Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Adware.Gexin.22569

Added to the Dr.Web virus database: 2022-02-09

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Adware.Gexin.2.origin
Network activity:
Connects to:
  • UDP(DNS) 8####.8.4.4:53
  • TCP(HTTP/1.1) dancf####.oss-cn-####.aliy####.com:80
  • TCP(HTTP/1.1) a####.u####.com.####.com:80
  • TCP(HTTP/1.1) c-h####.g####.com:80
  • TCP(HTTP/1.1) a####.exc.mob.com:80
  • TCP(HTTP/1.1) sdk-ope####.g####.com:80
  • TCP(HTTP/1.1) d####.c####.l####.####.com:80
  • TCP(HTTP/1.1) a####.ttx####.com:80
  • TCP(HTTP/1.1) cdn-sdk####.g####.com.####.com:80
  • TCP(TLS/1.0) a####.ttx####.com:443
  • TCP(TLS/1.0) st0.d####.com:443
  • TCP(TLS/1.0) dancf####.oss-cn-####.aliy####.com:443
  • TCP(TLS/1.0) 5114601####.bug####.com:443
  • TCP(TLS/1.0) as####.growi####.com.####.net:443
  • TCP(TLS/1.0) t####.growi####.com:443
  • TCP(TLS/1.0) android####.go####.com:443
  • TCP(TLS/1.0) t.growi####.com:443
  • TCP(TLS/1.0) img.ttx####.com:443
  • TCP(TLS/1.0) and####.cli####.go####.com:443
  • TCP(TLS/1.0) st####.d####.com:443
  • TCP(TLS/1.0) instant####.google####.com:443
  • TCP(TLS/1.0) and####.google####.com:443
  • TCP(TLS/1.0) 1####.250.179.202:443
  • TCP(TLS/1.0) api.growi####.com:443
  • TCP(TLS/1.0) cras####.growi####.com:443
  • TCP(TLS/1.2) 1####.251.36.10:443
  • TCP(TLS/1.2) and####.cli####.go####.com:443
  • TCP(TLS/1.2) 1####.217.168.195:443
  • TCP(TLS/1.2) 1####.250.179.202:443
  • TCP sdk.o####.t####.####.com:5224
  • TCP a####.ttx####.com:443
  • TCP cm-1####.g####.com:5227
DNS requests:
  • 5114601####.bug####.com
  • a####.exc.mob.com
  • a####.ttx####.com
  • a####.u####.com
  • and####.cli####.go####.com
  • and####.google####.com
  • android####.go####.com
  • api.growi####.com
  • api.s####.mob.com
  • as####.growi####.com
  • c-h####.g####.com
  • cdn-sdk####.g####.com
  • cm-1####.g####.com
  • cras####.growi####.com
  • dancf####.oss-cn-####.aliy####.com
  • i####.ttx####.com
  • img.ttx####.com
  • instant####.google####.com
  • log.huanleg####.com
  • log.huanleg####.com.####.8
  • m####.go####.com
  • sdk-ope####.g####.com
  • sdk.c####.g####.com
  • sdk.o####.p####.####.com
  • sdk.o####.t####.####.com
  • sdk.o####.t####.####.com
  • sdk.o####.t####.####.com
  • sdk.o####.t####.####.net
  • st####.d####.com
  • st0.d####.com
  • t####.growi####.com
  • t.growi####.com
HTTP GET requests:
  • a####.ttx####.com/h5/offline_map?config_id=####
  • cdn-sdk####.g####.com.####.com/tdata_EDB102
  • cdn-sdk####.g####.com.####.com/tdata_RBO669
  • cdn-sdk####.g####.com.####.com/tdata_cpZ817
  • cdn-sdk####.g####.com.####.com/tdata_uxr091
  • d####.c####.l####.####.com/config/hzv9.conf
  • dancf####.oss-cn-####.aliy####.com/weboffline/album/350daf495/album-1643...
  • dancf####.oss-cn-####.aliy####.com/weboffline/border/350daf495/border-16...
  • dancf####.oss-cn-####.aliy####.com/weboffline/common/350daf495/common-16...
  • dancf####.oss-cn-####.aliy####.com/weboffline/daily-memo/350daf495/daily...
  • dancf####.oss-cn-####.aliy####.com/weboffline/dynamic/350daf495/dynamic-...
  • dancf####.oss-cn-####.aliy####.com/weboffline/mark/350daf495/mark-164312...
  • dancf####.oss-cn-####.aliy####.com/weboffline/msg-v2/350daf495/msg-v2-16...
  • dancf####.oss-cn-####.aliy####.com/weboffline/pad/350daf495/pad-16431216...
  • dancf####.oss-cn-####.aliy####.com/weboffline/pgc-v2/350daf495/pgc-v2-16...
  • dancf####.oss-cn-####.aliy####.com/weboffline/pgc/350daf495/pgc-16431216...
  • dancf####.oss-cn-####.aliy####.com/weboffline/poster/350daf495/poster-16...
  • dancf####.oss-cn-####.aliy####.com/weboffline/referrer/350daf495/referre...
  • dancf####.oss-cn-####.aliy####.com/weboffline/ugc/350daf495/ugc-16431216...
  • dancf####.oss-cn-####.aliy####.com/weboffline/user-v2/350daf495/user-v2-...
  • dancf####.oss-cn-####.aliy####.com/weboffline/user/350daf495/user-164312...
  • dancf####.oss-cn-####.aliy####.com/weboffline/watermark/350daf495/waterm...
