Ransom.Win32.AGENDA.THIAFBB
Ransom:Win32/QilinCrypt.PA!MTB(MICROSOFT)
Windows
Type de grayware:
Ransomware
Destructif:
Non
Chiffrement:
In the wild::
Oui
Overview
It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Détails techniques
Übertragungsdetails
It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Installation
Fügt die folgenden Prozesse hinzu:
- cmd /C vssadmin.exe delete shadows /all /quiet
Prozessbeendigung
Beendet die folgenden Dienste, wenn sie auf dem betroffenen System gefunden werden:
- mepocs
- memtas
- veeam
- svc$
- backup
- (.*?)sql(.*?)
- vss
- msexchange
- acronisagent
- acronisagentd
- acronis vss provider
- acrsch2svc
- acrsch2svcd
- arsm
- arsmd
- adobearmservice
- adobearmserviced
- alerter
- alerterd
- aswbcc
- aswbccd
- avbackup
- avbackupd
- backupexecagentaccelerator
- backupexecagentacceleratord
- backupexecagentbrowser
- backupexecagentbrowserd
- backupexecdevicemediaservice
- backupexecdevicemediaserviced
- backupexecjobengine
- backupexecjobengined
- backupexecmanagementservice
- backupexecmanagementserviced
- backupexecrpcservice
- backupexecrpcserviced
- backupexecvssprovider
- backupexecvssproviderd
- bcrservice
- bcrserviced
- bedbg
- bedbgd
- bits
- bitsd
- bluestripecollector
- bluestripecollectord
- brokerinfrastructure
- brokerinfrastructured
- ccevtmgr
- ccevtmgrd
- ccsetmgr
- ccsetmgrd
- cissesrv
- cissesrvd
- cpqrcmc3
- cpqrcmc3d
- csadmin
- csadmind
- csauth
- csauthd
- csdbsync
- csdbsyncd
- cslog
- cslogd
- csmon
- csmond
- csradius
- csradiusd
- cstacacs
- cstacacsd
- db2
- db2-0
- db2-0d
- db2d
- db2das00
- db2das00d
- db2governor_db2copy1
- db2governor_db2copy1d
- db2inst2
- db2inst2d
- db2licd_db2copy1
- db2licd_db2copy1d
- db2mgmtsvc_db2copy1
- db2mgmtsvc_db2copy1d
- db2remotecmd_db2copy1
- db2remotecmd_db2copy1d
- ehttpsrv
- ehttpsrvd
- ekrn
- ekrnd
- erasersvc11710
- erasersvc11710d
- ersvc
- ersvcd
- esgshkernel
- esgshkerneld
- eshasrv
- eshasrvd
- eventlog
- eventlogd
- fa_scheduler
- fa_schedulerd
- googlechromeelevationservice
- googlechromeelevationserviced
- gupdate
- gupdated
- gupdatem
- gupdatemd
- healthservice
- healthserviced
- ibmdataservermgr
- ibmdataservermgrd
- ibmdsserver41
- ibmdsserver41d
- idrivert
- idrivertd
- imapiservice
- imapiserviced
- klnagent
- klnagentd
- logprocessorservice
- logprocessorserviced
- lrsdrvx
- lrsdrvxd
- macmnsvc
- macmnsvcd
- masvc
- masvcd
- mbamservice
- mbamserviced
- mbendpointagent
- mbendpointagentd
- mcshield
- mcshieldd
- mfefire
- mfefired
- mfemms
- mfemmsd
- mfevtp
- mfevtpd
- mfewc
- mfewcd
- mms
- mmsd
- mozyprobackup
- mozyprobackupd
- msexchangees
- msexchangeesd
- msexchangeis
- msexchangeisd
- msexchangemgmt
- msexchangemgmtd
- msexchangemta
- msexchangemtad
- msexchangesa
- msexchangesad
- msexchangesrs
- msexchangesrsd
- msftesql$prod
- msftesql$prodd
- msmq
- msmqd
- msolap$sql_2008
- msolap$sql_2008d
- msolap$system_bgc
- msolap$system_bgcd
- msolap$tps
- msolap$tpsama
- msolap$tpsamad
- msolap$tpsd
- mssql$bkupexec
- mssql$bkupexecd
- mssql$citrix_metaframe
- mssql$citrix_metaframed
- mssql$ecwdb2
- mssql$ecwdb2d
- mssql$eposerver
- mssql$eposerverd
- mssql$itris
- mssql$itrisd
- mssql$net2
- mssql$net2d
