FOR CUSTOMERS

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Trojan.DownLoader33.60933

Added to the Dr.Web virus database: 2020-07-08

Virus description added:

Technical Information

Malicious functions
Injects code into
the following system processes:
  • %WINDIR%\syswow64\svchost.exe
Modifies file system
Creates the following files
  • D:\program files\premiumsoft\window_cpu_version.ini
Sets the 'hidden' attribute to the following files
  • D:\program files\premiumsoft\window_cpu_version.ini
Deletes itself.
Network activity
Connects to
  • '<LOCALNET>.32.255':9871
  • '<LOCALNET>.32.94':9871
  • '<LOCALNET>.32.94':35715
  • '<LOCALNET>.32.94':64243
  • '<LOCALNET>.32.93':9871
  • '<LOCALNET>.32.93':35715
  • '<LOCALNET>.32.93':64243
  • '<LOCALNET>.32.92':9871
  • '<LOCALNET>.32.95':35715
  • '<LOCALNET>.32.95':64243
  • '<LOCALNET>.32.92':35715
  • '<LOCALNET>.32.91':35715
  • '<LOCALNET>.32.91':64243
  • '<LOCALNET>.32.90':9871
  • '<LOCALNET>.32.90':35715
  • '<LOCALNET>.32.90':64243
  • '<LOCALNET>.32.89':9871
  • '<LOCALNET>.32.89':35715
  • '<LOCALNET>.32.92':64243
  • '<LOCALNET>.32.91':9871
  • '<LOCALNET>.32.95':9871
  • '<LOCALNET>.32.96':35715
  • '<LOCALNET>.32.88':9871
  • '<LOCALNET>.32.102':64243
  • '<LOCALNET>.32.101':9871
  • '<LOCALNET>.32.101':35715
  • '<LOCALNET>.32.101':64243
  • '<LOCALNET>.32.100':9871
  • '<LOCALNET>.32.100':35715
  • '<LOCALNET>.32.100':64243
  • '<LOCALNET>.32.99':9871
  • '<LOCALNET>.32.99':35715
  • '<LOCALNET>.32.99':64243
  • '<LOCALNET>.32.98':9871
  • '<LOCALNET>.32.98':35715
  • '<LOCALNET>.32.98':64243
  • '<LOCALNET>.32.97':9871
  • '<LOCALNET>.32.97':35715
  • '<LOCALNET>.32.97':64243
  • '<LOCALNET>.32.96':9871
  • '<LOCALNET>.32.89':64243
  • '<LOCALNET>.32.102':9871
  • '<LOCALNET>.32.96':64243
  • '<LOCALNET>.32.111':35715
  • '<LOCALNET>.32.88':35715
  • '<LOCALNET>.32.80':64243
  • '<LOCALNET>.32.79':9871
  • '<LOCALNET>.32.79':35715
  • '<LOCALNET>.32.79':64243
  • '<LOCALNET>.32.78':9871
  • '<LOCALNET>.32.78':35715
  • '<LOCALNET>.32.78':64243
  • '<LOCALNET>.32.77':9871
  • '<LOCALNET>.32.77':35715
  • '<LOCALNET>.32.77':64243
  • '<LOCALNET>.32.76':9871
  • '<LOCALNET>.32.76':35715
  • '<LOCALNET>.32.76':64243
  • '<LOCALNET>.32.75':9871
  • '<LOCALNET>.32.75':35715
  • '<LOCALNET>.32.75':64243
  • '<LOCALNET>.32.74':9871
  • '<LOCALNET>.32.74':35715
  • '<LOCALNET>.32.74':64243
  • '<LOCALNET>.32.80':35715
  • '<LOCALNET>.32.103':64243
  • '<LOCALNET>.32.102':35715
  • '<LOCALNET>.32.81':35715
  • '<LOCALNET>.32.87':9871
  • '<LOCALNET>.32.87':35715
  • '<LOCALNET>.32.87':64243
  • '<LOCALNET>.32.86':9871
  • '<LOCALNET>.32.86':35715
  • '<LOCALNET>.32.86':64243
  • '<LOCALNET>.32.85':9871
  • '<LOCALNET>.32.85':35715
  • '<LOCALNET>.32.85':64243
  • '<LOCALNET>.32.84':9871
  • '<LOCALNET>.32.84':35715