  • sdk-ope####.g####.com/api/addr.htm
HTTP POST requests:
  • a####.exc.mob.com/conf5
  • a####.exc.mob.com/conn
  • a####.exc.mob.com/data2
  • a####.exc.mob.com/errconf
  • a####.exc.mob.com/log4
  • a####.exc.mob.com/snsconf
  • a####.u####.com.####.com/app_logs
  • c-h####.g####.com/api.php?format=####&t=####
  • sdk-ope####.g####.com/api.php?format=####&t=####
  • sdk-ope####.g####.com/api.php?format=####&t=####&d=####&k=####
File system changes:
Creates the following files:
  • /data/data/####/-OOtbQRDUwp7SMU4C7Qb5LgrhZQ.1495961682.tmp
  • /data/data/####/.hptc.cache_aydaytobusiness
  • /data/data/####/.hptc_kache_aydaytobusiness
  • /data/data/####/.imprint
  • /data/data/####/.jg.ic
  • /data/data/####/.lock
  • /data/data/####/01b4c28e6c99af2e_0
  • /data/data/####/060d2e56eb8979f4_0
  • /data/data/####/0qTdSTPccYTgLIbTzp4gL3AQP70.1846380201.tmp
  • /data/data/####/0qTdSTPccYTgLIbTzp4gL3AQP70.cnt
  • /data/data/####/19172ac12168b17d_0
  • /data/data/####/1TcSzZsEpMmrKlvAz_qJpJMaOcE.1474942553.tmp
  • /data/data/####/2f7f7850ea10899c_0
  • /data/data/####/2nPBECBsGojVN3SE1J9lzReHx3Q.1377817095.tmp
  • /data/data/####/32fac1954a085326_0
  • /data/data/####/424bd88fcec8d21e_0
  • /data/data/####/481e9142e77442c2_0
  • /data/data/####/4_7bGBdlZYpuYjWuWCX6krJgKgY.1378207173.tmp
  • /data/data/####/4_7bGBdlZYpuYjWuWCX6krJgKgY.cnt
  • /data/data/####/5pcFPPyBVt9af9-CrxGK6uTDw9Q.1119088315.tmp
  • /data/data/####/5pcFPPyBVt9af9-CrxGK6uTDw9Q.cnt
  • /data/data/####/65092a1be3c73e16_0
  • /data/data/####/6ShfM9kfmbP0XD0mAh7J__38Bxg.851484907.tmp
  • /data/data/####/6vvWez7y7Gy4rI0EGxe5qjDT2Tw.712240389.tmp
  • /data/data/####/7493305d75b6
  • /data/data/####/7VGkETjcsicdl7r8SPNuId5GSnk.2072778713.tmp
  • /data/data/####/7a04ed663275235a_0
  • /data/data/####/892802b5fb7e3906_0
  • /data/data/####/8f523e19b3c2bd49_0
  • /data/data/####/904a1f90b01aa5eb_0
  • /data/data/####/93f3db9aa99400f0_0
  • /data/data/####/9Q0QAXb0n1Qn5iTVG4vtK9vbRBg.2130644893.tmp
  • /data/data/####/9Q0QAXb0n1Qn5iTVG4vtK9vbRBg.cnt
  • /data/data/####/A-cdvtF91u_R2aUZupndOwq1maI.904614845.tmp
  • /data/data/####/A-cdvtF91u_R2aUZupndOwq1maI.cnt
  • /data/data/####/Cookies-journal
  • /data/data/####/DTN8MJphQcoA3DmYSnbXWvmYhwo.1929862328.tmp
  • /data/data/####/DayDayTobusiness.xml
  • /data/data/####/EJFsW1nn3g9SZ8xYXgG-H8spBGE.1986265703.tmp
  • /data/data/####/EJFsW1nn3g9SZ8xYXgG-H8spBGE.cnt
  • /data/data/####/F_0GSSGiy2s3wuv1hn8oiq1xLF8.746598480.tmp
  • /data/data/####/HJFcn54jRotDDXuRdcHfB_KEbyo.213456074.tmp
  • /data/data/####/IJhXRn-HxyeG4RgqkF5fh3ueDAI.1619774865.tmp
  • /data/data/####/JeCrWAnWplPH6jeP5RWHu5ip6j4.1614067936.tmp
  • /data/data/####/JeCrWAnWplPH6jeP5RWHu5ip6j4.cnt
  • /data/data/####/PhbfOcUvVSl9DrMae-Rui656Y0E.1594826402.tmp
  • /data/data/####/Qr6XPFFqCcH3p46IwJ-hf6JtIQw.1031746729.tmp
  • /data/data/####/RKStorage-journal
  • /data/data/####/ThrowalbeLog.db-journal
  • /data/data/####/TrfP5NVoR11dOJ2Z6Vs1h9rIyl4.1830369332.tmp
  • /data/data/####/WebViewChromiumPrefs.xml
  • /data/data/####/a48a398983d879b4_0
  • /data/data/####/aa9006dd7b192d80_0
  • /data/data/####/b1f86530ecf78431_0
  • /data/data/####/b4cd002321657a9f_0
  • /data/data/####/b8531da8145bf05e_0
  • /data/data/####/c508b85760ef9a4d_0
  • /data/data/####/c542f00d39396454_0
  • /data/data/####/c8fbaf91b0763723_0
  • /data/data/####/cc.db
  • /data/data/####/cc.db-journal
  • /data/data/####/classes.dex
  • /data/data/####/classes.oat
  • /data/data/####/classes2.dex
  • /data/data/####/classes3.dex
  • /data/data/####/com.hlg.daydaytobusiness_preferences.xml
  • /data/data/####/device_id.xml.xml
  • /data/data/####/dso_deps
  • /data/data/####/dso_lock
  • /data/data/####/dso_manifest
  • /data/data/####/dso_state
  • /data/data/####/e4f29e1f9a35ba4e_0
  • /data/data/####/e6a432666facfb76_0
  • /data/data/####/exchangeIdentity.json
  • /data/data/####/exid.dat
  • /data/data/####/f2ea2de8617ca7fa_0
  • /data/data/####/f48e2bfac877e17e_0
  • /data/data/####/ffmpeg
  • /data/data/####/getui_sp.xml
  • /data/data/####/gkt-journal
  • /data/data/####/growing.db
  • /data/data/####/growing.db-journal
  • /data/data/####/growing_profile.xml
  • /data/data/####/growing_server_pref.xml
  • /data/data/####/growingio_diagnose.xml
  • /data/data/####/gx_sp.xml
  • /data/data/####/htijOuONrrHIC8UV6GEzIEDvyR4.758994047.tmp
  • /data/data/####/htijOuONrrHIC8UV6GEzIEDvyR4.cnt
  • /data/data/####/index
  • /data/data/####/init.pid
  • /data/data/####/init_c1.pid
  • /data/data/####/jg_so_upgrade_setting.xml
  • /data/data/####/journal
  • /data/data/####/kZMCu3PZ-YbL-k7POuCNpnbdULs.2001490577.tmp
  • /data/data/####/libjiagu.so
  • /data/data/####/metrics_guid
  • /data/data/####/mob_sdk_exception_1.xml
  • /data/data/####/nCSgeCbkk_mJV5vHDJwwBmTCcyE.1171196529.tmp
  • /data/data/####/proc_auxv
  • /data/data/####/push.pid
  • /data/data/####/pushext.db-journal
  • /data/data/####/pushg.db-journal
  • /data/data/####/pushsdk.db-journal
  • /data/data/####/rQN8e0xMDszzUmWryq1ZxqC-Mvw.1086645463.tmp
  • /data/data/####/run.pid
