Win32.HLLW.Autoruner.51640
Added to the Dr.Web virus database:
2011-06-11
Virus description added:
2011-06-14
Technical Information
To ensure autorun and distribution:
Modifies the following registry keys:
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'explorer.exe,svchosts.exe'
Creates the following files on removable media:
- <Drive name for removable media>:\cOalPrND.pif
- <Drive name for removable media>:\gL3UxBCP.pif
- <Drive name for removable media>:\d8zaO5ih.pif
- <Drive name for removable media>:\3ws9epiQ.pif
- <Drive name for removable media>:\KuffHR1I.pif
- <Drive name for removable media>:\71nFrmQl.pif
- <Drive name for removable media>:\Y3Pk9Jvu.pif
- <Drive name for removable media>:\fEKLXUr4.pif
- <Drive name for removable media>:\cciKQrLq.pif
- <Drive name for removable media>:\yIgxyLCV.pif
- <Drive name for removable media>:\DNfPxCwa.pif
- <Drive name for removable media>:\JKjtBC0r.pif
- <Drive name for removable media>:\Ukg0oafQ.pif
- <Drive name for removable media>:\LIfU0whr.pif
- <Drive name for removable media>:\WMbMneq7.pif
- <Drive name for removable media>:\cRJsXHVd.pif
- <Drive name for removable media>:\TnGAu84d.pif
- <Drive name for removable media>:\mEWkiaVG.pif
- <Drive name for removable media>:\TvETTsub.pif
- <Drive name for removable media>:\SdSMiDmd.pif
- <Drive name for removable media>:\fgSNDS3M.pif
- <Drive name for removable media>:\XueBDILk.pif
- <Drive name for removable media>:\nspoJ2UB.pif
- <Drive name for removable media>:\3EuHDS48.pif
- <Drive name for removable media>:\sV2wnGpv.pif
- <Drive name for removable media>:\KFAF9Xa5.pif
- <Drive name for removable media>:\8LN9bWbv.pif
- <Drive name for removable media>:\5DJws379.pif
- <Drive name for removable media>:\ehWq1Nbm.pif
- <Drive name for removable media>:\P8fMiWWz.pif
- <Drive name for removable media>:\t8rECFSW.pif
- <Drive name for removable media>:\hwBby443.pif
- <Drive name for removable media>:\OcGlhtyU.pif
- <Drive name for removable media>:\AkRjsDyk.pif
- <Drive name for removable media>:\y93NYVSj.pif
- <Drive name for removable media>:\LxWCyee7.pif
- <Drive name for removable media>:\KYoFxrV2.pif
- <Drive name for removable media>:\LepmkpdL.pif
- <Drive name for removable media>:\y2p7X7ag.pif
- <Drive name for removable media>:\zT2NJljx.pif
- <Drive name for removable media>:\xXSx2YJi.pif
- <Drive name for removable media>:\5wTtVB6x.pif
- <Drive name for removable media>:\3IGggXuT.pif
- <Drive name for removable media>:\4I76nnB1.pif
- <Drive name for removable media>:\LA61frYR.pif
- <Drive name for removable media>:\42DYBbz9.pif
- <Drive name for removable media>:\zupl0n4P.pif
- <Drive name for removable media>:\15VyqkMP.pif
- <Drive name for removable media>:\ji81jxYM.pif
- <Drive name for removable media>:\MCQLJcEI.pif
- <Drive name for removable media>:\Ysu6qc45.pif
- <Drive name for removable media>:\x6NLEhEH.pif
- <Drive name for removable media>:\g0HPnHkc.pif
- <Drive name for removable media>:\4kQTbpIs.pif
- <Drive name for removable media>:\nAJLzy4A.pif
- <Drive name for removable media>:\HoFvfxCL.pif
- <Drive name for removable media>:\8JnjgAQo.pif
- <Drive name for removable media>:\6R5SOWNT.pif
- <Drive name for removable media>:\BSdxw7zt.pif
- <Drive name for removable media>:\gYuM1qO9.pif
- <Drive name for removable media>:\KG66k3bN.pif
- <Drive name for removable media>:\eTvgbH5M.pif
- <Drive name for removable media>:\gpzLtSQF.pif
- <Drive name for removable media>:\xsDdUHBb.pif
- <Drive name for removable media>:\autorun.inf
- <Drive name for removable media>:\kaBKQx8s.pif
- <Drive name for removable media>:\jyp5hjrI.pif
- <Drive name for removable media>:\zDkRabf2.pif
- <Drive name for removable media>:\zr30AA0x.pif
- <Drive name for removable media>:\hVYD6GjW.pif
- <Drive name for removable media>:\VXHbR18l.pif
- <Drive name for removable media>:\7MazoVht.pif
- <Drive name for removable media>:\Hcja3zm9.pif
- <Drive name for removable media>:\YFdBct9h.pif
- <Drive name for removable media>:\m2siHOzb.pif
- <Drive name for removable media>:\mbXuIehv.pif
- <Drive name for removable media>:\10lxW0H8.pif
- <Drive name for removable media>:\8c1UzMry.pif
- <Drive name for removable media>:\T1yBeIaP.pif
- <Drive name for removable media>:\gRqCu89V.pif
- <Drive name for removable media>:\C5hTFGXE.pif
- <Drive name for removable media>:\CfqnKGO3.pif
- <Drive name for removable media>:\MWq8ddDB.pif
- <Drive name for removable media>:\0RtM2q0A.pif
- <Drive name for removable media>:\GU4ccT2x.pif
- <Drive name for removable media>:\0mzM3j6n.pif
- <Drive name for removable media>:\GgqFNnMG.pif
- <Drive name for removable media>:\uSaq5ptE.pif
- <Drive name for removable media>:\yboM1yBT.pif
- <Drive name for removable media>:\bq5qh8Aw.pif
- <Drive name for removable media>:\9d6IX9sY.pif
- <Drive name for removable media>:\yWB5HL90.pif
- <Drive name for removable media>:\9qWFAlQU.pif
- <Drive name for removable media>:\7BHRyntV.pif
- <Drive name for removable media>:\QTMKdgix.pif
- <Drive name for removable media>:\AfOlX2GV.pif
- <Drive name for removable media>:\v5tKJCW0.pif
- <Drive name for removable media>:\I8HFBBUr.pif
Malicious functions:
Creates and executes the following:
- <SYSTEM32>\wbem\svchosts.exe
Modifies file system :
Creates the following files:
- <SYSTEM32>\wbem\svchosts.exe
- C:\NCcfa2LS.pif
- C:\autorun.inf
- C:\mhEyMfF4.pif
Sets the 'hidden' attribute to the following files:
Deletes the following files:
- <Drive name for removable media>:\autorun.inf
- C:\autorun.inf
欢迎下载
Dr.Web for Android
-
免费3个月
-
可使用所有保护组件
-
可在AppGallery/Google Pay延期
继续使用此网站意味着您同意我们使用Cookie文件和其他用于收集网站访问统计信息的技术手段。详细信息