FOR CUSTOMERS

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY
Close
Support services
Scanners
Dr.Web vxCube
Trial
VCI investigations
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Trojan.Encoder.35818

Added to the Dr.Web virus database: 2022-09-10

Virus description added:

Technical Information

Modifies file system
Creates the following files
  • %HOMEPATH%\desktop\do_not_delete-purplecascade-cvxc-keys.txt
  • %CommonProgramFiles(x86)%\px storage engine\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %ProgramFiles(x86)%\microsoft office\office14\all_of_your_files_are_encrypted_readme.txt
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • C:\msocache\all users\{90140000-0043-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt
  • %ProgramFiles(x86)%\microsoft visual studio 8\all_of_your_files_are_encrypted_readme.txt
  • %CommonProgramFiles(x86)%\adobe\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %ProgramFiles(x86)%\google\crashreports\all_of_your_files_are_encrypted_readme.txt
  • %CommonProgramFiles(x86)%\speechengines\all_of_your_files_are_encrypted_readme.txt
  • C:\msocache\all users\{90140000-00ba-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %CommonProgramFiles(x86)%\java\all_of_your_files_are_encrypted_readme.txt
  • C:\msocache\all users\{90140000-00a1-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt
  • C:\msocache\all users\{90140000-001a-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %ALLUSERSPROFILE%\adobe\arm\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %ALLUSERSPROFILE%\adobe\setup\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • C:\users\public\desktop\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %HOMEPATH%\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %CommonProgramFiles(x86)%\microsoft shared\dao\all_of_your_files_are_encrypted_readme.txt
  • %ProgramFiles%\a2upd\all_of_your_files_are_encrypted_readme.txt
  • C:\users\public\favorites\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • C:\users\public\documents\my music\all_of_your_files_are_encrypted_readme.txt
  • %CommonProgramFiles(x86)%\px storage engine\all_of_your_files_are_encrypted_readme.txt
  • C:\users\public\music\all_of_your_files_are_encrypted_readme.txt
  • C:\msocache\all users\{90140000-00ba-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt
  • %HOMEPATH%\all_of_your_files_are_encrypted_readme.txt
  • C:\msocache\all users\{90140000-001b-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt
  • C:\users\public\documents\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %ProgramFiles(x86)%\microsoft office\office10\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • C:\users\public\downloads\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %ProgramFiles%\a2start\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %ProgramFiles(x86)%\google\chrome\application\all_of_your_files_are_encrypted_readme.txt
  • C:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • C:\msocache\all users\{90140000-001b-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • C:\users\public\favorites\all_of_your_files_are_encrypted_readme.txt
  • C:\users\default\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %CommonProgramFiles(x86)%\services\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • C:\msocache\all users\{90140000-001a-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt
  • %ALLUSERSPROFILE%\adobe\arm\all_of_your_files_are_encrypted_readme.txt
  • %ProgramFiles(x86)%\microsoft analysis services\as oledb\10\all_of_your_files_are_encrypted_readme.txt
  • %ProgramFiles(x86)%\google\chrome\application\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %CommonProgramFiles(x86)%\services\all_of_your_files_are_encrypted_readme.txt
  • C:\users\public\libraries\all_of_your_files_are_encrypted_readme.txt
  • %ProgramFiles(x86)%\microsoft analysis services\as oledb\10\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %CommonProgramFiles(x86)%\microsoft shared\all_of_your_files_are_encrypted_readme.txt
  • C:\users\public\libraries\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %CommonProgramFiles(x86)%\microsoft shared\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %CommonProgramFiles(x86)%\steam\all_of_your_files_are_encrypted_readme.txt
  • C:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt
  • %ALLUSERSPROFILE%\microsoft\all_of_your_files_are_encrypted_readme.txt
  • %ProgramFiles(x86)%\google\chrome\application\42.0.2311.135\all_of_your_files_are_encrypted_readme.txt
  • %CommonProgramFiles(x86)%\microsoft shared\help\all_of_your_files_are_encrypted_readme.txt
  • %ALLUSERSPROFILE%\microsoft help\all_of_your_files_are_encrypted_readme.txt
  • C:\users\public\recorded tv\all_of_your_files_are_encrypted_readme.txt
  • C:\msocache\all users\{90140000-0117-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt
  • %ProgramFiles(x86)%\google\update\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %ProgramFiles%\a2upd\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %ALLUSERSPROFILE%\microsoft\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • C:\users\public\music\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • C:\users\public\documents\my videos\all_of_your_files_are_encrypted_readme.txt
  • C:\users\public\videos\all_of_your_files_are_encrypted_readme.txt
  • %ProgramFiles(x86)%\mozilla thunderbird\all_of_your_files_are_encrypted_readme.txt
  • %ALLUSERSPROFILE%\mozilla\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • C:\msocache\all users\{90140000-0043-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %CommonProgramFiles(x86)%\adobe\acrobat\all_of_your_files_are_encrypted_readme.txt
  • %CommonProgramFiles(x86)%\adobe\helpcfg\all_of_your_files_are_encrypted_readme.txt
  • %ALLUSERSPROFILE%\microsoft toolkit\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %CommonProgramFiles(x86)%\system\all_of_your_files_are_encrypted_readme.txt
  • %ProgramFiles(x86)%\mirc\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %ProgramFiles(x86)%\mozilla firefox\all_of_your_files_are_encrypted_readme.txt
  • %ALLUSERSPROFILE%\oracle\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %ALLUSERSPROFILE%\microsoft toolkit\all_of_your_files_are_encrypted_readme.txt
  • %ALLUSERSPROFILE%\oracle\all_of_your_files_are_encrypted_readme.txt
  • C:\msocache\all users\{90140000-0044-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %ProgramFiles(x86)%\microsoft.net\all_of_your_files_are_encrypted_readme.txt
  • C:\msocache\all users\{90140000-0044-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt
  • C:\users\public\documents\my pictures\all_of_your_files_are_encrypted_readme.txt
  • %ProgramFiles(x86)%\microsoft.net\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %ProgramFiles(x86)%\microsoft visual studio .net 2003\common7\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %ProgramFiles(x86)%\google\update\all_of_your_files_are_encrypted_readme.txt
  • %CommonProgramFiles(x86)%\microsoft shared\dao\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • C:\msocache\all users\{90140000-00a1-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %CommonProgramFiles(x86)%\steam\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %ProgramFiles(x86)%\microsoft visual studio .net 2003\common7\all_of_your_files_are_encrypted_readme.txt
  • C:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %ALLUSERSPROFILE%\mozilla\all_of_your_files_are_encrypted_readme.txt
  • %ALLUSERSPROFILE%\adobe\arm\reader_15.008.20082\all_of_your_files_are_encrypted_readme.txt
  • %ProgramFiles(x86)%\microsoft office\office14\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %CommonProgramFiles(x86)%\speechengines\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %ProgramFiles(x86)%\google\crashreports\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • C:\users\public\pictures\all_of_your_files_are_encrypted_readme.txt
  • %ProgramFiles%\a2wizard\all_of_your_files_are_encrypted_readme.txt
  • %CommonProgramFiles(x86)%\microsoft shared\information retrieval\all_of_your_files_are_encrypted_readme.txt
  • %ProgramFiles(x86)%\mirc\all_of_your_files_are_encrypted_readme.txt
  • %ALLUSERSPROFILE%\adobe\arm\reader_15.007.20033\all_of_your_files_are_encrypted_readme.txt
  • C:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt
  • %CommonProgramFiles(x86)%\adobe\reader\all_of_your_files_are_encrypted_readme.txt
  • %ProgramFiles(x86)%\google\chrome\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • C:\users\public\downloads\all_of_your_files_are_encrypted_readme.txt
  • %WINDIR%\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • D:\$recycle.bin\all_of_your_files_are_encrypted_readme.txt
  • C:\perflogs\admin\all_of_your_files_are_encrypted_readme.txt
  • C:\msocache\all users\all_of_your_files_are_encrypted_readme.txt
  • D:\$recycle.bin\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • C:\recovery\1195d5a8-f371-11e4-9c00-dd3082671db2\all_of_your_files_are_encrypted_readme.txt
  • C:\$recycle.bin\s-1-5-21-1960123792-2022915161-3775307078-1001\all_of_your_files_are_encrypted_readme.txt
  • C:\msocache\all users\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • C:\perflogs\admin\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %ProgramFiles(x86)%\internet explorer\all_of_your_files_are_encrypted_readme.txt
  • %ProgramFiles(x86)%\google\all_of_your_files_are_encrypted_readme.txt
  • %ProgramFiles%\360tray\all_of_your_files_are_encrypted_readme.txt
  • %ProgramFiles%\a2guard\all_of_your_files_are_encrypted_readme.txt
  • %ProgramFiles%\a2scan\all_of_your_files_are_encrypted_readme.txt
  • %ProgramFiles%\a2cmd\all_of_your_files_are_encrypted_readme.txt
  • %ProgramFiles(x86)%\k-lite codec pack\all_of_your_files_are_encrypted_readme.txt
  • D:\$recycle.bin\s-1-5-21-1960123792-2022915161-3775307078-1001\all_of_your_files_are_encrypted_readme.txt
  • %ProgramFiles%\a2hijackfree\all_of_your_files_are_encrypted_readme.txt
