Ransom_CRYPCHIM.CD
Piattaforma:
Windows
Valutazione del rischio complessivo:
Potenziale dannoso: :
Potenziale di distribuzione: :
Reported Infection:
Basso
Medio
Alto
Critico
Tipo di minaccia informatica:
Trojan
Distruttivo?:
No
Crittografato?:
In the wild::
Sì
Panoramica e descrizione
Elimina archivos para impedir la ejecución correcta de programas y aplicaciones.
Dettagli tecnici
Dimensione file: 31,744 bytes
Tipo di file: EXE
Residente in memoria: Sì
Data di ricezione campioni iniziali: 24 febbraio 2016
Instalación
Crea las siguientes copias de sí mismo en el sistema afectado:
- %Application Data%\Microsoft\viFIYqeh.exe
(Nota: %Application Data% es la carpeta Application Data del usuario activo, que en el caso de Windows 98 y ME suele estar ubicada en C:\Windows\Profiles\{nombre de usuario}\Application Data, en el caso de Windows NT en C:\WINNT\Profiles\{nombre de usuario}\Application Data y en el caso de Windows 2000, XP y Server 2003 en C:\Documents and Settings\{nombre de usuario}\Local Settings\Application Data).
)Técnica de inicio automático
Agrega las siguientes entradas de registro para permitir su ejecución automática cada vez que se inicia el sistema:
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
xoeKjOnW = "%Application Data%\Microsoft\viFIYqeh.exe "
Otras modificaciones del sistema
Elimina los archivos siguientes:
- %Application Data%\Microsoft\viFIYqeh.exe:Zone.Identifier
- %User Profile%\S-1-5-21-1645522239-1292428093-682003330-1003\4f713f25713286bf3f356212d58da0d3_6abce574-4afc-42c5-8ab9-5739a84d8a8b
- %User Profile%\S-1-5-21-1645522239-1292428093-682003330-1003\36f0d5a0f59ffd86fd28ec2fbc63b443_6abce574-4afc-42c5-8ab9-5739a84d8a8b
- %System Root%\AUTOEXEC.BAT!-==kronstar21@gmail.com=--.crypt
- %System Root%\boot.ini!-==kronstar21@gmail.com=--.crypt
- %System Root%\CONFIG.SYS!-==kronstar21@gmail.com=--.crypt
- %Desktop%.ini!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Internet Explorer\brndlog.bak!-==kronstar21@gmail.com=--.crypt
- %Desktop%.htt!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Security\directories.acrodata!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Internet Explorer\brndlog.txt!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Quick Launch\Show Desktop.scf!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Quick Launch\Launch Internet Explorer Browser.lnk!-==kronstar21@gmail.com=--.crypt
- %User Profile%\{AC76BA86-7AD7-1033-7B44-AA0000000001}\ABCPY.INI!-==kronstar21@gmail.com=--.crypt
- %User Profile%\{AC76BA86-7AD7-1033-7B44-AA0000000001}\Setup.ini!-==kronstar21@gmail.com=--.crypt
- %User Profile%\MMC\secpol!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Protect\CREDHIST!-==kronstar21@gmail.com=--.crypt
- %User Profile%\S-1-5-21-1645522239-1292428093-682003330-1003\f6162a60-d311-478d-9f36-8fb2e67df5b7!-==kronstar21@gmail.com=--.crypt
- %User Profile%\{AC76BA86-7AD7-1033-7B44-AA0000000001}\setup.exe!-==kronstar21@gmail.com=--.crypt
- %User Profile%\S-1-5-21-1645522239-1292428093-682003330-1003\Preferred!-==kronstar21@gmail.com=--.crypt
- %User Profile%\{AC76BA86-7AD7-1033-7B44-AA0000000001}\AcroRead.msi!-==kronstar21@gmail.com=--.crypt
- %User Profile%\S-1-5-18\d42cc0c3858a58db2db37658219e6400_6abce574-4afc-42c5-8ab9-5739a84d8a8b!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Themes\Custom.theme!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Cookies\wilbert@atdmt[2].txt!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Cookies\wilbert@bing[2].txt!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Cookies\index.dat!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Cookies\wilbert@doubleclick[1].txt!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Cookies\wilbert@c.msn[2].txt!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Cookies\wilbert@c.atdmt[2].txt!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Cookies\wilbert@microsoft[1].txt!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Media Player\UserMigratedStore_59R.bin!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Cookies\wilbert@msnportal.112.2o7[1].txt!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Cookies\wilbert@msn[2].txt!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Cookies\wilbert@www.msn[1].txt!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Pbk\sharedaccess.ini!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Pbk\rasphone.pbk!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Cookies\wilbert@www.bing[2].txt!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Cookies\wilbert@scorecardresearch[2].txt!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Media Player\DefaultStore_59R.bin!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\airplane.bmp!-==kronstar21@gmail.com=--.crypt
- %Favorites%\Links\Windows Marketplace.url!-==kronstar21@gmail.com=--.crypt
- %Favorites%\Links\Customize Links.url!-==kronstar21@gmail.com=--.crypt
- %Favorites%\Links\Free Hotmail.url!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\ball.bmp!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\butterfly.bmp!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\beach.bmp!-==kronstar21@gmail.com=--.crypt