  • /data/data/####/s9g6q74SBdewU8VUDRO8ht7KP9U.1828876816.tmp
  • /data/data/####/s9g6q74SBdewU8VUDRO8ht7KP9U.cnt
  • /data/data/####/share_sdk_1.xml
  • /data/data/####/share_sdk_1.xml.bak
  • /data/data/####/sharesdk.db-journal
  • /data/data/####/tdata_RBO669
  • /data/data/####/tdata_RBO669.dex
  • /data/data/####/tdata_RBO669.dex.flock (deleted)
  • /data/data/####/tdata_RBO669.jar
  • /data/data/####/tdata_cpZ817
  • /data/data/####/tdata_cpZ817.dex
  • /data/data/####/tdata_cpZ817.dex.flock (deleted)
  • /data/data/####/tdata_cpZ817.jar
  • /data/data/####/tdata_uxr091
  • /data/data/####/tdata_uxr091.dex
  • /data/data/####/tdata_uxr091.dex.flock (deleted)
  • /data/data/####/tdata_uxr091.jar
  • /data/data/####/temp-index
  • /data/data/####/the-real-index
  • /data/data/####/u6YjEQe76P0WlaUuZOdoneHG2ss.1501591113.tmp
  • /data/data/####/u6YjEQe76P0WlaUuZOdoneHG2ss.cnt
  • /data/data/####/ua.db
  • /data/data/####/ua.db-journal
  • /data/data/####/umeng_general_config.xml
  • /data/data/####/umeng_it.cache
  • /data/data/####/vds_hybrid.min.js
  • /data/data/####/y1SPMlXyO4smqnygZqhh4Zddnic.410932715.tmp
  • /data/data/####/zSexsdy0se43gpe6BOHjSPiB-Xg.1082709248.tmp
  • /data/media/####/-1140-11067-120-2114491452-88-12-8566-47-73
  • /data/media/####/-2010999661379-37583270963596-6211856
  • /data/media/####/-2070640597
  • /data/media/####/-312457-108-1273589121118-807039-84-86-98-2
  • /data/media/####/-3893106-2270-58112-8658-78-11163-85516071
  • /data/media/####/-71-6737568-112-11845-9106-81881-42-61-89
  • /data/media/####/.ba
  • /data/media/####/.dk
  • /data/media/####/.lock
  • /data/media/####/11823-75-445283-1419106-889032-28-100-113-11
  • /data/media/####/251284122-5256-39-63-54-1791-2253-52-10065
  • /data/media/####/404.html
  • /data/media/####/5-10458-90-619-1070-86116-8-110-94-91-49-54
  • /data/media/####/63-77116-45-56117-1068973-963747104-59-11349
  • /data/media/####/ServerLog
  • /data/media/####/account.22fe1f16.css
  • /data/media/####/account.580420a4.js
  • /data/media/####/account.5851621d.js
  • /data/media/####/account.a4a1b83e.css
  • /data/media/####/account.html
  • /data/media/####/add-team.9e4d570f.svg
  • /data/media/####/album-1643121648.zip
  • /data/media/####/album-null.e913776d.svg
  • /data/media/####/album.7b0b76c7.js
  • /data/media/####/album.dc45c3da.css
  • /data/media/####/album.html
  • /data/media/####/all-label.6ad3955a.css
  • /data/media/####/all-label.7ed0a8cf.js
  • /data/media/####/all-label.html
  • /data/media/####/apache_license.html
  • /data/media/####/apache_license_foco.html
  • /data/media/####/app-debug.c61e3539.css
  • /data/media/####/app-debug.c83e0ce6.js
  • /data/media/####/app-debug.html
  • /data/media/####/app.db
  • /data/media/####/article.13b18545.js
  • /data/media/####/article.e2e485e5.css
  • /data/media/####/article.html
  • /data/media/####/authority-management.04c7f675.js
  • /data/media/####/authority-management.11929124.js
  • /data/media/####/authority-management.ad4235e3.css
  • /data/media/####/authority-management.ec4df3fb.css
  • /data/media/####/authority-management.html
  • /data/media/####/authorize-aggrement.a4d68a3a.js
  • /data/media/####/authorize-aggrement.ac9fadd8.css
  • /data/media/####/authorize-aggrement.html
  • /data/media/####/bg.930ff1f5.png
  • /data/media/####/border-1643121648.zip
  • /data/media/####/cat.c04b8dda.png
  • /data/media/####/cert.603e68e8.js
  • /data/media/####/cert.61cc79e0.js
  • /data/media/####/cert.75f101ce.css
  • /data/media/####/cert.fdfa39b5.css
  • /data/media/####/cert.html
  • /data/media/####/check-in-score-detail.9d2edc0e.js
  • /data/media/####/check-in-score-detail.c75dc0c2.css
  • /data/media/####/check-in-score-detail.html
  • /data/media/####/check-in-score-goods.1513cfe5.css
  • /data/media/####/check-in-score-goods.3a421a73.js
  • /data/media/####/check-in-score-goods.html
  • /data/media/####/check-in-welfare-centre.794b6e7e.css
  • /data/media/####/check-in-welfare-centre.92a845b0.js
  • /data/media/####/check-in-welfare-centre.html
  • /data/media/####/choose-coupon.656b531d.js
  • /data/media/####/choose-coupon.c18bf7ca.css
  • /data/media/####/choose-coupon.html
  • /data/media/####/choose-coupons.2882774b.js
  • /data/media/####/choose-coupons.38b74bd3.css
  • /data/media/####/choose-coupons.html
  • /data/media/####/chunk-common.011841da.css
  • /data/media/####/chunk-common.050876c0.css
  • /data/media/####/chunk-common.11752d0a.css
  • /data/media/####/chunk-common.156948fd.js
  • /data/media/####/chunk-common.2acef5a8.js
  • /data/media/####/chunk-common.30212644.js
  • /data/media/####/chunk-common.37a8a514.js
  • /data/media/####/chunk-common.5e3f0e2c.css
  • /data/media/####/chunk-common.5fee7f08.css
  • /data/media/####/chunk-common.670caf2b.js
  • /data/media/####/chunk-common.69c55d62.css
  • /data/media/####/chunk-common.6bc04eab.js
  • /data/media/####/chunk-common.7e971196.js
  • /data/media/####/chunk-common.8e5aeaa1.js
  • /data/media/####/chunk-common.90a4f8e0.js
  • /data/media/####/chunk-common.9e8c2b83.js