  • C:\$recycle.bin\s-1-5-21-1960123792-2022915161-3775307078-1001\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %ProgramFiles(x86)%\microsoft analysis services\all_of_your_files_are_encrypted_readme.txt
  • %ProgramFiles%\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %CommonProgramFiles(x86)%\all_of_your_files_are_encrypted_readme.txt
  • C:\perflogs\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %ALLUSERSPROFILE%\all_of_your_files_are_encrypted_readme.txt
  • <Current directory>\all_of_your_files_are_encrypted_readme.txt
  • %ProgramFiles(x86)%\all_of_your_files_are_encrypted_readme.txt
  • %ProgramFiles%\all_of_your_files_are_encrypted_readme.txt
  • C:\totalcmd\all_of_your_files_are_encrypted_readme.txt
  • C:\far2\all_of_your_files_are_encrypted_readme.txt
  • C:\msocache\all_of_your_files_are_encrypted_readme.txt
  • C:\$recycle.bin\all_of_your_files_are_encrypted_readme.txt
  • C:\perflogs\all_of_your_files_are_encrypted_readme.txt
  • C:\documents and settings\all_of_your_files_are_encrypted_readme.txt
  • C:\users\all_of_your_files_are_encrypted_readme.txt
  • C:\recovery\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • C:\recovery\all_of_your_files_are_encrypted_readme.txt
  • %WINDIR%\all_of_your_files_are_encrypted_readme.txt
  • <Current directory>\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • C:\$recycle.bin\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • C:\totalcmd\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • C:\msocache\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • C:\far2\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %ProgramFiles(x86)%\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %ALLUSERSPROFILE%\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • C:\users\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %ALLUSERSPROFILE%\adobe\all_of_your_files_are_encrypted_readme.txt
  • %ALLUSERSPROFILE%\application data\all_of_your_files_are_encrypted_readme.txt
  • %ProgramFiles(x86)%\adobe\all_of_your_files_are_encrypted_readme.txt
  • %ALLUSERSPROFILE%\adobe\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %ProgramFiles(x86)%\google\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • C:\users\default\all_of_your_files_are_encrypted_readme.txt
  • C:\users\default user\all_of_your_files_are_encrypted_readme.txt
  • %ProgramFiles(x86)%\adobe\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %ProgramFiles%\a2hijackfree\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %CommonProgramFiles(x86)%\adobe\all_of_your_files_are_encrypted_readme.txt
  • %ProgramFiles(x86)%\microsoft office\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %ProgramFiles(x86)%\microsoft analysis services\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %ALLUSERSPROFILE%\desktop\all_of_your_files_are_encrypted_readme.txt
  • %ProgramFiles(x86)%\microsoft visual studio .net 2003\all_of_your_files_are_encrypted_readme.txt
  • %ALLUSERSPROFILE%\adobe\setup\all_of_your_files_are_encrypted_readme.txt
  • %ProgramFiles(x86)%\microsoft analysis services\as oledb\all_of_your_files_are_encrypted_readme.txt
  • %ProgramFiles(x86)%\google\chrome\all_of_your_files_are_encrypted_readme.txt
  • %ProgramFiles%\a2start\all_of_your_files_are_encrypted_readme.txt
  • %ALLUSERSPROFILE%\favorites\all_of_your_files_are_encrypted_readme.txt
  • %ProgramFiles(x86)%\microsoft analysis services\as oledb\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • C:\users\public\documents\all_of_your_files_are_encrypted_readme.txt
  • %ProgramFiles(x86)%\microsoft office\office10\all_of_your_files_are_encrypted_readme.txt
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\all_of_your_files_are_encrypted_readme.txt
  • C:\users\public\desktop\all_of_your_files_are_encrypted_readme.txt
  • %ProgramFiles(x86)%\k-lite codec pack\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • D:\$recycle.bin\s-1-5-21-1960123792-2022915161-3775307078-1001\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • C:\msocache\all users\{90140000-0016-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %ProgramFiles(x86)%\internet explorer\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt
  • C:\recovery\1195d5a8-f371-11e4-9c00-dd3082671db2\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • C:\users\public\all_of_your_files_are_encrypted_readme.txt
  • %ALLUSERSPROFILE%\documents\all_of_your_files_are_encrypted_readme.txt
  • %ProgramFiles%\a2service\all_of_your_files_are_encrypted_readme.txt
  • C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • C:\msocache\all users\{90140000-0016-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt
  • C:\msocache\all users\{90140000-0018-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt
  • %CommonProgramFiles(x86)%\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • C:\msocache\all users\{90140000-0019-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt
