Win32.HLLW.Randex.45057
Added to the Dr.Web virus database:
2015-12-17
Virus description added:
2015-12-17
Technical Information
Malicious functions:
To bypass firewall, removes or modifies the following registry keys:
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
Executes the following:
- '<SYSTEM32>\net1.exe' stop security center
- '<SYSTEM32>\net1.exe' stop WinDefend
- '<SYSTEM32>\net.exe' stop WinDefend
- '<SYSTEM32>\netsh.exe' firewall set opmode disable
- '<SYSTEM32>\net.exe' stop security center
Searches for windows to
detect analytical utilities:
- ClassName: 'RegMonClass' WindowName: ''
- ClassName: 'FileMonClass' WindowName: ''
Modifies file system :
Creates the following files:
Miscellaneous:
Searches for the following windows:
- ClassName: 'Shell_TrayWnd' WindowName: ''
欢迎下载
Dr.Web for Android
-
免费3个月
-
可使用所有保护组件
-
可在AppGallery/Google Pay延期
继续使用此网站意味着您同意我们使用Cookie文件和其他用于收集网站访问统计信息的技术手段。详细信息