ПОЛЬЗОВАТЕЛЯМ

Закрыть

Поиск

Поиск

Поддержка
Круглосуточная поддержка

Напишите

Запрос через форму

Позвоните

Бесплатно по России:
8-800-333-79-32

ЧаВо | Форум

Напишите

Задать вопрос в поддержку

Ваши запросы

  • Все: -
  • Незакрытые: -
  • Последний: -

Позвоните

Бесплатно по России:
8-800-333-79-32

Свяжитесь с нами Незакрытые запросы: 

Профиль

Профиль

BY

RU CN DE EN ES FR IT JP KZ UZ PL BY
Закрыть
Сервисы
Сканеры
Dr.Web vxCube
Демо
Экспертиза ВКИ
Вирусная библиотека
База знаний

Технологии

Термины

Обучение и просвещение

Мифы

Новости

Trojan.DownLoader30.22578

Добавлен в вирусную базу Dr.Web: 2019-09-18

Описание добавлено:

Technical Information

To ensure autorun and distribution
Modifies the following registry keys
  • [<HKLM>\Software\Classes\adguard\shell\open\command] '' = '"%ProgramFiles%\Adguard\Adguard.Tools.exe" /customProtocol "%1"'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Adguard' = '%ProgramFiles%\Adguard\Adguard.exe /nosplash /nosplash'
Creates the following services
  • [<HKLM>\System\CurrentControlSet\Services\Adguard Service] 'Start' = '00000002'
  • [<HKLM>\System\CurrentControlSet\Services\Adguard Service] 'ImagePath' = '"%ProgramFiles%\Adguard\AdguardSvc.exe"'
Malicious functions
Executes the following
  • '<SYSTEM32>\taskkill.exe' /f /im rutserv.exe
  • '<SYSTEM32>\taskkill.exe' /f /im rfusclient.exe
  • '<SYSTEM32>\netsh.exe' firewall add portopening TCP 5650 "Open Port 5650"
  • '<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="Open Port 5650" dir=in action=allow protocol=TCP localport=5650
Modifies file system
Creates the following files
  • %TEMP%\$inst\2.tmp
  • %ProgramFiles%\adguard\langs\adguard.ui.resources.ko.dll
  • %ProgramFiles%\adguard\langs\adguard.ui.resources.nl.dll
  • %ProgramFiles%\adguard\langs\adguard.ui.resources.no.dll
  • %ProgramFiles%\adguard\langs\adguard.ui.resources.pl.dll
  • %ProgramFiles%\adguard\langs\adguard.ui.resources.pt.dll
  • %ProgramFiles%\adguard\langs\adguard.ui.resources.pt-pt.dll
  • %ProgramFiles%\adguard\langs\adguard.ui.resources.ro.dll
  • %ProgramFiles%\adguard\langs\adguard.ui.resources.ru.dll
  • %ProgramFiles%\adguard\langs\adguard.ui.resources.sk.dll
  • %ProgramFiles%\adguard\langs\adguard.ui.resources.it.dll
  • %ProgramFiles%\adguard\langs\adguard.ui.resources.ja.dll
  • %ProgramFiles%\adguard\langs\adguard.ui.resources.sl.dll
  • %ProgramFiles%\adguard\langs\adguard.ui.resources.tr.dll
  • %ProgramFiles%\adguard\langs\adguard.ui.resources.uk.dll
  • %ProgramFiles%\adguard\langs\adguard.ui.resources.vi.dll
  • %ProgramFiles%\adguard\langs\adguard.ui.resources.zh.dll
  • %ProgramFiles%\adguard\langs\adguard.ui.resources.zh-tw.dll
  • %ProgramFiles%\adguard\adguardcore.dll
  • %ProgramFiles%\adguard\adguardcoretools.dll
  • %ProgramFiles%\adguard\adguardcoretools64.dll
  • %ProgramFiles%\adguard\adguardsvc.exe
  • %ProgramFiles%\adguard\langs\adguard.ui.resources.sr.dll
  • %ProgramFiles%\adguard\langs\adguard.ui.resources.sv.dll
  • %ProgramFiles%\adguard\langs\adguard.ui.resources.id.dll
  • %ProgramFiles%\adguard\langs\adguard.ui.resources.hy.dll
  • %ProgramFiles%\adguard\langs\adguard.ui.resources.hu.dll
  • %ProgramFiles%\adguard\adguard.core.tools.exe
  • %ProgramFiles%\adguard\adguard.exe
  • %ProgramFiles%\adguard\adguard.exe.config
  • %ProgramFiles%\adguard\adguard.exe.manifest
  • %ProgramFiles%\adguard\adguard.global.dll
  • %ProgramFiles%\adguard\adguard.ipc.dll
  • %ProgramFiles%\adguard\adguard.network.dll
  • %ProgramFiles%\adguard\adguard.service.dll
  • %ProgramFiles%\adguard\adguard.tools.exe
  • %ProgramFiles%\adguard\adguard.tools.exe.manifest
  • %ProgramFiles%\adguard\adguard.core.dll
  • %ProgramFiles%\adguard\langs\adguard.ui.resources.ar.dll
  • %ProgramFiles%\adguard\langs\adguard.ui.resources.bg.dll
  • %ProgramFiles%\adguard\langs\adguard.ui.resources.cs.dll
  • %ProgramFiles%\adguard\langs\adguard.ui.resources.da.dll
  • %ProgramFiles%\adguard\langs\adguard.ui.resources.de.dll
  • %ProgramFiles%\adguard\adguard.ui.dll