- mssql$practicemgt
- mssql$practicemgtd
- mssql$practticebgc
- mssql$practticebgcd
- mssql$prod
- mssql$prodd
- mssql$profxengagement
- mssql$profxengagementd
- mssql$sbsmonitoring
- mssql$sbsmonitoringd
- mssql$sharepoint
- mssql$sharepointd
- mssql$sql_2008
- mssql$sql_2008d
- mssql$sqlexpress
- mssql$sqlexpressd
- mssql$system_bgc
- mssql$system_bgcd
- mssql$tps
- mssql$tpsama
- mssql$tpsamad
- mssql$tpsd
- mssql$veeamsql2008r2
- mssql$veeamsql2008r2d
- mssql$veeamsql2012
- mssql$veeamsql2012d
- mssqlfdlauncher
- mssqlfdlauncher$itris
- mssqlfdlauncher$itrisd
- mssqlfdlauncher$profxengagement
- mssqlfdlauncher$profxengagementd
- mssqlfdlauncher$sbsmonitoring
- mssqlfdlauncher$sbsmonitoringd
- mssqlfdlauncher$sharepoint
- mssqlfdlauncher$sharepointd
- mssqlfdlauncher$sql_2008
- mssqlfdlauncher$sql_2008d
- mssqlfdlauncher$system_bgc
- mssqlfdlauncher$system_bgcd
- mssqlfdlauncher$tps
- mssqlfdlauncher$tpsama
- mssqlfdlauncher$tpsamad
- mssqlfdlauncher$tpsd
- mssqlfdlauncherd
- mssqllaunchpad$itris
- mssqllaunchpad$itrisd
- mssqlserver
- mssqlserveradhelper
- mssqlserveradhelper100
- mssqlserveradhelper100d
- mssqlserveradhelperd
- mssqlserverd
- mssqlserverolapservice
- mssqlserverolapserviced
- msvsmon90
- msvsmon90d
- mysql57
- mysql57d
- net2clientsvc
- net2clientsvcd
- nimbuswatcherservice
- nimbuswatcherserviced
- ntlmssp
- ntlmsspd
- ntmssvc
- ntmssvcd
- ntrtscan
- ntrtscand
- odserv
- odservd
- oracleclientcache80
- oracleclientcache80d
- ose
- osed
- pdvfsservice
- pdvfsserviced
- pop3svc
- pop3svcd
- proliantmonitor
- proliantmonitord
- reportserver
- reportserver$sql_2008
- reportserver$sql_2008d
- reportserver$system_bgc
- reportserver$system_bgcd
- reportserver$tps
- reportserver$tpsama
- reportserver$tpsamad
- reportserver$tpsd
- reportserverd
- rscdsvc
- rscdsvcd
- rumorserver
- sacsvr
- sacsvrd
- samss
- samssd
- savservice
- savserviced
- sdd_service
- sdd_serviced
- sdrsvc
- sdrsvcd
- sentinelagent
- sentinelagentd
- sentinelhelperservice
- sentinelhelperserviced
- sentinelstaticengine
- sentinelstaticengined
- sepmasterservice
- sepmasterserviced
- sepmasterservicemig
- sepmasterservicemigd
- shmonitor
- shmonitord
- smcinst
- smcinstd
- smcservice
- smcserviced
- smtpsvc
- smtpsvcd
- snac
- snacd
- snowinventoryclient
- snowinventoryclientd
- sntpservice
- sntpserviced
- sqlagent$bkupexec
- sqlagent$bkupexecd
- sqlagent$citrix_metaframe
- sqlagent$citrix_metaframed
- sqlagent$cxdb
- sqlagent$cxdbd
- sqlagent$ecwdb2
- sqlagent$ecwdb2d
- sqlagent$eposerver
- sqlagent$eposerverd
- sqlagent$itris
- sqlagent$itrisd
- sqlagent$net2
- sqlagent$net2d
- sqlagent$practticebgc
- sqlagent$practticebgcd
- sqlagent$practticemgt
- sqlagent$practticemgtd
- sqlagent$prod
- sqlagent$prodd
- sqlagent$profxengagement
- sqlagent$profxengagementd
- sqlagent$sbsmonitoring
- sqlagent$sbsmonitoringd
- sqlagent$sharepoint
- sqlagent$sharepointd
- sqlagent$sql_2008
- sqlagent$sql_2008d
- sqlagent$sqlexpress
- sqlagent$sqlexpressd
- sqlagent$system_bgc
- sqlagent$system_bgcd
- sqlagent$tps
- sqlagent$tpsama
- sqlagent$tpsamad
- sqlagent$tpsd
- sqlagent$veeamsql2008r2
- sqlagent$veeamsql2008r2d
- sqlagent$veeamsql2012
- sqlagent$veeamsql2012d