- %Favorites%\Links\Windows Media.url!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\astronaut.bmp!-==kronstar21@gmail.com=--.crypt
- %Favorites%\MSN.com.url!-==kronstar21@gmail.com=--.crypt
- %Favorites%\Links\Windows.url!-==kronstar21@gmail.com=--.crypt
- %Favorites%\Radio Station Guide.url!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\dirt bike.bmp!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\car.bmp!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\cat.bmp!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\chess.bmp!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\dog.bmp!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\drip.bmp!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\duck.bmp!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\frog.bmp!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\fish.bmp!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\guitar.bmp!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\kick.bmp!-==kronstar21@gmail.com=--.crypt
- %Application Data%\GDIPFONTCACHEV1.DAT!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\palm tree.bmp!-==kronstar21@gmail.com=--.crypt
- %Application Data%\IconCache.db!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\horses.bmp!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\lift-off.bmp!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\pink flower.bmp!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\skater.bmp!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\red flower.bmp!-==kronstar21@gmail.com=--.crypt
- %User Profile%\User Account Pictures\guest.bmp!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\snowflake.bmp!-==kronstar21@gmail.com=--.crypt
- %User Profile%\User Account Pictures\Wilbert.bmp!-==kronstar21@gmail.com=--.crypt
- %Application Data%\Microsoft\Internet Explorer\MSIMGSIZ.DAT!-==kronstar21@gmail.com=--.crypt
- %Application Data%\Microsoft\viFIYqeh.exe!-==kronstar21@gmail.com=--.crypt
- %Application Data%\Microsoft\Windows Media\9.0\WMSDKNS.DTD!-==kronstar21@gmail.com=--.crypt
- %Application Data%\Microsoft\Windows Media\9.0\WMSDKNS.XML!-==kronstar21@gmail.com=--.crypt
- %User Profile%\0008044E\Plylst1.wpl!-==kronstar21@gmail.com=--.crypt
- %User Profile%\0008044E\Plylst10.wpl!-==kronstar21@gmail.com=--.crypt
- %Application Data%\Microsoft\Media Player\CurrentDatabase_59R.wmdb!-==kronstar21@gmail.com=--.crypt
- %User Profile%\0008044E\Plylst11.wpl!-==kronstar21@gmail.com=--.crypt
- %User Profile%\0008044E\Plylst12.wpl!-==kronstar21@gmail.com=--.crypt
- %User Profile%\0008044E\Plylst13.wpl!-==kronstar21@gmail.com=--.crypt
- %User Profile%\0008044E\Plylst2.wpl!-==kronstar21@gmail.com=--.crypt
- %User Profile%\0008044E\Plylst15.wpl!-==kronstar21@gmail.com=--.crypt
- %User Profile%\0008044E\Plylst14.wpl!-==kronstar21@gmail.com=--.crypt
- %User Profile%\0008044E\Plylst3.wpl!-==kronstar21@gmail.com=--.crypt
- %User Profile%\0008044E\Plylst4.wpl!-==kronstar21@gmail.com=--.crypt
- %User Profile%\History.IE5\index.dat!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Sample Music\New Stories (Highway Blues).wma!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma!-==kronstar21@gmail.com=--.crypt
- %User Profile%\0008044E\Plylst8.wpl!-==kronstar21@gmail.com=--.crypt
- %User Profile%\0008044E\Plylst7.wpl!-==kronstar21@gmail.com=--.crypt
- %User Profile%\0008044E\Plylst5.wpl!-==kronstar21@gmail.com=--.crypt
- %Application Data%\Microsoft\Wallpaper1.bmp!-==kronstar21@gmail.com=--.crypt
- %User Profile%\0008044E\Plylst9.wpl!-==kronstar21@gmail.com=--.crypt
- %User Temp%\58e0ef.mst!-==kronstar21@gmail.com=--.crypt
- %User Profile%\0008044E\Plylst6.wpl!-==kronstar21@gmail.com=--.crypt
- %User Profile%\MSHist012013061320130614\index.dat!-==kronstar21@gmail.com=--.crypt
- %User Temp%\AdobeSFX.log!-==kronstar21@gmail.com=--.crypt
- %User Temp%\ASPNETSetup_00000.log!-==kronstar21@gmail.com=--.crypt
- %User Temp%\AdobeARM.log!-==kronstar21@gmail.com=--.crypt
- %User Temp%\ASPNETSetup_00002.log!-==kronstar21@gmail.com=--.crypt
- %User Temp%\dd_dotnetfx35error.txt!-==kronstar21@gmail.com=--.crypt
- %User Temp%\dd_dotNetFx40_Full_x86_x64_decompression_log.txt!-==kronstar21@gmail.com=--.crypt
- %User Temp%\ASPNETSetup_00001.log!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Sample Pictures\Blue hills.jpg!-==kronstar21@gmail.com=--.crypt
- %User Temp%\dd_depcheck_NETFX_EXP_35.txt!-==kronstar21@gmail.com=--.crypt
- %User Temp%\dd_dotnetfx35install.txt!-==kronstar21@gmail.com=--.crypt
- %User Temp%\dd_netfx20UI7F16.txt!-==kronstar21@gmail.com=--.crypt
- %User Temp%\dd_MSXML6_MSI0686.txt!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Sample Pictures\Sunset.jpg!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Sample Pictures\Water lilies.jpg!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Sample Pictures\Winter.jpg!-==kronstar21@gmail.com=--.crypt
- %User Temp%\dd_vcredistUI3CAA.txt!-==kronstar21@gmail.com=--.crypt