  • %ProgramFiles%\a2guard\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • C:\users\public\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %ProgramFiles%\a2cmd\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %ProgramFiles%\a2scan\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %ProgramFiles%\a2service\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %ProgramFiles(x86)%\microsoft office\all_of_your_files_are_encrypted_readme.txt
  • C:\msocache\all users\{90140000-0019-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %ALLUSERSPROFILE%\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv.prplcscd_cvxcv
  • C:\msocache\all users\{90140000-0018-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %ProgramFiles%\360tray\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %ProgramFiles(x86)%\microsoft visual studio .net 2003\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • %ALLUSERSPROFILE%\adobe\arm\{291aa914-a987-4ce9-bd63-ac0a92d435e5}\all_of_your_files_are_encrypted_readme.txt
Moves the following system files
  • from %WINDIR%\bootstat.dat to %WINDIR%\bootstat.dat.prplcscd_cvxcv
  • from %WINDIR%\directx.log to %WINDIR%\directx.log.prplcscd_cvxcv
  • from %WINDIR%\dtcinstall.log to %WINDIR%\dtcinstall.log.prplcscd_cvxcv
  • from %WINDIR%\enterprise.xml to %WINDIR%\enterprise.xml.prplcscd_cvxcv
  • from %WINDIR%\ntbtlog.txt to %WINDIR%\ntbtlog.txt.prplcscd_cvxcv
  • from %WINDIR%\ocsetup_cbs_uninstall_searchengine-client-package.txt to %WINDIR%\ocsetup_cbs_uninstall_searchengine-client-package.txt.prplcscd_cvxcv
  • from %WINDIR%\ocsetup_uninstall_searchengine-client-package.etl to %WINDIR%\ocsetup_uninstall_searchengine-client-package.etl.prplcscd_cvxcv
Moves the following files
  • from <Current directory>\all_of_your_files_are_encrypted_readme.txt to <Current directory>\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\mozilla thunderbird\all_of_your_files_are_encrypted_readme.txt to %ProgramFiles(x86)%\mozilla thunderbird\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %CommonProgramFiles(x86)%\adobe\helpcfg\all_of_your_files_are_encrypted_readme.txt to %CommonProgramFiles(x86)%\adobe\helpcfg\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\google\chrome\application\42.0.2311.135\42.0.2311.135.manifest to %ProgramFiles(x86)%\google\chrome\application\42.0.2311.135\42.0.2311.135.manifest.prplcscd_cvxcv
  • from %ALLUSERSPROFILE%\microsoft help\all_of_your_files_are_encrypted_readme.txt to %ALLUSERSPROFILE%\microsoft help\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ALLUSERSPROFILE%\adobe\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv to %ALLUSERSPROFILE%\adobe\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\mozilla firefox\all_of_your_files_are_encrypted_readme.txt to %ProgramFiles(x86)%\mozilla firefox\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from C:\users\public\pictures\all_of_your_files_are_encrypted_readme.txt to C:\users\public\pictures\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\microsoft visual studio 8\all_of_your_files_are_encrypted_readme.txt to %ProgramFiles(x86)%\microsoft visual studio 8\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %CommonProgramFiles(x86)%\java\all_of_your_files_are_encrypted_readme.txt to %CommonProgramFiles(x86)%\java\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from C:\users\public\videos\all_of_your_files_are_encrypted_readme.txt to C:\users\public\videos\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from C:\users\public\recorded tv\all_of_your_files_are_encrypted_readme.txt to C:\users\public\recorded tv\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %CommonProgramFiles(x86)%\microsoft shared\information retrieval\all_of_your_files_are_encrypted_readme.txt to %CommonProgramFiles(x86)%\microsoft shared\information retrieval\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %CommonProgramFiles(x86)%\adobe\acrobat\all_of_your_files_are_encrypted_readme.txt to %CommonProgramFiles(x86)%\adobe\acrobat\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\mirc\all_of_your_files_are_encrypted_readme.txt to %ProgramFiles(x86)%\mirc\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %CommonProgramFiles(x86)%\system\all_of_your_files_are_encrypted_readme.txt to %CommonProgramFiles(x86)%\system\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ALLUSERSPROFILE%\microsoft toolkit\all_of_your_files_are_encrypted_readme.txt to %ALLUSERSPROFILE%\microsoft toolkit\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ALLUSERSPROFILE%\adobe\arm\reader_15.008.20082\all_of_your_files_are_encrypted_readme.txt to %ALLUSERSPROFILE%\adobe\arm\reader_15.008.20082\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ALLUSERSPROFILE%\mozilla\all_of_your_files_are_encrypted_readme.txt to %ALLUSERSPROFILE%\mozilla\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ALLUSERSPROFILE%\oracle\all_of_your_files_are_encrypted_readme.txt to %ALLUSERSPROFILE%\oracle\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ALLUSERSPROFILE%\microsoft\all_of_your_files_are_encrypted_readme.txt