FOR CUSTOMERS

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY
Close
Support services
Scanners
Dr.Web vxCube
Trial
VCI investigations
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Trojan.StartPage.53025

Added to the Dr.Web virus database: 2013-04-28

Virus description added:

Technical Information

To ensure autorun and distribution:
Modifies the following registry keys:
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Guard.Mail.ru.gui' = '"%PROGRAM_FILES%\Mail.Ru\Guard\GuardMailRu.exe" /gui'
Creates the following services:
  • [<HKLM>\SYSTEM\ControlSet001\Services\Guard.Mail.ru] 'Start' = '00000002'
Malicious functions:
To bypass firewall, removes or modifies the following registry keys:
  • [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%PROGRAM_FILES%\Mail.Ru\Sputnik\SputnikFlashPlayer.exe' = '%PROGRAM_FILES%\Mail.Ru\Sputnik\SputnikFlashPlayer.exe:*:Enabled:%PROGRAM_FILES%\Mail.Ru\Sputnik\SputnikFlashPlayer.exe'
  • [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%PROGRAM_FILES%\Mail.Ru\Sputnik\SputnikHelper.exe' = '%PROGRAM_FILES%\Mail.Ru\Sputnik\SputnikHelper.exe:*:Enabled:%PROGRAM_FILES%\Mail.Ru\Sputnik\SputnikHelper.exe'
Creates and executes the following:
  • '%PROGRAM_FILES%\Mail.Ru\Guard\GuardMailRu.exe'
  • '%PROGRAM_FILES%\Mail.Ru\Guard\GuardMailRu.exe' /gui
  • '%TEMP%\GuardMailRu.exe' /INSTALL2 /LANG=ru /GUID={80334475-E401-4622-A04D-23B63E8B9872}
  • '%PROGRAM_FILES%\Mail.Ru\MailRuSputnik.exe' /silent /rfr=openpart /partner_new_url=http://lo###oney.ru/vendor_install?si#############################
  • '%PROGRAM_FILES%\Mail.Ru\Sputnik\SputnikHelper.exe' /RegServer
Executes the following:
  • '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%PROGRAM_FILES%\Mail.Ru\Sputnik\SputnikFlashPlayer.exe" "%PROGRAM_FILES%\Mail.Ru\Sputnik\SputnikFlashPlayer.exe" ENABLE ALL
  • '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%PROGRAM_FILES%\Mail.Ru\Sputnik\SputnikHelper.exe" "%PROGRAM_FILES%\Mail.Ru\Sputnik\SputnikHelper.exe" ENABLE ALL
Sets a new unauthorized home page for Windows Internet Explorer.
Modifies file system :
Creates the following files:
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\weather.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\widget.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\video.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\wap.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\start_search.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\stop.gif
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\st_d.gif
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\st_u.gif
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\tv.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\soft.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\sputnik.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\search.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\showbiz.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\travel.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\troecarstvie.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\top.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\torg.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\tabs\form.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\tabs\ico.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\tabs\button_bg.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\tabs\close.gif
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\tabs\logo.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\tabs\thumbail_bg.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\tabs\input_bg.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\tabs\input_right.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\tabs\button.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\tabs\404_form.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\tabs\add_ico.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\stream_green_100x17.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\stream_logo_120x90.bmp
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\tabs\ajax-loader_1.gif
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\tabs\bg_line.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\tabs\add_ico_1.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\tabs\ajax-loader.gif
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\files.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\foto.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\email.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\encyclopedies.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\horo.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\hosting.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\games.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\hi_tech.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\education.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\chats.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\content.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\cards.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\catalog.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\dictionaries.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\drive.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\crossfire.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\deti.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\my_world.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\news.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\money.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\my_site.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\rabota.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\realty.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\perfect_world.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\pics.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\mobile.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\lady.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\legenda.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\jagger.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\jokes.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\mail_agent.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\maps.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\loong.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\love.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\tabs\thumbnail_bg.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\lib\observers.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\lib\rawdeflate.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\lib\highlighter.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\lib\installation.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\lib\send.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\lib\toolbar.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\lib\resizeImage.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\lib\searchControl.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\lib\ggrelease.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\lib\ajaxService.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\lib\attention.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\install.rdf
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\lib\addonListener.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\lib\ggdebug.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\lib\gglib.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\lib\base64.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\lib\chevron.js
  • %PROGRAM_FILES%\Mail.Ru\Sputnik\SputnikHelper.exe
  • %PROGRAM_FILES%\Mail.Ru\Sputnik\SputnikFlashPlayer.exe
  • %HOMEPATH%\Desktop\Искать в Интернете.url
  • %PROGRAM_FILES%\Mail.Ru\Sputnik\MailRuSputnik.dll
  • %PROGRAM_FILES%\Mail.Ru\Guard\GuardMailRu.exe
  • C:\Documents and Settings\LocalService\Application Data\{DCD48218-E972-4d0c-9E5F-43462BC13E3B}\{9bed5ee2-0547-4706-8600-d3897629ade0}
  • %PROGRAM_FILES%\Mail.Ru\Sputnik\MailRuSputnik.exe
  • %TEMP%\GuardMailRu.exe
  • <LS_APPDATA>\Mail.Ru\GoMailRu.ico
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\lib\webMetrics.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\lib\xcom.services.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\lib\version.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\lib\vote.js
  • %ALLUSERSPROFILE%\Favorites\Mail.Ru.url
  • %ALLUSERSPROFILE%\Favorites\Mail.Ru Агент - используй для общения!.url
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\lib\xcom.services.ok.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\lib\xmlObjects.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\weather\1_6.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\weather\1_7.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\weather\1_4.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\weather\1_5.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\weather\2_10.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\weather\2_4.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\weather\1_8.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\weather\1_9.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\weather\1_10.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\tria.gif
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\trib.gif
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\tabs\thumbnail_bg_1.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\toolbar-logo.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\weather\0_8.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\weather\0_9.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\weather\0_10.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\weather\0_5.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\weather\3_9.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\weather_default.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\weather\3_7.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\weather\3_8.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\components\sputnik.xcom.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\defaults\preferences\mail.ru.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\zoom.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\components\odnoklassniki.xcom.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\weather\3_6.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\weather\2_7.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\weather\2_8.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\weather\2_5.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\weather\2_6.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\weather\3_4.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\weather\3_5.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\weather\2_9.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\weather\3_10.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\business_tycoon.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\sputnik\informer.currency.eur.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\sputnik\informer.currency.gbp.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\sputnik\informer.currency.cny.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\sputnik\informer.currency.dkk.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\sputnik\informer.currency.kzt.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\sputnik\informer.currency.nok.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\sputnik\informer.currency.isk.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\sputnik\informer.currency.jpy.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\sputnik\informer.currency.chf.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\mail.ru.weather_city.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\sputnik\InformerStream.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\mail.ru.searchtools.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\mail.ru.toolbar.properties
