Dr.Web Anti-virus - Innovative IT-Security Solutions
Global Sites
Russia (Headquarter)
Estonia Finland France Germany Greece Hungary Italy Iran Israel Japan Kazakhstan Lithuania Poland Portugal Slovakia Spain Taiwan Ukraine


Latest Released Update : (HKT) 2014-04-24 01:30
Virus Database Total Records : 5141003
Home About Dr.Web Products Downloads Purchase FAQ Contact Us  
Dr.Web Anti-virus Video Channel  

‹ How To Remove Virus "Trojan.MulDrop4.29242" ›

Technical Information
Virus Name : Trojan.MulDrop4.29242
Named By : Dr.Web

Malicious functions:
Creates and executes the following:
  • %TEMP%\7zS1.tmp\5151f4db64d7f.exe /s
Modifies file system :
Creates the following files:
  • <LS_APPDATA>\Google\Chrome\User Data\Default\Extensions\gikpndcngjdlbgcmlpieakjcffefobah\1\content.js
  • <LS_APPDATA>\Google\Chrome\User Data\Default\Extensions\gikpndcngjdlbgcmlpieakjcffefobah\1\background.html
  • <LS_APPDATA>\Google\Chrome\User Data\Default\Extensions\gikpndcngjdlbgcmlpieakjcffefobah\1\manifest.json
  • <LS_APPDATA>\Google\Chrome\User Data\Default\Extensions\gikpndcngjdlbgcmlpieakjcffefobah\1\lsdb.js
  • <LS_APPDATA>\Google\Chrome\User Data\Default\Extensions\gikpndcngjdlbgcmlpieakjcffefobah\1\5151f4db64b7d0.48439657.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\i_0lypr@cfkvppalsafv.net\install.rdf
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\i_0lypr@cfkvppalsafv.net\chrome.manifest
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\i_0lypr@cfkvppalsafv.net\content\zy.xul
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\i_0lypr@cfkvppalsafv.net\content\bg.js
  • %ALLUSERSPROFILE%\Application Data\BuRRoWsye2save\uninstall.exe
  • %ALLUSERSPROFILE%\Application Data\BuRRoWsye2save\5151f4db64db9.tlb
  • %ALLUSERSPROFILE%\Start Menu\Programs\BuRRoWsye2save\Uninstall.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\BuRRoWsye2save\BuRRoWsye2save.lnk
  • %ALLUSERSPROFILE%\Application Data\BuRRoWsye2save\5151f4db64db9.dll
  • %TEMP%\nsr3.tmp\nsJSON.dll
  • <LS_APPDATA>\Google\Chrome\User Data\Default\Extensions\gikpndcngjdlbgcmlpieakjcffefobah\1\sqlite.js
  • %ALLUSERSPROFILE%\Application Data\BuRRoWsye2save\settings.ini
  • <LS_APPDATA>\Google\Chrome\User Data\Default\Preferences
  • %TEMP%\7zS1.tmp\gikpndcngjdlbgcmlpieakjcffefobah\lsdb.js
  • %TEMP%\7zS1.tmp\gikpndcngjdlbgcmlpieakjcffefobah\content.js
  • %TEMP%\7zS1.tmp\settings.ini
  • %TEMP%\7zS1.tmp\gikpndcngjdlbgcmlpieakjcffefobah\sqlite.js
  • %TEMP%\7zS1.tmp\i_0lypr@cfkvppalsafv.net\bootstrap.js
  • %TEMP%\7zS1.tmp\gikpndcngjdlbgcmlpieakjcffefobah\background.html
  • %TEMP%\7zS1.tmp\i_0lypr@cfkvppalsafv.net\chrome.manifest
  • %TEMP%\7zS1.tmp\i_0lypr@cfkvppalsafv.net\content\bg.js
  • %TEMP%\7zS1.tmp\gikpndcngjdlbgcmlpieakjcffefobah\5151f4db64b7d0.48439657.js
  • %TEMP%\7zS1.tmp\i_0lypr@cfkvppalsafv.net\content\zy.xul
  • %TEMP%\7zS1.tmp\i_0lypr@cfkvppalsafv.net\install.rdf
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\i_0lypr@cfkvppalsafv.net\bootstrap.js
  • %TEMP%\nsr3.tmp\UserInfo.dll
  • %TEMP%\7zS1.tmp\gikpndcngjdlbgcmlpieakjcffefobah\manifest.json
  • <SYSTEM32>\wbem\Performance\WmiApRpl_new.ini
  • %TEMP%\7zS1.tmp\5151f4db64d7f.exe
  • %TEMP%\7zS1.tmp\5151f4db64db9.tlb
  • %TEMP%\7zS1.tmp\5151f4db64db9.dll
Deletes the following files:
  • %TEMP%\7zS1.tmp\i_0lypr@cfkvppalsafv.net\bootstrap.js
  • %TEMP%\7zS1.tmp\i_0lypr@cfkvppalsafv.net\chrome.manifest
  • %TEMP%\7zS1.tmp\gikpndcngjdlbgcmlpieakjcffefobah\manifest.json
  • %TEMP%\7zS1.tmp\gikpndcngjdlbgcmlpieakjcffefobah\sqlite.js
  • %TEMP%\7zS1.tmp\i_0lypr@cfkvppalsafv.net\install.rdf
  • %TEMP%\7zS1.tmp\settings.ini
  • %TEMP%\7zS1.tmp\i_0lypr@cfkvppalsafv.net\content\bg.js
  • %TEMP%\7zS1.tmp\i_0lypr@cfkvppalsafv.net\content\zy.xul
  • %TEMP%\7zS1.tmp\gikpndcngjdlbgcmlpieakjcffefobah\lsdb.js
  • %TEMP%\7zS1.tmp\5151f4db64d7f.exe
  • %TEMP%\7zS1.tmp\5151f4db64db9.dll
  • %TEMP%\nsr3.tmp\nsJSON.dll
  • %TEMP%\nsr3.tmp\UserInfo.dll
  • %TEMP%\7zS1.tmp\gikpndcngjdlbgcmlpieakjcffefobah\background.html
  • %TEMP%\7zS1.tmp\gikpndcngjdlbgcmlpieakjcffefobah\content.js
  • %TEMP%\7zS1.tmp\5151f4db64db9.tlb
  • %TEMP%\7zS1.tmp\gikpndcngjdlbgcmlpieakjcffefobah\5151f4db64b7d0.48439657.js
Please note : some of the characters are replaced with symbols in order to prevent improper access to malwares.