  • /data/media/####/chunk-common.a3050bc9.js
  • /data/media/####/chunk-common.c5714cf1.css
  • /data/media/####/chunk-common.c5f9b94f.js
  • /data/media/####/chunk-common.cee0ce60.css
  • /data/media/####/chunk-common.e61e58da.js
  • /data/media/####/chunk-common.ed64d507.css
  • /data/media/####/chunk-vendors.161ae438.js
  • /data/media/####/chunk-vendors.1eacf389.js
  • /data/media/####/chunk-vendors.3e9417f5.js
  • /data/media/####/chunk-vendors.46248221.js
  • /data/media/####/chunk-vendors.4cd12943.css
  • /data/media/####/chunk-vendors.508225af.js
  • /data/media/####/chunk-vendors.5eceef74.css
  • /data/media/####/chunk-vendors.72a29aca.js
  • /data/media/####/chunk-vendors.87429583.js
  • /data/media/####/chunk-vendors.918fce82.js
  • /data/media/####/chunk-vendors.9ad1819e.js
  • /data/media/####/chunk-vendors.a811a728.css
  • /data/media/####/chunk-vendors.cd127c9c.js
  • /data/media/####/chunk-vendors.ddd413de.css
  • /data/media/####/chunk-vendors.f2c0e1f3.js
  • /data/media/####/chunk-vendors.fe82251b.js
  • /data/media/####/clear-watermark.edc82cb8.png
  • /data/media/####/close-s.ce289b35.svg
  • /data/media/####/coin-header.da569e29.png
  • /data/media/####/coins-details.bbee8f25.css
  • /data/media/####/coins-details.de9db17e.js
  • /data/media/####/coins-details.html
  • /data/media/####/coins-full.c9acb419.js
  • /data/media/####/coins-full.d46431b6.css
  • /data/media/####/coins-full.html
  • /data/media/####/coins.8ad2d77b.js
  • /data/media/####/coins.8e7921f0.css
  • /data/media/####/coins.a44a304e.css
  • /data/media/####/coins.aca056c6.css
  • /data/media/####/coins.bf899510.js
  • /data/media/####/coins.ca9ff25c.js
  • /data/media/####/coins.html
  • /data/media/####/com.getui.sdk.deviceId.db
  • /data/media/####/com.hlg.daydaytobusiness.bin
  • /data/media/####/com.hlg.daydaytobusiness.db
  • /data/media/####/com.igexin.sdk.deviceId.db
  • /data/media/####/comment.10e29ab5.js
  • /data/media/####/comment.56b5ca4f.css
  • /data/media/####/comment.html
  • /data/media/####/commodity_1.0bdba8f4.png
  • /data/media/####/common-1643121648.zip
  • /data/media/####/common-loading.3bda2f89.png
  • /data/media/####/completed-order.271fef44.js
  • /data/media/####/completed-order.adb1b37a.css
  • /data/media/####/completed-order.html
  • /data/media/####/consumption.662d1f3e.js
  • /data/media/####/consumption.739b2846.css
  • /data/media/####/consumption.79de71c7.js
  • /data/media/####/consumption.b35678af.css
  • /data/media/####/consumption.html
  • /data/media/####/contact-management.5f426866.js
  • /data/media/####/contact-management.909e74cc.css
  • /data/media/####/contact-management.html
  • /data/media/####/corner.323e5290.png
  • /data/media/####/coupon-question.2b8f3ef7.js
  • /data/media/####/coupon-question.728cb6fd.css
  • /data/media/####/coupon-question.html
  • /data/media/####/coupons-question.html
  • /data/media/####/coupons.5bfec5b0.js
  • /data/media/####/coupons.70b80c70.css
  • /data/media/####/coupons.b12b22e9.css
  • /data/media/####/coupons.f58db0a4.js
  • /data/media/####/coupons.html
  • /data/media/####/crown-grey.da099523.png
  • /data/media/####/crown.5996bdb0.png
  • /data/media/####/customer-service.0ec5843e.js
  • /data/media/####/customer-service.31a898b0.css
  • /data/media/####/customer-service.html
  • /data/media/####/daily-memo-1643121648.zip
  • /data/media/####/default-avatar.68e8be02.svg
  • /data/media/####/description-edition.7b787fdd.js
  • /data/media/####/description-edition.863c45a2.css
  • /data/media/####/description-edition.bfaf3190.js
  • /data/media/####/description-edition.d88b0770.css
  • /data/media/####/description-edition.html
  • /data/media/####/design-bg.d708dd4e.png
  • /data/media/####/design-error-tips.4c9d97cc.png
  • /data/media/####/design-memo-loading.43874c9e.gif
  • /data/media/####/design.aee012e2.js
  • /data/media/####/design.e9a6110e.css
  • /data/media/####/design.html
  • /data/media/####/detail.aa708b4b.css
  • /data/media/####/detail.d7b3bfda.js
  • /data/media/####/detail.html
  • /data/media/####/diandian_license.html
  • /data/media/####/diandian_license_foco.html
  • /data/media/####/discovery.5982a660.js
  • /data/media/####/discovery.aa6afcc0.css
  • /data/media/####/discovery.html
  • /data/media/####/dynamic-1643121648.zip
  • /data/media/####/dynamic-detail.370273b0.css
  • /data/media/####/dynamic-detail.58a328f3.css
  • /data/media/####/dynamic-detail.d0ff6e05.js
  • /data/media/####/dynamic-detail.e22c92ae.js
  • /data/media/####/dynamic-detail.html
  • /data/media/####/empty.0072b9f3.png
  • /data/media/####/error.0072b9f3.png
  • /data/media/####/exchange-vip.081d4c16.js
  • /data/media/####/exchange-vip.aca4f818.css
  • /data/media/####/exchange-vip.html
  • /data/media/####/exchange.060ea027.js
  • /data/media/####/exchange.58cd51df.css
  • /data/media/####/exchange.ac247499.js
  • /data/media/####/exchange.ad78de70.css
  • /data/media/####/exchange.html
  • /data/media/####/faq-list.0df9edb6.js
  • /data/media/####/faq-list.4208bd0d.js
  • /data/media/####/faq-list.7027c6d4.css