- sql backups
- sqlbrowser
- sqlbrowserd
- sqlsafe backup service
- sqlsafe filter service
- sqlsafeolrservice
- sqlsafeolrserviced
- sqlserveragent
- sqlserveragentd
- sqltelemetry
- sqltelemetry$ecwdb2
- sqltelemetry$ecwdb2d
- sqltelemetry$itris
- sqltelemetry$itrisd
- sqltelemetryd
- sqlwriter
- sqlwriterd
- ssistelemetry130
- ssistelemetry130d
- sstpsvc
- sstpsvcd
- svcgenerichost
- svcgenerichostd
- swi_filter
- swi_filterd
- swi_service
- swi_serviced
- swi_update
- swi_update_64
- swi_update_64d
- swi_updated
- symantec
- symantecd
- symantec system recovery
- sysdown
- sysdownd
- telemetryserver
- telemetryserverd
- tmccsf
- tmccsfd
- tmlisten
- tmlistend
- tpautoconnsvc
- tpautoconnsvc
- tpautoconnsvcd
- tpautoconnsvcd
- tpvcgateway
- tpvcgatewayd
- truekey
- truekeyd
- truekeyscheduler
- truekeyschedulerd
- truekeyservicehelper
- truekeyservicehelperd
- tsm
- tsmd
- ui0detect
- ui0detectd
- veeam backup catalog data service
- veeambackupsvc
- veeambackupsvcd
- veeambrokersvc
- veeambrokersvcd
- veeamcatalogsvc
- veeamcatalogsvcd
- veeamcloudsvc
- veeamcloudsvcd
- veeamdeploymentservice
- veeamdeploymentserviced
- veeamdeploysvc
- veeamdeploysvcd
- veeamenterprisemanagersvc
- veeamenterprisemanagersvcd
- veeamhvintegrationsvc
- veeamhvintegrationsvcd
- veeammountsvc
- veeammountsvcd
- veeamnfssvc
- veeamnfssvcd
- veeamrestsvc
- veeamrestsvcd
- veeamtransportsvc
- veeamtransportsvcd
- vgauthservice
- vgauthserviced
- vmtools
- vmtoolsd
- vmware
- vmwarecafcommamqplistener
- vmwarecafcommamqplistenerd
- vmwarecafmanagementagenthost
- vmwarecafmanagementagenthostd
- vmware-converter-agent
- vmware-converter-agentd
- vmware-converter-server
- vmware-converter-serverd
- vmware-converter-worker
- vmware-converter-workerd
- vmwared
- w3svc
- w3svcd
- wbengine
- wbengined
- wdnissvc
- wdnissvcd
- windefend
- windefendd
- winvnc4
- winvnc4d
- wrsvc
- wrsvcd
- zoolz 2 service
Beendet Prozesse oder Dienste, die einen oder mehrere dieser Zeichenfolgen enthalten, wenn sie im Speicher des betroffenen Systems ausgeführt werden:
- encsv
- thebat
- mydesktopqos
- xfssvccon
- firefox
- infopath
- winword
- steam
- synctime
- notepad
- ocomm
- onenote
- mspub
- thunder bird
- agntsv
- sql
- excel
- powerpnt
- outlook
- wordpad
- dbeng50
- isqlplussv
- sqbcoreservice
- oracle
- ocautoupds
- dbsnmp
- msaccess
- tbirdconfig
- ocssd
- mvdesktopservice
- googlecrashhandler64.exe
- paxton.net2.clientservice.exe
- sms.exe
- sqlwriter.exe
- amswmagt
- pcsws.exe
- kansgui.exe
- v3svc.exe
- naprdmgr.exe
- kanmcmain.exe
- acaegmgr.exe
- prproficymgr.exe
- rfwstub.exe
- symlcsvc.exe
- mfeann.exe
- mbamservice.exe
- zlclient.exe
- capfasem.exe
- fsqh.exe
- pwdfilthelp.exe
- mgntsvc.exe
- fsaa.exe
- ashdisp.exe
- umxpol.exe
- fwcfg.exe
- prconfigmgr.exe
- ccschedulersvc.exe
- pshost.exe
- ixavsvc.exe
- cctray.exe
- dltray.exe
- pxeservice.exe
- kpfw32.exe
- scanexplicit.exe
- nrmenctb.exe
- hdb.exe
- fwinst.exe
- scftray.exe
- mfewch.exe
- sevinst.exe
- mgavrtcl.exe
- sysdoc32.exe
- webproxy.exe
- nlclient.exe
- vmacthlp.exe
- drweb32w.exe
- nimcluster.exe
- cfpsbmit.exe
- mfevtps.exe
- mskdetct.exe
- mpfconsole.exe
- krbcc32s.exe
- pthosttr.exe