  • %ProgramFiles%\adguard\langs\adguard.ui.resources.es.dll
  • %ProgramFiles%\adguard\langs\adguard.ui.resources.fa.dll
  • %ProgramFiles%\adguard\langs\adguard.ui.resources.fr.dll
  • %ProgramFiles%\adguard\langs\adguard.ui.resources.he.dll
  • %ProgramFiles%\adguard\langs\adguard.ui.resources.hr.dll
  • %ProgramFiles%\adguard\langs\adguard.ui.resources.be.dll
  • %ProgramFiles%\adguard\adguardsvc.exe.config
  • %ProgramFiles%\adguard\adguardsvc.exe.manifest
  • %ProgramFiles%\adguard\nss\certutil.exe
  • %ProgramFiles%\adguard\drivers.bin
  • %PROGRAMDATA%\microsoft\windows\start menu\programs\adguard\uninstall adguard.lnk
  • %PROGRAMDATA%\microsoft\windows\start menu\programs\adguard\adguard trial reset.lnk
  • C:\users\public\desktop\adguard trial reset.lnk
  • %WINDIR%\installer\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}\tr.mst
  • %WINDIR%\installer\msi26fa.tmp-\adguard.customactions.dll
  • %WINDIR%\installer\msi26fa.tmp-\microsoft.deployment.windowsinstaller.dll
  • %WINDIR%\installer\msi26fa.tmp-\customaction.config
  • %PROGRAMDATA%\adguard\logs\service\service_18-09-2019-22_52_12.336-2019-09-18.log
  • %WINDIR%\installer\msi6f4f.tmp-\adguard.customactions.dll
  • %WINDIR%\installer\msi6f4f.tmp-\microsoft.deployment.windowsinstaller.dll
  • %WINDIR%\installer\msi6f4f.tmp-\customaction.config
  • C:\users\public\desktop\adguard.lnk
  • %WINDIR%\installer\108e00.mst
  • %WINDIR%\installer\msi99f4.tmp-\adguard.customactions.dll
  • %WINDIR%\installer\msi99f4.tmp-\microsoft.deployment.windowsinstaller.dll
  • %WINDIR%\installer\msi99f4.tmp-\customaction.config
  • %WINDIR%\installer\msiaa63.tmp-\adguard.customactions.dll
  • %WINDIR%\installer\msiaa63.tmp-\microsoft.deployment.windowsinstaller.dll
  • %WINDIR%\installer\msiaa63.tmp-\customaction.config
  • %WINDIR%\installer\msiae58.tmp-\adguard.customactions.dll
  • %WINDIR%\installer\msiae58.tmp-\microsoft.deployment.windowsinstaller.dll
  • %WINDIR%\installer\msiae58.tmp-\customaction.config
  • %WINDIR%\installer\msib60f.tmp-\adguard.customactions.dll
  • %PROGRAMDATA%\microsoft\windows\start menu\programs\adguard\adguard.lnk
  • %WINDIR%\installer\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}\newicon1.exe
  • %WINDIR%\installer\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}\newicon.exe
  • %WINDIR%\installer\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}\uninstall.exe
  • %ProgramFiles%\adguard\nss\freebl3.dll
  • %ProgramFiles%\adguard\icsharpcode.avalonedit.dll
  • %ProgramFiles%\adguard\default.adg
  • %ProgramFiles%\adguard\libs\inststlib64.dll
  • %ProgramFiles%\adguard\nss\libnspr4.dll
  • %ProgramFiles%\adguard\nss\libplc4.dll
  • %ProgramFiles%\adguard\nss\libplds4.dll
  • %ProgramFiles%\adguard\logo.png
  • %ProgramFiles%\adguard\microsoft.expression.interactions.dll
  • %ProgramFiles%\adguard\newtonsoft.json.dll
  • %ProgramFiles%\adguard\nss\nss3.dll
  • %ProgramFiles%\adguard\nss\nssckbi.dll
  • %ProgramFiles%\adguard\nss\nssdbm3.dll
  • %ProgramFiles%\adguard\nss\nssutil3.dll
  • %ProgramFiles%\adguard\sharpraven.dll
  • %ProgramFiles%\adguard\nss\smime3.dll
  • %ProgramFiles%\adguard\nss\softokn3.dll
  • %ProgramFiles%\adguard\sqlite.interop.dll
  • %ProgramFiles%\adguard\nss\sqlite3.dll
  • %ProgramFiles%\adguard\system.data.sqlite.dll
  • %ProgramFiles%\adguard\system.windows.interactivity.dll
  • %ProgramFiles%\adguard\wizard.wmv
  • %WINDIR%\installer\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}\adguardicon.exe
  • %WINDIR%\installer\msib60f.tmp-\microsoft.deployment.windowsinstaller.dll
  • %ProgramFiles%\adguard\adguard.core.common.dll
  • %ProgramFiles%\adguard\adguard.commons.dll
  • %ProgramFiles%\adguard\adguardtrialreset.exe