  • '<LOCALNET>.32.84':64243
  • '<LOCALNET>.32.83':9871
  • '<LOCALNET>.32.83':35715
  • '<LOCALNET>.32.83':64243
  • '<LOCALNET>.32.82':9871
  • '<LOCALNET>.32.82':35715
  • '<LOCALNET>.32.82':64243
  • '<LOCALNET>.32.81':9871
  • '<LOCALNET>.32.81':64243
  • '<LOCALNET>.32.88':64243
  • '<LOCALNET>.32.103':35715
  • '<LOCALNET>.32.103':9871
  • '<LOCALNET>.32.104':64243
  • '<LOCALNET>.32.125':64243
  • '<LOCALNET>.32.124':9871
  • '<LOCALNET>.32.124':35715
  • '<LOCALNET>.32.124':64243
  • '<LOCALNET>.32.123':9871
  • '<LOCALNET>.32.123':35715
  • '<LOCALNET>.32.123':64243
  • '<LOCALNET>.32.122':9871
  • '<LOCALNET>.32.122':35715
  • '<LOCALNET>.32.122':64243
  • '<LOCALNET>.32.121':9871
  • '<LOCALNET>.32.121':35715
  • '<LOCALNET>.32.121':64243
  • '<LOCALNET>.32.120':9871
  • '<LOCALNET>.32.120':35715
  • '<LOCALNET>.32.120':64243
  • '<LOCALNET>.32.119':9871
  • '<LOCALNET>.32.126':64243
  • '<LOCALNET>.32.126':9871
  • '<LOCALNET>.32.125':35715
  • '<LOCALNET>.32.73':9871
  • '<LOCALNET>.32.119':35715
  • '<LOCALNET>.32.127':64243
  • '<LOCALNET>.32.133':64243
  • '<LOCALNET>.32.132':9871
  • '<LOCALNET>.32.132':35715
  • '<LOCALNET>.32.132':64243
  • '<LOCALNET>.32.131':9871
  • '<LOCALNET>.32.131':35715
  • '<LOCALNET>.32.131':64243
  • '<LOCALNET>.32.130':9871
  • '<LOCALNET>.32.133':35715
  • '<LOCALNET>.32.130':35715
  • '<LOCALNET>.32.129':9871
  • '<LOCALNET>.32.129':35715
  • '<LOCALNET>.32.129':64243
  • '<LOCALNET>.32.128':9871
  • '<LOCALNET>.32.128':35715
  • '<LOCALNET>.32.128':64243
  • '<LOCALNET>.32.127':9871
  • '<LOCALNET>.32.127':35715
  • '<LOCALNET>.32.130':64243
  • '<LOCALNET>.32.126':35715
  • '<LOCALNET>.32.80':9871
  • '<LOCALNET>.32.119':64243
  • '<LOCALNET>.32.118':64243
  • '<LOCALNET>.32.110':64243
  • '<LOCALNET>.32.109':9871
  • '<LOCALNET>.32.109':35715
  • '<LOCALNET>.32.109':64243
  • '<LOCALNET>.32.108':9871
  • '<LOCALNET>.32.108':35715
  • '<LOCALNET>.32.108':64243
  • '<LOCALNET>.32.107':9871
  • '<LOCALNET>.32.107':35715
  • '<LOCALNET>.32.107':64243
  • '<LOCALNET>.32.106':9871
  • '<LOCALNET>.32.106':35715
  • '<LOCALNET>.32.106':64243
  • '<LOCALNET>.32.105':9871
  • '<LOCALNET>.32.105':35715
  • '<LOCALNET>.32.105':64243
  • '<LOCALNET>.32.104':9871
  • '<LOCALNET>.32.104':35715
  • '<LOCALNET>.32.118':9871
  • '<LOCALNET>.32.110':35715
  • '<LOCALNET>.32.118':35715
  • '<LOCALNET>.32.110':9871
  • '<LOCALNET>.32.125':9871
  • '<LOCALNET>.32.117':9871
  • '<LOCALNET>.32.117':35715
  • '<LOCALNET>.32.117':64243
  • '<LOCALNET>.32.116':9871
  • '<LOCALNET>.32.116':35715
  • '<LOCALNET>.32.116':64243
  • '<LOCALNET>.32.115':9871
  • '<LOCALNET>.32.115':35715
  • '<LOCALNET>.32.115':64243
  • '<LOCALNET>.32.114':9871
  • '<LOCALNET>.32.114':35715
  • '<LOCALNET>.32.114':64243
  • '<LOCALNET>.32.113':9871