to %ALLUSERSPROFILE%\microsoft\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ProgramFiles%\a2upd\all_of_your_files_are_encrypted_readme.txt to %ProgramFiles%\a2upd\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\google\update\all_of_your_files_are_encrypted_readme.txt to %ProgramFiles(x86)%\google\update\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from C:\msocache\all users\{90140000-0044-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt to C:\msocache\all users\{90140000-0044-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\google\crashreports\all_of_your_files_are_encrypted_readme.txt to %ProgramFiles(x86)%\google\crashreports\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %CommonProgramFiles(x86)%\speechengines\all_of_your_files_are_encrypted_readme.txt to %CommonProgramFiles(x86)%\speechengines\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from C:\users\public\music\all_of_your_files_are_encrypted_readme.txt to C:\users\public\music\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\microsoft office\office14\all_of_your_files_are_encrypted_readme.txt to %ProgramFiles(x86)%\microsoft office\office14\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from C:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt to C:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %CommonProgramFiles(x86)%\steam\all_of_your_files_are_encrypted_readme.txt to %CommonProgramFiles(x86)%\steam\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from C:\msocache\all users\{90140000-00a1-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt to C:\msocache\all users\{90140000-00a1-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from C:\msocache\all users\{90140000-0043-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt to C:\msocache\all users\{90140000-0043-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %CommonProgramFiles(x86)%\microsoft shared\help\all_of_your_files_are_encrypted_readme.txt to %CommonProgramFiles(x86)%\microsoft shared\help\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\mirc\ircintro.chm to %ProgramFiles(x86)%\mirc\ircintro.chm.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\microsoft office\office10\saext.dll to %ProgramFiles(x86)%\microsoft office\office10\saext.dll.prplcscd_cvxcv
  • from %ALLUSERSPROFILE%\adobe\setup\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv to %ALLUSERSPROFILE%\adobe\setup\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv.prplcscd_cvxcv
  • from %ALLUSERSPROFILE%\adobe\arm\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv to %ALLUSERSPROFILE%\adobe\arm\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\qip 2012\unins000.msg to %ProgramFiles(x86)%\qip 2012\unins000.msg.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\msbuild\microsoft.office.infopath.targets to %ProgramFiles(x86)%\msbuild\microsoft.office.infopath.targets.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\k-lite codec pack\icons\delete.ico to %ProgramFiles(x86)%\k-lite codec pack\icons\delete.ico.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\adobe\acrobat reader dc\resource\font\adobepistd.otf to %ProgramFiles(x86)%\adobe\acrobat reader dc\resource\font\adobepistd.otf.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\microsoft analysis services\as oledb\10\cartridges\informix.xsl to %ProgramFiles(x86)%\microsoft analysis services\as oledb\10\cartridges\informix.xsl.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\microsoft analysis services\as oledb\10\cartridges\msjet.xsl to %ProgramFiles(x86)%\microsoft analysis services\as oledb\10\cartridges\msjet.xsl.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\mirc\versions.txt to %ProgramFiles(x86)%\mirc\versions.txt.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\adobe\acrobat reader dc\resource\saslprep\saslprepprofile_norm_bidi.spp to %ProgramFiles(x86)%\adobe\acrobat reader dc\resource\saslprep\saslprepprofile_norm_bidi.spp.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\mozilla thunderbird\dependentlibs.list to %ProgramFiles(x86)%\mozilla thunderbird\dependentlibs.list.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\k-lite codec pack\icons\x264vfw.ico to %ProgramFiles(x86)%\k-lite codec pack\icons\x264vfw.ico.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\microsoft office\office10\seqchk10.dll to %ProgramFiles(x86)%\microsoft office\office10\seqchk10.dll.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\k-lite codec pack\info\faq.css to %ProgramFiles(x86)%\k-lite codec pack\info\faq.css.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\microsoft analysis services\as oledb\10\cartridges\as90.xsl to %ProgramFiles(x86)%\microsoft analysis services\as oledb\10\cartridges\as90.xsl.prplcscd_cvxcv
  • from %ALLUSERSPROFILE%\adobe\arm\{291aa914-a987-4ce9-bd63-ac0a92d435e5}\all_of_your_files_are_encrypted_readme.txt to %ALLUSERSPROFILE%\adobe\arm\{291aa914-a987-4ce9-bd63-ac0a92d435e5}\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\mirc\readme.txt to %ProgramFiles(x86)%\mirc\readme.txt.prplcscd_cvxcv
