Win32.HLLW.Autoruner2.26312
Added to the Dr.Web virus database:
2016-10-25
Virus description added:
2016-10-25
Technical Information
Modifies file system:
Creates the following files:
- %TEMP%\~DF3C63.tmp
- %TEMP%\~DF3D37.tmp
- %TEMP%\~DF35EF.tmp
- %TEMP%\~DF3C0C.tmp
- %TEMP%\~DF3D8E.tmp
- %ALLUSERSPROFILE%\DRM\DRMv1.bak
- %TEMP%\drmtemp1.htm
- %TEMP%\~DF3E53.tmp
- %ALLUSERSPROFILE%\DRM\DRMv1.key
- %TEMP%\~DFD528.tmp
- %TEMP%\~DF2B19.tmp
- %ALLUSERSPROFILE%\DRM\v2ks.sec
- %ALLUSERSPROFILE%\DRM\v2ks.bla
- %TEMP%\~DF2F2D.tmp
- %TEMP%\~DF30AF.tmp
- %TEMP%\~DF3171.tmp
- %TEMP%\~DF2F84.tmp
- %TEMP%\~DF3058.tmp
Sets the 'hidden' attribute to the following files:
- %ALLUSERSPROFILE%\DRM\DRMv1.key
- %ALLUSERSPROFILE%\DRM\DRMv1.bak
Network activity:
Connects to:
- 'www.ch###-drm.com':80
- 'localhost':1036
TCP:
HTTP POST requests:
- http://www.ch###-drm.com/test.asp?id#############
UDP:
- DNS ASK www.ch###-drm.com
Miscellaneous:
Searches for the following windows:
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
欢迎下载
Dr.Web for Android
-
免费3个月
-
可使用所有保护组件
-
可在AppGallery/Google Pay延期
继续使用此网站意味着您同意我们使用Cookie文件和其他用于收集网站访问统计信息的技术手段。详细信息