- %User Temp%\dd_vcredistUI7C21.txt!-==kronstar21@gmail.com=--.crypt
- %User Temp%\dd_wcf_CA_smci_20111017_044900_062.txt!-==kronstar21@gmail.com=--.crypt
- %User Temp%\dd_wcf_retCA29BA.txt!-==kronstar21@gmail.com=--.crypt
- %User Temp%\dd_WIC.txt!-==kronstar21@gmail.com=--.crypt
- %User Temp%\dd_XPS.txt!-==kronstar21@gmail.com=--.crypt
- %User Profile%\DRM\drmv2.lic!-==kronstar21@gmail.com=--.crypt
- %User Profile%\DRM\drmv2.sst!-==kronstar21@gmail.com=--.crypt
- %User Temp%\dd_RGB9RAST_x86.msi0683.txt!-==kronstar21@gmail.com=--.crypt
- %User Temp%\dd_vcredistMSI7C21.txt!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Accessibility\Accessibility Wizard.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Accessibility\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Calculator.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Communications\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Communications\HyperTerminal.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Communications\Network Connections.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Communications\Network Setup Wizard.lnk!-==kronstar21@gmail.com=--.crypt
- %User Temp%\dd_NET_Framework35_MSI07B9.txt!-==kronstar21@gmail.com=--.crypt
- %User Temp%\Microsoft Visual C++ 2010 x86 Redistributable Setup_20111020_000954642-MSI_vc_red.msi.txt!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Communications\New Connection Wizard.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Communications\Remote Desktop Connection.lnk!-==kronstar21@gmail.com=--.crypt
- %User Temp%\dd_vcredistMSI3CAA.txt!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk!-==kronstar21@gmail.com=--.crypt
- %User Temp%\uxeventlog.txt!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %User Temp%\Microsoft Visual C++ 2010 x86 Redistributable Setup_20111020_000954642.html!-==kronstar21@gmail.com=--.crypt
- %User Temp%\vminst.log_20130313_012352_Failed.log!-==kronstar21@gmail.com=--.crypt
- %User Temp%\vminst.log_20111016_212239_Failed.log!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Entertainment\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %User Temp%\vminst.log_20130313_012028.log!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Entertainment\Sound Recorder.lnk!-==kronstar21@gmail.com=--.crypt
- %User Temp%\Microsoft .NET Framework 4 Setup_20111016_234618578-MSI_netfx_Extended_x86.msi.txt!-==kronstar21@gmail.com=--.crypt
- %User Temp%\Microsoft .NET Framework 4 Setup_20111016_234618578.html!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Entertainment\Volume Control.lnk!-==kronstar21@gmail.com=--.crypt
- %User Temp%\WSFF8.tmp!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Paint.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\System Tools\Backup.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\System Tools\Character Map.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\System Tools\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %User Temp%\dd_netfx20MSI7F16.txt!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\System Tools\Disk Cleanup.lnk!-==kronstar21@gmail.com=--.crypt
- %User Temp%\vmmsi.log_20130313_012352_Failed.log!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\System Tools\Disk Defragmenter.lnk!-==kronstar21@gmail.com=--.crypt
- %User Temp%\WSFF9.tmp!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\System Tools\Security Center.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\System Tools\System Restore.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\System Tools\System Information.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\System Tools\Scheduled Tasks.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Administrative Tools\Component Services.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\WordPad.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Administrative Tools\Computer Management.lnk!-==kronstar21@gmail.com=--.crypt
- %User Temp%\dd_NET_Framework30_Setup0775.txt!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Administrative Tools\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Administrative Tools\Local Security Policy.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Administrative Tools\Performance.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Administrative Tools\Event Viewer.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Administrative Tools\Data Sources (ODBC).lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Administrative Tools\Services.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Adobe Reader X.lnk!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\53CAC6A10B6248682CF221B24A92[1].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\4[1].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\5c5d9b9cb6c19bcac7f82d676b488b[1].css!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\8213D9F75AD098D48F237D6CCC29F8[1].jpg!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Games\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\adchoices_gif2[1].gif!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Games\Freecell.