- fsguiexe.exe
- firewallgui.exe
- alogserv.exe
- engineserver.exe
- uploadrecord.exe
- lucoms~1.exe
- npfsvice.exe
- acctmgr.exe
- drwebcom.exe
- mpfagent.exe
- tmntsrv.exe
- rnreport.exe
- klserver.exe
- epmd.exe
- drwupgrade.exe
- proficypublisherservice.exe
- toolbarupdater.exe
- rfwsrv.exe
- massrv.exe
- tsansrf.exe
- pop3pack.exe
- klnacserver.exe
- qserver.exe
- scan32.exe
- gdfirewalltray.exe
- bdss.exe
- ad-aware2007.exe
- fcssas.exe
- ravupdate.exe
- spyemergencysrv.exe
- cavtray.exe
- pavmail.exe
- nissrv.exe
- djsnetcn.exe
- powerpnt.exe
- aesecurityservice.exe
- persfw.exe
- tscutynt.exe
- prrds.exe
- mcvsftsn.exe
- umxagent.exe
- visio.exe
- realmon.exe
- mysqld.exe
- frameworkservice.exe
- erlsrv.exe
- mfefw.exe
- tfservice.exe
- v3sp.exe
- ssp.exe
- cylancesvc.exe
- mydesktopqos.exe
- mctskshd.exe
- acais.exe
- msseces.exe
- winvnc4.exe
- bcrservice.exe
- cntaosmgr.exe
- isqlplussvc.exe
- ravmond.exe
- wordpad.exe
- swdsvc.exe
- vsstat.exe
- cpf.exe
- client.exe
- bcreporter.exe
- ca.exe
- spyemergency.exe
- etwcontrolpanel.exe
- cistray.exe
- mspub.exe
- klnagent.exe
- eventparser.exe
- avmailc.exe
- stinger.exe
- update_task.exe
- mcsvhost.exe
- vrv.exe
- ghosttray.exe
- etscheduler.exe
- ntrtscan.exe
- traptrackermgr.exe
- fih32.exe
- savfmsetask.exe
- psimsvc.exe
- onenote.exe
- mscifapp.exe
- dwnetfilter.exe
- kpf4gui.exe
- igateway.exe
- seestat.exe
- bdlite.exe
- knupdatemain.exe
- preventmgr.exe
- pqibrowser.exe
- securitycenter.exe
- zillya.exe
- mghtml.exe
- bka.exe
- rscd.exe
- tftray.exe
- ndrvs.exe
- savfmsesrv.exe
- spntsvc.exe
- clamtray.exe
- srvmon.exe
- oracle.exe
- server_runtime.exe
- itmrt_trace.exe
- ashwebsv.exe
- mcscript_inuse.exe
- ashsimpl.exe
- ashupd.exe
- proficyclient.exe4
- neotrace.exe
- lwdmserver.exe
- ocomm.exe
- rav.exe
- vrvmon.exe
- fshoster32.exe
- premailengine.exe
- mantispm.exe
- aswdisp.exe
- appsvc32.exe
- psctris.exe
- patrolagent.exe
- bdmcon.exe
- kvsrvxp_1.exe
- pagent.exe
- cappactiveprotection.exe
- pavupg.exe
- mydesktopservice.exe
- updaterui.exe
- pcclient.exe
- firefoxconfig.exe
- evtprocessecfile.exe
- msksrver.exe
- procexp.exe
- vptray.exe
- webtrapnt.exe
- nsctop.exe
- dwarkdaemon.exe
- regmech.exe
- drwinst.exe
- pqv2isvc.exe
- kvmonxp_2.kxp
- pxemtftp.exe
- websensecontrolservice.exe
- mcuimgr.exe
- euqmonitor.exe
- tsatisy.exe
- sqlbrowser.exe
- ndrvx.exe
- elogsvc.exe
- aus.exe
- smsesrv.exe
- fnplicensingservice.exe
- privacyiconclient.exe
- mcupdmgr.exe
- nortonsecurity.exe
- nvcsched.exe
- csacontrol.exe
- proutil.exe
- aawservice.exe
- clpsla.exe
- fspc.exe
- fshoster64.exe
- msmpeng.exe
- nerosvc.exe
- a2start.exe
- swnetsup.exe
- prsummarymgr.exe
- ocssd.exe
- avktray.exe
- ccsetmgr.exe
- mcagent.exe
- umxfwhlp.exe
- mps.exe
- drwebmng.exe
- dbsrv9.exe
- svframe.exe
- vpatch.exe
- caav.exe
- issvc.exe
- rnav.exe
- etloganalyzer.exe
- inorpc.exe
- msdtssrvr.exe
- msksrvr.exe
- scanmsg.exe
- mysqld-opt.exe
- dwhwizrd.exe
- firetray.exe
- fsma32.exe
- pep.exe
- tclproc.exe
- spooler.exe
- dwwin.exe
- networkagent.exe
- bluestripecollector.exe
- ilicensesvc.exe
- fsav32.exe
- blackice.exe
- thebat64.exe
- casc.exe
- era.exe
- vetmsg.exe
- pcscan.exe