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\langs\adguard.ui.resources.cs.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\langs\adguard.ui.resources.da.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\langs\adguard.ui.resources.de.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\langs\adguard.ui.resources.es.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\langs\adguard.ui.resources.fa.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\langs\adguard.ui.resources.fr.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\langs\adguard.ui.resources.he.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\langs\adguard.ui.resources.hr.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\langs\adguard.ui.resources.hu.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\langs\adguard.ui.resources.be.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\langs\adguard.ui.resources.bg.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\langs\adguard.ui.resources.hy.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\langs\adguard.ui.resources.ja.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\langs\adguard.ui.resources.ko.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\langs\adguard.ui.resources.nl.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\langs\adguard.ui.resources.no.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\langs\adguard.ui.resources.pl.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\langs\adguard.ui.resources.pt-pt.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\langs\adguard.ui.resources.pt.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\langs\adguard.ui.resources.ro.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\langs\adguard.ui.resources.ru.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\langs\adguard.ui.resources.id.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\langs\adguard.ui.resources.it.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\langs\adguard.ui.resources.ar.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\adguard.ui.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\adguard.service.dll
  • <DRIVERS>\install.cmd
  • <DRIVERS>\install.exe
  • <DRIVERS>\ssleay32.dll
  • <DRIVERS>\libeay32.dll
  • <DRIVERS>\dllhost.exe
  • %TEMP%\adguard\7.2.2920.0\setup.exe
  • %TEMP%\$inst\0001.tmp
  • %TEMP%\$inst\0002.tmp
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\tr.mst
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\adguardtrialreset.exe
  • %TEMP%\$inst\temp_0.tmp
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\setup.msi
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\adguard.exe
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\adguard.tools.exe
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\adguardsvc.exe
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\nss\certutil.exe
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\adguard.commons.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\adguard.core.common.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\adguard.core.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\adguard.global.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\adguard.ipc.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\adguard.network.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\adguard.core.tools.exe
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\langs\adguard.ui.resources.sk.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\langs\adguard.ui.resources.sl.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\langs\adguard.ui.resources.sr.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\langs\adguard.ui.resources.sv.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\adguard.exe.config
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\adguardsvc.exe.config
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\adguard.exe.manifest
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\adguard.tools.exe.manifest
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\adguardsvc.exe.manifest
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\wizard.wmv
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\logo.png
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\adguardcoretools.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\adguardcoretools64.dll