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Games\Hearts.lnk!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\836390dd7004a00c9b21db33678d84[1].png!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\ADSAdClient31[1].htm!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\ADSAdClient31[2].htm!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Games\Internet Backgammon.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Games\Internet Checkers.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Games\Internet Hearts.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Games\Internet Reversi.lnk!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\BA1FA617D2822CCF20CF2239452095[1].jpg!-==kronstar21@gmail.com=--.crypt
- %User Temp%\Microsoft .NET Framework 4 Setup_20111016_234618578-MSI_netfx_Core_x86.msi.txt!-==kronstar21@gmail.com=--.crypt
- %User Temp%\vmmsi.log_20111016_212246_Failed.log!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Games\Internet Spades.lnk!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\bottom_left3[1].png!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\bottom_right3[1].png!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Games\Pinball.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Games\Minesweeper.lnk!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\box02[1].gif!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Games\Solitaire.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\MSN.lnk!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\c57bc2a7d38843d7c4aa8028fc9f82[1].gif!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Games\Spider Solitaire.lnk!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\1d56986ff895d82941fb9faf08c76f[1].css!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\d3a1be3129df1dc11a599ea57981b2[2].js!-==kronstar21@gmail.com=--.crypt
- %Common Startup%\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %User Temp%\vmmsi.log_20130313_012028.log!-==kronstar21@gmail.com=--.crypt
- %User Temp%\dd_NET_Framework20_Setup06A7.txt!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\D2543C851E4AE4B1DB2DE3B1562DB[1].jpg!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\gw[1].js!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\top_left3[1].png!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Windows Movie Maker.lnk!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\all[1].js!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Windows Messenger.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\WinPcap\Uninstall WinPcap 4.1.2.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\WinPcap\WinPcap Web Site.url!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Windows Update.lnk!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\BVLBNMKH\0000000001_000000000000000017246[1].gif!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Set Program Access and Defaults.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Windows Catalog.lnk!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\BVLBNMKH\5280118e68aedbc5821d17132a5340[1].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\BVLBNMKH\anatm[1].js!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\BVLBNMKH\8adae8665171049ce4960396c72c86[1].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\BVLBNMKH\15A727F1384E33C33F18A135D9710[1].jpg!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\BVLBNMKH\BA0EAC3FA44E01BE67D7651C9E60[1].jpg!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\BVLBNMKH\box04[1].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\BVLBNMKH\box08[1].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\BVLBNMKH\9FFCFB0D17D6A8FD7C27416ED0DB[1].jpg!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\BVLBNMKH\cc36ca69630adc1a2052edc7351a47[1].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\BVLBNMKH\ADSAdClient31[1].htm!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\BVLBNMKH\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\BVLBNMKH\header00b[1].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\BVLBNMKH\primedns[1].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\BVLBNMKH\923334461022280076d968be269386[1].png!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\BVLBNMKH\primedns[2].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\msn[1].htm!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\BVLBNMKH\table_bottom3[1].png!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\BVLBNMKH\sck[1].htm!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZDGZNKA5\614595fba50d96389708a4135776e4[1].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZDGZNKA5\1db850e671ac9a39751a1482909ea6[1].jpg!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZDGZNKA5\617475cf39bf6f5c0bd6ecb985335c[1].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZDGZNKA5\147[1].jpg!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\BVLBNMKH\ecbrolfa1ff2b64fe659f792daafb90b16a4[1].js!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\BVLBNMKH\jquery-1.4.2.min[1].js!