6581
    • '<LOCALNET>.57.148':6580
    • '<LOCALNET>.57.149':6581
    • '<LOCALNET>.57.150':6581
    • '<LOCALNET>.57.151':6581
    • '<LOCALNET>.57.152':6581
    • '<LOCALNET>.57.153':6581
    • '<LOCALNET>.57.142':6581
    • '<LOCALNET>.57.141':6581
    • '<LOCALNET>.57.144':6581
    • '<LOCALNET>.57.154':6581
    • '<LOCALNET>.57.158':6581
    • '<LOCALNET>.57.159':6581
    • '<LOCALNET>.57.160':6581
    • '<LOCALNET>.57.161':6581
    • '<LOCALNET>.57.162':6581
    • '<LOCALNET>.57.163':6581
    • '<LOCALNET>.57.164':6581
    • '<LOCALNET>.57.165':6581
    • '<LOCALNET>.57.166':6581
    • '<LOCALNET>.57.155':6581
    • '<LOCALNET>.57.156':6581
    • '<LOCALNET>.57.157':6581
    • '<LOCALNET>.57.169':6581
    • '<LOCALNET>.57.167':6581
    • '<LOCALNET>.57.168':6581
    • '<LOCALNET>.57.111':6581
    • '<LOCALNET>.57.118':6581
    • '<LOCALNET>.57.119':6581
    • '<LOCALNET>.57.120':6581
    • '<LOCALNET>.57.121':6581
    • '<LOCALNET>.57.122':6581
    • '<LOCALNET>.57.123':6581
    • '<LOCALNET>.57.124':6581
    • '<LOCALNET>.57.125':6581
    • '<LOCALNET>.57.140':6581
    • '<LOCALNET>.57.109':6581
    • '<LOCALNET>.57.139':6581
    • '<LOCALNET>.57.126':6581
    • '<LOCALNET>.57.130':6581
    • '<LOCALNET>.57.131':6581
    • '<LOCALNET>.57.132':6581
    • '<LOCALNET>.57.133':6581
    • '<LOCALNET>.57.134':6581
    • '<LOCALNET>.57.135':6581
    • '<LOCALNET>.57.136':6581
    • '<LOCALNET>.57.137':6581
    • '<LOCALNET>.57.138':6581
    • '<LOCALNET>.57.127':6581
    • '<LOCALNET>.57.128':6581
    • '<LOCALNET>.57.129':6581
    • '<LOCALNET>.57.170':6581
    • '<LOCALNET>.57.202':6581
    • '<LOCALNET>.57.173':6581
    • '<LOCALNET>.57.210':6581
    • '<LOCALNET>.57.211':6581
    • '<LOCALNET>.57.212':6581
    • '<LOCALNET>.57.213':6581
    • '<LOCALNET>.57.214':6581
    • '<LOCALNET>.57.215':6581
    • '<LOCALNET>.57.216':6581
    • '<LOCALNET>.57.217':6581
    • '<LOCALNET>.57.201':6581
    • '<LOCALNET>.57.218':6581
    • '<LOCALNET>.57.220':6581
    • '<LOCALNET>.57.204':6581
    • '<LOCALNET>.57.221':6581
    • '<LOCALNET>.57.223':6581
    • '<LOCALNET>.57.224':6581
    • '<LOCALNET>.57.225':6581
    • '<LOCALNET>.57.255':6588
    • '<LOCALNET>.57.227':6581
    • '<LOCALNET>.57.145':6583
    • '<LOCALNET>.57.229':6581
    • '<LOCALNET>.57.230':6581
    • '<LOCALNET>.57.219':6581
    • '<LOCALNET>.57.200':6581
    • '<LOCALNET>.57.106':6581
    • '<LOCALNET>.57.222':6581
    • '<LOCALNET>.57.203':6581
    • '<LOCALNET>.57.199':6581
    • '<LOCALNET>.57.198':6581
    • '<LOCALNET>.57.174':6581
    • '<LOCALNET>.57.175':6581
    • '<LOCALNET>.57.176':6581
    • '<LOCALNET>.57.177':6581
    • '<LOCALNET>.57.178':6581
    • '<LOCALNET>.57.179':6581
    • '<LOCALNET>.57.182':6581
    • '<LOCALNET>.57.183':6581
    • '<LOCALNET>.57.184':6581
    • '<LOCALNET>.57.185':6581
    • '<LOCALNET>.57.172':6581
    • '<LOCALNET>.57.186':6581
    • '<LOCALNET>.57.188':6581
    • '<LOCALNET>.57.189':6581
    • '<LOCALNET>.57.190':6581
    • '<LOCALNET>.57.191':6581
    • '<LOCALNET>.57.192':6581
    • '<LOCALNET>.57.193':6581
    • '<LOCALNET>.57.194':6581
    • '<LOCALNET>.57.195':6581
    • '<LOCALNET>.57.196':6581
    • '<LOCALNET>.57.197':6581
    • '<LOCALNET>.57.108':6581
    • '<LOCALNET>.57.187':6581