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\sputnik\informer.currency.byr.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\sputnik\informer.currency.cad.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\sputnik\informer.2gis.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\sputnik\informer.currency.aud.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\sputnik\informer.url-rank.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\sputnik\informer.weather.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\sputnik\informer.my.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\sputnik\informer.provider.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\sputnik\mail.ru.search.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\sputnik\mail.ru.services.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\sputnik\mail.ru.cyrrencies.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\sputnik\mail.ru.fast-services.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\sputnik\informer.money.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\sputnik\informer.currency.try.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\sputnik\informer.currency.uah.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\sputnik\informer.currency.sek.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\sputnik\informer.currency.sgd.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\sputnik\informer.mail.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\sputnik\informer.maps.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\sputnik\informer.currency.usd.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\sputnik\informer.currency.xdr.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\content\mail.ru.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\content\music_window.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\content\contents.rdf
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\content\informerPanel.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\content\save_controls.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\content\search.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\content\newtab.xul
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\content\newtabhomepage.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\content\chevron.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\MRSputnikData\install_options.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\META-INF\manifest.mf
  • %PROGRAM_FILES%\Mail.Ru\MailRuSputnik.exe
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\prefs.tmp
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome.manifest
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\content\brand.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\META-INF\zigbert.rsa
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\META-INF\zigbert.sf
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\form\logo.gif
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\ansi.properties
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\form\btn.gif
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\form\contents.rdf
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\http_form_strings.properties
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\mail.ru.search_provider.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\blank.html
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\contents.rdf
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\content\tools.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\content\settings.xul
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\content\sputnik\mailruInformers.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\content\search.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\content\settings.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\content\sputnik\sputnik.toolbar.xul
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\content\tabs.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\content\sputnik\mailruObservers.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\content\sputnik\sputnik.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\sputnik\mail.ru.toolbar.dtd
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\mailru_logo.gif
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\map.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\mail.ru.tabs.css
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\mail.ru.toolbar.css
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\money.gif
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\notifications.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\marks.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\messages.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\mail.ru.search.css
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\gripper.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\guests.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\flow.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\greycar.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\jams_100x17.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\mail.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\hilite_text.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\informer_class.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\answers.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\auto.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\afisha.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\allods.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\boomz.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\bugz.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\berserk.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\blogs.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\services\3sider.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\odnoklassniki_logo.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\preferences.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\odnoklassniki.ru.toolbar.css
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\odnoklassniki_info_logo.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\search_page.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\search_text.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\req_vote.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\search_discuss.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\contents.rdf
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\currencies\aud_na.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\checkbox-disabled.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\checkbox-unchecked.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\currencies\chf_na.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\currencies\cny_na.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\currencies\byr_na.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\currencies\cad_na.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\checkbox-checked.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\2gis.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\arrow.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\sputnik_form.html
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\locale\ru-RU\sputnik_form_edit.html
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\c_b.gif
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\c_t.gif
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\back.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\back_dark.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\currencies\usd_na.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\currencies\xdr_na.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\currencies\try_na.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\currencies\uah_na.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\discussions.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\eqv.gif
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\currency_arrow_down.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\currency_arrow_up.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\currencies\sgd_na.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\currencies\gbp_na.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\currencies\isk_na.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\currencies\dkk_na.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\currencies\eur_na.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\currencies\nok_na.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\currencies\sek_na.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\currencies\jpy_na.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}\chrome\skin\currencies\kzt_na.png
Moves the following files:
  • from %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\prefs.tmp to %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\prefs.js
Network activity:
Connects to:
  • 'localhost':1040
  • 'localhost':1043
  • 'localhost':1037
  • '94.##0.191.201':80
TCP:
HTTP GET requests:
  • 94.##0.191.201/update/2/version.txt?ty#######################################################################################################
  • 94.##0.191.201/update/2/version.txt?ty##############################################################################################################################################################################################
  • 94.##0.191.201/update/2/version.txt?ty######################################################################################
UDP:
  • DNS ASK mr#.mail.ru
Miscellaneous:
Searches for the following windows:
  • ClassName: 'Shell_TrayWnd' WindowName: ''
  • ClassName: 'EDIT' WindowName: ''

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play