用户服务中心

My library

+ Add to library

Search

24/7 Tech support | Rules regarding submitting

Send a message

Call us

+7 (495) 789-45-86

Forum

Your tickets

Total: -
Active: -
Latest: -

Call us

+7 (495) 789-45-86

CN

RU CN DE EN ES FR IT JP KZ UZ PL BY

Dr.Web vxCube

打开分析仪

计算机病毒事件调查

病毒知识库

技术

术语

教育培训

误区

有关反病毒软件的误区

Win32.HLLW.Autohit.16263

Added to the Dr.Web virus database: 2017-05-10

Virus description added: 2017-05-10

Technical Information

Malicious functions:

Executes the following:

'%TEMP%\EWUZAT.exe'
'%TEMP%\HECKDK.exe'

Injects code into

the following user processes:

HECKDK.exe

Modifies file system:

Creates the following files:

%TEMP%\HECKDK.exe
%TEMP%\aut3.tmp
%TEMP%\EWUZAT.exe
%TEMP%\aut1.tmp
%TEMP%\fvltckq
%TEMP%\aut2.tmp

Deletes the following files:

%TEMP%\aut2.tmp
%TEMP%\aut3.tmp
%TEMP%\aut1.tmp
%TEMP%\fvltckq

Network activity:

Connects to:

'te####mam.hopto.org':1000

UDP:

DNS ASK te####mam.hopto.org

Miscellaneous:

Searches for the following windows:

ClassName: 'Shell_TrayWnd' WindowName: ''