  • /data/media/####/faq-list.ec7b99da.css
  • /data/media/####/faq-list.html
  • /data/media/####/feedback.131a74b8.svg
  • /data/media/####/feedback.9f50ae98.js
  • /data/media/####/feedback.d5d91de5.css
  • /data/media/####/feedback.html
  • /data/media/####/first.15052b91.png
  • /data/media/####/fish-box.49fe119b.png
  • /data/media/####/follow.0d160630.css
  • /data/media/####/follow.0e82464f.js
  • /data/media/####/follow.a4f44458.css
  • /data/media/####/follow.aee117ca.js
  • /data/media/####/follow.html
  • /data/media/####/font_config
  • /data/media/####/form_bg.4af04008.png
  • /data/media/####/full-loading.3bda2f89.png
  • /data/media/####/generate-bg.41ba36bb.png
  • /data/media/####/generate-title.a24f1d82.png
  • /data/media/####/generate.6c935f9c.js
  • /data/media/####/generate.e13d2b71.css
  • /data/media/####/generate.html
  • /data/media/####/gkt
  • /data/media/####/gkt-journal
  • /data/media/####/gktper (deleted)
  • /data/media/####/greet.4cef8238.png
  • /data/media/####/guide-a.640a024b.png
  • /data/media/####/guide-b.1880e322.png
  • /data/media/####/guide-c.0410c654.png
  • /data/media/####/help-center-full.072da952.css
  • /data/media/####/help-center-full.96eeb463.js
  • /data/media/####/help-center-full.html
  • /data/media/####/help-center.02f31985.js
  • /data/media/####/help-center.7f3e25be.css
  • /data/media/####/help-center.bf502333.css
  • /data/media/####/help-center.f08e3eac.js
  • /data/media/####/help-center.html
  • /data/media/####/hlg_data.db
  • /data/media/####/hlg_data.db-journal
  • /data/media/####/hlg_log.file
  • /data/media/####/hlg_log.trace
  • /data/media/####/hotcss.js
  • /data/media/####/icon-add-album.871b1c4d.svg
  • /data/media/####/icon-camera.38bde4d9.svg
  • /data/media/####/icon-check.b4c0d577.svg
  • /data/media/####/icon-clean-watermark.3f188a2f.png
  • /data/media/####/icon-copy.767f48d4.svg
  • /data/media/####/icon-download.3d399a59.svg
  • /data/media/####/icon-drag.31287e6e.svg
  • /data/media/####/icon-edition.de7c2806.svg
  • /data/media/####/icon-good-gray.f6d72a7e.svg
  • /data/media/####/icon-good.255f6cef.svg
  • /data/media/####/icon-help-bg.5119e999.png
  • /data/media/####/icon-id.77a16083.svg
  • /data/media/####/icon-image-word.a07c4405.png
  • /data/media/####/icon-label.43b77097.svg
  • /data/media/####/icon-more-info-black.2eb298bd.svg
  • /data/media/####/icon-more-info.5629fc39.svg
  • /data/media/####/icon-new.c89087cd.svg
  • /data/media/####/icon-post-forward.0ec37baa.svg
  • /data/media/####/icon-search.a448a121.svg
  • /data/media/####/icon-share-grey.ab254109.svg
  • /data/media/####/icon-share-remind.eb2b5686.svg
  • /data/media/####/icon-share.814bb250.svg
  • /data/media/####/icon-tool.db92176f.png
  • /data/media/####/index-banner.9a021950.png
  • /data/media/####/index-old.0f0ec9e8.js
  • /data/media/####/index-old.f2736f81.css
  • /data/media/####/index-old.html
  • /data/media/####/index.00b77148.js
  • /data/media/####/index.031b1667.js
  • /data/media/####/index.21ad7bd8.js
  • /data/media/####/index.2967f0cc.css
  • /data/media/####/index.2efa8b94.css
  • /data/media/####/index.31dd7e52.js
  • /data/media/####/index.566c7ef8.js
  • /data/media/####/index.831bab5c.css
  • /data/media/####/index.9079530d.css
  • /data/media/####/index.9fb9aa05.css
  • /data/media/####/index.b5e68af4.css
  • /data/media/####/index.bff2fa77.js
  • /data/media/####/index.c307f8ae.js
  • /data/media/####/index.c9a160d5.js
  • /data/media/####/index.d356230e.css
  • /data/media/####/index.e279ec9b.js
  • /data/media/####/index.ed0f3a0e.js
  • /data/media/####/index.f4a3c5e6.css
  • /data/media/####/index.ffe1b3ab.css
  • /data/media/####/index.html
  • /data/media/####/industry-plan.f4590b0b.css
  • /data/media/####/industry-plan.f5839cf4.js
  • /data/media/####/industry-plan.html
  • /data/media/####/info.07974cd1.css
  • /data/media/####/info.3204ded5.js
  • /data/media/####/info.html
  • /data/media/####/info1.27f7fb14.png
  • /data/media/####/info2.f926ed7a.png
  • /data/media/####/invite-recommend.29e5313a.css
  • /data/media/####/invite-recommend.fec813d1.js
  • /data/media/####/invite-recommend.html
  • /data/media/####/invite.ecd24cbf.css
  • /data/media/####/invite.f85c98a2.js
  • /data/media/####/invite.html
  • /data/media/####/invoice-detail.8af3acb2.css
  • /data/media/####/invoice-detail.d4776347.js
  • /data/media/####/invoice-detail.html
  • /data/media/####/invoice-history.35079b03.css
  • /data/media/####/invoice-history.7322259e.js
  • /data/media/####/invoice-history.html
  • /data/media/####/invoiced-order.ba7d884e.css
  • /data/media/####/invoiced-order.dac96882.js
  • /data/media/####/invoiced-order.html
  • /data/media/####/invoicing-result.ac82b81e.js
  • /data/media/####/invoicing-result.e4ad8519.css
  • /data/media/####/invoicing-result.html
  • /data/media/####/invoicing.a6105be9.js
  • /data/media/####/invoicing.html
  • /data/media/####/jigsaw.47d4386f.css
  • /data/media/####/jigsaw.70da682b.js
  • /data/media/####/jigsaw.html
  • /data/media/####/label.6c30c748.css
