Search
Keyword: bat
nomedia ocx prf rom rtp scr shs spl sys theme themepack exe bat cmd {5 characters} tmp It checks if the following applications are installed in the affected system: AVP.exe ekrn.exe avgnt.exe ashDisp.exe
%System Root% is the Windows root folder, where it usually is C:\ on all Windows operating system versions.) It adds the following processes: cmd /c %System Root%\123.bat The bat file contains the following
{Encrypted Directory}\fxkJts2wg.README.txt It avoids encrypting files with the following file extensions: 386 adv ani bat bin cab cmd com cpl cur deskthemepack diagcab diagcfg diagpkg dll drv exe hlp hta icl
{5C29F891-91DD-4744-99CE-5D50E733BEA6} Run BAT files found in %AppDataLocal%\Microsoft\Media Player\{5C29F891-91DD-4744-99CE-5D50E733BEA6}\ Searches for text files found in %AppDataLocal%\Microsoft\Media Player\
the following file(s) as ransom note: {Encrypted Folder}\RecoveryManual.html It avoids encrypting files with the following file extensions: exe dll sys msi mui inf cat bat cmd ps1 vbs ttf fon lnk
extensions: exe dll sys msi mui inf cat bat cmd ps1 vbs ttf fon lnk Win64:RansomX-gen [Ransom] (Avast), Gen:Variant.Ser.Razy.15162 (Bitdefender) Downloaded from the Internet, Dropped by other malware Drops
xlsm xlsb xls mht mhtml htm html xltx prn dif slk xlam xla ods docm dotx dotm xps ics mp3 aif iff m3u m4a mid mpa wav wma msi php apk app bat cgi com asp aspx cer cfm css htm html js jsp rss xhtml c
extensions: 386 adv ani bat bin cab cmd com cpl cur deskthemepack diagcab diagcfg diagpkg dll drv exe hlp hta icl icns ico ics idx key ldf lnk lock mod mpa msc msi msp msstyles msu nls nomedia ocx pdb prf ps1
with the following file extensions: 386 adv ani bat bin cab cmd com cpl cur deskthemepack diagcab diagcfg diagpkg dll drv exe hlp hta icl icns ico ics idx key ldf lnk lock mod mpa msc msi msp msstyles
names: {original file name and extension}.encrypted However, as of this writing, the said sites are inaccessible. NOTES: This Trojan does not encrypt files with the following extensions: bat chm cmd dll
ait al aoi apj arc arw asc asf asm asp aspx asx avi awg back backup backupdb bak bank bat bay bdb bgt bik bin bkp blend bmp bpw brd c cdf cdr cdr3 cdr4 cdr5 cdr6 cdrw cdx ce1 ce2 cer cfg cgm cib class
{pseudo-random}.xuniyred.net/topic.php It encrypts files with the following extensions: 3gp aac ans ape asc asm asp aspx avi awk bas bat bmp c cs cls clw cmd cpp csproj css ctl cxx def dep dlg dsp dsw eps f f77
all ams anc apk aps ari arj array art asa asc asd asf asm asp asx atw au avi avr backup bak bas bat bdf bgl bhd bi bif bik bin bip bk bkf bks bmp book brdf brx bsp btm bud bw bwv c cab cad cal cap cc
result, malicious routines of the dropped files are exhibited on the affected system. NOTES: The {extension} of the dropped file can be any of the following: BAT CMD COM EXE PIF SCR It propagates by
bat bmp c cbr cer cfg cfm cgi class com cpp cs css csv dat db dbf dds deb dem dif doc docm docx dotm dotx eps flv fnt fon fpx gam ged gif gz h htm html ics iff indd ini iso j2c j2k java jfif jif jp2
{extension name} of the dropped copy is any of the following: bat cmd com exe pif scr Trojan horse Generic_r.DOW (AVG) ,W32/Zbot.AYAA!tr (Fortinet) ,Trojan-Downloader.Win32.Upatre (Ikarus)
\RECOVER-tlg5rh8-FILES.txt %Desktop%\RECOVER-tlg5rh8-FILES.txt.png -- Set as wallpaper It avoids encrypting files with the following file extensions: themepack nls diagpkg msi lnk exe cab scr bat drv rtp msp prf msc ico key
}.f58A66B51 It drops the following file(s) as ransom note: {encrypted directory}\Readme-f58A66B51.txt It avoids encrypting files with the following file extensions: 386 adv ani bat bin cab cmd com cpl cur
}.f58A66B51 It drops the following file(s) as ransom note: {encrypted directory}\Readme-f58A66B51.txt It avoids encrypting files with the following file extensions: 386 adv ani bat bin cab cmd com cpl cur
extensions: exe bat bin cmd com cpl dat dll drv hta ini lnk lock log mod msc msi msp pif prf rdp scr shs swp sys theme Win32:Evo-gen [Trj] (AVAST) Downloaded from the Internet, Dropped by other malware Collects