FOR CUSTOMERS

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY
Close
Support services
Scanners
Dr.Web vxCube
Trial
VCI investigations
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Trojan.Fakealert.56645

Added to the Dr.Web virus database: 2016-10-19

Virus description added:

Technical Information

To ensure autorun and distribution:
Modifies the following registry keys:
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '<File name>.exe' = '<SYSTEM32>\<File name>.exe'
Modifies file system:
Creates the following files:
  • %WINDIR%\4895spazse2500.exe
  • %WINDIR%\59595pambo95zd.bin
  • <SYSTEM32>\352b9h5ez2848.cpl
  • <SYSTEM32>\91538hzckt5ol2c7.dll
  • <SYSTEM32>\19759viru915dz.exe
  • %WINDIR%\53147t9oj7zd.cpl
  • <SYSTEM32>\1205695ojzdb.exe
  • <SYSTEM32>\53bds9eaz1755.bin
  • <SYSTEM32>\21956not-z-vi9us556.cpl
  • <SYSTEM32>\58d9sparze5935.exe
  • %WINDIR%\5095s5za9778.dll
  • %WINDIR%\15c9azdware1946.ocx
  • %WINDIR%\4d99t9ief605z.exe
  • <SYSTEM32>\65bfst9alz06.bin
  • <SYSTEM32>\25c09hrea5z5795.bin
  • %WINDIR%\3b52spy9arz356.bin
  • <SYSTEM32>\547f9azk5oor61.ocx
  • %WINDIR%\25eespywa95z987.exe
  • %WINDIR%\31566hazk5ool298.bin
  • <SYSTEM32>\492b9oznloa5er123.bin
  • <SYSTEM32>\6309spy5c2z.cpl
  • <SYSTEM32>\149695y4ez.cpl
  • %WINDIR%\11854spamb9t3z5.dll
  • <SYSTEM32>\9957viru925z.ocx
  • <SYSTEM32>\27230ha59tozlb5.bin
  • %WINDIR%\1z509hreat25674.ocx
  • <SYSTEM32>\6435zparse29435.bin
  • %WINDIR%\122335acktoolz49.dll
  • <SYSTEM32>\22bb9zief585.cpl
  • <SYSTEM32>\12z5not-a-vi5u95e2.cpl
  • %WINDIR%\69a1spy5are940z.exe
  • %WINDIR%\1959vir9z47a.ocx
  • <SYSTEM32>\59365spy51z.dll
  • %WINDIR%\4bb7spars51z92.dll
  • <SYSTEM32>\59559zy259.ocx
  • %WINDIR%\33c5addware9z3.bin
  • <SYSTEM32>\5345zownloader9365.bin
  • %WINDIR%\16855t9oj3zb.exe
  • <SYSTEM32>\10629z9oj67c5.exe
  • <SYSTEM32>\59973h9cktooz1de.exe
  • %WINDIR%\598zthreat19758.ocx
  • %WINDIR%\4f9aspazse2560.exe
  • <SYSTEM32>\6c53downloa9erz235.dll
  • <SYSTEM32>\1014z9irus6e55.bin
  • %WINDIR%\5e9azd9war53200.bin
  • <SYSTEM32>\12d9bazkdoor1835.cpl
  • <SYSTEM32>\2657zvi9us252.cpl
  • <SYSTEM32>\5eczspars92511.bin
  • %WINDIR%\3z90v5ru9395.cpl
  • <SYSTEM32>\19666wz9m195.bin
  • <SYSTEM32>\283275ot-a-v9ruz54c.bin
  • <SYSTEM32>\52ab95reat7391z.bin
  • <SYSTEM32>\26795cktoolzc1.dll
  • <SYSTEM32>\z0d2ba5kdoor13999.dll
  • <SYSTEM32>\7925hzef2821.exe
  • %WINDIR%\z976spa5se2541.ocx
  • %WINDIR%\5fb8spars52921z.ocx
  • <SYSTEM32>\239359iruz247.dll
  • %WINDIR%\30eazpy9are1526.dll
  • %WINDIR%\7cd9bac5dozr1981.ocx
  • %WINDIR%\35d39ir2445z.ocx
  • <SYSTEM32>\15cbzparse1969.ocx
  • <SYSTEM32>\ce8tz5e9t3617.cpl
  • %WINDIR%\55b4sz9al1044.ocx
  • %WINDIR%\11259ot-a-virusz85.cpl
  • <SYSTEM32>\6178ba5kdz9r2556.exe
  • <SYSTEM32>\19d6spyware925z.cpl
  • %WINDIR%\5f89ad9ware166z.cpl
  • %WINDIR%\35c59hreat3043z.cpl
  • %WINDIR%\25515pazse1093.ocx
  • <SYSTEM32>\17130not5a-v9zus4c0.bin
  • <SYSTEM32>\295not-azvi5us14f9.cpl
  • <SYSTEM32>\1955zs9y6bb.bin
  • <SYSTEM32>\25990troz3cb.bin
  • %WINDIR%\7633notza-5ir9s347.bin
  • %WINDIR%\13895spa5bot1e6z.dll
  • %WINDIR%\91ztr95729.cpl