Steps to remove "Trojan.MulDrop4.29242" automatically
  • Download Dr.Web CureIt! and save it in desktop.
  • Download Security Space Pro 7.0 (32/64-bit), save it in desktop.
  • Reboot computer to Safe Mode (press F8 before any Microsoft logo appears).
  • Double click "cureit.exe" on desktop, follow on screen instructions to scan hard disk.
    (Wait patiently, it may take 20-60 minutes to perform an express scan.)
  • After scanning is done, select all viruses found and choose "Cure".
    (If some files are not suitable to be cured, choose "Quarantine" or "Delete".)
  • When all viruses found are cured, quarantined, or deleted, reboot to Normal Mode.
  • Uninstall existing anti-virus software which cannot kill the viruses, and then reboot again.
  • Locate the setup file of Security Space Pro on desktop, double click to run it.
    (For step-by-step procedures, please refer to installation video guide.)
  • During setup, choose to obtain a demo key.
  • After first time update, the scanner will be launched again, quit the scanner at this point.
  • Complete the setup by rebooting computer.
  • When time is allowed (may need several hours), perform a full scan in Dr.Web Scanner.

Note :
  • If it is unable to start Windows due to virus infection, try Dr.Web LiveCD or Dr.Web LiveUSB instead of Dr.Web CureIt!
  • Time needed for express scan or full scan relies on many factors, such as system performance, available memory, running processes, number of drives and files, etc.

‹ Dr.Web CureIt! › Select Download Source

Dr.Web Global Servers Google Drive SkyDrive
Released :
2013-11-10 14:43
Released :
2013-08-16 03:25
Released :
2013-11-10 14:43
Download Dr.Web CureIt! from Dr.Web Global Servers Download Dr.Web CureIt! from Google Drive Download Dr.Web CureIt! from SkyDrive

‹ Dr.Web Security Space Pro › Select Download Source

Dropbox Google Drive SkyDrive
Released :
2013-02-07 16:02
Released :
2013-02-07 16:02
Released :
2013-02-07 16:02
Download Dr.Web Security Space Pro from Dropbox Download Dr.Web Security Space Pro from Google Drive Download Dr.Web Security Space Pro from SkyDrive

WINDOWS 7, VISTA, XP
MAC OS X 10.4 OR ABOVE

TOP 5 EMAIL VIRUSES (24HR)
01:30
 
Trojan.PWS.Panda.5676
Trojan.PWS.Panda.5676
 
Trojan.Fraudster.778
Trojan.Fraudster.778
 
Trojan.Oficla.zip
Trojan.Oficla.zip
 
Win32.HLLM.MyDoom.33808
Win32.HLLM.MyDoom.33808
 
Win32.HLLM.MyDoom.54464
Win32.HLLM.MyDoom.54464

TOP 5 FILE VIRUSES (24HR)
01:30
 
SCRIPT.Virus
SCRIPT.Virus
 
Trojan.InstallMonster.51
Trojan.InstallMonster.51
 
Trojan.Packed.24524
Trojan.Packed.24524
 
Tool.Unwanted.JS.SMSFraud.26
Tool.Unwanted.JS.SMSFraud.26
 
Adware.Downware.2095
Adware.Downware.2095

FREE ANTI-VIRUS TOOLS
  » Dr.Web CureIt!
  » Dr.Web LiveCD
  » Dr.Web LiveUSB
  » Dr.Web Light for Mac OS X
  » LinkChecker for Google Chrome
  » LinkChecker for Internet Explorer
  » LinkChecker for Mozilla Firefox
  » LinkChecker for Opera
  » LinkChecker for Safari

Member of CHKCI

|

Click to Verify Domain Originator
:: Privacy Policy Statement ::