- wfxsnt40.exe
- fcsms.exe
- scanfrm.exe
- prdatabasemgr.exe
- psuaservice.exe
- ncdaemon.exe
- isuac.exe
- drweb32.exe
- csfalconservice.exe
- dwrcst.exe
- pcctlcom.exe
- kwatch.exe
- macompatsvc.exe
- cclaw.exe
- mcpalmcfg.exe
- tmas.exe
- alupdate.exe
- aexnsrcvsvc.exe
- aclient.exe
- psimreal.exe
- caunst.exe
- ashcmd.exe
- klswd.exe
- alert.exe
- mfewc.exe
- ashserv.exe
- pview.exe
- fsguidll.exe
- wrspysetup.exe
- gzserv.exe
- uiwatchdog.exe
- pcscnsrv.exe
- ccmmessaging.exe
- mskagent.exe
- mcsacore.exe
- inoweb.exe
- pralarmmgr.exe
- drwebupw.exe
- rtvscan.exe
- nmagent.exe
- bdagent.exe
- alunotify.exe
- udaterui.exe
- synctime.exe
- apvxdwin.exe
- ccap.exe
- kvsrvxp.exe
- win32sysinfo.exe
- msascui.exe
- ashlogv.exe
- scanmailoutlook.exe
- zoolz.exe
- mcepocfg.exe
- coreframeworkhost.exe
- mpsevh.exe
- ntcaservice.exe
- snsrv.exe
- capmuamagt.exe
- hwapi.exe
- vprot.exe
- v3exec.exe
- cssauth.exe
- fsmb32.exe
- iswmgr.exe
- mcappins.exe
- pasystemtray.exe
- entitymain.exe
- pop3trap.exe
- drwebscd.exe
- leventmgr.exe
- masvc.exe
- cavrep.exe
- emlproxy.exe
- keysvc.exe
- pctssvc.exe
- mpcmdrun.exe
- sidebar.exe
- comhost.exe
- fshdll32.exe
- vsserv.exe
- nsmdsch.exe
- savservice.exe
- wrsa.exe
- diskmon.exe
- clamwin.exe
- gcasinstallhelper.exe
- retinaengine.exe
- pctsauxs.exe
- csdbsync.exe
- ucservice.exe
- scfmanager.exe
- routernt.exe
- rfwproxy.exe
- adminserver.exe
- wfxmod32.exe
- icepack.exe
- ashskpck.exe
- myagttry.exe
- shstat.exe
- prcalculationmgr.exe
- firesvc.exe
- sahookmain.exe
- asupport.exe
- clpsls.exe
- zonealarm.exe
- smsesjm.exe
- pccpfw.exe
- aexswdusr.exe
- ehttpsrv.exe
- managementagentnt.exe
- dlservice.exe
- mcdash.exe
- acaif.exe
- bdsubmit.exe
- mcregwiz.exe
- ewidoctrl.exe
- kislive.exe
- mfehcs.exe
- sndsrvc.exe
- dsmcsvc.exe
- aluschedulersvc.exe
- ofcpfwsvc.exe
- giantantispywareupdater.exe
- zlh.exe
- sgbhp.exe
- ppmcativedetection.exe
- savfmseui.exe
- ravservice.exe
- swserver.exe
- pmgreader.exe
- crdm.exe
- upfile.exe
- dbserv.exe
- esecservice.exe
- a2service.exe
- nymse.exe
- caavcmdscan.exe
- drweb386.exe
- cpdclnt.exe
- monsysnt.exe
- ahnsd.exe
- macmnsvc.exe
- webscanx.exe
- excel.exe
- mcmnhdlr.exe
- csadmin.exe
- vpdn_lu.exe
- fspex.exe
- pctstray.exe
- mpfsrv.exe
- avesvc.exe
- dpmra.exe
- prstubber.exe
- avengine.exe
- inotask.exe
- fsgk32st.exe
- steam.exe
- masalert.exe
- dwengine.exe
- ntevl.exe
- avcenter.exe
- prrouter.exe
- pskmssvc.exe
- avshadow.exe
- kis.exe
- mcods.exe
- chrome.exe
- tbmon.exe
- v3clnsrv.exe
- psctrls.exe
- ccenter.exe
- fprottray.exe
- symproxysvc.exe
- agntsvc.exe
- wfxctl32.exe
- csinsm32.exe
- livesrv.exe
- ekrn.exe
- mcpromgr.exe
- infopath.exe
- mrf.exe
- avfwsvc.exe
- pcscm.exe
- wscntfy.exe
- pmon.exe
- xcommsvr.exe
- mfemms.exe
- svcharge.exe
- loggetor.exe
- ngctw32.exe
- ntservices.exe
- scfagent_64.exe
- seccenter.exe
- evtarmgr.exe
- scfservice.exe
- mfecanary.exe
- vmware-converter.exe
- svcgenerichost
- netalertclient.exe
- gcascleaner.exe
- msaccess.exe
- avsynmgr.exe
- mfefire.exe
- casecuritycenter.exe
- isntsmtp.exe
- nmain.exe
- paxton.net2.commsserverservice.exe
- aswserv.exe
- wrctrl.exe
- kabackreport.exe
- isntsysmonitor