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\index.dat!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZDGZNKA5\9E82BCBB661C2665F77225A5DCC867[1].jpg!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZDGZNKA5\ADSAdClient31[2].htm!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZDGZNKA5\ADSAdClient31[1].htm!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZDGZNKA5\dapmsn[1].js!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZDGZNKA5\box06[1].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZDGZNKA5\background[1].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZDGZNKA5\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZDGZNKA5\CDAB2F44A1591D2B308C20C6C15375[1].jpg!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZDGZNKA5\FD4957C9FB46179035C1C4F6407F10[1].jpg!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZDGZNKA5\msnhomepagehistory[1].aspx!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZDGZNKA5\primedns[2].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZDGZNKA5\primedns[1].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZDGZNKA5\primedns[3].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\290e7f0b12fa8a201581c74c1ae75a[1].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZDGZNKA5\table_right3[1].png!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZDGZNKA5\top_right3[1].png!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZDGZNKA5\GRedirect[2].aspx!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\4[1].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\37BA92E210D341BFDBF4126422A3D2[1].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\9b61bd1a420364db439350bebaac19[1].css!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\844DD2D2B4733FAE13849F794A7BD8[1].jpg!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\72541472A285479CAB60A1F736581[1].jpg!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\A5EE7088EC167F676F626203E7371[1].png!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\BCEE3611B4F81EDE9240922336F1[1].jpg!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\AB7F4D56A6421622DF40E72BA32B[1].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\BING_websearch_2[1].jpg!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\300x250_45914_4crocsl[1].jpg!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\ADSAdClient31[1].htm!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\sck[1].htm!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\footer00[1].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\D8F68391953F21ECC405DCBA92D39[1].jpg!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\conditionalbanners[1].htm!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\qsonhs[1].aspx!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\en[1].js!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\F7D0CF254A92D3932EDCF252CA5AB4[1].jpg!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\table_top3[1].png!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\table_left3[1].png!-==kronstar21@gmail.com=--.crypt
- %User Profile%\My Music\Sample Music.lnk!-==kronstar21@gmail.com=--.crypt
- %User Profile%\My Pictures\Sample Pictures.lnk!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %User Profile%\ntuser.ini!-==kronstar21@gmail.com=--.crypt
- %User Profile%\SendTo\Compressed (zipped) Folder.ZFSendToTarget!-==kronstar21@gmail.com=--.crypt
- %User Profile%\SendTo\Mail Recipient.MAPIMail!-==kronstar21@gmail.com=--.crypt
- %Desktop% (create shortcut).DeskLink!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\widgets[1].js!-==kronstar21@gmail.com=--.crypt
- %User Profile%\SendTo\My Documents.mydocs!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Accessibility\Utility Manager.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Accessibility\Magnifier.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Accessibility\Narrator.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Command Prompt.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Address Book.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Program Compatibility Wizard.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Entertainment\Windows Media Player.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Synchronize.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Notepad.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Windows Explorer.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Tour Windows XP.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Remote Assistance.lnk!-==kronstar21@gmail.com=--.crypt
- %User Startup%\xoeKjOnW.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Outlook Express.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Internet Explorer.lnk!-==kronstar21@gmail.com=--.crypt