  • <SYSTEM32>\27ebb5ck9zor1483.exe
  • %WINDIR%\47995pzware1025.ocx
  • <SYSTEM32>\509czhreat15027.bin
  • %WINDIR%\640s9e5l2z63.ocx
  • %WINDIR%\6z14steal195.ocx
  • <SYSTEM32>\59fe5ddzare3110.ocx
  • %WINDIR%\1z791sp5663.bin
  • <SYSTEM32>\ze8c9ir5363.ocx
  • %WINDIR%\1266spam9otzc45.bin
  • <SYSTEM32>\53b35iz9439.cpl
  • %WINDIR%\443cspzrs95093.exe
  • %WINDIR%\5358azdware1095.cpl
  • <SYSTEM32>\4924addw9re5932z.ocx
  • <SYSTEM32>\3z135virus695.bin
  • %WINDIR%\15899wzrm5d.bin
  • <SYSTEM32>\52290trzj999.cpl
  • %WINDIR%\74495dzware2058.exe
  • <SYSTEM32>\2z838v9rus315.cpl
  • %WINDIR%\25z9download5r1936.ocx
  • <SYSTEM32>\59c5addwarz982.cpl
  • <SYSTEM32>\z2754s95mbot8d.exe
  • %WINDIR%\6c0dzpar9e25475.ocx
  • <SYSTEM32>\7305vir25z19.ocx
  • %WINDIR%\18613sz5mbot699.bin
  • %WINDIR%\15822z9oj589.dll
  • <SYSTEM32>\5519t9r5at41z2.ocx
  • %WINDIR%\19359szy50a.bin
  • <SYSTEM32>\7z59thief2188.exe
  • <SYSTEM32>\11549zpambot49c5.dll
  • %WINDIR%\1z10vi95526.dll
  • <SYSTEM32>\93d5dowzloader2083.bin
  • <SYSTEM32>\1d89zddware2587.ocx
  • <SYSTEM32>\3409tr5j695z.exe
  • <SYSTEM32>\255zdownl9ader2426.dll
  • %WINDIR%\5b07do9nzoader23195.exe
  • %WINDIR%\1379not-a-v9r5szfd.dll
  • <SYSTEM32>\2ac55tea9223z.bin
  • <SYSTEM32>\788bba9kzoo51952.ocx
  • %WINDIR%\29925aczdoor1103.ocx
  • %WINDIR%\51529i5uz65.exe
  • <SYSTEM32>\98e35hreat256z8.bin
  • %WINDIR%\4433do5nl9ader3111z.exe
  • <SYSTEM32>\905865rzj406.dll
  • <SYSTEM32>\24497s5amzot9a5.cpl
  • <SYSTEM32>\4z47spyware9595.bin
  • <SYSTEM32>\1218t9ief9z5.cpl
  • <SYSTEM32>\1z601wo5m97e.cpl
  • <SYSTEM32>\12829noz-59virus36f.exe
  • %WINDIR%\355adownz9ader165.cpl
  • <SYSTEM32>\16z2b9ckdoor28825.bin
  • %WINDIR%\1629vir5709z.ocx
  • <SYSTEM32>\2z5579acktool31e.bin
  • %WINDIR%\97d6addwa5e1146z.exe
  • %WINDIR%\55a4baczdoor9652.dll
  • <SYSTEM32>\6820ba9zdo5r1107.cpl
  • %WINDIR%\454z5py3fe9.exe
  • %WINDIR%\13z90s5am9ot433.cpl
  • %WINDIR%\96cbackdoor856z.bin
  • <SYSTEM32>\7882v59uz425.bin
  • <SYSTEM32>\z9296no5-a-virus459.ocx
  • %WINDIR%\31731n5tz9-virus125.bin
  • <SYSTEM32>\6035wo9mz4.exe
  • <SYSTEM32>\7c4fth5z9t26315.ocx
  • %WINDIR%\2197ztr5j294.exe
  • <SYSTEM32>\54b5steal90z4.exe
  • %WINDIR%\5325zteal24809.dll
  • %WINDIR%\4z21a5dware26199.ocx
  • <SYSTEM32>\2f1zs5eal2695.exe
  • %WINDIR%\341znot-a-v9rus15a.cpl
  • <SYSTEM32>\9497zvi5us65d.bin
  • <SYSTEM32>\98856spzmbot31f.dll
  • %WINDIR%\15441tr9j3fez.exe
  • %WINDIR%\27596spy675z.dll
  • <SYSTEM32>\79a5zparse2094.exe
  • %WINDIR%\48ba5py9aze983.ocx
  • <SYSTEM32>\6515addwzre1695.exe
  • <SYSTEM32>\6195s9eal115z.bin
  • <SYSTEM32>\90czthr5at27417.bin
  • %WINDIR%\zaa7s5eal2619.exe
  • <SYSTEM32>\21439zoj5e35.ocx
  • <SYSTEM32>\z3856not9a-virus7d5.bin
  • <SYSTEM32>\15735spa5b9z3b1.dll
  • <SYSTEM32>\7z23h5cktool93e.ocx
  • <SYSTEM32>\e7e9ownloader156z.ocx
  • <SYSTEM32>\211845pyzd69.bin
  • %WINDIR%\7ad2t5ief93z2.dll
  • %WINDIR%\6635addw9rez532.ocx
  • <SYSTEM32>\55539roj51fz.bin
  • %WINDIR%\23ebzddwar59989.bin
  • <SYSTEM32>\54d3sp9zse1288.exe
  • %WINDIR%\5345vir245z9.dll
  • <SYSTEM32>\11006n9tza-vi5us6f6.bin
  • %WINDIR%\6z53thi9f1951.exe
  • <SYSTEM32>\5869spye2z.ocx