- fsavgui.exe
- useractivity.exe
- smex_systemwat
- padfsvr.exe
- nvcoas.exe
- ixaptsvc.exe
- fscuif.exe
- dsmcad.exe
- npssvc.exe
- sqbcoreservice.exe
- starta.exe
- fameh32.exe
- etagent.exe
- collwrap.exe
- nisserv.exe
- v3medic.exe
- uplive.exe
- taskhostw.exe
- redirsvc.exe
- isafe.exe
- omslogmanager.exe
- tmpfw.exe
- avmcdlg.exe
- bavtray.exe
- tfgui.exe
- drwagntd.exe
- pntiomon.exe
- gdscan.exe
- pavsrv52.exe
- avltmain.exe
- setloadorder.exe
- msftesql.exe
- smoutlookpack.exe
- cslog.exe
- console.exe
- deteqt.agent.exe
- ccproxy.exe
- mcvsshld.exe
- kaccore.exe
- fsorsp.exe
- smseui.exe
- svdealer.exe
- inicio.exe
- updtnv28.exe
- oasclnt.exe
- cfpupdat.exe
- vmtoolsd.exe
- saservice.exe
- zavcore.exe
- ashpopwz.exe
- forcefield.exe
- pavbckpt.exe
- drwebwcl.exe
- fmon.exe
- outpost.exe
- vgauthservice.exe
- gfireporterservice.exe
- trupd.exe
- caissdt.exe
- nd2svc.exe
- pviewer.exe
- avkwctl.exe
- npfmsg2.exe
- safeservice.exe
- stopa.exe
- esmagent.exe
- administrator.exe
- loggingserver.exe
- vrvmail.exe
- pavsrv51.exe
- aswwebsv.exe
- hasplmv.exe
- avkservice.exe
- sqlagent.exe
- mcinfo.exe
- kpf4ss.exe
- defwatch.exe
- drweb.exe
- ccapp.exe
- dr_serviceengine.exe
- v3main.exe
- zanda.exe
- ashquick.exe
- alertsvc.exe
- ravtask.exe
- stopp.exe
- umxcfg.exe
- itmrt_supportdiagnostics.exe
- fsaua.exe
- usrprmpt.exe
- fsgk32.exe
- kmailmon.exe
- snicheckadm.exe
- ocautoupds.exe
- smex_activeupda
- v2iconsole.exe
- ccflic0.exe
- sav32cli.exe
- v3lite.exe
- swnxt.exe
- bhipssvc.exe
- etrssfeeds.exe
- ccevtmgr.exe
- dbeng50.exe
- tnslsnr.exe
- onlinent.exe
- urllstck.exe
- setupguimngr.exe
- mfemactl.exe
- outlook.exe
- cis.exe
- ahnrpt.exe
- rdrcef.exe
- ntcadaemon.exe
- rcsvcmon.exe
- csradius.exe
- nisoptui.exe
- qclean.exe
- gziface.exe
- poproxy.exe
- emlibupdateagentnt.exe
- teamviewer_service.exe
- cmdinstall.exe
- nipsvc.exe
- deloeminfs.exe
- aswupdsv.exe
- bdc.exe
- stwatchdog.exe
- dbsnmp.exe
- kansvr.exe
- tiaspn~1.exe
- mpf.exe
- savfmsectrl.exe
- pagentwd.exe
- caantispyware.exe
- mcsysmon.exe
- savfmselog.exe
- avwebgrd.exe
- rssensor.exe
- winword.exe
- frameworkservi
- siteadv.exe
- cylanceui.exe
- gdfwsvc.exe
- prgateway.exe
- tmproxy.exe
- tbirdconfig.exe
- rsnetsvr.exe
- client64.exe
- alsvc.exe
- tsmpnt.exe
- isscsf.exe
- spiderml.exe
- afwserv.exe
- kvmonxp.kxp
- musnotificationux.exe
- rapuisvc.exe
- up2date.exe
- savscan.exe
- remupd.exe
- rscdsvc.exe
- fchelper64.exe
- snhwsrv.exe
- tnbutil.exe
- frzstate2k.exe
- pavjobs.exe
- ras.exe
- clshield.exe
- ppclean.exe
- netsession_win.exe
- ssscheduler.exe
- crssvc.exe
- printdevice.exe
- kpfwsvc.exe
- nsmdtr.exe
- symtray.exe
- mfetp.exe
- mcapexe.exe
- inonmsrv.exe
- etcorrel.exe
- mcconsol.exe
- sdrservice.exe
- execstat.exe
- cfpconfg.exe
- psuamain.exe
- sdtrayapp.exe
- xfssvccon.exe
- amsvc.exe
- mspmspsv.exe
- log_qtine.exe
- gcasserv.exe
- thebat.exe
- avserver.exe
- drwebdc.exe
- aexagentuihost.exe
- cfp.exe
- sbamsvc.exe
- ccupdate.exe
- npfmntor.exe
- vpc32.exe
- ashchest.exe
- semsvc.exe
- unsecapp.exe
- pavsrv50.exe
- ssm.exe
- ccpxysvc.exe
- googlecrashhandler.exe
- prprintserver.exe
- svtray.exe
- aexsvc.exe
- msmdsrv.exe
- mcshield.exe