  • '<LOCALNET>.32.113':35715
  • '<LOCALNET>.32.113':64243
  • '<LOCALNET>.32.112':9871
  • '<LOCALNET>.32.112':35715
  • '<LOCALNET>.32.112':64243
  • '<LOCALNET>.32.111':9871
  • '<LOCALNET>.32.111':64243
  • '<LOCALNET>.32.50':35715
  • '<LOCALNET>.32.12':9871
  • '<LOCALNET>.32.72':9871
  • '<LOCALNET>.32.33':9871
  • '<LOCALNET>.32.33':35715
  • '<LOCALNET>.32.33':64243
  • '<LOCALNET>.32.32':9871
  • '<LOCALNET>.32.32':35715
  • '<LOCALNET>.32.32':64243
  • '<LOCALNET>.32.31':9871
  • '<LOCALNET>.32.34':35715
  • '<LOCALNET>.32.34':64243
  • '<LOCALNET>.32.31':35715
  • '<LOCALNET>.32.30':35715
  • '<LOCALNET>.32.30':64243
  • '<LOCALNET>.32.29':9871
  • '<LOCALNET>.32.29':35715
  • '<LOCALNET>.32.29':64243
  • '<LOCALNET>.32.28':9871
  • '<LOCALNET>.32.28':35715
  • '<LOCALNET>.32.31':64243
  • '<LOCALNET>.32.30':9871
  • '<LOCALNET>.32.34':9871
  • '<LOCALNET>.32.35':35715
  • '<LOCALNET>.32.27':9871
  • '<LOCALNET>.32.41':64243
  • '<LOCALNET>.32.40':9871
  • '<LOCALNET>.32.40':35715
  • '<LOCALNET>.32.40':64243
  • '<LOCALNET>.32.39':9871
  • '<LOCALNET>.32.39':35715
  • '<LOCALNET>.32.39':64243
  • '<LOCALNET>.32.38':9871
  • '<LOCALNET>.32.38':35715
  • '<LOCALNET>.32.38':64243
  • '<LOCALNET>.32.37':9871
  • '<LOCALNET>.32.37':35715
  • '<LOCALNET>.32.37':64243
  • '<LOCALNET>.32.36':9871
  • '<LOCALNET>.32.36':35715
  • '<LOCALNET>.32.36':64243
  • '<LOCALNET>.32.35':9871
  • '<LOCALNET>.32.28':64243
  • '<LOCALNET>.32.41':9871
  • '<LOCALNET>.32.35':64243
  • '<LOCALNET>.32.73':35715
  • '<LOCALNET>.32.27':35715
  • '<LOCALNET>.32.19':64243
  • '<LOCALNET>.32.18':9871
  • '<LOCALNET>.32.18':35715
  • '<LOCALNET>.32.18':64243
  • '<LOCALNET>.32.17':9871
  • '<LOCALNET>.32.17':35715
  • '<LOCALNET>.32.17':64243
  • '<LOCALNET>.32.16':9871
  • '<LOCALNET>.32.16':35715
  • '<LOCALNET>.32.16':64243
  • '<LOCALNET>.32.15':9871
  • '<LOCALNET>.32.15':35715
  • '<LOCALNET>.32.15':64243
  • '<LOCALNET>.32.14':9871
  • '<LOCALNET>.32.14':35715
  • '<LOCALNET>.32.14':64243
  • '<LOCALNET>.32.13':9871
  • '<LOCALNET>.32.13':35715
  • '<LOCALNET>.32.13':64243
  • '<LOCALNET>.32.19':35715
  • '<LOCALNET>.32.42':64243
  • '<LOCALNET>.32.41':35715
  • '<LOCALNET>.32.20':35715
  • '<LOCALNET>.32.26':9871
  • '<LOCALNET>.32.26':35715
  • '<LOCALNET>.32.26':64243
  • '<LOCALNET>.32.25':9871
  • '<LOCALNET>.32.25':35715
  • '<LOCALNET>.32.25':64243
  • '<LOCALNET>.32.24':9871
  • '<LOCALNET>.32.24':35715
  • '<LOCALNET>.32.24':64243
  • '<LOCALNET>.32.23':9871
  • '<LOCALNET>.32.23':35715
  • '<LOCALNET>.32.23':64243
  • '<LOCALNET>.32.22':9871
  • '<LOCALNET>.32.22':35715
  • '<LOCALNET>.32.22':64243
  • '<LOCALNET>.32.21':9871
  • '<LOCALNET>.32.21':35715
  • '<LOCALNET>.32.21':64243
  • '<LOCALNET>.32.20':9871
  • '<LOCALNET>.32.20':64243
  • '<LOCALNET>.32.27':64243