  • <SYSTEM32>\1b01zpars95605.cpl
  • <SYSTEM32>\z085sparse2829.ocx
  • <SYSTEM32>\7858a9dwaze1563.dll
  • %WINDIR%\29795trzj60b5.bin
  • <SYSTEM32>\3z735wor94fb.ocx
  • %WINDIR%\zb8av5r1992.dll
  • <SYSTEM32>\25493t5oj5z9.dll
  • <SYSTEM32>\7202downzo95er60.ocx
  • %WINDIR%\71d2s9yza5e1615.ocx
  • <SYSTEM32>\29937troz51e.ocx
  • <SYSTEM32>\29bdzhreat80145.ocx
  • <SYSTEM32>\2af4b5ckdooz7489.ocx
  • <SYSTEM32>\5231hackzo9l7b4.cpl
  • <SYSTEM32>\78zdt9rea51530.exe
  • <SYSTEM32>\25f5a9zware2049.bin
  • %WINDIR%\8z59sp539d.cpl
  • <SYSTEM32>\6z505pamb9t2ab.bin
  • %WINDIR%\7e345zeal5669.cpl
  • %WINDIR%\1550downloa5zr999.exe
  • <SYSTEM32>\7fe2a9dwz5e110.bin
  • <SYSTEM32>\27358viz9s7b4.exe
  • <SYSTEM32>\1951zhacktool5c8.ocx
  • <SYSTEM32>\196eviz535.ocx
  • %WINDIR%\15efthizf1309.exe
  • %WINDIR%\1599vir4z5.exe
  • <SYSTEM32>\4ac5ba9kdoor55z.bin
  • <SYSTEM32>\z63a9ddware23935.bin
  • <SYSTEM32>\373a9ddwz5e667.cpl
  • <SYSTEM32>\296zt5al2471.bin
  • %WINDIR%\6b0z95ief3107.ocx
  • <SYSTEM32>\858z9roj430.bin
  • %WINDIR%\285095ozm2a8.dll
  • %WINDIR%\25863zp9355.exe
  • <SYSTEM32>\1258zackdoor9779.bin
  • %WINDIR%\197325pz2399.exe
  • <SYSTEM32>\35567hacktool7c9z.dll
  • <SYSTEM32>\6962s5ambzt8.cpl
  • <SYSTEM32>\9z326spy515.cpl
  • %WINDIR%\559569py2a3z.exe
  • %WINDIR%\239885pazb9t7ae.bin
  • <SYSTEM32>\36195pyw9re93z.cpl
  • <SYSTEM32>\9adzvi51419.cpl
  • %WINDIR%\70e9azdw5re460.exe
  • %WINDIR%\139f9zreat27853.dll
  • <SYSTEM32>\2515thi9z597.bin
  • <SYSTEM32>\55czs9eal2653.dll
  • %WINDIR%\4922downzoader2975.ocx
  • %WINDIR%\z995spa5bot1a9.cpl
  • <SYSTEM32>\z8953hacktool15c.dll
  • %WINDIR%\3ebzdownload592893.cpl
  • %WINDIR%\32595hacktzol589.exe
  • %WINDIR%\6687wo5m997z.cpl
  • <SYSTEM32>\5412h9ck5zol3ae.ocx
  • %WINDIR%\4z81stea9625.dll
  • %WINDIR%\182435ot-z-vir9s11b.dll
  • %WINDIR%\576539zoj2b9.bin
  • <SYSTEM32>\15z70s9y5f5.dll
  • %WINDIR%\915bsteal329z.bin
  • %WINDIR%\z0255t95j6c0.cpl
  • %WINDIR%\279fdow9loadez25955.exe
  • %WINDIR%\791zdow5loader2960.dll
  • %WINDIR%\2481zt9oj54b.cpl
  • %WINDIR%\6z855irus9c5.dll
  • %WINDIR%\28759zro594e.exe
  • <SYSTEM32>\15e3spyware3194z.dll
  • %WINDIR%\35ebzp5rs9207.cpl
  • <SYSTEM32>\596dsteal715z.dll
  • <SYSTEM32>\zb56thief9046.exe
  • %WINDIR%\63z45pa9se787.dll
  • <SYSTEM32>\152z5virus759.dll
  • %WINDIR%\5725z5amb9t13.exe
  • %WINDIR%\6cd0addwa9e995z.exe
  • %WINDIR%\35965zckdoo93009.bin
  • %WINDIR%\3c6adownload5r2944z.exe
  • %WINDIR%\5b96v5z2996.ocx
  • %WINDIR%\2935b5ckdoorz617.ocx
  • <SYSTEM32>\3815w9rm13z.exe
  • %WINDIR%\e09th5zf1589.dll
  • %WINDIR%\7925wor5604z.exe
  • %WINDIR%\6732hazktool9055.ocx
  • <SYSTEM32>\299c5zr2422.ocx
  • %WINDIR%\7zd4s5a9se2251.cpl
  • <SYSTEM32>\15629t5oz7d1.exe
  • <SYSTEM32>\zd259ir189.ocx
  • <SYSTEM32>\76zbdown95ader345.exe
  • <SYSTEM32>\11290v5zus57a.exe
  • %WINDIR%\2z5e5parse32219.bin
  • <SYSTEM32>\658sp9rz51357.exe
  • %WINDIR%\956azdware1423.bin
  • %WINDIR%\15432not9a-vi5uz6c1.bin
  • <SYSTEM32>\5411s9eal967z.dll
  • <SYSTEM32>\93b5sza5se339.exe
  • %WINDIR%\z594backdoor7869.bin
  • <SYSTEM32>\1391zsp59bot203.exe
  • <SYSTEM32>\1z850s9y73a.bin
  • %WINDIR%\9f79thze52054.bin