    • '<LOCALNET>.57.171':6581
    • '<LOCALNET>.57.110':6581
    • '<LOCALNET>.57.107':6581
    • '<LOCALNET>.57.105':6581
    • '<LOCALNET>.57.239':6580
    • '<LOCALNET>.57.24':6581
    • '<LOCALNET>.57.25':6581
    • '<LOCALNET>.57.26':6581
    • '<LOCALNET>.57.27':6581
    • '<LOCALNET>.57.28':6581
    • '<LOCALNET>.57.29':6581
    • '<LOCALNET>.57.30':6581
    • '<LOCALNET>.57.31':6581
    • '<LOCALNET>.57.32':6581
    • '<LOCALNET>.57.16':6581
    • '<LOCALNET>.57.14':6581
    • '<LOCALNET>.57.18':6581
    • '<LOCALNET>.57.33':6581
    • '<LOCALNET>.57.37':6581
    • '<LOCALNET>.57.38':6581
    • '<LOCALNET>.57.39':6581
    • '<LOCALNET>.57.40':6581
    • '<LOCALNET>.57.41':6581
    • '<LOCALNET>.57.42':6581
    • '<LOCALNET>.57.43':6581
    • '<LOCALNET>.57.44':6581
    • '<LOCALNET>.57.45':6581
    • '<LOCALNET>.57.34':6581
    • '<LOCALNET>.57.35':6581
    • '<LOCALNET>.57.36':6581
    • '<LOCALNET>.57.15':6581
    • '<LOCALNET>.57.13':6581
    • '<LOCALNET>.57.46':6581
    • '<LOCALNET>.57.241':6580
    • '<LOCALNET>.57.242':6580
    • '<LOCALNET>.57.243':6580
    • '<LOCALNET>.57.244':6580
    • '<LOCALNET>.57.245':6580
    • '<LOCALNET>.57.246':6580
    • '<LOCALNET>.57.249':6580
    • '<LOCALNET>.57.250':6580
    • '<LOCALNET>.57.251':6580
    • '<LOCALNET>.57.252':6580
    • '<LOCALNET>.57.253':6580
    • '<LOCALNET>.57.240':6580
    • '<LOCALNET>.57.254':6580
    • '<LOCALNET>.57.2':6581
    • '<LOCALNET>.57.3':6581
    • '<LOCALNET>.57.4':6581
    • '<LOCALNET>.57.5':6581
    • '<LOCALNET>.57.6':6581
    • '<LOCALNET>.57.7':6581
    • '<LOCALNET>.57.8':6581
    • '<LOCALNET>.57.9':6581
    • '<LOCALNET>.57.10':6581
    • '<LOCALNET>.57.11':6581
    • '<LOCALNET>.57.12':6581
    • '<LOCALNET>.57.1':6581
    • '<LOCALNET>.57.232':6581
    • '<LOCALNET>.57.51':6583
    • '<LOCALNET>.57.47':6581
    • '<LOCALNET>.57.51':6581
    • '<LOCALNET>.57.81':6581
    • '<LOCALNET>.57.82':6581
    • '<LOCALNET>.57.83':6581
    • '<LOCALNET>.57.84':6581
    • '<LOCALNET>.57.85':6581
    • '<LOCALNET>.57.86':6581
    • '<LOCALNET>.57.89':6581
    • '<LOCALNET>.57.90':6581
    • '<LOCALNET>.57.91':6581
    • '<LOCALNET>.57.78':6581
    • '<LOCALNET>.57.92':6581
    • '<LOCALNET>.57.80':6581
    • '<LOCALNET>.57.94':6581
    • '<LOCALNET>.57.96':6581
    • '<LOCALNET>.57.97':6581
    • '<LOCALNET>.57.98':6581
    • '<LOCALNET>.57.99':6581
    • '<LOCALNET>.57.100':6581
    • '<LOCALNET>.57.101':6581
    • '<LOCALNET>.57.102':6581
    • '<LOCALNET>.57.103':6581
    • '<LOCALNET>.57.104':6581
    • '<LOCALNET>.57.93':6581
    • '<LOCALNET>.57.17':6581
    • '<LOCALNET>.57.95':6581
    • '<LOCALNET>.57.79':6581
    • '<LOCALNET>.57.77':6581
    • '<LOCALNET>.57.76':6581
    • '<LOCALNET>.57.52':6581
    • '<LOCALNET>.57.53':6581
    • '<LOCALNET>.57.54':6581
    • '<LOCALNET>.57.55':6581
    • '<LOCALNET>.57.56':6581
    • '<LOCALNET>.57.57':6581
    • '<LOCALNET>.57.58':6581
    • '<LOCALNET>.57.59':6581
    • '<LOCALNET>.57.60':6581
    • '<LOCALNET>.57.61':6581
    • '<LOCALNET>.57.50':6581
    • '<LOCALNET>.57.62':6581
    • '<LOCALNET>.57.64':6581
    • '<LOCALNET>.57.65':6581
    • '<LOCALNET>.57.66':6581
    • '<LOCALNET>.57.67':6581
    • '<LOCALNET>.57.68':6581
    • '<LOCALNET>.57.69':6581
    • '<LOCALNET>.57.70':6581