  • '<LOCALNET>.32.42':35715
  • '<LOCALNET>.32.42':9871
  • '<LOCALNET>.32.43':64243
  • '<LOCALNET>.32.64':64243
  • '<LOCALNET>.32.63':9871
  • '<LOCALNET>.32.63':35715
  • '<LOCALNET>.32.63':64243
  • '<LOCALNET>.32.62':9871
  • '<LOCALNET>.32.62':35715
  • '<LOCALNET>.32.62':64243
  • '<LOCALNET>.32.61':9871
  • '<LOCALNET>.32.61':35715
  • '<LOCALNET>.32.61':64243
  • '<LOCALNET>.32.60':9871
  • '<LOCALNET>.32.60':35715
  • '<LOCALNET>.32.60':64243
  • '<LOCALNET>.32.59':9871
  • '<LOCALNET>.32.59':35715
  • '<LOCALNET>.32.59':64243
  • '<LOCALNET>.32.58':9871
  • '<LOCALNET>.32.65':64243
  • '<LOCALNET>.32.65':9871
  • '<LOCALNET>.32.64':35715
  • '<LOCALNET>.32.73':64243
  • '<LOCALNET>.32.58':35715
  • '<LOCALNET>.32.66':64243
  • '<LOCALNET>.32.72':64243
  • '<LOCALNET>.32.71':9871
  • '<LOCALNET>.32.71':35715
  • '<LOCALNET>.32.71':64243
  • '<LOCALNET>.32.70':9871
  • '<LOCALNET>.32.70':35715
  • '<LOCALNET>.32.70':64243
  • '<LOCALNET>.32.69':9871
  • '<LOCALNET>.32.72':35715
  • '<LOCALNET>.32.69':35715
  • '<LOCALNET>.32.68':9871
  • '<LOCALNET>.32.68':35715
  • '<LOCALNET>.32.68':64243
  • '<LOCALNET>.32.67':9871
  • '<LOCALNET>.32.67':35715
  • '<LOCALNET>.32.67':64243
  • '<LOCALNET>.32.66':9871
  • '<LOCALNET>.32.66':35715
  • '<LOCALNET>.32.69':64243
  • '<LOCALNET>.32.65':35715
  • '<LOCALNET>.32.133':9871
  • '<LOCALNET>.32.58':64243
  • '<LOCALNET>.32.57':64243
  • '<LOCALNET>.32.49':64243
  • '<LOCALNET>.32.48':9871
  • '<LOCALNET>.32.48':35715
  • '<LOCALNET>.32.48':64243
  • '<LOCALNET>.32.47':9871
  • '<LOCALNET>.32.47':35715
  • '<LOCALNET>.32.47':64243
  • '<LOCALNET>.32.46':9871
  • '<LOCALNET>.32.46':35715
  • '<LOCALNET>.32.46':64243
  • '<LOCALNET>.32.45':9871
  • '<LOCALNET>.32.45':35715
  • '<LOCALNET>.32.45':64243
  • '<LOCALNET>.32.44':9871
  • '<LOCALNET>.32.44':35715
  • '<LOCALNET>.32.44':64243
  • '<LOCALNET>.32.43':9871
  • '<LOCALNET>.32.43':35715
  • '<LOCALNET>.32.57':9871
  • '<LOCALNET>.32.49':35715
  • '<LOCALNET>.32.57':35715
  • '<LOCALNET>.32.49':9871
  • '<LOCALNET>.32.64':9871
  • '<LOCALNET>.32.56':9871
  • '<LOCALNET>.32.56':35715
  • '<LOCALNET>.32.56':64243
  • '<LOCALNET>.32.55':9871
  • '<LOCALNET>.32.55':35715
  • '<LOCALNET>.32.55':64243
  • '<LOCALNET>.32.54':9871
  • '<LOCALNET>.32.54':35715
  • '<LOCALNET>.32.54':64243
  • '<LOCALNET>.32.53':9871
  • '<LOCALNET>.32.53':35715
  • '<LOCALNET>.32.53':64243
  • '<LOCALNET>.32.52':9871
  • '<LOCALNET>.32.52':35715
  • '<LOCALNET>.32.52':64243
  • '<LOCALNET>.32.51':9871
  • '<LOCALNET>.32.51':35715
  • '<LOCALNET>.32.51':64243
  • '<LOCALNET>.32.50':9871
  • '<LOCALNET>.32.50':64243
  • '<LOCALNET>.32.19':9871
  • '<LOCALNET>.32.134':64243
  • '<LOCALNET>.32.141':9871
  • '<LOCALNET>.32.216':9871
  • '<LOCALNET>.32.216':35715
  • '<LOCALNET>.32.216':64243