  • <SYSTEM32>\29zeth9ef5249.dll
  • %WINDIR%\z25999irus7a4.bin
  • %WINDIR%\z98729orm457.ocx
  • <SYSTEM32>\59z8th9ef7185.ocx
  • %WINDIR%\70bf59ywaze994.bin
  • %WINDIR%\11723nzt-a-viru965b.bin
  • %WINDIR%\5d3zthi95746.cpl
  • %WINDIR%\951dthreat25z60.exe
  • %WINDIR%\8425hack9zol543.dll
  • %WINDIR%\16908zp543b.exe
  • %WINDIR%\48559pambot5z8.dll
  • %WINDIR%\2cz9thie91058.ocx
  • <SYSTEM32>\5ac7vzr2559.exe
  • <SYSTEM32>\9a1threatz08155.bin
  • %WINDIR%\2cb7d5wnloaz9r327.cpl
  • %WINDIR%\745cz5arse2996.dll
  • <SYSTEM32>\1508vir2691z.dll
  • %WINDIR%\10905s955a8z.ocx
  • %WINDIR%\297z6worm935.cpl
  • %WINDIR%\13252noz-a-9irus6915.dll
  • %WINDIR%\5995troj3f9z.dll
  • <SYSTEM32>\3eazspywar953.ocx
  • <SYSTEM32>\92700spy358z.dll
  • <SYSTEM32>\9382zpy759.bin
  • %WINDIR%\19039sp5m9otzc8.exe
  • <SYSTEM32>\4946vzr5055.exe
  • <SYSTEM32>\91adspywaze75.dll
  • %WINDIR%\za3ft5reat5991.exe
  • <SYSTEM32>\10949zackto9l65f.cpl
  • %WINDIR%\53e8tzreat18191.cpl
  • %WINDIR%\22713vzrus295.bin
  • %WINDIR%\7597sparze9045.ocx
  • <SYSTEM32>\z5500not-a5virus493.ocx
  • <SYSTEM32>\220655zrus59d.bin
  • %WINDIR%\2e55backdooz2409.cpl
  • %WINDIR%\7527d5wnl9ader291z.ocx
  • %WINDIR%\1a9e5ir14z0.dll
  • <SYSTEM32>\54509parse555z.dll
  • <SYSTEM32>\12645vi9zs5af.exe
  • %WINDIR%\1zd4ba5kdoor209.exe
  • <SYSTEM32>\1575dow5zoader9799.cpl
  • %WINDIR%\21628vi95sb2z.exe
  • <SYSTEM32>\5z159teal3072.bin
  • %WINDIR%\55zf9ownloader155.exe
  • %WINDIR%\664dspy5arez982.cpl
  • %WINDIR%\46z5virus7669.dll
  • %WINDIR%\4dc3zhief92795.dll
  • <SYSTEM32>\12z5dow9loader2106.exe
  • <SYSTEM32>\8459spamboze2.dll
  • %WINDIR%\651dtzi9f3128.cpl
  • <SYSTEM32>\9650stealz54.dll
  • <SYSTEM32>\59c95hreatz4075.bin
  • <SYSTEM32>\5755v9r1z25.bin
  • <SYSTEM32>\596faddzar91537.bin
  • <SYSTEM32>\z745spars9420.ocx
  • <SYSTEM32>\93a4s5ealz021.ocx
  • <SYSTEM32>\5c9ddz5nloader1599.dll
  • %WINDIR%\1922spywa5e74z9.bin
  • <SYSTEM32>\45679orm4daz.dll
  • %WINDIR%\11a4s5arsz1962.dll
  • %WINDIR%\1cezst9a53133.cpl
  • <SYSTEM32>\19959no9-a-viz5s4f7.dll
  • <SYSTEM32>\24524zp5m9ot7fb.ocx
  • <SYSTEM32>\5a7fthzef22029.exe
  • <SYSTEM32>\12823zr5j439.exe
  • %WINDIR%\31795hackto5lz60.exe
  • %WINDIR%\za57addwa5e809.ocx
  • <SYSTEM32>\19952not-z-vir9s787.cpl
  • <SYSTEM32>\1z731viru57ea9.dll
  • %WINDIR%\9740thie5z140.ocx
  • %WINDIR%\15537spa59otz12.dll
  • %WINDIR%\55469pyzare1137.bin
  • %WINDIR%\2e0backzoor9055.bin
  • %WINDIR%\5ebda5d9arez70.dll
  • %WINDIR%\6645spzware1092.exe
  • <SYSTEM32>\435st59z2863.cpl
  • %WINDIR%\61f6spywzre26579.bin
  • <SYSTEM32>\6b79spyware2z925.cpl
  • %WINDIR%\19251viruszf.bin
  • <SYSTEM32>\14567not-a-vzrus749.exe
  • %WINDIR%\15z04t9oj5495.bin
  • %WINDIR%\30743nz5-a-virus469.ocx
  • <SYSTEM32>\12z17not-5-virus93.ocx
  • %WINDIR%\c9bzt9al5765.cpl
  • <SYSTEM32>\514z69roj90.dll
  • %WINDIR%\6f58thrzat110439.cpl
  • <SYSTEM32>\250z7sp9445.bin
  • <SYSTEM32>\5ad25tza9741.ocx
  • <SYSTEM32>\55a5downzoader897.bin
  • <SYSTEM32>\2411z5i9us669.cpl
  • <SYSTEM32>\98ztro5627.exe
  • %WINDIR%\66879iz4065.ocx
  • %WINDIR%\9d3a5pzrse1155.exe
  • <SYSTEM32>\18z94t5oj692.dll
  • %WINDIR%\z5890viru949e.exe
