Win32.HLLW.Autohit.13100
Added to the Dr.Web virus database:
2013-04-29
Virus description added:
2013-05-04
Technical Information
Malicious functions:
Searches for registry branches where third party applications store passwords:
- [<HKLM>\SOFTWARE\Yahoo\pager]
Modifies file system :
Creates the following files:
- %WINDIR%\LCinfo.txt
- %TEMP%\aut2.tmp
- %WINDIR%\LCTool\DanhSachKenhTV.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\LCInfoNew[1].txt
- %TEMP%\aut1.tmp
- %TEMP%\liplmcq
- %HOMEPATH%\Desktop\LC Tool 5.6.lnk
Deletes the following files:
- %TEMP%\aut2.tmp
- %TEMP%\liplmcq
- %TEMP%\aut1.tmp
Network activity:
Connects to:
- 'dl.##opbox.com':80
- 'dl.##opbox.com':443
TCP:
HTTP GET requests:
- dl.##opbox.com/u/18418438/LCTool/LCInfoNew.txt
UDP:
Miscellaneous:
Searches for the following windows:
- ClassName: 'Shell_TrayWnd' WindowName: ''
欢迎下载
Dr.Web for Android
-
免费3个月
-
可使用所有保护组件
-
可在AppGallery/Google Pay延期
继续使用此网站意味着您同意我们使用Cookie文件和其他用于收集网站访问统计信息的技术手段。详细信息