  • %WINDIR%\installer\108df9.mst
  • %WINDIR%\installer\msi912d.tmp-\adguard.customactions.dll
  • %WINDIR%\installer\msi912d.tmp-\microsoft.deployment.windowsinstaller.dll
  • %WINDIR%\installer\msi912d.tmp-\customaction.config
  • %TEMP%\101.ico
  • <SYSTEM32>\idfgvgjnghcdfb.reg
  • %WINDIR%\installer\msifb13.tmp-\adguard.customactions.dll
  • %WINDIR%\installer\msifb13.tmp-\microsoft.deployment.windowsinstaller.dll
  • %WINDIR%\installer\msifb13.tmp-\customaction.config
  • %WINDIR%\installer\msib3c.tmp-\adguard.customactions.dll
  • %WINDIR%\installer\msib3c.tmp-\microsoft.deployment.windowsinstaller.dll
  • %WINDIR%\installer\msib3c.tmp-\customaction.config
  • %WINDIR%\installer\msi11db.tmp-\adguard.customactions.dll
  • %WINDIR%\installer\msi11db.tmp-\microsoft.deployment.windowsinstaller.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\default.adg
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\system.windows.interactivity.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\drivers.bin
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\system.data.sqlite.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\langs\adguard.ui.resources.tr.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\langs\adguard.ui.resources.uk.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\langs\adguard.ui.resources.vi.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\langs\adguard.ui.resources.zh-tw.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\langs\adguard.ui.resources.zh.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\adguardcore.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\nss\freebl3.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\icsharpcode.avalonedit.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\libs\inststlib64.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\nss\libnspr4.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\nss\libplc4.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\nss\libplds4.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\microsoft.expression.interactions.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\newtonsoft.json.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\nss\nss3.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\nss\nssckbi.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\nss\nssdbm3.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\nss\nssutil3.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\sharpraven.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\nss\smime3.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\nss\softokn3.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\sqlite.interop.dll
  • %PROGRAMDATA%\package cache\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}v7.2.2920.0\adguard\nss\sqlite3.dll
  • %WINDIR%\installer\msi11db.tmp-\customaction.config
  • %WINDIR%\installer\msib60f.tmp-\customaction.config
Sets the 'hidden' attribute to the following files
  • <SYSTEM32>\idfgvgjnghcdfb.reg
  • <DRIVERS>\dllhost.exe
  • <DRIVERS>\install.exe
  • <DRIVERS>\install.cmd
Deletes the following files
  • %TEMP%\$inst\temp_0.tmp
  • %WINDIR%\installer\msi6f4f.tmp-\customaction.config
  • %WINDIR%\installer\msi6f4f.tmp-\microsoft.deployment.windowsinstaller.dll
  • %WINDIR%\installer\108df9.mst
  • %WINDIR%\installer\msi99f4.tmp-\adguard.customactions.dll
  • %WINDIR%\installer\msi99f4.tmp-\customaction.config
  • %WINDIR%\installer\msi99f4.tmp-\microsoft.deployment.windowsinstaller.dll
  • %WINDIR%\installer\msifb13.tmp-\adguard.customactions.dll
  • %WINDIR%\installer\msiaa63.tmp-\adguard.customactions.dll
  • %WINDIR%\installer\msiaa63.tmp-\microsoft.deployment.windowsinstaller.dll
  • %WINDIR%\installer\msiae58.tmp-\adguard.customactions.dll
  • %WINDIR%\installer\msiae58.tmp-\customaction.config
  • %WINDIR%\installer\msiae58.tmp-\microsoft.deployment.windowsinstaller.dll
  • %WINDIR%\installer\msib60f.tmp-\adguard.customactions.dll
  • %WINDIR%\installer\msib60f.tmp-\customaction.config