  • <SYSTEM32>\499downloade524z9.ocx
  • <SYSTEM32>\z83downloade91751.cpl
  • %WINDIR%\2335not-a9zirus6a9.exe
  • %WINDIR%\c845ow9loazer921.dll
  • <SYSTEM32>\3730spywar5984z.cpl
  • %WINDIR%\25589ot-a-virzs50d.ocx
  • <SYSTEM32>\66z95py.bin
  • <SYSTEM32>\z659spambot399.dll
  • <SYSTEM32>\4z51threat3099.ocx
  • <SYSTEM32>\z4582vi5us39a.ocx
  • %WINDIR%\118865irusze49.ocx
  • %WINDIR%\190dback5oorz121.cpl
  • <SYSTEM32>\5398stza53173.cpl
  • %WINDIR%\1z944n5t-a-virus66c.dll
  • <SYSTEM32>\19166spambot565z.dll
  • <SYSTEM32>\54071sp9mbotz9e.bin
  • <SYSTEM32>\891ziru5359.dll
  • %WINDIR%\9161zr5j701.ocx
  • %WINDIR%\z29dd5w9loader3170.ocx
  • <SYSTEM32>\5943zor9294.bin
  • %WINDIR%\9d61addw5re7z1.ocx
  • <SYSTEM32>\55145pywzre965.cpl
  • <SYSTEM32>\14z6not59-virus12b.exe
  • <SYSTEM32>\555fadd9are23z7.cpl
  • %WINDIR%\4692s9ez52696.ocx
  • <SYSTEM32>\3854thzef394.dll
  • <SYSTEM32>\597czpyware1991.cpl
  • <SYSTEM32>\5af5bzckdo5r2694.ocx
  • <SYSTEM32>\536czd9ware1651.exe
  • %WINDIR%\3cd5sparsz9094.exe
  • %WINDIR%\1092sp5rze2549.ocx
  • <SYSTEM32>\629zspars52622.cpl
  • <SYSTEM32>\57859not-azvir9s47c.dll
  • %WINDIR%\9a6edow5zoader3176.bin
  • %WINDIR%\9078no95a-zirus5e3.bin
  • %WINDIR%\135979pambotz52.dll
  • <SYSTEM32>\z1f6b5ck9oor1154.exe
  • %WINDIR%\13479h5c9tozl14f.exe
  • <SYSTEM32>\94172spamzot159.bin
  • %WINDIR%\90755pazbot759.dll
  • %WINDIR%\z2729vir5s501.dll
  • %WINDIR%\7539zh9e52199.ocx
  • %WINDIR%\57afs9ealz8225.ocx
  • <SYSTEM32>\7bz4th9e52417.ocx
  • <SYSTEM32>\76z5th9ef407.cpl
  • <SYSTEM32>\19902zi5us11e.dll
  • %WINDIR%\679dthreatz445.cpl
  • %WINDIR%\7257worm598z.bin
  • <SYSTEM32>\5z500tr9j1e9.ocx
  • <SYSTEM32>\25425tr5j9z8.dll
  • %WINDIR%\70baspywaze99525.bin
  • <SYSTEM32>\44b2t5iez15019.exe
  • <SYSTEM32>\12783hazktool4975.cpl
  • %WINDIR%\62cab5ckdoor949z.dll
  • <SYSTEM32>\7azdow9l5ader1824.ocx
  • <SYSTEM32>\z54backd5or9899.bin
  • %WINDIR%\2z925troj4b9.dll
  • <SYSTEM32>\29919szambot465.bin
  • %WINDIR%\9101th5eat28745z.exe
  • <SYSTEM32>\3151not9a-virusz45.dll
  • %WINDIR%\557viz9879.dll
  • <SYSTEM32>\6594spyware3259z.dll
  • %WINDIR%\17z7th9ef1825.cpl
  • <SYSTEM32>\59aestezl559.cpl
  • %WINDIR%\17969no9-a-zir5s284.ocx
  • %WINDIR%\2b3a9pywarez159.bin
  • %WINDIR%\z3972w59m23f.ocx
  • %WINDIR%\39225vzru5664.ocx
  • <SYSTEM32>\9d25zir15605.ocx
  • %WINDIR%\30817no5za-vir9s774.bin
  • %WINDIR%\zf58spywar9595.bin
  • <SYSTEM32>\45769zief2084.exe
  • <SYSTEM32>\15a09ddware150z.dll
  • %WINDIR%\2913hzcktool553.exe
  • <SYSTEM32>\18435sp939z.ocx
  • <SYSTEM32>\395addware3z35.exe
  • %WINDIR%\35295h9zf1102.ocx
  • <SYSTEM32>\z30s59mbot175.cpl
  • <SYSTEM32>\12088sz9m5ot68f.bin
  • %WINDIR%\5ad9ba9kdozr2574.dll
  • <SYSTEM32>\1b04spars9155z.cpl
  • <SYSTEM32>\755at9iez867.cpl
  • <SYSTEM32>\29506not-z5virus1df9.ocx
  • %WINDIR%\2f4bdownload5r2z259.cpl
  • <SYSTEM32>\67d6baczd9or3555.exe
  • <SYSTEM32>\24439not-a-vizu537d.bin
  • <SYSTEM32>\22dzba5kdoor2938.dll
  • <SYSTEM32>\141caz9ware3057.cpl
  • %WINDIR%\7539sz536c.bin
  • %WINDIR%\786back9zo52375.dll
  • %WINDIR%\zff1spyw9re12805.exe
  • <SYSTEM32>\7584z5r9214.exe
  • <SYSTEM32>\a96backdoor1z57.bin