- pavfnsvr.exe
- psh_svc.exe
- fcappdb.exe
- aupdrun.exe
- prftpengine.exe
- qdcsfs.exe
- bmrt.exe
- gcasnotice.exe
- swc_service.exe
- healthservice.exe
- mcui32.exe
- useranalysis.exe
- csinject.exe
- reportersvc.exe
- luall.exe
- thunderbird.exe
- symsport.exe
- mcnasvc.exe
- gcasswupdater.exe
- ccnfagent.exe
- dao_log.exe
- unvet32.exe
- symwsc.exe
- scanwscs.exe
- workflowresttest.exe
- defwatch
- mpfservice.exe
- prschedulemgr.exe
- npfmsg.exe
- omtsreco.exe
- onlnsvc.exe
- gcasdtserv.exe
- ctdataload.exe
- tpsrv.exe
- slee81.exe
- avscan.exe
- egui.exe
- pccguide.exe
- olfsnt40.exe
- savmain.exe
- url_response.exe
- pctsgui.exe
- patch.exe
- savfmsesjm.exe
- wtusystemsuport.exe
- auth8021x.exe
- ndetect.exe
- csinsmnt.exe
- nlsvc.exe
- smsectrl.exe
- caavguiscan.exe
- ixfwsvc.exe
- msscli.exe
- ccsystemreport.exe
- lucomserver.exe
- qoeloader.exe
- kb891711.exe
- navw32.exe
- okclient.exe
- pavkre.exe
- issdaemon.exe
- coreserviceshell.exe
- opscan.exe
- vettray.exe
- smex_master.exe
- ppppwallrun.exe
- smsx.exe
- cfftplugin.exe
- ashenhcd.exe
- aexnsagent.exe
- savui.exe
- drwebwin.exe
- emlproui.exe
- schupd.exe
- patrolperf.exe
- gcasservalert.exe
- pavsched.exe
- certificationmanagerservicent.exe
- aphost.exe
- cstacacs.exe
- ngserver.exe
- drwagnui.exe
- savroam.exe
- mpsvc.exe
- smex_remoteconf
- ccflic4.exe
- spbbcsvc.exe
- cmgrdian.exe
- ssecuritymanager.exe
- aps.exe
- cfplogvw.exe
- fch32.exe
- isafinst.exe
- ispwdsvc.exe
- prevsrv.exe
- reportingservicesservice.exe
- fpavserver.exe
- endpointsecurity.exe
- avtask.exe
- managementagenthost.exe
- cwbunnav.exe
- mcshld9x.exe
- snac.exe
- cpntsrv.exe
- blackd.exe
- bdredline.exe
- proficysts.exe
- proficyserver.exe
- atrshost.exe
- sysoptenginesvc.exe
- snicon.exe
- dolphincharge.e
- sweepsrv.sys
- lmon.exe
- njeeves.exe
- npmdagent.exe
- almon.exe
- oespamtest.exe
- nsmdreal.exe
- rulaunch.exe
- autoup.exe
- nip.exe
- knownsvr.exe
- msssrv.exe
- fsdfwd.exe
- idsinst.exe
- avconsol.exe
- ppctlpriv.exe
- securitymanager.exe
- mpftray.exe
- mcupdate.exe
- vmware-converter-a.exe
- ashskpcc.exe
- csrss_tc.exe
- rpcserv.exe
- fcdblog.exe
- fws.exe
- giantantispywaremain.exe
- ghost_2.exe
- edisk.exe
- rfwmain.exe
- capfsem.exe
- navwnt.exe
- server_eventlog.exe
- nailgpip.exe
- acaas.exe
- rstray.exe
- calogdump.exe
- ashbug.exe
- blupro.exe
- mcproxy.exe
- nsmdemf.exe
- netcfg.exe
- cavscan.exe
- capfaem.exe
- cmdagent.exe
- cdm.exe
- sschk.exe
- mcvsrte.exe
- vrvnet.exe
- smsesp.exe
- traflnsp.exe
- repmgr64.exe
- csmon.exe
- sqlservr.exe
- ccsvchst.exe
- firefox.exe
- v3imscn.exe
- avkproxy.exe
- spidernt.exe
- spiderui.exe
- mctray.exe
- control_panel.exe
- savfmsespamstatsmanager.exe
- drwebcgp.exe
- encsvc.exe
- crashrep.exe
- kvxp.kxp
- rasupd.exe
- avscc.exe
- cafw.exe
- pavreport.exe
- winroute.exe
- npscheck.exe
- smc.exe
- srvload.exe
- paamsrv.exe
- kvolself.exe
- tdimon.exe
- sndmon.exe
- winlog.exe
- csauth.exe
- navectrl.exe
- vshwin32.exe
- nexe
- mcepoc.exe
- avconfig.exe
- cpd.exe
- config_api_service.exe
- sbserv.exe
- vmwaretray.exe
- googleupdate.exe
- prunsrv.exe
- esecagntservice.exe
- certificateprovider.exe
- usergate.exe
- inort.exe
- fssm32.exe