  • /data/media/####/label.aa427197.js
  • /data/media/####/label.de54d64d.js
  • /data/media/####/label.html
  • /data/media/####/landing.8e92cebf.css
  • /data/media/####/landing.d7c3417f.js
  • /data/media/####/landing.html
  • /data/media/####/loading.828e87b4.gif
  • /data/media/####/loading.eb0d4350.gif
  • /data/media/####/loading.f9959cbc.svg
  • /data/media/####/logo.f84e7843.png
  • /data/media/####/logout-tip.0e162ad6.js
  • /data/media/####/logout-tip.6590963d.css
  • /data/media/####/logout-tip.html
  • /data/media/####/long-img.936198ff.png
  • /data/media/####/manifest.json
  • /data/media/####/mark-1643121648.zip
  • /data/media/####/me.2ebda49e.js
  • /data/media/####/me.d73d65f2.css
  • /data/media/####/me.html
  • /data/media/####/member-authority.3081b84e.js
  • /data/media/####/member-authority.bf877dfb.css
  • /data/media/####/member-authority.html
  • /data/media/####/member-privilege-full.6011db75.js
  • /data/media/####/member-privilege-full.7042cab9.css
  • /data/media/####/member-privilege-full.html
  • /data/media/####/member-privilege.1364aba3.css
  • /data/media/####/member-privilege.2b225429.js
  • /data/media/####/member-privilege.b9bf4086.css
  • /data/media/####/member-privilege.ec511bbd.js
  • /data/media/####/member-privilege.html
  • /data/media/####/member-user-privilege.2e416190.css
  • /data/media/####/member-user-privilege.45b6028c.js
  • /data/media/####/member-user-privilege.html
  • /data/media/####/member.0caf4a27.css
  • /data/media/####/member.0d2191b1.css
  • /data/media/####/member.62e91c75.css
  • /data/media/####/member.98fd1c6f.js
  • /data/media/####/member.9be93ace.js
  • /data/media/####/member.f91a8bb9.js
  • /data/media/####/member.html
  • /data/media/####/menu.cfc5c88d.svg
  • /data/media/####/message.68306d33.css
  • /data/media/####/message.7cc36f72.css
  • /data/media/####/message.9d8a4c58.js
  • /data/media/####/message.f336b7f7.js
  • /data/media/####/message.html
  • /data/media/####/messages-detail.809022d8.css
  • /data/media/####/messages-detail.b5542242.js
  • /data/media/####/messages-detail.html
  • /data/media/####/messages-v2.9104e282.js
  • /data/media/####/messages-v2.html
  • /data/media/####/messages.64de2f0a.js
  • /data/media/####/messages.6574e0c1.css
  • /data/media/####/messages.cf729ea0.js
  • /data/media/####/messages.fcb5ac8c.css
  • /data/media/####/messages.html
  • /data/media/####/minirefresh-totop.c141fb4f.png
  • /data/media/####/mobile-edition.853a4102.css
  • /data/media/####/mobile-edition.9b8fee89.js
  • /data/media/####/mobile-edition.html
  • /data/media/####/monthly-management.139c0cd0.css
  • /data/media/####/monthly-management.3495b89d.js
  • /data/media/####/monthly-management.html
  • /data/media/####/monthly-vip-agreement.1ce27eb3.css
  • /data/media/####/monthly-vip-agreement.407e8ff4.js
  • /data/media/####/monthly-vip-agreement.html
  • /data/media/####/msg-v2-1643121648.zip
  • /data/media/####/my-dynamic.d4a3a5d9.css
  • /data/media/####/my-dynamic.dca71ff3.js
  • /data/media/####/my-dynamic.html
  • /data/media/####/my-exchange.0f851e73.css
  • /data/media/####/my-exchange.6379155f.js
  • /data/media/####/my-exchange.html
  • /data/media/####/my-templets.258fbf2a.css
  • /data/media/####/my-templets.5f3e7082.js
  • /data/media/####/my-templets.html
  • /data/media/####/name-edition.00ec1505.js
  • /data/media/####/name-edition.2d30d0d1.js
  • /data/media/####/name-edition.4fbd6645.css
  • /data/media/####/name-edition.e48d7d7b.css
  • /data/media/####/name-edition.html
  • /data/media/####/nav-header.6f9d6dcd.png
  • /data/media/####/new-coins.0b48af39.css
  • /data/media/####/new-coins.0b58a3dc.js
  • /data/media/####/new-coins.html
  • /data/media/####/null.bae3725e.png
  • /data/media/####/official-inform.167e1e3f.css
  • /data/media/####/official-inform.31c10fc5.js
  • /data/media/####/official-inform.98972c8b.js
  • /data/media/####/official-inform.c34a86f2.css
  • /data/media/####/official-inform.html
  • /data/media/####/offline.1f39d189.css
  • /data/media/####/offline.7a8ba352.js
  • /data/media/####/offline.html
  • /data/media/####/online_icon.76ed50d6.png
  • /data/media/####/opening-dynamic.07e13961.js
  • /data/media/####/opening-dynamic.ce0380b0.css
  • /data/media/####/opening-dynamic.html
  • /data/media/####/order-v2.29b9547d.js
  • /data/media/####/order-v2.560b23d0.css
  • /data/media/####/order-v2.html
  • /data/media/####/order.5013c5c5.js
  • /data/media/####/order.ad7cd9e7.js
  • /data/media/####/order.c7a8c9de.css
  • /data/media/####/order.e8b9f7e5.css
  • /data/media/####/order.html
  • /data/media/####/others-dynamic.2a037914.css
  • /data/media/####/others-dynamic.9f75df80.js
  • /data/media/####/others-dynamic.html
  • /data/media/####/others.00876dd0.js
  • /data/media/####/others.474b5354.css
  • /data/media/####/others.html
  • /data/media/####/pad-1643121648.zip
  • /data/media/####/pen.443bb132.svg
  • /data/media/####/personal.0f71e39b.css
  • /data/media/####/personal.3962acfa.js
  • /data/media/####/personal.90c10560.css