  • <SYSTEM32>\15625zam9ot262.exe
  • %WINDIR%\1z9fsteal2582.ocx
  • %WINDIR%\11905sp5333z.bin
  • <SYSTEM32>\6e9zbackdoor23245.cpl
  • %WINDIR%\2z9d5parse1836.ocx
  • %WINDIR%\7f5ez9ckdoor2555.cpl
  • %WINDIR%\1724viz9517.cpl
  • <SYSTEM32>\16539spazbot5d49.cpl
  • <SYSTEM32>\5f90backzoor1785.bin
  • %WINDIR%\541zdownloader9673.bin
  • <SYSTEM32>\z921h9cktool60a5.exe
  • <SYSTEM32>\9z053hackt5ol3c0.cpl
  • <SYSTEM32>\751eaddware1952z.ocx
  • %WINDIR%\2d19thrz5923629.ocx
  • <SYSTEM32>\3z905wo5m1d9.dll
  • <SYSTEM32>\3175sza9s51589.dll
  • %WINDIR%\1ba8ba9kdoor5z00.dll
  • %WINDIR%\70z9thief22605.dll
  • %WINDIR%\2zc6s9arse1508.bin
  • <SYSTEM32>\z603b9ckdoor354.bin
  • <SYSTEM32>\b28thiz59577.cpl
  • <SYSTEM32>\1cf9sze59358.ocx
  • <SYSTEM32>\5z3do9nloader2385.bin
  • %WINDIR%\18483spy9z65.cpl
  • %WINDIR%\d21add5aze1095.bin
  • %WINDIR%\96zst5al1400.ocx
  • <SYSTEM32>\20197s9y54az.ocx
  • <SYSTEM32>\6bfathreat1943z5.exe
  • <SYSTEM32>\2907zw5r95cd.bin
  • <SYSTEM32>\bc9tzief544.exe
  • %WINDIR%\3018zhackto5l595.bin
  • %WINDIR%\27968n9t-azvirus516.ocx
  • <SYSTEM32>\5f49vir1z59.ocx
  • <SYSTEM32>\642zspyware2935.bin
  • <SYSTEM32>\z83235pa9bot4e9.bin
  • <SYSTEM32>\<File name>.exe
  • %WINDIR%\9594t9oja0z.bin
  • <SYSTEM32>\z6576spambot91.exe
  • <SYSTEM32>\706bdowzload9r1515.exe
  • %WINDIR%\7ebadoznloade92508.ocx
  • <SYSTEM32>\3b35thre9t100z2.ocx
  • %WINDIR%\6z6b9parse5207.ocx
  • <SYSTEM32>\5349szyware138.dll
  • %WINDIR%\5594vir5z4.bin
  • <SYSTEM32>\5f9edownloa9er8z5.dll
  • %WINDIR%\2784sp95se231z.bin
  • <SYSTEM32>\32645hacktzol99c.cpl
  • <SYSTEM32>\1453v9r2z61.bin
  • %WINDIR%\1z512hack9oolcb.dll
  • %WINDIR%\35dda9dware5z1.bin
  • %WINDIR%\27a5sp9zse1945.bin
  • %WINDIR%\9976spambot5a2z.bin
  • %WINDIR%\13z50s9y4a5.ocx
  • <SYSTEM32>\513095ealz2.dll
  • %WINDIR%\7496bazkdo59514.dll
  • %WINDIR%\5985zspy93e.dll
  • <SYSTEM32>\22029ziru579.cpl
  • <SYSTEM32>\895spzr9e2355.ocx
  • %WINDIR%\18597zpy4985.exe
  • <SYSTEM32>\572bt9re5t167z1.cpl
  • %WINDIR%\96752zpy1d3.dll
  • %WINDIR%\30578hazkto9l371.dll
  • %WINDIR%\5387spywarz596.exe
  • %WINDIR%\1086ste5l2709z.ocx
  • %WINDIR%\30170tro95z3.bin
  • %WINDIR%\5897backdoor255z.cpl
  • <SYSTEM32>\zcf55ownloader23649.dll
  • <SYSTEM32>\13725szam5ot749.ocx
  • %WINDIR%\3z25backd9or3068.dll
  • <SYSTEM32>\300z9not-a-virus635.dll
  • %WINDIR%\92e4addwarz1159.bin
  • %WINDIR%\59628hackt9ol1cz.ocx
  • <SYSTEM32>\z9d2steal17785.dll
  • %WINDIR%\35598v9ruz519.exe
  • <SYSTEM32>\63395hzef1535.dll
  • <SYSTEM32>\2e95sparsez0025.dll
  • <SYSTEM32>\26599virus542z.exe
  • %WINDIR%\1cacthie5922z.ocx
  • %WINDIR%\21553w9rm176z.exe
  • %WINDIR%\z724viru534a9.cpl
  • %WINDIR%\z769ad9w5re1641.exe
  • %WINDIR%\90202hacktzo53ce.cpl
  • <SYSTEM32>\19z99virus115.dll
  • %WINDIR%\25901worm759z.bin
  • <SYSTEM32>\z582sp91855.cpl
  • %WINDIR%\z617659y40e.ocx
  • <SYSTEM32>\2z69sp9mbot55.bin
  • <SYSTEM32>\39005nzt-a-vir5s6de.exe
  • <SYSTEM32>\14168spzmbo96aa5.bin
  • <SYSTEM32>\471z9iru51a4.ocx
  • %WINDIR%\1zadspar9e5991.cpl
  • <SYSTEM32>\25168hacktzo9121.dll
  • %WINDIR%\13565zacktool719.ocx
  • %WINDIR%\6z92a5dware3098.dll