  • %WINDIR%\installer\msi26fa.tmp-\microsoft.deployment.windowsinstaller.dll
  • %WINDIR%\installer\msi6f4f.tmp-\adguard.customactions.dll
  • %WINDIR%\installer\msi26fa.tmp-\customaction.config
  • %WINDIR%\installer\msi26fa.tmp-\adguard.customactions.dll
  • %WINDIR%\installer\msi11db.tmp-\microsoft.deployment.windowsinstaller.dll
  • %TEMP%\$inst\0002.tmp
  • %TEMP%\$inst\2.tmp
  • %WINDIR%\installer\msi912d.tmp-\adguard.customactions.dll
  • %WINDIR%\installer\msi912d.tmp-\customaction.config
  • %WINDIR%\installer\msi912d.tmp-\microsoft.deployment.windowsinstaller.dll
  • <DRIVERS>\install.exe
  • %WINDIR%\installer\msib60f.tmp-\microsoft.deployment.windowsinstaller.dll
  • %WINDIR%\installer\msiaa63.tmp-\customaction.config
  • <DRIVERS>\install.cmd
  • %WINDIR%\installer\msifb13.tmp-\microsoft.deployment.windowsinstaller.dll
  • %WINDIR%\installer\msib3c.tmp-\adguard.customactions.dll
  • %WINDIR%\installer\msib3c.tmp-\customaction.config
  • %WINDIR%\installer\msib3c.tmp-\microsoft.deployment.windowsinstaller.dll
  • %WINDIR%\installer\msi11db.tmp-\adguard.customactions.dll
  • %WINDIR%\installer\msi11db.tmp-\customaction.config
  • %TEMP%\$inst\0001.tmp
  • %WINDIR%\installer\msifb13.tmp-\customaction.config
  • %WINDIR%\installer\108e00.mst
Moves the following files
  • from %WINDIR%\installer\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}\adguardicon.exe to C:\config.msi\108e05.rbf
  • from %WINDIR%\installer\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}\uninstall.exe to C:\config.msi\108e06.rbf
  • from %WINDIR%\installer\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}\newicon1.exe to C:\config.msi\108e07.rbf
  • from %WINDIR%\installer\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}\newicon.exe to C:\config.msi\108e08.rbf
  • from %PROGRAMDATA%\microsoft\windows\start menu\programs\adguard\adguard.lnk to C:\config.msi\108e09.rbf
  • from %PROGRAMDATA%\microsoft\windows\start menu\programs\adguard\uninstall adguard.lnk to C:\config.msi\108e0a.rbf
  • from %PROGRAMDATA%\microsoft\windows\start menu\programs\adguard\adguard trial reset.lnk to C:\config.msi\108e0b.rbf
  • from C:\users\public\desktop\adguard trial reset.lnk to C:\config.msi\108e0c.rbf
Substitutes the following files
  • %TEMP%\$inst\temp_0.tmp
  • %WINDIR%\installer\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}\adguardicon.exe
  • %WINDIR%\installer\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}\uninstall.exe
  • %WINDIR%\installer\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}\newicon1.exe
  • %WINDIR%\installer\{685f6ab3-7c61-42d1-ae5b-3864e48d1035}\newicon.exe
  • %PROGRAMDATA%\microsoft\windows\start menu\programs\adguard\adguard.lnk
  • %PROGRAMDATA%\microsoft\windows\start menu\programs\adguard\uninstall adguard.lnk
  • %PROGRAMDATA%\microsoft\windows\start menu\programs\adguard\adguard trial reset.lnk
  • C:\users\public\desktop\adguard trial reset.lnk
Miscellaneous
Searches for the following windows
  • ClassName: 'EDIT' WindowName: ''
  • ClassName: '' WindowName: ''
Creates and executes the following
  • '%TEMP%\adguard\7.2.2920.0\setup.exe' /qn INSTALLDESKTOPSHORTCUT=1
  • '<DRIVERS>\install.exe'
  • '<DRIVERS>\dllhost.exe' /silentinstall
  • '<DRIVERS>\dllhost.exe' /firewall
  • '<DRIVERS>\dllhost.exe' /start
  • '%ProgramFiles%\adguard\adguardsvc.exe'
  • '%TEMP%\adguard\7.2.2920.0\setup.exe' /qn INSTALLDESKTOPSHORTCUT=1 REINSTALL=ALL REINSTALLMODE=vomus
  • '<SYSTEM32>\cmd.exe' /c ""<DRIVERS>\install.cmd" "' (with hidden window)
  • '%TEMP%\adguard\7.2.2920.0\setup.exe' /qn INSTALLDESKTOPSHORTCUT=1' (with hidden window)
  • '%TEMP%\adguard\7.2.2920.0\setup.exe' /qn INSTALLDESKTOPSHORTCUT=1 REINSTALL=ALL REINSTALLMODE=vomus' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c "%ProgramFiles% (x86)\Adguard\AdGuardTrialReset.exe"' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c "%ProgramFiles% (x86)\Adguard\Adguard.exe"' (with hidden window)
Executes the following