  • /data/media/####/personal.b6efa2be.js
  • /data/media/####/personal.html
  • /data/media/####/pgc-1643121648.zip
  • /data/media/####/pgc-v2-1643121648.zip
  • /data/media/####/picker-x-page.e181e989.css
  • /data/media/####/picker-x-page.e4deb622.js
  • /data/media/####/picker-x-page.html
  • /data/media/####/placeholder.fc4e3ceb.png
  • /data/media/####/poster-1643121648.zip
  • /data/media/####/poster.10db3c0d.css
  • /data/media/####/poster.64e1eaca.css
  • /data/media/####/poster.9c4abf8a.js
  • /data/media/####/poster.ca8788a0.js
  • /data/media/####/poster.html
  • /data/media/####/privacy.html
  • /data/media/####/publish-members.5d066f99.js
  • /data/media/####/publish-members.c75df87b.css
  • /data/media/####/publish-members.html
  • /data/media/####/publish.1b448d6d.js
  • /data/media/####/publish.cd96f88f.css
  • /data/media/####/publish.html
  • /data/media/####/qrcode.031ca07f.css
  • /data/media/####/qrcode.270813ed.js
  • /data/media/####/qrcode.html
  • /data/media/####/qrjsp.jpg
  • /data/media/####/recommend-privilege.html
  • /data/media/####/redirect.40feb7cf.css
  • /data/media/####/redirect.470320cb.js
  • /data/media/####/redirect.html
  • /data/media/####/referrer-1643121648.zip
  • /data/media/####/renewal-fee.1ce27eb3.css
  • /data/media/####/renewal-fee.f475af10.js
  • /data/media/####/renewal-fee.html
  • /data/media/####/right-arrow.e24bb0cf.svg
  • /data/media/####/search-detail.2d0f9b55.css
  • /data/media/####/search-detail.f7551fd3.js
  • /data/media/####/search-detail.html
  • /data/media/####/search-team.4b0aba61.css
  • /data/media/####/search-team.6b154725.js
  • /data/media/####/search-team.html
  • /data/media/####/search.1ae5894c.js
  • /data/media/####/search.2c35003a.png
  • /data/media/####/search.3a0d87ec.css
  • /data/media/####/search.841a5049.js
  • /data/media/####/search.9a23f887.css
  • /data/media/####/search.9a8084b0.js
  • /data/media/####/search.e2cc245d.css
  • /data/media/####/search.html
  • /data/media/####/service.html
  • /data/media/####/setting-authority.1be46351.css
  • /data/media/####/setting-authority.5af614a8.js
  • /data/media/####/setting-authority.html
  • /data/media/####/setting.06497fa2.js
  • /data/media/####/setting.70505ca1.svg
  • /data/media/####/setting.c942f330.css
  • /data/media/####/setting.d9cdee9d.js
  • /data/media/####/setting.e9977974.css
  • /data/media/####/setting.html
  • /data/media/####/share-member.587b36e8.css
  • /data/media/####/share-member.ab3305fe.js
  • /data/media/####/share-member.html
  • /data/media/####/share-prompt.703d832c.png
  • /data/media/####/share-ttxs-cat.2e2af719.png
  • /data/media/####/shared-list.2e4f9e75.css
  • /data/media/####/shared-list.c3e14ff7.js
  • /data/media/####/shared-list.html
  • /data/media/####/sil_license.html
  • /data/media/####/sil_license_foco.html
  • /data/media/####/smile.cd4caf82.png
  • /data/media/####/sms.42eb5b23.js
  • /data/media/####/sms.4a61d41a.css
  • /data/media/####/sms.html
  • /data/media/####/source-edition.7a4304b9.css
  • /data/media/####/source-edition.ec16cd41.js
  • /data/media/####/source-edition.html
  • /data/media/####/source-management.0c467f54.css
  • /data/media/####/source-management.2239deab.js
  • /data/media/####/source-management.78f8ab46.js
  • /data/media/####/source-management.9398c054.css
  • /data/media/####/source-management.html
  • /data/media/####/source-selection.1bea93d6.css
  • /data/media/####/source-selection.687c2593.css
  • /data/media/####/source-selection.695f2bb1.js
  • /data/media/####/source-selection.91f28897.js
  • /data/media/####/source-selection.html
  • /data/media/####/tag-edition.76de279a.css
  • /data/media/####/tag-edition.c908d193.js
  • /data/media/####/tag-edition.d9466220.css
  • /data/media/####/tag-edition.da46a84a.js
  • /data/media/####/tag-edition.html
  • /data/media/####/tag-list.03554a2a.css
  • /data/media/####/tag-list.3a6c50eb.js
  • /data/media/####/tag-list.html
  • /data/media/####/tag-management.3f314feb.js
  • /data/media/####/tag-management.4ed0e285.css
  • /data/media/####/tag-management.58af6018.css
  • /data/media/####/tag-management.6a88090c.js
  • /data/media/####/tag-management.b911d761.css
  • /data/media/####/tag-management.bb4d44eb.js
  • /data/media/####/tag-management.html
  • /data/media/####/tag-null.d1d3c86c.png
  • /data/media/####/tag-post-null.feafe790.png
  • /data/media/####/tag-post.39d8f204.css
  • /data/media/####/tag-post.3a226283.js
  • /data/media/####/tag-post.html
  • /data/media/####/tag-selection-subscribe.65ba2222.css
  • /data/media/####/tag-selection-subscribe.fb2be72f.js
  • /data/media/####/tag-selection-subscribe.html
  • /data/media/####/tag-selection.0af1adfe.js
  • /data/media/####/tag-selection.31ff7576.js
  • /data/media/####/tag-selection.35ffefb2.css
  • /data/media/####/tag-selection.a5b5fc2d.css
  • /data/media/####/tag-selection.b6ef7681.css
  • /data/media/####/tag-selection.ee294297.js
  • /data/media/####/tag-selection.html
  • /data/media/####/tag.91f2f3c5.css
  • /data/media/####/tag.99c47d97.js