  • '<LOCALNET>.32.215':9871
  • '<LOCALNET>.32.215':35715
  • '<LOCALNET>.32.215':64243
  • '<LOCALNET>.32.214':9871
  • '<LOCALNET>.32.217':35715
  • '<LOCALNET>.32.217':64243
  • '<LOCALNET>.32.214':35715
  • '<LOCALNET>.32.213':35715
  • '<LOCALNET>.32.213':64243
  • '<LOCALNET>.32.212':9871
  • '<LOCALNET>.32.212':35715
  • '<LOCALNET>.32.212':64243
  • '<LOCALNET>.32.211':9871
  • '<LOCALNET>.32.211':35715
  • '<LOCALNET>.32.214':64243
  • '<LOCALNET>.32.213':9871
  • '<LOCALNET>.32.217':9871
  • '<LOCALNET>.32.218':35715
  • '<LOCALNET>.32.210':9871
  • '<LOCALNET>.32.224':64243
  • '<LOCALNET>.32.223':9871
  • '<LOCALNET>.32.223':35715
  • '<LOCALNET>.32.223':64243
  • '<LOCALNET>.32.222':9871
  • '<LOCALNET>.32.222':35715
  • '<LOCALNET>.32.222':64243
  • '<LOCALNET>.32.221':9871
  • '<LOCALNET>.32.221':35715
  • '<LOCALNET>.32.221':64243
  • '<LOCALNET>.32.220':9871
  • '<LOCALNET>.32.220':35715
  • '<LOCALNET>.32.220':64243
  • '<LOCALNET>.32.219':9871
  • '<LOCALNET>.32.219':35715
  • '<LOCALNET>.32.219':64243
  • '<LOCALNET>.32.218':9871
  • '<LOCALNET>.32.211':64243
  • '<LOCALNET>.32.224':9871
  • '<LOCALNET>.32.218':64243
  • '<LOCALNET>.32.233':35715
  • '<LOCALNET>.32.210':35715
  • '<LOCALNET>.32.202':64243
  • '<LOCALNET>.32.201':9871
  • '<LOCALNET>.32.201':35715
  • '<LOCALNET>.32.201':64243
  • '<LOCALNET>.32.200':9871
  • '<LOCALNET>.32.200':35715
  • '<LOCALNET>.32.200':64243
  • '<LOCALNET>.32.199':9871
  • '<LOCALNET>.32.199':35715
  • '<LOCALNET>.32.199':64243
  • '<LOCALNET>.32.198':9871
  • '<LOCALNET>.32.198':35715
  • '<LOCALNET>.32.198':64243
  • '<LOCALNET>.32.197':9871
  • '<LOCALNET>.32.197':35715
  • '<LOCALNET>.32.197':64243
  • '<LOCALNET>.32.196':9871
  • '<LOCALNET>.32.196':35715
  • '<LOCALNET>.32.196':64243
  • '<LOCALNET>.32.202':35715
  • '<LOCALNET>.32.225':64243
  • '<LOCALNET>.32.224':35715
  • '<LOCALNET>.32.203':35715
  • '<LOCALNET>.32.209':9871
  • '<LOCALNET>.32.209':35715
  • '<LOCALNET>.32.209':64243
  • '<LOCALNET>.32.208':9871
  • '<LOCALNET>.32.208':35715
  • '<LOCALNET>.32.208':64243
  • '<LOCALNET>.32.207':9871
  • '<LOCALNET>.32.207':35715
  • '<LOCALNET>.32.207':64243
  • '<LOCALNET>.32.206':9871
  • '<LOCALNET>.32.206':35715
  • '<LOCALNET>.32.206':64243
  • '<LOCALNET>.32.205':9871
  • '<LOCALNET>.32.205':35715
  • '<LOCALNET>.32.205':64243
  • '<LOCALNET>.32.204':9871
  • '<LOCALNET>.32.204':35715
  • '<LOCALNET>.32.204':64243
  • '<LOCALNET>.32.203':9871
  • '<LOCALNET>.32.203':64243
  • '<LOCALNET>.32.210':64243
  • '<LOCALNET>.32.225':35715
  • '<LOCALNET>.32.225':9871
  • '<LOCALNET>.32.226':64243
  • '<LOCALNET>.32.247':64243
  • '<LOCALNET>.32.246':9871
  • '<LOCALNET>.32.246':35715
  • '<LOCALNET>.32.246':64243
  • '<LOCALNET>.32.245':9871
  • '<LOCALNET>.32.245':35715
  • '<LOCALNET>.32.245':64243