  • '<SYSTEM32>\cmd.exe' /c ""<DRIVERS>\install.cmd" "
  • '<SYSTEM32>\rundll32.exe' "%WINDIR%\Installer\MSIDC0B.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_1170443 266 Adguard.CustomActions!Adguard.CustomActions.CustomActions.OnInstallFinalize
  • '<SYSTEM32>\rundll32.exe' "%WINDIR%\Installer\MSIC60E.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_1164804 246 Adguard.CustomActions!Adguard.CustomActions.CustomActions.OnMinorUpgradeFinalize
  • '<SYSTEM32>\rundll32.exe' "%WINDIR%\Installer\MSIB60F.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_1160719 202 Adguard.CustomActions!Adguard.CustomActions.CustomActions.CheckServiceStop
  • '<SYSTEM32>\rundll32.exe' "%WINDIR%\Installer\MSIAE58.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_1158756 191 Adguard.CustomActions!Adguard.CustomActions.CustomActions.OnMinorUpgradeInitialize
  • '<SYSTEM32>\rundll32.exe' "%WINDIR%\Installer\MSIAA63.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_1157744 171 Adguard.CustomActions!Adguard.CustomActions.CustomActions.OnInstallInitialize
  • '<SYSTEM32>\rundll32.exe' "%WINDIR%\Installer\MSI99F4.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_1153718 153 Adguard.CustomActions!Adguard.CustomActions.CustomActions.PermanentActions
  • '<SYSTEM32>\msiexec.exe' /i "%PROGRAMDATA%\Package Cache\{685F6AB3-7C61-42D1-AE5B-3864E48D1035}v7.2.2920.0\setup.msi" /qn INSTALLDESKTOPSHORTCUT=1 REINSTALL=ALL REINSTALLMODE=vomus TRANSFORMS=tr.mst
  • '<SYSTEM32>\cmd.exe' /c RD /S /Q "%PROGRAMDATA%\Package Cache\{685F6AB3-7C61-42D1-AE5B-3864E48D1035}v7.1.2817.0\Adguard"
  • '<SYSTEM32>\cmd.exe' /c DEL /S /F /Q "%PROGRAMDATA%\Package Cache\{685F6AB3-7C61-42D1-AE5B-3864E48D1035}v7.1.2817.0\tr.mst"
  • '<SYSTEM32>\rundll32.exe' "%WINDIR%\Installer\MSI6F4F.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_1142612 143 Adguard.CustomActions!Adguard.CustomActions.CustomActions.OnFirstInstallOrMajorUpgradeFinalize
  • '<SYSTEM32>\net1.exe' start "Adguard Service"
  • '<SYSTEM32>\net.exe' start "Adguard Service"
  • '<SYSTEM32>\cmd.exe' /C "net start "Adguard Service""
  • '<SYSTEM32>\rundll32.exe' "%WINDIR%\Installer\MSI26FA.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_1124156 99 Adguard.CustomActions!Adguard.CustomActions.CustomActions.OnInstallFinalize
  • '<SYSTEM32>\cmd.exe' /c "%ProgramFiles% (x86)\Adguard\AdGuardTrialReset.exe"
  • '<SYSTEM32>\rundll32.exe' "%WINDIR%\Installer\MSI11DB.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_1118698 58 Adguard.CustomActions!Adguard.CustomActions.CustomActions.CheckServiceStop
  • '<SYSTEM32>\rundll32.exe' "%WINDIR%\Installer\MSIFB13.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_1112880 14 Adguard.CustomActions!Adguard.CustomActions.CustomActions.PermanentActions
  • '<SYSTEM32>\attrib.exe' -h -s "install.cmd"
  • '<SYSTEM32>\attrib.exe' -h -s "install.exe"
  • '<SYSTEM32>\attrib.exe' -h -s -r "%ProgramFiles%\Remote Manipulator System - Host"
  • '<SYSTEM32>\attrib.exe' -h -s -r "%ProgramFiles% (x86)\Remote Manipulator System - Host"
  • '<SYSTEM32>\attrib.exe' -h -s "rfusclient.exe"
  • '<SYSTEM32>\attrib.exe' +h +s "install.cmd"
  • '<SYSTEM32>\attrib.exe' +h +s "install.exe"
  • '<SYSTEM32>\attrib.exe' +h +s "dllhost.exe"
  • '<SYSTEM32>\attrib.exe' +h +s "<SYSTEM32>\idfgvgjnghcdfb.reg"
  • '<SYSTEM32>\ping.exe' 127.0.0.1
  • '<SYSTEM32>\rundll32.exe' "%WINDIR%\Installer\MSI912D.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_1087063 1 Adguard.CustomActions!Adguard.CustomActions.CustomActions.OnFirstInstall
  • '<SYSTEM32>\msiexec.exe' /i "%PROGRAMDATA%\Package Cache\{685F6AB3-7C61-42D1-AE5B-3864E48D1035}v7.2.2920.0\setup.msi" /qn INSTALLDESKTOPSHORTCUT=1 TRANSFORMS=tr.mst
  • '<SYSTEM32>\reg.exe' delete "HKLM\SYSTEM\Remote Manipulator System" /f
  • '<SYSTEM32>\rundll32.exe' "%WINDIR%\Installer\MSIB3C.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_1117006 33 Adguard.CustomActions!Adguard.CustomActions.CustomActions.OnInstallInitialize
  • '<SYSTEM32>\cmd.exe' /c "%ProgramFiles% (x86)\Adguard\Adguard.exe"

