FOR CUSTOMERS

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY
Close
Support services
Scanners
Dr.Web vxCube
Trial
VCI investigations
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Trojan.KillProc2.24981

Added to the Dr.Web virus database: 2025-07-02

Virus description added:

Technical Information

Malicious functions
Terminates or attempts to terminate
the following system processes:
  • %WINDIR%\explorer.exe
  • <SYSTEM32>\taskhost.exe
  • <SYSTEM32>\dwm.exe
the following user processes:
  • iexplore.exe
  • firefox.exe
Modifies file system
Creates the following files
  • %WINDIR%y1s2fctrp3
  • %CommonProgramFiles%\microsoft shared\gay [free] .rar.exe
  • %ProgramFiles%\dvd maker\shared\s2fkave h93bklf tsomq34 bq4kno (dxocjwba).mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\eq7k2xcxt cum nom72kl vjq39c1gwy wifey (sonja,cy4xpd).avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\beast uncut qq6w54yfhtqrbwcslg .rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\nom72kl [milf] .rar.exe
  • %ProgramFiles%\microsoft office\templates\mnho9y54 uncut titts (rdl1tfkz,2hbt8wr).mpeg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\horse hot (!) gsva2xn .mpeg.exe
  • %ProgramFiles%\windows journal\templates\yzw1afy apv53deiq9fw eigt45 (sandy,g6u8n4r).zip.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\eq7k2xcxt xakmpl mnho9y54 uncut feet b37oavmx289 (y8oxsqa).avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\black 8ok6yf mnho9y54 nom72kl (karin).rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\ l9hwcs7vvnphd9 cock .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\8r3baiec wep6b08 lpcu5ai3 7vepaqjm titts .avi.exe
  • %CommonProgramFiles(x86)%\microsoft shared\fac71w2 w6csjja14n1 gay epyxwn js80j73 .mpg.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\mzwpstr8n [free] boots .mpg.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\f07qtt porn big hole latex .zip.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\z9z7rwe bd1l5ir horse nom72kl cock .zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\horse 7vepaqjm .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\black ddqayq mnho9y54 [bangbus] cock fishy .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\black horse vjq39c1gwy glans .mpg.exe
  • %ALLUSERSPROFILE%\templates\lpcu5ai3 [free] .avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\f07qtt h93bklf sperm vjq39c1gwy lzxyhb7k (sonja,cy4xpd).rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\eq7k2xcxt xakmpl xxx bq4kno glans ash .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\fac71w2 wep6b08 gay [free] hole sweet (dxocjwba).rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\yzw1afy uncut titts wifey (jade).avi.exe
  • %ALLUSERSPROFILE%\templates\s2fkave xakmpl xxx girls glans .zip.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\upfgetx horse lpcu5ai3 7vepaqjm (sarah).mpg.exe
  • C:\users\default\appdata\local\temp\8r3baiec cum sperm sgu4m7oc feet (sonja,2hbt8wr).mpeg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\8r3baiec xakmpl nom72kl apv53deiq9fw feet .mpeg.exe
  • C:\users\default\templates\beast nom72kl .zip.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\gay ihthd33 hole .mpeg.exe
  • %TEMP%\8r3baiec porn nom72kl big ae2sd7u4xh (gina,liz).mpg.exe
  • %LOCALAPPDATA%\<INETFILES>\yzw1afy big titts .zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\black 7nd83wovj xxx big gsva2xn .zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\ hot (!) (jade).zip.exe
  • %APPDATA%\microsoft\templates\sperm l9hwcs7vvnphd9 titts ol6p1tua (liz).avi.exe
  • %APPDATA%\microsoft\windows\templates\upfgetx 7nd83wovj lpcu5ai3 7vepaqjm feet qx2j1b5 .mpg.exe
  • %APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\yzw1afy [free] glans b37oavmx289 .zip.exe
  • %APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\z9z7rwe nude lpcu5ai3 [bangbus] 779mipj .avi.exe
  • %HOMEPATH%\templates\horse apv53deiq9fw ae2sd7u4xh (rdl1tfkz,sarah).mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\f07qtt nude yzw1afy bq4kno hole hotel (g6u8n4r).mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\fac71w2 wep6b08 mnho9y54 l9hwcs7vvnphd9 gh5b6gd7wrv (sonja,jade).zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\black bd1l5ir mzwpstr8n 7vepaqjm feet js80j73 .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\mzwpstr8n uncut (y8oxsqa).rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\gay [bangbus] (dxocjwba).mpg.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\lpcu5ai3 [milf] lady (dehod0,jade).zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\f07qtt nude sperm [free] 779mipj .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\f07qtt ddqayq xxx l9hwcs7vvnphd9 hairy .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\fac71w2 xakmpl tsomq34 vjq39c1gwy glans .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\ ihthd33 hole sgoibhh .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\ [milf] js80j73 .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\nom72kl apv53deiq9fw .zip.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\horse big cock .mpg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\tsomq34 [milf] glans (rdl1tfkz,liz).avi.exe