  • '<LOCALNET>.32.244':9871
  • '<LOCALNET>.32.244':35715
  • '<LOCALNET>.32.244':64243
  • '<LOCALNET>.32.243':9871
  • '<LOCALNET>.32.243':35715
  • '<LOCALNET>.32.243':64243
  • '<LOCALNET>.32.242':9871
  • '<LOCALNET>.32.242':35715
  • '<LOCALNET>.32.242':64243
  • '<LOCALNET>.32.241':9871
  • '<LOCALNET>.32.248':64243
  • '<LOCALNET>.32.248':9871
  • '<LOCALNET>.32.247':35715
  • '<LOCALNET>.32.195':9871
  • '<LOCALNET>.32.241':35715
  • '<LOCALNET>.32.249':64243
  • '<LOCALNET>.32.255':64243
  • '<LOCALNET>.32.254':9871
  • '<LOCALNET>.32.254':35715
  • '<LOCALNET>.32.254':64243
  • '<LOCALNET>.32.253':9871
  • '<LOCALNET>.32.253':35715
  • '<LOCALNET>.32.253':64243
  • '<LOCALNET>.32.252':9871
  • '<LOCALNET>.32.255':35715
  • '<LOCALNET>.32.252':35715
  • '<LOCALNET>.32.251':9871
  • '<LOCALNET>.32.251':35715
  • '<LOCALNET>.32.251':64243
  • '<LOCALNET>.32.250':9871
  • '<LOCALNET>.32.250':35715
  • '<LOCALNET>.32.250':64243
  • '<LOCALNET>.32.249':9871
  • '<LOCALNET>.32.249':35715
  • '<LOCALNET>.32.252':64243
  • '<LOCALNET>.32.248':35715
  • '<LOCALNET>.32.202':9871
  • '<LOCALNET>.32.241':64243
  • '<LOCALNET>.32.240':64243
  • '<LOCALNET>.32.232':64243
  • '<LOCALNET>.32.231':9871
  • '<LOCALNET>.32.231':35715
  • '<LOCALNET>.32.231':64243
  • '<LOCALNET>.32.230':9871
  • '<LOCALNET>.32.230':35715
  • '<LOCALNET>.32.230':64243
  • '<LOCALNET>.32.229':9871
  • '<LOCALNET>.32.229':35715
  • '<LOCALNET>.32.229':64243
  • '<LOCALNET>.32.228':9871
  • '<LOCALNET>.32.228':35715
  • '<LOCALNET>.32.228':64243
  • '<LOCALNET>.32.227':9871
  • '<LOCALNET>.32.227':35715
  • '<LOCALNET>.32.227':64243
  • '<LOCALNET>.32.226':9871
  • '<LOCALNET>.32.226':35715
  • '<LOCALNET>.32.240':9871
  • '<LOCALNET>.32.232':35715
  • '<LOCALNET>.32.240':35715
  • '<LOCALNET>.32.232':9871
  • '<LOCALNET>.32.247':9871
  • '<LOCALNET>.32.239':9871
  • '<LOCALNET>.32.239':35715
  • '<LOCALNET>.32.239':64243
  • '<LOCALNET>.32.238':9871
  • '<LOCALNET>.32.238':35715
  • '<LOCALNET>.32.238':64243
  • '<LOCALNET>.32.237':9871
  • '<LOCALNET>.32.237':35715
  • '<LOCALNET>.32.237':64243
  • '<LOCALNET>.32.236':9871
  • '<LOCALNET>.32.236':35715
  • '<LOCALNET>.32.236':64243
  • '<LOCALNET>.32.235':9871
  • '<LOCALNET>.32.235':35715
  • '<LOCALNET>.32.235':64243
  • '<LOCALNET>.32.234':9871
  • '<LOCALNET>.32.234':35715
  • '<LOCALNET>.32.234':64243
  • '<LOCALNET>.32.233':9871
  • '<LOCALNET>.32.233':64243
  • '<LOCALNET>.32.172':35715
  • '<LOCALNET>.32.134':9871
  • '<LOCALNET>.32.194':9871
  • '<LOCALNET>.32.155':9871
  • '<LOCALNET>.32.155':35715
  • '<LOCALNET>.32.155':64243
  • '<LOCALNET>.32.154':9871
  • '<LOCALNET>.32.154':35715
  • '<LOCALNET>.32.154':64243
  • '<LOCALNET>.32.153':9871
  • '<LOCALNET>.32.156':35715
  • '<LOCALNET>.32.156':64243
  • '<LOCALNET>.32.153':35715