  • from %ALLUSERSPROFILE%\mozilla\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv to %ALLUSERSPROFILE%\mozilla\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv.prplcscd_cvxcv
  • from %ALLUSERSPROFILE%\oracle\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv to %ALLUSERSPROFILE%\oracle\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\microsoft office\office14\authzax.dll to %ProgramFiles(x86)%\microsoft office\office14\authzax.dll.prplcscd_cvxcv
  • from C:\msocache\all users\{90140000-0117-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt to C:\msocache\all users\{90140000-0117-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ALLUSERSPROFILE%\microsoft toolkit\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv to %ALLUSERSPROFILE%\microsoft toolkit\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\k-lite codec pack\icons\config.ico to %ProgramFiles(x86)%\k-lite codec pack\icons\config.ico.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\k-lite codec pack\icaros\icaros license.txt to %ProgramFiles(x86)%\k-lite codec pack\icaros\icaros license.txt.prplcscd_cvxcv
  • from %ALLUSERSPROFILE%\microsoft help\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv to %ALLUSERSPROFILE%\microsoft help\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\microsoft analysis services\as oledb\10\cartridges\as80.xsl to %ProgramFiles(x86)%\microsoft analysis services\as oledb\10\cartridges\as80.xsl.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\mirc\mirc.chm to %ProgramFiles(x86)%\mirc\mirc.chm.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\k-lite codec pack\icaros\ffmpeg license.txt to %ProgramFiles(x86)%\k-lite codec pack\icaros\ffmpeg license.txt.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\google\chrome\application\42.0.2311.135\all_of_your_files_are_encrypted_readme.txt to %ProgramFiles(x86)%\google\chrome\application\42.0.2311.135\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ProgramFiles%\a2wizard\all_of_your_files_are_encrypted_readme.txt to %ProgramFiles%\a2wizard\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %CommonProgramFiles(x86)%\adobe\reader\all_of_your_files_are_encrypted_readme.txt to %CommonProgramFiles(x86)%\adobe\reader\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %CommonProgramFiles(x86)%\microsoft shared\dao\all_of_your_files_are_encrypted_readme.txt to %CommonProgramFiles(x86)%\microsoft shared\dao\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ALLUSERSPROFILE%\microsoft\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv to %ALLUSERSPROFILE%\microsoft\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\microsoft visual studio .net 2003\common7\all_of_your_files_are_encrypted_readme.txt to %ProgramFiles(x86)%\microsoft visual studio .net 2003\common7\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from C:\msocache\all users\{90140000-00ba-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt to C:\msocache\all users\{90140000-00ba-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from C:\msocache\all users\{90140000-0016-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt to C:\msocache\all users\{90140000-0016-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from C:\msocache\all users\{90140000-0018-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt to C:\msocache\all users\{90140000-0018-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ALLUSERSPROFILE%\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv to %ALLUSERSPROFILE%\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv.prplcscd_cvxcv
  • from C:\msocache\all users\{90140000-0019-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt to C:\msocache\all users\{90140000-0019-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from D:\$recycle.bin\s-1-5-21-1960123792-2022915161-3775307078-1001\all_of_your_files_are_encrypted_readme.txt to D:\$recycle.bin\s-1-5-21-1960123792-2022915161-3775307078-1001\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ProgramFiles%\a2service\all_of_your_files_are_encrypted_readme.txt to %ProgramFiles%\a2service\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ProgramFiles%\a2scan\all_of_your_files_are_encrypted_readme.txt to %ProgramFiles%\a2scan\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ProgramFiles%\a2cmd\all_of_your_files_are_encrypted_readme.txt to %ProgramFiles%\a2cmd\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from C:\users\public\all_of_your_files_are_encrypted_readme.txt to C:\users\public\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ProgramFiles%\a2guard\all_of_your_files_are_encrypted_readme.txt to %ProgramFiles%\a2guard\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ProgramFiles%\360tray\all_of_your_files_are_encrypted_readme.txt to %ProgramFiles%\360tray\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt to C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\internet explorer\all_of_your_files_are_encrypted_readme.txt to %ProgramFiles(x86)%\internet explorer\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %CommonProgramFiles(x86)%\all_of_your_files_are_encrypted_readme.txt to %CommonProgramFiles(x86)%\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\k-lite codec pack\all_of_your_files_are_encrypted_readme.txt to %ProgramFiles(x86)%\k-lite codec pack\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from C:\$recycle.bin\s-1-5-21-1960123792-2022915161-3775307078-1001\all_of_your_files_are_encrypted_readme.txt to C:\$recycle.bin\s-1-5-21-1960123792-2022915161-3775307078-1001\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from C:\perflogs\admin\all_of_your_files_are_encrypted_readme.txt to C:\perflogs\admin\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from C:\msocache\all users\all_of_your_files_are_encrypted_readme.txt to C:\msocache\all users\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from D:\$recycle.bin\all_of_your_files_are_encrypted_readme.txt to D:\$recycle.bin\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %WINDIR%\all_of_your_files_are_encrypted_readme.txt to %WINDIR%\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ProgramFiles%\all_of_your_files_are_encrypted_readme.txt to %ProgramFiles%\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from C:\perflogs\all_of_your_files_are_encrypted_readme.txt to C:\perflogs\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from C:\users\all_of_your_files_are_encrypted_readme.txt to C:\users\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from C:\recovery\all_of_your_files_are_encrypted_readme.txt to C:\recovery\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ALLUSERSPROFILE%\all_of_your_files_are_encrypted_readme.txt to %ALLUSERSPROFILE%\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\all_of_your_files_are_encrypted_readme.txt to %ProgramFiles(x86)%\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from C:\msocache\all_of_your_files_are_encrypted_readme.txt to C:\msocache\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from C:\$recycle.bin\all_of_your_files_are_encrypted_readme.txt to C:\$recycle.bin\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from C:\far2\all_of_your_files_are_encrypted_readme.txt to C:\far2\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from C:\totalcmd\all_of_your_files_are_encrypted_readme.txt to C:\totalcmd\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from C:\recovery\1195d5a8-f371-11e4-9c00-dd3082671db2\all_of_your_files_are_encrypted_readme.txt to C:\recovery\1195d5a8-f371-11e4-9c00-dd3082671db2\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\microsoft analysis services\all_of_your_files_are_encrypted_readme.txt to %ProgramFiles(x86)%\microsoft analysis services\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ALLUSERSPROFILE%\adobe\all_of_your_files_are_encrypted_readme.txt to %ALLUSERSPROFILE%\adobe\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\google\all_of_your_files_are_encrypted_readme.txt to %ProgramFiles(x86)%\google\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from C:\users\public\libraries\all_of_your_files_are_encrypted_readme.txt to C:\users\public\libraries\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\google\chrome\application\debug.log to %ProgramFiles(x86)%\google\chrome\application\debug.log.prplcscd_cvxcv
  • from %CommonProgramFiles(x86)%\services\all_of_your_files_are_encrypted_readme.txt to %CommonProgramFiles(x86)%\services\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %CommonProgramFiles(x86)%\microsoft shared\all_of_your_files_are_encrypted_readme.txt to %CommonProgramFiles(x86)%\microsoft shared\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %CommonProgramFiles(x86)%\px storage engine\all_of_your_files_are_encrypted_readme.txt to %CommonProgramFiles(x86)%\px storage engine\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\adobe\acrobat reader dc\all_of_your_files_are_encrypted_readme.txt to %ProgramFiles(x86)%\adobe\acrobat reader dc\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from C:\msocache\all users\{90140000-001a-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt to C:\msocache\all users\{90140000-001a-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\adobe\acrobat reader dc\readme.htm to %ProgramFiles(x86)%\adobe\acrobat reader dc\readme.htm.prplcscd_cvxcv