Рекомендации по лечению

  1. В случае если операционная система способна загрузиться (в штатном режиме или режиме защиты от сбоев), скачайте лечащую утилиту Dr.Web CureIt! и выполните с ее помощью полную проверку вашего компьютера, а также используемых вами переносных носителей информации.
  2. Если загрузка операционной системы невозможна, измените настройки BIOS вашего компьютера, чтобы обеспечить возможность загрузки ПК с компакт-диска или USB-накопителя. Скачайте образ аварийного диска восстановления системы Dr.Web® LiveDisk или утилиту записи Dr.Web® LiveDisk на USB-накопитель, подготовьте соответствующий носитель. Загрузив компьютер с использованием данного носителя, выполните его полную проверку и лечение обнаруженных угроз.
Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Выполните полную проверку системы с использованием Антивируса Dr.Web Light для macOS. Данный продукт можно загрузить с официального сайта Apple App Store.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Скачать Dr.Web с Apple Store

На загруженной ОС выполните полную проверку всех дисковых разделов с использованием продукта Антивирус Dr.Web для Linux.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

  1. Если мобильное устройство функционирует в штатном режиме, загрузите и установите на него бесплатный антивирусный продукт Dr.Web для Android Light. Выполните полную проверку системы и используйте рекомендации по нейтрализации обнаруженных угроз.
  2. Если мобильное устройство заблокировано троянцем-вымогателем семейства Android.Locker (на экране отображается обвинение в нарушении закона, требование выплаты определенной денежной суммы или иное сообщение, мешающее нормальной работе с устройством), выполните следующие действия:
    • загрузите свой смартфон или планшет в безопасном режиме (в зависимости от версии операционной системы и особенностей конкретного мобильного устройства эта процедура может быть выполнена различными способами; обратитесь за уточнением к инструкции, поставляемой вместе с приобретенным аппаратом, или напрямую к его производителю);
    • после активации безопасного режима установите на зараженное устройство бесплатный антивирусный продукт Dr.Web для Android Light и произведите полную проверку системы, выполнив рекомендации по нейтрализации обнаруженных угроз;
    • выключите устройство и включите его в обычном режиме.

Подробнее о Dr.Web для Android

Демо бесплатно на 14 дней

Выдаётся при установке

Скачать с сайта
Скачать с Google Play