  • '<LOCALNET>.32.152':35715
  • '<LOCALNET>.32.152':64243
  • '<LOCALNET>.32.151':9871
  • '<LOCALNET>.32.151':35715
  • '<LOCALNET>.32.151':64243
  • '<LOCALNET>.32.150':9871
  • '<LOCALNET>.32.150':35715
  • '<LOCALNET>.32.153':64243
  • '<LOCALNET>.32.152':9871
  • '<LOCALNET>.32.156':9871
  • '<LOCALNET>.32.157':35715
  • '<LOCALNET>.32.149':9871
  • '<LOCALNET>.32.163':64243
  • '<LOCALNET>.32.162':9871
  • '<LOCALNET>.32.162':35715
  • '<LOCALNET>.32.162':64243
  • '<LOCALNET>.32.161':9871
  • '<LOCALNET>.32.161':35715
  • '<LOCALNET>.32.161':64243
  • '<LOCALNET>.32.160':9871
  • '<LOCALNET>.32.160':35715
  • '<LOCALNET>.32.160':64243
  • '<LOCALNET>.32.159':9871
  • '<LOCALNET>.32.159':35715
  • '<LOCALNET>.32.159':64243
  • '<LOCALNET>.32.158':9871
  • '<LOCALNET>.32.158':35715
  • '<LOCALNET>.32.158':64243
  • '<LOCALNET>.32.157':9871
  • '<LOCALNET>.32.150':64243
  • '<LOCALNET>.32.163':9871
  • '<LOCALNET>.32.157':64243
  • '<LOCALNET>.32.195':35715
  • '<LOCALNET>.32.149':35715
  • '<LOCALNET>.32.141':64243
  • '<LOCALNET>.32.140':9871
  • '<LOCALNET>.32.140':35715
  • '<LOCALNET>.32.140':64243
  • '<LOCALNET>.32.139':9871
  • '<LOCALNET>.32.139':35715
  • '<LOCALNET>.32.139':64243
  • '<LOCALNET>.32.138':9871
  • '<LOCALNET>.32.138':35715
  • '<LOCALNET>.32.138':64243
  • '<LOCALNET>.32.137':9871
  • '<LOCALNET>.32.137':35715
  • '<LOCALNET>.32.137':64243
  • '<LOCALNET>.32.136':9871
  • '<LOCALNET>.32.136':35715
  • '<LOCALNET>.32.136':64243
  • '<LOCALNET>.32.135':9871
  • '<LOCALNET>.32.135':35715
  • '<LOCALNET>.32.135':64243
  • '<LOCALNET>.32.141':35715
  • '<LOCALNET>.32.164':64243
  • '<LOCALNET>.32.163':35715
  • '<LOCALNET>.32.142':35715
  • '<LOCALNET>.32.148':9871
  • '<LOCALNET>.32.148':35715
  • '<LOCALNET>.32.148':64243
  • '<LOCALNET>.32.147':9871
  • '<LOCALNET>.32.147':35715
  • '<LOCALNET>.32.147':64243
  • '<LOCALNET>.32.146':9871
  • '<LOCALNET>.32.146':35715
  • '<LOCALNET>.32.146':64243
  • '<LOCALNET>.32.145':9871
  • '<LOCALNET>.32.145':35715
  • '<LOCALNET>.32.145':64243
  • '<LOCALNET>.32.144':9871
  • '<LOCALNET>.32.144':35715
  • '<LOCALNET>.32.144':64243
  • '<LOCALNET>.32.143':9871
  • '<LOCALNET>.32.143':35715
  • '<LOCALNET>.32.143':64243
  • '<LOCALNET>.32.142':9871
  • '<LOCALNET>.32.142':64243
  • '<LOCALNET>.32.149':64243
  • '<LOCALNET>.32.164':35715
  • '<LOCALNET>.32.164':9871
  • '<LOCALNET>.32.165':64243
  • '<LOCALNET>.32.186':64243
  • '<LOCALNET>.32.185':9871
  • '<LOCALNET>.32.185':35715
  • '<LOCALNET>.32.185':64243
  • '<LOCALNET>.32.184':9871
  • '<LOCALNET>.32.184':35715
  • '<LOCALNET>.32.184':64243
  • '<LOCALNET>.32.183':9871
  • '<LOCALNET>.32.183':35715
  • '<LOCALNET>.32.183':64243
  • '<LOCALNET>.32.182':9871
  • '<LOCALNET>.32.182':35715
  • '<LOCALNET>.32.182':64243
  • '<LOCALNET>.32.181':9871