  • <SYSTEM32>\143ed5wnloaz9r2272.dll
  • <SYSTEM32>\5313hacktool996z.ocx
  • <SYSTEM32>\73z9thi5f2751.dll
  • <SYSTEM32>\7aec9own5oader354z.bin
  • <SYSTEM32>\29954s9y5z5.cpl
  • <SYSTEM32>\5019troj28fz.bin
  • <SYSTEM32>\z039vi5us371.bin
  • <SYSTEM32>\314365orm5e9z.ocx
  • <SYSTEM32>\3z09hackto9l50c.ocx
  • %WINDIR%\6a5dszea9292.dll
  • <SYSTEM32>\4bf2backdo95z37.dll
  • %WINDIR%\15544zp9ab.bin
  • %WINDIR%\21952zpy6e1.exe
  • <SYSTEM32>\652bvi91845z.bin
  • %WINDIR%\2275zhacktool99.dll
  • %WINDIR%\zdf5downloa9er1523.bin
  • <SYSTEM32>\ff85h9ez95.ocx
  • %WINDIR%\69d3tzreat296295.exe
  • %WINDIR%\23642s5y98z.exe
  • %WINDIR%\244495ozm43d.dll
  • <SYSTEM32>\24891spy40z5.cpl
  • <SYSTEM32>\4f51s9ywar53084z.cpl
  • <SYSTEM32>\45ef9hzef2572.cpl
  • %WINDIR%\5a91thr9zt22791.bin
  • %WINDIR%\25394worm55z9.bin
  • <SYSTEM32>\29159r5z10e.exe
  • <SYSTEM32>\25555not-a-vzrus1f9.dll
  • %WINDIR%\65e9pywarz2503.ocx
  • <SYSTEM32>\4a95steal27z7.dll
  • <SYSTEM32>\z598spy5are968.exe
  • <SYSTEM32>\z7976worm1b5.exe
  • %WINDIR%\24829spz45d9.ocx
  • %WINDIR%\3506wor97f1z.bin
  • %WINDIR%\9a9spywar51427z.ocx
  • %WINDIR%\49c1thzea525361.bin
  • %WINDIR%\299fzh5ef304.bin
  • <SYSTEM32>\17777wozm5395.dll
  • <SYSTEM32>\5534not-a-vz9us176.dll
  • <SYSTEM32>\2z985spy79e.exe
  • %WINDIR%\5ezf95yware86.exe
  • %WINDIR%\589dviz9550.ocx
  • <SYSTEM32>\549bzhreat8070.cpl
  • <SYSTEM32>\13aespz9a5e639.bin
  • %WINDIR%\9c2bthreat79z05.cpl
  • %WINDIR%\18929v9rus3cz5.cpl
  • <SYSTEM32>\56965worm1bz9.exe
  • <SYSTEM32>\2505ztroj9a95.dll
  • %WINDIR%\5z395py6cc.exe
  • %WINDIR%\4bzespywar91544.cpl
  • <SYSTEM32>\z3001spambot5c9.cpl
  • %WINDIR%\6b9c5hizf3227.exe
  • <SYSTEM32>\9z99backdoor895.exe
  • %WINDIR%\5zdfdownloa9er1381.bin
  • %WINDIR%\543czhre5t39527.cpl
  • %WINDIR%\80359rus6f2z.bin
  • %WINDIR%\9z05virus5a49.bin
  • %WINDIR%\6despar95287z.exe
  • <SYSTEM32>\9945szyware5609.exe
  • %WINDIR%\5925hacktool95z.cpl
  • %WINDIR%\4562sparsz2943.cpl
  • %WINDIR%\6859spyw5re9z3.cpl
  • %WINDIR%\5afzb9ckd5or156.exe
  • %WINDIR%\20743no59a-virus3z.cpl
  • %WINDIR%\258zdownloader29255.cpl
  • %WINDIR%\72z9spa9bo5407.exe
  • %WINDIR%\9c80th5efz765.ocx
  • <SYSTEM32>\b51ste9l10z3.ocx
  • <SYSTEM32>\6e96threat24z95.ocx
  • <SYSTEM32>\4ec5addware327z9.dll
  • %WINDIR%\6599sparse764z.ocx
  • %WINDIR%\z92spywar52944.cpl
  • %WINDIR%\1z37no5-9-virusa7.dll
  • %WINDIR%\z589ownloader495.cpl
  • %WINDIR%\59f0thie51076z.ocx
  • %WINDIR%\5010hazk9o5l269.ocx
  • %WINDIR%\2435zworm59a.bin
  • %WINDIR%\28z5spy15c9.ocx
  • %WINDIR%\254379acktzolb9.exe
  • <SYSTEM32>\58378zi9us556.cpl
  • %WINDIR%\13140not-z-vi9us5e3.exe
  • <SYSTEM32>\z6079sp9mbot15c.bin
  • <SYSTEM32>\35395wozm2c9.cpl
  • <SYSTEM32>\56ca9hief25z5.exe
  • <SYSTEM32>\139asteaz10635.exe
  • <SYSTEM32>\zbf895r624.dll
  • <SYSTEM32>\25a9szyware5993.exe
  • %WINDIR%\2ba99ir5237z.dll
  • %WINDIR%\23z565ir9s660.ocx
  • <SYSTEM32>\2d05th9eat13369z.cpl
  • <SYSTEM32>\195805zrus509.exe
  • <SYSTEM32>\z8755worm49f.exe
  • %WINDIR%\35eathief59z.cpl
  • <SYSTEM32>\591esp5warez705.ocx
  • %WINDIR%\1659notza-vi5us35a.cpl
  • <SYSTEM32>\21078spy59z.cpl