  • from %ALLUSERSPROFILE%\adobe\arm\all_of_your_files_are_encrypted_readme.txt to %ALLUSERSPROFILE%\adobe\arm\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ALLUSERSPROFILE%\adobe\setup\all_of_your_files_are_encrypted_readme.txt to %ALLUSERSPROFILE%\adobe\setup\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from C:\users\public\desktop\all_of_your_files_are_encrypted_readme.txt to C:\users\public\desktop\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %HOMEPATH%\all_of_your_files_are_encrypted_readme.txt to %HOMEPATH%\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from C:\users\public\favorites\all_of_your_files_are_encrypted_readme.txt to C:\users\public\favorites\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\google\chrome\application\visualelementsmanifest.xml to %ProgramFiles(x86)%\google\chrome\application\visualelementsmanifest.xml.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\microsoft office\office10\msostyle.dll to %ProgramFiles(x86)%\microsoft office\office10\msostyle.dll.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\microsoft analysis services\as oledb\10\all_of_your_files_are_encrypted_readme.txt to %ProgramFiles(x86)%\microsoft analysis services\as oledb\10\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\google\chrome\application\all_of_your_files_are_encrypted_readme.txt to %ProgramFiles(x86)%\google\chrome\application\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %CommonProgramFiles(x86)%\adobe\all_of_your_files_are_encrypted_readme.txt to %CommonProgramFiles(x86)%\adobe\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from C:\msocache\all users\{90140000-001b-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt to C:\msocache\all users\{90140000-001b-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from C:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt to C:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ProgramFiles%\a2start\all_of_your_files_are_encrypted_readme.txt to %ProgramFiles%\a2start\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from C:\users\public\downloads\all_of_your_files_are_encrypted_readme.txt to C:\users\public\downloads\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\microsoft office\office10\all_of_your_files_are_encrypted_readme.txt to %ProgramFiles(x86)%\microsoft office\office10\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from C:\users\public\documents\all_of_your_files_are_encrypted_readme.txt to C:\users\public\documents\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\google\chrome\all_of_your_files_are_encrypted_readme.txt to %ProgramFiles(x86)%\google\chrome\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\microsoft visual studio .net 2003\all_of_your_files_are_encrypted_readme.txt to %ProgramFiles(x86)%\microsoft visual studio .net 2003\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\microsoft analysis services\as oledb\all_of_your_files_are_encrypted_readme.txt to %ProgramFiles(x86)%\microsoft analysis services\as oledb\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from C:\users\default\all_of_your_files_are_encrypted_readme.txt to C:\users\default\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\microsoft office\all_of_your_files_are_encrypted_readme.txt to %ProgramFiles(x86)%\microsoft office\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ProgramFiles%\a2hijackfree\all_of_your_files_are_encrypted_readme.txt to %ProgramFiles%\a2hijackfree\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\adobe\all_of_your_files_are_encrypted_readme.txt to %ProgramFiles(x86)%\adobe\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\microsoft.net\all_of_your_files_are_encrypted_readme.txt to %ProgramFiles(x86)%\microsoft.net\all_of_your_files_are_encrypted_readme.txt.prplcscd_cvxcv
  • from %ProgramFiles(x86)%\mozilla firefox\dependentlibs.list to %ProgramFiles(x86)%\mozilla firefox\dependentlibs.list.prplcscd_cvxcv
Modifies the following files
  • D:\install.log.prplcscd_cvxcv
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\readme.htm.prplcscd_cvxcv
  • C:\far2\far.map.prplcscd_cvxcv
  • %ProgramFiles(x86)%\google\chrome\application\visualelementsmanifest.xml.prplcscd_cvxcv
  • C:\users\public\libraries\recordedtv.library-ms.prplcscd_cvxcv
  • %ProgramFiles(x86)%\google\chrome\application\debug.log.prplcscd_cvxcv
  • C:\totalcmd\no.bar.prplcscd_cvxcv
  • C:\msocache\all users\{90140000-001b-0409-1000-0000000ff1ce}-c\setup.xml.prplcscd_cvxcv
  • C:\far2\farcze.lng.prplcscd_cvxcv
  • C:\totalcmd\keyboard.txt.prplcscd_cvxcv
  • C:\totalcmd\history.txt.prplcscd_cvxcv
  • C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\office32ww.msi.prplcscd_cvxcv
  • C:\far2\clearpluginscache.cmd.prplcscd_cvxcv
  • C:\totalcmd\descript.ion.prplcscd_cvxcv
  • C:\totalcmd\default.bar.prplcscd_cvxcv
  • C:\far2\changelog_eng.prplcscd_cvxcv
  • C:\far2\changelog.prplcscd_cvxcv
  • C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\office32ww.xml.prplcscd_cvxcv
  • C:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proofing.msi.prplcscd_cvxcv
Substitutes the following files
  • %ALLUSERSPROFILE%\all_of_your_files_are_encrypted_readme.txt
  • %ALLUSERSPROFILE%\adobe\all_of_your_files_are_encrypted_readme.txt
Changes user data files extensions (Trojan.Encoder).
Network activity
Connects to
  • 'ip##pi.com':80
TCP
HTTP GET requests
  • http://ip##pi.com/line/?fi############
UDP
  • DNS ASK ip##pi.com

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play