Win32.HLLW.Autoruner2.25079
Added to the Dr.Web virus database:
2016-08-28
Virus description added:
2016-08-28
Technical Information
Malicious functions:
Creates and executes the following:
- '<SYSTEM32>\cscript.exe' //NoLogo %TEMP%\hd.vbs
- '%TEMP%\ZvuInstaller.exe' (downloaded from the Internet)
Executes the following:
- '%TEMP%\ZvuInstaller.exe' /S /INI="%TEMP%\ZvuInstaller.exe.ini"
Modifies file system:
Creates the following files:
- %TEMP%\ZvuInstaller.exe
- %TEMP%\ZvuInstaller.exe.ini
- %TEMP%\hd.vbs
- %TEMP%\ZvuInstall.log
- %APPDATA%\Zvu\init.xml
Network activity:
Connects to:
- 'zv#.com':80
- 'st##.zvu.com':80
- 'localhost':1037
TCP:
HTTP GET requests:
- http://dl.#vu.com/dl/zvu-18.0.1.ru.winxp_32.installer.exe via zv#.com
- http://zv#.com/img/no-cover.jpg
- http://st##.zvu.com/installer.html?pa############################################################################################################################################################...
UDP:
- DNS ASK dl.#vu.com
- DNS ASK zv#.com
- DNS ASK st##.zvu.com
Miscellaneous:
Searches for the following windows:
- ClassName: 'Shell_TrayWnd' WindowName: ''
欢迎下载
Dr.Web for Android
-
免费3个月
-
可使用所有保护组件
-
可在AppGallery/Google Pay延期
继续使用此网站意味着您同意我们使用Cookie文件和其他用于收集网站访问统计信息的技术手段。详细信息