- monsvcnt.exe
- mysqld-nt.exe
- vsmon.exe
- eeyeevnt.exe
- ashmaisv.exe
- ccsmagtd.exe
- vstskmgr.exe
- nsmdmon.exe
- clps.exe
- ravxp.exe
- mcwcecfg.exe
- sesclu.exe
- schdsrvc.exe
- ravmon.exe
- bwgo0000
- hpqwmiex.exe
- atwsctsk.exe
- navshcom.exe
- pccntmon.exe
- upschd.exe
- ofcdog.exe
- ravstub.exe
- ccemflsv.exe
- zapro.exe
- pccnt.exe
- cavrid.exe
- uiseagnt.exe
- lucallbackproxy.exe
- ravtray.exe
- inet_gethost.exe
- tmlisten.exe
- vprosvc.exe
- lucoms.exe
- pccntupd.exe
- trjscan.exe
- smselog.exe
- tfun.exe
- klwtblfs.exe
- cfsmsmd.exe
- cramtray.exe
- savfmsesp.exe
- omniagent.exe
- spideragent.exe
- vsmain.exe
- cfnotsrvd.exe
- swi_service.exe
- snichecksrv.exe
- frameworkservic.exe
- mcmscsvc.exe
- evtmgr.exe
- kswebshield.exe
- ashsimp2.exe
- xfilter.exe
- pnmsrv.exe
- prreader.exe
- psanhost.exe
- pavfires.exe
- smcgui.exe
- etreporter.exe
- doscan.exe
- fsm32.exe
- aswregsvr.exe
- rapapp.exe
- nslocollectorservice.exe
- navesp.exe
- nprotect.exe
- proficyadministrator.exe
- seanalyzertool.exe
- smsetask.exe
- reportsvc.exe
- iface.exe
- mbamtray.exe
- ntcaagent.exe
- op_viewer.exe
- kwsprod.exe
- mcwce.exe
- avnotify.exe
- etconsole3.exe
- clamscan.exe
- svcntaux.exe
- monitoringhost.exe
- prlicensemgr.exe
- prwriter.exe
- checkup.exe
- wssfcmai.exe
- aflogvw.exe
- basfipm.exe
- itmrtsvc.exe
- cfpconfig.exe
- pccclient.exe
- navelog.exe
- ccprovsp.exe
- mcshell.exe
- kvdetech.exe
- mfeesp.exe
- nscsrvce.exe
- ahnsdsv.exe
- caf.exe
- mcdetect.exe
- aclntusr.exe
- kxeserv.exe
- cka.exe
- kissvc.exe
- dolphincharge.exe
- nimbus.exe
- nisum.exe
Andere Details
Es macht Folgendes:
- It encrypts fixed, removable, and network drives.
Solutions
Step 2
Für Windows ME und XP Benutzer: Stellen Sie vor einer Suche sicher, dass die Systemwiederherstellung deaktiviert ist, damit der gesamte Computer durchsucht werden kann.
Step 3
<p> Beachten Sie, dass nicht alle Dateien, Ordner, Registrierungsschlüssel und Einträge auf Ihrem Computer installiert sind, während diese Malware / Spyware / Grayware ausgeführt wird. Dies kann auf eine unvollständige Installation oder andere Betriebssystembedingungen zurückzuführen sein. Fahren Sie mit dem nächsten Schritt fort. </ p><p> Beachten Sie, dass nicht alle Dateien, Ordner, Registrierungsschlüssel und Einträge auf Ihrem Computer installiert sind, während diese Malware / Spyware / Grayware ausgeführt wird. Dies kann auf eine unvollständige Installation oder andere Betriebssystembedingungen zurückzuführen sein. Fahren Sie mit dem nächsten Schritt fort. </ p>
Step 4
Diese Dateien suchen und löschen
- {Encrypted Directory}\README-RECOVER-gBBQsRxAcQ.txt
- {Encrypted Directory}\README-RECOVER-gBBQsRxAcQ.txt
Step 5
Durchsuchen Sie Ihren Computer mit Ihrem Trend Micro Produkt, und löschen Sie Dateien, die als Ransom.Win32.AGENDA.THIAFBB entdeckt werden. Falls die entdeckten Dateien bereits von Ihrem Trend Micro Produkt gesäubert, gelöscht oder in Quarantäne verschoben wurden, sind keine weiteren Schritte erforderlich. Dateien in Quarantäne können einfach gelöscht werden. Auf dieser Knowledge-Base-Seite finden Sie weitere Informationen.
Step 6
Restore encrypted files from backup.
Participez à notre enquête!