- %User Startup%\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %User Profile%\ntuser.dat.LOG!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Windows Media Player.lnk!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Templates\amipro.sam!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Templates\excel4.xls!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Templates\presenta.shw!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Templates\excel.xls!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Templates\powerpnt.ppt!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Templates\lotus.wk4!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Templates\sndrec.wav!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Templates\quattro.wb2!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Templates\winword.doc!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Templates\winword2.doc!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Templates\wordpfct.wpd!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Templates\wordpfct.wpg!-==kronstar21@gmail.com=--.crypt
- %User Profile%\NTUSER.DAT!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\9STOYKO4\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\NF72HY20\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\246FT6TD\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %Application Data%\FontCache3.0.0.0.dat!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\PHOM4UYK\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %User Profile%\{AC76BA86-7AD7-1033-7B44-AA0000000001}\Data1.cab!-==kronstar21@gmail.com=--.crypt
- %System Root%\IO.SYS!-==kronstar21@gmail.com=--.crypt
- %System Root%\MSDOS.SYS!-==kronstar21@gmail.com=--.crypt
- %System Root%\NTDETECT.COM!-==kronstar21@gmail.com=--.crypt
- %System Root%\ntldr!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Adobe.Reader.Dependencies.manifest!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\AGMGPUOptIn.ini!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\AcroRd32Info.exe!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\AcroTextExtractor.exe!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\AcroBroker.exe!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\AcroRd32.exe!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\cryptocme2.sig!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Eula.exe!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\IDTemplates\ENU\AdobeID.pdf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\IDTemplates\ENU\DefaultID.pdf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Legal\ENU\eula.ini!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Javascripts\JSByteCodeWin.bin!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Legal\ENU\license.html!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\LogTransport2.exe!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\PDFPrevHndlrShim.exe!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\PDFSigQFormalRep.pdf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\AcroForm\adobepdf.xdc!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\Accessibility.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\AcroSign.prc!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\AcroForm\PMP\AdobePDF417.pmp!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\AcroForm\PMP\QRCode.pmp!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\AcroForm\PMP\DataMatrix.pmp!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\Annotations\Stamps\ENU\SignHere.pdf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\Annotations\Stamps\Words.pdf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\DVA.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\Checkers.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\eBook.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\DigSig.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\IA32.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\EScript.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\Multimedia\MPP\MCIMPP.mpp!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\Multimedia\MPP\Flash.mpp!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\Multimedia\MPP\QuickTime.mpp!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\Multimedia\MPP\WindowsMedia.mpp!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\PDDom.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\Multimedia.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\MakeAccessible.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\ReadOutLoud.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\reflow.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\AcroForm.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\SaveAsRTF.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\Annots.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\Search.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\SendMail.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\Spelling.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\Updater.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\weblink.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\pmd.cer!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins3d\drvDX9.x3d!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\reader_sl.exe!