Win32.HLLP.Splitter.origin
Added to the Dr.Web virus database:
2010-03-26
Virus description added:
2019-08-06
Technical Information
To ensure autorun and distribution
Modifies the following registry keys
- [<HKLM>\Software\Classes\exefile\shell\open\command] '' = '%WINDIR%\svchost.com "%1" %*'
Infects the following executable files
- %ALLUSERSPROFILE%\Application Data\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA1000000001}\setup.exe
- %HOMEPATH%\My Documents\mirc743.exe
- %HOMEPATH%\My Documents\pidgin-2.10.11 (1).exe
- %HOMEPATH%\My Documents\pidgin-2.10.11.exe
- %HOMEPATH%\My Documents\qip2005.exe
- %HOMEPATH%\My Documents\SteamSetup.exe
- %HOMEPATH%\My Documents\jre-8u60-windows-i586-iftw (1).exe
- %HOMEPATH%\My Documents\jre-8u60-windows-i586-iftw.exe
- C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\ose.exe
- C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe
- <Drive name for removable media>:\utorrent.exe
- <Drive name for removable media>:\tcm851ax32.exe
- <Drive name for removable media>:\notepad.exe
- <Drive name for removable media>:\dotnetfx45_full_setup.exe
- C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\setup.exe
- C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\DW20.EXE
- %HOMEPATH%\My Documents\Firefox Setup Stub 40.0.2.exe
- %HOMEPATH%\My Documents\ChromeSetup.exe
- %HOMEPATH%\My Documents\ChromeSetup (1).exe
- %ALLUSERSPROFILE%\Application Data\Package Cache\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\vcredist_x86.exe
- %ALLUSERSPROFILE%\Application Data\Package Cache\{615bc16d-60f5-482e-91b3-b51d8130963b}\vcredist_x86.exe
- %ALLUSERSPROFILE%\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\VC_redist.x86.exe
- %ALLUSERSPROFILE%\Application Data\Package Cache\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}\vcredist_x86.exe
- %APPDATA%\ICQM\ICQ\dll\mailrusputnik.exe
- %APPDATA%\QipGuard\QipGuard.exe
- %ALLUSERSPROFILE%\Application Data\Package Cache\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\vcredist_x86.exe
- %APPDATA%\QipGuard\QipGuard_upd.exe
- %APPDATA%\Telegram Desktop\Updater.exe
- %HOMEPATH%\Desktop\chromesetup.exe
- %HOMEPATH%\Desktop\dotnetfx45_full_setup.exe
- %HOMEPATH%\Desktop\skypesetup.exe
- %HOMEPATH%\Desktop\utorrent.exe
- %HOMEPATH%\Desktop\wrar520.exe
- %APPDATA%\Telegram Desktop\unins000.exe
- <Drive name for removable media>:\chromesetup.exe
- <Drive name for removable media>:\jre-7u75-windows-i586-iftw.exe
Modifies file system
Creates the following files
- %TEMP%\3582-490\<File name>.exe
- %WINDIR%\svchost.com
- %TEMP%\tmp5023.tmp
Miscellaneous
Creates and executes the following
- '%TEMP%\3582-490\<File name>.exe'
欢迎下载
Dr.Web for Android
-
免费3个月
-
可使用所有保护组件
-
可在AppGallery/Google Pay延期
继续使用此网站意味着您同意我们使用Cookie文件和其他用于收集网站访问统计信息的技术手段。详细信息