  • %WINDIR%\assembly\temp\horse ihthd33 ol6p1tua .mpeg.exe
  • %WINDIR%\assembly\tmp\eq7k2xcxt nude mnho9y54 7vepaqjm cock boots (karin).avi.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\fac71w2 wep6b08 mnho9y54 nom72kl hole qx2j1b5 .avi.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\z9z7rwe xakmpl beast l9hwcs7vvnphd9 (cy4xpd).avi.exe
  • %WINDIR%\pla\templates\f1i7cm 8ok6yf xxx [free] ol6p1tua .avi.exe
  • %WINDIR%\security\templates\upfgetx porn ihthd33 .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\beast ihthd33 nrb42wq .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\s2fkave cum gay uncut lady .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\xxx 7vepaqjm mg9fvb2xk9 .avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\black h93bklf gay [bangbus] 50+ .avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\ [bangbus] .mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\nom72kl uncut .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\gay l9hwcs7vvnphd9 feet .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\s2fkave nude l9hwcs7vvnphd9 .mpeg.exe
  • %WINDIR%\syswow64\fxstmp\h93bklf lpcu5ai3 uncut .zip.exe
  • %WINDIR%\syswow64\ime\shared\f07qtt porn yzw1afy uncut ol6p1tua .avi.exe
  • %WINDIR%\syswow64\config\systemprofile\gzn4ud7e wep6b08 lpcu5ai3 vjq39c1gwy cock .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\upfgetx 8ok6yf mzwpstr8n epyxwn hole fw58kpr41ob1w .mpeg.exe
  • %WINDIR%\syswow64\fxstmp\eq7k2xcxt cum sperm [free] .zip.exe
  • %WINDIR%\syswow64\ime\shared\s2fkave horse yzw1afy [bangbus] (cy4xpd).zip.exe
  • %WINDIR%\temp\horse [free] cock sm .avi.exe
  • %WINDIR%\winsxs\installtemp\viaz50 xxx nom72kl (2hbt8wr).avi.exe
  • <Current directory>\sqjaed7r1vnw
  • %CommonProgramFiles%\microsoft shared\mzwpstr8n [bangbus] .zip.exe
  • %ProgramFiles%\dvd maker\shared\f07qtt wep6b08 gay vjq39c1gwy 8pfmdyy (rdl1tfkz,jade).avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\gzn4ud7e nude lpcu5ai3 nom72kl sgoibhh .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\gay bq4kno js80j73 (gina,sarah).avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\8r3baiec 7nd83wovj mzwpstr8n big 8pfmdyy .zip.exe
  • %ProgramFiles%\microsoft office\templates\nom72kl girls hole fishy (c4w8hqa).zip.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\8r3baiec 7nd83wovj sperm [milf] hotel (gina,karin).rar.exe
  • %ProgramFiles%\windows journal\templates\yzw1afy nom72kl hole .rar.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\yzw1afy apv53deiq9fw cock lady .rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\black bd1l5ir yzw1afy uncut feet ae2sd7u4xh (sarah).avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\f07qtt bd1l5ir mnho9y54 ihthd33 young (hyo87il,dxocjwba).rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\gay girls sgoibhh (gina,sarah).mpeg.exe
  • %CommonProgramFiles(x86)%\microsoft shared\horse hot (!) girly .mpg.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\ [milf] zn3tvn (sandy,karin).rar.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\s2fkave wep6b08 nom72kl [bangbus] cock rv0y8n (cy4xpd).rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\xxx hot (!) .rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\f07qtt porn xxx bq4kno titts (36mho73,cy4xpd).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\beast epyxwn feet .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\lpcu5ai3 [bangbus] sweet (sandy,2hbt8wr).mpeg.exe
  • %ALLUSERSPROFILE%\templates\lpcu5ai3 ihthd33 titts nmibe2 .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\xxx vjq39c1gwy .rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\lpcu5ai3 hot (!) titts .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\xxx 7vepaqjm hole .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\ girls titts nrb42wq (dxocjwba).zip.exe
  • %ALLUSERSPROFILE%\templates\f1i7cm horse sperm sgu4m7oc feet gh5b6gd7wrv .mpeg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\upfgetx 7nd83wovj horse 7vepaqjm glans girly .rar.exe
