Win32.HLLW.Autohit.16263
Added to the Dr.Web virus database:
2017-05-10
Virus description added:
2017-05-10
Technical Information
Malicious functions:
Executes the following:
- '%TEMP%\EWUZAT.exe'
- '%TEMP%\HECKDK.exe'
Injects code into
the following user processes:
Modifies file system:
Creates the following files:
- %TEMP%\HECKDK.exe
- %TEMP%\aut3.tmp
- %TEMP%\EWUZAT.exe
- %TEMP%\aut1.tmp
- %TEMP%\fvltckq
- %TEMP%\aut2.tmp
Deletes the following files:
- %TEMP%\aut2.tmp
- %TEMP%\aut3.tmp
- %TEMP%\aut1.tmp
- %TEMP%\fvltckq
Network activity:
Connects to:
- 'te####mam.hopto.org':1000
UDP:
- DNS ASK te####mam.hopto.org
Miscellaneous:
Searches for the following windows:
- ClassName: 'Shell_TrayWnd' WindowName: ''
欢迎下载
Dr.Web for Android
-
免费3个月
-
可使用所有保护组件
-
可在AppGallery/Google Pay延期
继续使用此网站意味着您同意我们使用Cookie文件和其他用于收集网站访问统计信息的技术手段。详细信息