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins3d\prc\MyriadCAD.otf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins3d\3difr.x3d!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins3d\tesselate.x3d!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins3d\drvSOFT.x3d!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins3d\2d.x3d!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\RTC.der!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins3d\drvDX8.x3d!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\add_reviewer.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\bl.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\br.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\distribute_form.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\email_initiator.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\email_all.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\create_form.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Services\Services.cfg!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\ended_review_or_form.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\end_review.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\forms_super.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\PPKLite.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\forms_distributed.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\forms_received.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\info.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins3d\prcr.x3d!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Services\DEXShare.spi!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\open_original_form.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\form_responses.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\main.css!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\SPPlugins\ADMPlugin.apl!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\pdf.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\reviews_joined.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\reviewers.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\rss.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\server_issue.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\reviews_sent.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\reviews_super.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\tr.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\review_shared.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\review_same_reviewers.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\review_browser.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\server_lg.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\tl.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\server_ok.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\stop_collection_data.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\review_email.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\submission_history.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\trash.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\turnOnNotificationInAcrobat.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\turnOnNotificationInTray.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\warning.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\turnOffNotificationInAcrobat.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\turnOffNotificationInTray.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\ENUtxt.pdf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\ReadMe.htm!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Font\CourierStd-Bold.otf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Font\CourierStd-Oblique.otf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Font\CourierStd.otf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Font\CourierStd-BoldOblique.otf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Font\PFM\SY______.PFM!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Font\PFM\zx______.pfm!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Font\PFM\zy______.pfm!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Font\AdobePiStd.otf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Font\MinionPro-Bold.otf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Font\MinionPro-Regular.otf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Font\MinionPro-It.otf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Font\MyriadPro-Bold.otf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Font\MinionPro-BoldIt.otf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Font\SY______.PFB!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Font\MyriadPro-BoldIt.otf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Font\MyriadPro-It.otf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Linguistics\Providers\Proximity\11.00\brt.fca!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Font\MyriadPro-Regular.otf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_CA.txt!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US.txt!