  • C:\users\default\appdata\local\temp\xxx ihthd33 .avi.exe
  • C:\users\default\appdata\local\<INETFILES>\yzw1afy big latex .mpeg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\black wep6b08 mzwpstr8n hot (!) (g6u8n4r).zip.exe
  • C:\users\default\templates\beast 7vepaqjm .mpeg.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\8r3baiec bd1l5ir xxx uncut balls .mpg.exe
  • %TEMP%\mzwpstr8n sgu4m7oc hole 779mipj .zip.exe
  • %LOCALAPPDATA%\<INETFILES>\mnho9y54 [free] feet gsva2xn (y8oxsqa).zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\gzn4ud7e cum mnho9y54 7vepaqjm .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\mzwpstr8n bq4kno feet nrb42wq .zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\s2fkave xakmpl lpcu5ai3 bq4kno cock .rar.exe
  • %APPDATA%\microsoft\templates\gzn4ud7e ddqayq nom72kl big young .rar.exe
  • %APPDATA%\microsoft\windows\templates\f07qtt h93bklf mzwpstr8n uncut .zip.exe
  • %APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\f07qtt 7nd83wovj nom72kl nom72kl hole gsva2xn .rar.exe
  • %APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\s2fkave wep6b08 mzwpstr8n [milf] nrb42wq (hyo87il,g6u8n4r).zip.exe
  • %HOMEPATH%\templates\gzn4ud7e cum ihthd33 mg9fvb2xk9 .mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\s2fkave w6csjja14n1 xxx uncut girly .rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\upfgetx porn nom72kl nom72kl zmc8ujp .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\f07qtt h93bklf sperm [milf] qq6w54yfhtqrbwcslg (36mho73,g6u8n4r).zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\8r3baiec bd1l5ir xxx uncut 50+ .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\mzwpstr8n uncut 6tl9zg0uqa .zip.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\tsomq34 big cock zn3tvn (g6u8n4r).mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\8r3baiec ddqayq mnho9y54 hot (!) .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\upfgetx h93bklf beast [bangbus] .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\ girls (2hbt8wr).mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\sperm big hole nrb42wq (karin).zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\fac71w2 wep6b08 mzwpstr8n nom72kl titts boots (cy4xpd).mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\eq7k2xcxt w6csjja14n1 yzw1afy nom72kl sm .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\ big latex (gina,cy4xpd).rar.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\8r3baiec xakmpl yzw1afy 7vepaqjm feet shoes .zip.exe
  • %WINDIR%\assembly\temp\s2fkave cum bq4kno .zip.exe
  • %WINDIR%\assembly\tmp\s2fkave nude lpcu5ai3 sgu4m7oc .avi.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\eq7k2xcxt h93bklf horse girls js80j73 .mpg.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\upfgetx 7nd83wovj gay uncut titts lzxyhb7k .zip.exe
  • %WINDIR%\pla\templates\f07qtt ddqayq mnho9y54 [free] cock .mpeg.exe
  • %WINDIR%\security\templates\8r3baiec h93bklf tsomq34 sgu4m7oc mg9fvb2xk9 .mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\upfgetx h93bklf beast sgu4m7oc .mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\s2fkave 7nd83wovj beast apv53deiq9fw .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\black 8ok6yf tsomq34 sgu4m7oc hole shoes .zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\eq7k2xcxt cum sperm uncut (sarah).rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\upfgetx ddqayq mzwpstr8n [free] titts girly (2hbt8wr).zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\f1i7cm ddqayq vjq39c1gwy feet (rdl1tfkz,liz).avi.exe
  • %WINDIR%\syswow64\config\systemprofile\sperm nom72kl nmibe2 .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\horse 7vepaqjm mg9fvb2xk9 (sonja,2hbt8wr).zip.exe
  • %WINDIR%\syswow64\fxstmp\bd1l5ir xxx ihthd33 zmc8ujp .avi.exe
  • %WINDIR%\syswow64\ime\shared\sperm nom72kl boots .avi.exe
  • %WINDIR%\syswow64\config\systemprofile\black ddqayq mzwpstr8n [free] .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\nom72kl [free] wifey (hyo87il,jade).avi.exe
  • %WINDIR%\syswow64\fxstmp\gay uncut .rar.exe
  • %WINDIR%\syswow64\ime\shared\eq7k2xcxt xakmpl beast uncut feet .mpeg.exe
  • %WINDIR%\temp\upfgetx h93bklf horse uncut .rar.exe
  • %WINDIR%\winsxs\installtemp\h93bklf gay [free] mg9fvb2xk9 .zip.exe
Miscellaneous
Searches for the following windows
  • ClassName: 'Progman' WindowName: ''
  • ClassName: 'Proxy Desktop' WindowName: ''
Restarts the analyzed sample
Executes the following
  • '%WINDIR%\explorer.exe'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play