  • <SYSTEM32>\7z03b5ckdo9r497.bin
  • %WINDIR%\5e91szeal1212.cpl
  • %WINDIR%\18245z9oj4f9.cpl
  • %WINDIR%\4982szambot5eb.dll
  • <SYSTEM32>\9ae9t5iez2914.cpl
  • %WINDIR%\24z39vir95d7.dll
  • %WINDIR%\169z3not-a-vir9s75.dll
  • <SYSTEM32>\22955hacktool2faz.dll
  • %WINDIR%\z3905ackdoor1891.bin
  • %WINDIR%\2eb59pyware3197z.bin
  • %WINDIR%\31214not5a-9irzs1b.cpl
  • %WINDIR%\z5202vir9s3a9.dll
  • <SYSTEM32>\9d225teal2563z.ocx
  • <SYSTEM32>\9eefzownl5ader1111.exe
  • %WINDIR%\96119zy255.cpl
  • %WINDIR%\5azespyware15579.bin
  • <SYSTEM32>\8e0sz5a91921.dll
  • %WINDIR%\3z24th9e5164.ocx
  • %WINDIR%\179859acztool359.exe
  • <SYSTEM32>\2f9ezteal945.ocx
  • <SYSTEM32>\5812vizus194.ocx
  • %WINDIR%\91930vzrus559.ocx
  • %WINDIR%\19481wo9z258.dll
  • <SYSTEM32>\20c0zo5nlo9der77.exe
  • %WINDIR%\12b3backdo95184z.exe
  • %WINDIR%\30458spzmb9t6c5.cpl
  • %WINDIR%\194535izu94da.ocx
  • <SYSTEM32>\93z27spy7c45.bin
  • <SYSTEM32>\5f9cthreaz28956.exe
  • <SYSTEM32>\4b9bsteal359z.bin
  • <SYSTEM32>\905zthi5f1989.exe
  • %WINDIR%\5692threaz22097.bin
  • %WINDIR%\546679acktzoldd.dll
  • <SYSTEM32>\zdasp9rse2385.ocx
  • <SYSTEM32>\6z95v5r977.exe
  • %WINDIR%\245bszywa9e2080.ocx
  • <SYSTEM32>\21888w9zm1e55.cpl
  • %WINDIR%\10z53spambot951.dll
  • <SYSTEM32>\455aaddwarez398.ocx
  • <SYSTEM32>\29950hzcktool30b5.bin
  • <SYSTEM32>\4929zp5506.dll
  • %WINDIR%\3z9cvir1759.cpl
  • <SYSTEM32>\z8977spy354.ocx
  • %WINDIR%\1cc8zir9532.ocx
  • %WINDIR%\7538tzoj529.cpl
  • %WINDIR%\29414wo5mz55.bin
  • <SYSTEM32>\3a24thz9f592.bin
  • <SYSTEM32>\24345not9z-virus76a.bin
  • %WINDIR%\71659hrzat23899.ocx
  • <SYSTEM32>\4959steaz791.bin
  • %WINDIR%\z9b5addware3059.exe
  • <SYSTEM32>\2bddbackdo5rz079.cpl
  • <SYSTEM32>\10d1s5yware1z759.cpl
  • %WINDIR%\29aa5hi9z682.exe
  • %WINDIR%\12403tro569z.cpl
  • <SYSTEM32>\53eedownzoader1975.exe
  • %WINDIR%\1613vir55z9.bin
  • <SYSTEM32>\18z4thief759.cpl
  • <SYSTEM32>\47d9steal3185z.ocx
  • <SYSTEM32>\254929pambotz52.bin
  • %WINDIR%\154faddw9rez285.bin
  • <SYSTEM32>\z401h5ckto9l454.cpl
  • %WINDIR%\1z192spa59ot172.dll
  • <SYSTEM32>\79zbv5r1994.ocx
  • <SYSTEM32>\299715o9m9z.cpl
  • %WINDIR%\6c0asp9wzre10015.bin
  • %WINDIR%\318z9n5t-a-virus599.exe
  • %WINDIR%\30611s9azbot5bc.cpl
  • %WINDIR%\58ebd9wnlzader2257.dll
  • %WINDIR%\295zvir72.bin
  • %WINDIR%\5779thz9f858.exe
  • %WINDIR%\554f9ownlzader2900.ocx
  • <SYSTEM32>\z982t5ief2187.dll
  • <SYSTEM32>\6bz5s9eal1652.bin
  • <SYSTEM32>\z4faspywa5e9359.dll
  • <SYSTEM32>\290115roj2ez.exe
  • <SYSTEM32>\45z4download5r1985.ocx
  • <SYSTEM32>\8943spa5bot65z.bin
  • <SYSTEM32>\5ea5steaz5319.cpl
  • <SYSTEM32>\5397thi9f2873z.cpl
  • <SYSTEM32>\28z0ba9kdoor598.ocx
  • %WINDIR%\32595spyz77.ocx
  • <SYSTEM32>\15709hacktool11fz.exe
  • <SYSTEM32>\31zdadd9a5e347.dll
  • <SYSTEM32>\5192zddwa5e2689.cpl
  • %WINDIR%\1055spyz9.dll
  • %WINDIR%\685bv5rz975.ocx
  • %WINDIR%\3ff9downloa5zr295.exe
  • <SYSTEM32>\73c39ir595z.exe
  • %WINDIR%\2563zvir9s625.ocx
  • %WINDIR%\3658th5e9z12220.bin
Miscellaneous:
Searches for the following windows:
  • ClassName: 'Shell_TrayWnd' WindowName: ''

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play