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB.txt!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Linguistics\Providers\Proximity\11.00\can.fca!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Linguistics\Providers\Proximity\11.00\brt32.clx!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Linguistics\Providers\Proximity\11.00\brt.hyp!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Font\ZX______.PFB!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Font\ZY______.PFB!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Linguistics\Providers\Proximity\11.00\engphon.env!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Linguistics\Providers\Proximity\11.00\can32.clx!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Linguistics\Providers\Proximity\11.00\usa.fca!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Linguistics\Providers\Proximity\11.00\brt04.hsp!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\SaslPrep\SaslPrepProfile_norm_bidi.spp!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Linguistics\Providers\Proximity\11.00\can129.hsp!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Linguistics\Providers\Proximity\11.00\eng32.clx!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Linguistics\Providers\Proximity\11.00\can.hyp!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Linguistics\Providers\Proximity\11.00\brt55.ths!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Linguistics\Providers\Proximity\11.00\can03.ths!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\TypeSupport\Unicode\Mappings\Adobe\symbol.txt!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\TypeSupport\Unicode\Mappings\Adobe\zdingbat.txt!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Linguistics\Providers\Proximity\11.00\eng.hyp!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\TypeSupport\Unicode\Mappings\Mac\CENTEURO.TXT!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Linguistics\Providers\Proximity\11.00\usa03.hsp!-==kronstar21@gmail.com=--.crypt
Agrega las siguientes entradas de registro como parte de la rutina de instalación:
HKEY_CURRENT_USER\Software\qQNagyOI
Agrega las siguientes entradas de registro:
HKEY_CURRENT_USER\Software\qQNagyOI
BKvkWWib = "{random values}"
HKEY_CURRENT_USER\Software\qQNagyOI
MbdXpuCR = "{random values}"
HKEY_CURRENT_USER\Software\qQNagyOI
XsihfSWk = "{random values}"
Rutina de infiltración
Infiltra los archivos siguientes:
- %User Startup%\xoeKjOnW.lnk
(Nota: %User Startup% es la carpeta Inicio del usuario activo, que en el caso de Windows 98 y ME suele estar en C:\Windows\Profiles\{nombre de usuario}\Menú Inicio\Programas\Inicio, en el caso de Windows NT en C:\WINNT\Profiles\{nombre de usuario}\Menú Inicio\Programas\Inicio y en C:\Documents and Settings\{nombre de usuario}\Menú Inicio\Programas\Inicio).
)
Soluzioni
Motore di scansione minimo: 9.8
Step 1
Los usuarios de Windows ME y XP, antes de llevar a cabo cualquier exploración, deben comprobar que tienen desactivada la opción Restaurar sistema para permitir la exploración completa del equipo.
Step 2
Reiniciar en modo seguro
[ learnMore ]
Step 3
Eliminar esta clave del Registro
[ learnMore ]
Importante: si modifica el Registro de Windows incorrectamente, podría hacer que el sistema funcione mal de manera irreversible. Lleve a cabo este paso solo si sabe cómo hacerlo o si puede contar con ayuda de su administrador del sistema. De lo contrario, lea este artículo de Microsoft antes de modificar el Registro del equipo.
- In HKEY_CURRENT_USER\Software
- qQNagyOI
Step 4
Eliminar este valor del Registro
[ learnMore ]
Importante: si modifica el Registro de Windows incorrectamente, podría hacer que el sistema funcione mal de manera irreversible. Lleve a cabo este paso solo si sabe cómo hacerlo o si puede contar con ayuda de su administrador del sistema. De lo contrario, lea este artículo de Microsoft antes de modificar el Registro del equipo.
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- xoeKjOnW = "%Application Data%\Microsoft\viFIYqeh.exe "
- In HKEY_CURRENT_USER\Software\qQNagyOI
- BKvkWWib = "{random values}"
- In HKEY_CURRENT_USER\Software\qQNagyOI
- MbdXpuCR = "{random values}"
- In HKEY_CURRENT_USER\Software\qQNagyOI
- XsihfSWk = "{random values}"
Step 5
Buscar y eliminar este archivo
[ learnMore ]
Puede que algunos de los archivos del componente estén ocultos. Asegúrese de que tiene activada la casilla Buscar archivos y carpetas ocultos en la opción Más opciones avanzadas para que el resultado de la búsqueda incluya todos los archivos y carpetas ocultos. - %User Startup%\xoeKjOnW.lnk
Step 6
Reinicie en modo normal y explore el equipo con su producto de Trend Micro para buscar los archivos identificados como Ransom_CRYPCHIM.CD En caso de que el producto de Trend Micro ya haya limpiado, eliminado o puesto en cuarentena los archivos detectados, no serán necesarios más pasos. Puede optar simplemente por eliminar los archivos en cuarentena. Consulte esta página de Base de conocimientos para obtener más información.
Sondaggio