  • '<LOCALNET>.32.181':35715
  • '<LOCALNET>.32.181':64243
  • '<LOCALNET>.32.180':9871
  • '<LOCALNET>.32.187':64243
  • '<LOCALNET>.32.187':9871
  • '<LOCALNET>.32.186':35715
  • '<LOCALNET>.32.195':64243
  • '<LOCALNET>.32.180':35715
  • '<LOCALNET>.32.188':64243
  • '<LOCALNET>.32.194':64243
  • '<LOCALNET>.32.193':9871
  • '<LOCALNET>.32.193':35715
  • '<LOCALNET>.32.193':64243
  • '<LOCALNET>.32.192':9871
  • '<LOCALNET>.32.192':35715
  • '<LOCALNET>.32.192':64243
  • '<LOCALNET>.32.191':9871
  • '<LOCALNET>.32.194':35715
  • '<LOCALNET>.32.191':35715
  • '<LOCALNET>.32.190':9871
  • '<LOCALNET>.32.190':35715
  • '<LOCALNET>.32.190':64243
  • '<LOCALNET>.32.189':9871
  • '<LOCALNET>.32.189':35715
  • '<LOCALNET>.32.189':64243
  • '<LOCALNET>.32.188':9871
  • '<LOCALNET>.32.188':35715
  • '<LOCALNET>.32.191':64243
  • '<LOCALNET>.32.187':35715
  • '<LOCALNET>.32.134':35715
  • '<LOCALNET>.32.180':64243
  • '<LOCALNET>.32.179':64243
  • '<LOCALNET>.32.171':64243
  • '<LOCALNET>.32.170':9871
  • '<LOCALNET>.32.170':35715
  • '<LOCALNET>.32.170':64243
  • '<LOCALNET>.32.169':9871
  • '<LOCALNET>.32.169':35715
  • '<LOCALNET>.32.169':64243
  • '<LOCALNET>.32.168':9871
  • '<LOCALNET>.32.168':35715
  • '<LOCALNET>.32.168':64243
  • '<LOCALNET>.32.167':9871
  • '<LOCALNET>.32.167':35715
  • '<LOCALNET>.32.167':64243
  • '<LOCALNET>.32.166':9871
  • '<LOCALNET>.32.166':35715
  • '<LOCALNET>.32.166':64243
  • '<LOCALNET>.32.165':9871
  • '<LOCALNET>.32.165':35715
  • '<LOCALNET>.32.179':9871
  • '<LOCALNET>.32.171':35715
  • '<LOCALNET>.32.179':35715
  • '<LOCALNET>.32.171':9871
  • '<LOCALNET>.32.186':9871
  • '<LOCALNET>.32.178':9871
  • '<LOCALNET>.32.178':35715
  • '<LOCALNET>.32.178':64243
  • '<LOCALNET>.32.177':9871
  • '<LOCALNET>.32.177':35715
  • '<LOCALNET>.32.177':64243
  • '<LOCALNET>.32.176':9871
  • '<LOCALNET>.32.176':35715
  • '<LOCALNET>.32.176':64243
  • '<LOCALNET>.32.175':9871
  • '<LOCALNET>.32.175':35715
  • '<LOCALNET>.32.175':64243
  • '<LOCALNET>.32.174':9871
  • '<LOCALNET>.32.174':35715
  • '<LOCALNET>.32.174':64243
  • '<LOCALNET>.32.173':9871
  • '<LOCALNET>.32.173':35715
  • '<LOCALNET>.32.173':64243
  • '<LOCALNET>.32.172':9871
  • '<LOCALNET>.32.172':64243
  • '<LOCALNET>.32.12':35715
Miscellaneous
Executes the following
  • '%WINDIR%\syswow64\svchost.exe' E65738E47A9883FF101213047EF60978E85FD63959B6DB55B9CE3142C0464E4CC2C0463FB1D1322B6ED44525CF76D1C546FF339D34594AFC57F45EFD29D40B4F3259FE21BE05533D6D9ABA699D4EF16182B394FB558FCA7FD63161F12ED072D30...
  • '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "%WINDIR%\syswow64\svchost.exe"

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Dr.Web © Doctor Web
2003 — 2022

Doctor Web is a cybersecurity company focused on threat detection, prevention and response technologies