  • /data/media/####/tag.html
  • /data/media/####/task-question.4d3a9b42.css
  • /data/media/####/task-question.86352073.js
  • /data/media/####/task-question.html
  • /data/media/####/task.06303e40.js
  • /data/media/####/task.524fc6c3.js
  • /data/media/####/task.6251fe4c.css
  • /data/media/####/task.e4cd10f0.css
  • /data/media/####/task.html
  • /data/media/####/tdata_RBO669
  • /data/media/####/tdata_cpZ817
  • /data/media/####/tdata_uxr091
  • /data/media/####/team-create.395b7c1d.js
  • /data/media/####/team-create.c93c2ba7.css
  • /data/media/####/team-create.html
  • /data/media/####/team-detail.62d8c5ae.js
  • /data/media/####/team-detail.d61b766e.css
  • /data/media/####/team-detail.html
  • /data/media/####/team-inform.533e2747.js
  • /data/media/####/team-inform.c290f313.css
  • /data/media/####/team-inform.html
  • /data/media/####/team-list.f5fc4f56.js
  • /data/media/####/team-list.ff9b0171.css
  • /data/media/####/team-list.html
  • /data/media/####/team-member.d8624045.js
  • /data/media/####/team-member.faa18ef4.css
  • /data/media/####/team-member.html
  • /data/media/####/team-setting.0e095ec7.js
  • /data/media/####/team-setting.4dfc74a4.css
  • /data/media/####/team-setting.html
  • /data/media/####/team-templet.6c1d6d27.css
  • /data/media/####/team-templet.9b006ae8.js
  • /data/media/####/team-templet.html
  • /data/media/####/template_1.55ff709d.png
  • /data/media/####/template_2.b59c7bc7.png
  • /data/media/####/template_3.6cf6807c.png
  • /data/media/####/templet-guide-a.0231cab9.png
  • /data/media/####/templet-guide-b.03c7f800.png
  • /data/media/####/templet-guide-c.e5f4c321.png
  • /data/media/####/test.log (deleted)
  • /data/media/####/text-offline.d355d087.js
  • /data/media/####/text-offline.html
  • /data/media/####/text.79bb0858.js
  • /data/media/####/text.84b3e62b.css
  • /data/media/####/text.html
  • /data/media/####/tip_icon.e04cfb09.png
  • /data/media/####/to-update-app.5a90d735.png
  • /data/media/####/topic-detail.8e02c8e3.js
  • /data/media/####/topic-detail.ef4280f0.css
  • /data/media/####/topic-detail.html
  • /data/media/####/topic-list.6edd38ee.css
  • /data/media/####/topic-list.b688917a.js
  • /data/media/####/topic-list.html
  • /data/media/####/ugc-1643121648.zip
  • /data/media/####/update-version.cfd8abf9.css
  • /data/media/####/update-version.ebed0ef6.js
  • /data/media/####/update-version.html
  • /data/media/####/upgarde-popup.90dfa1f6.png
  • /data/media/####/use-member.7caab44b.js
  • /data/media/####/use-member.c6eb4dc1.css
  • /data/media/####/use-member.html
  • /data/media/####/user-1643121648.zip
  • /data/media/####/user-v2-1643121648.zip
  • /data/media/####/user.1aadec4a.js
  • /data/media/####/user.cdcc0816.css
  • /data/media/####/user.html
  • /data/media/####/userinfo-management.2734c0ef.js
  • /data/media/####/userinfo-management.4f16ff31.css
  • /data/media/####/userinfo-management.html
  • /data/media/####/view-dynamic.149f7855.js
  • /data/media/####/view-dynamic.851c79fd.css
  • /data/media/####/view-dynamic.8dcd276c.css
  • /data/media/####/view-dynamic.fe0d2559.js
  • /data/media/####/view-dynamic.html
  • /data/media/####/vip-banner.5b6586df.png
  • /data/media/####/vip-bg.f224c15c.png
  • /data/media/####/vip-free.5ea8dc79.png
  • /data/media/####/vip-help-full.81a4ec9c.css
  • /data/media/####/vip-help-full.d67a07e8.js
  • /data/media/####/vip-help-full.html
  • /data/media/####/vip-help.194a3a49.css
  • /data/media/####/vip-help.3533577c.js
  • /data/media/####/vip-help.5d6611dd.js
  • /data/media/####/vip-help.f9a98572.css
  • /data/media/####/vip-help.html
  • /data/media/####/vip-year-bg.1953d5c3.png
  • /data/media/####/vip.cd2e13b3.png
  • /data/media/####/vip_agreement.1ce27eb3.css
  • /data/media/####/vip_agreement.a12ebece.js
  • /data/media/####/vip_agreement.html
  • /data/media/####/watermark-1643121648.zip
  • /data/media/####/wechat-edition.3ace4e84.js
  • /data/media/####/wechat-edition.e48d7d7b.css
  • /data/media/####/wechat-edition.html
  • /data/media/####/words-and-sticker.8be1cf5d.js
  • /data/media/####/words-and-sticker.html
  • /data/media/####/yuanqifugongplog.gif
  • /data/misc/####/primary.prof
Miscellaneous:
Executes the following shell scripts:
  • cat /proc/cpuinfo
  • cat /sys/class/net/wlan0/address
  • chmod 755 <Package Folder>/.jiagu/libjiagu.so
  • getprop
  • ip addr
  • mount
Uses the following algorithms to encrypt data:
  • AES-CBC-PKCS7Padding
  • AES-CFB-NoPadding
  • AES-ECB-PKCS5Padding
  • AES-ECB-PKCS7Padding
  • RSA-NONE-OAEPWithSHA1AndMGF1Padding
Uses the following algorithms to decrypt data:
  • AES-CBC-PKCS7Padding
  • AES-ECB-PKCS5Padding
Accesses the ITelephony private interface.
Uses special library to hide executable bytecode.
Gets information about location.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Gets information about installed apps.
Gets information about running apps.
Displays its own windows over windows of other apps.
Requests the system alert window permission.

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android