    • '<LOCALNET>.57.71':6581
    • '<LOCALNET>.57.72':6581
    • '<LOCALNET>.57.73':6581
    • '<LOCALNET>.57.74':6581
    • '<LOCALNET>.57.63':6581
    • '<LOCALNET>.57.75':6581
    • '<LOCALNET>.57.49':6581
    • '<LOCALNET>.57.226':6581
    Miscellaneous
    Searches for the following windows
    • ClassName: 'RCLIENT' WindowName: 'League of Legends'
    • ClassName: '2978' WindowName: ''
    • ClassName: 'TrayNotifyWnd' WindowName: ''
    • ClassName: 'SysPager' WindowName: ''
    • ClassName: 'ToolbarWindow32' WindowName: ''
    • ClassName: 'NotifyIconOverflowWindow' WindowName: ''
    • ClassName: 'HallMainWnd' WindowName: ''
    Creates and executes the following
    • '%TEMP%\qgxrhfd.exe'
    • '%WINDIR%\fsdcjccd\ienikcck.exe'
    • '%WINDIR%\fsdcjccd\dwzou\qwxdx.exe' uid:101287 param:0
    • '%WINDIR%\gyignx.exe'
    • '%WINDIR%\fsdcjccd\gnehv\mnexg.exe' uid:101287 param:0
    • '%TEMP%\btqdri.exe'
    • '%WINDIR%\lgnetbmt.exe' uid: param
    • '%WINDIR%\fsdcjccd\ienikcck.exe' ' (with hidden window)
    • '%WINDIR%\syswow64\cmd.exe' cmd /c ping 127.0.0.1 &&cmd /c del "%TEMP%\QGXrhFD.exe" >> NUL' (with hidden window)
    • '%WINDIR%\syswow64\cmd.exe' cmd /c ping 127.0.0.1 &&cmd /c del "%WINDIR%\fsdcjccd\dwzou\qwxdx.exe" >> NUL' (with hidden window)
    • '%WINDIR%\lgnetbmt.exe' uid: param:' (with hidden window)
    • '%WINDIR%\syswow64\ipconfig.exe' /flushdns' (with hidden window)
    • '%WINDIR%\syswow64\cmd.exe' cmd /c ping 127.0.0.1 &&cmd /c del "%TEMP%\btqdri.exe" >> NUL' (with hidden window)
    • '%WINDIR%\syswow64\cmd.exe' /c ipconfig /all' (with hidden window)
    • '<SYSTEM32>\ipconfig.exe' /flushdns' (with hidden window)
    Executes the following
    • '%WINDIR%\syswow64\cmd.exe' cmd /c ping 127.0.0.1 &&cmd /c del "%TEMP%\QGXrhFD.exe" >> NUL
    • '%WINDIR%\syswow64\ping.exe' 127.0.0.1
    • '%WINDIR%\syswow64\cmd.exe' /c del "%TEMP%\QGXrhFD.exe"
    • '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "%WINDIR%\fsdcjccd\ienikcck.exe"
    • '%WINDIR%\syswow64\cmd.exe' cmd /c ping 127.0.0.1 &&cmd /c del "%WINDIR%\fsdcjccd\dwzou\qwxdx.exe" >> NUL
    • '%WINDIR%\syswow64\ipconfig.exe' /flushdns
    • '%WINDIR%\syswow64\cmd.exe' /c del "%WINDIR%\fsdcjccd\dwzou\qwxdx.exe"
    • '%WINDIR%\syswow64\cmd.exe' cmd /c ping 127.0.0.1 &&cmd /c del "%TEMP%\btqdri.exe" >> NUL
    • '%WINDIR%\syswow64\cmd.exe' /c ipconfig /all
    • '%WINDIR%\syswow64\ipconfig.exe' /all
    • '%WINDIR%\syswow64\cmd.exe' /c del "%TEMP%\btqdri.exe"
    • '<SYSTEM32>\rasautou.exe'
    • '<SYSTEM32>\ipconfig.exe' /flushdns

    Curing recommendations

    1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
    2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
    Download Dr.Web

    Download by serial number

    Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

    After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

    Download Dr.Web

    Download by serial number

    1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
    2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
      • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
      • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
      • Switch off your device and turn it on as normal.

    Find out more about Dr.Web for Android