用户服务中心

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

CN

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Close
服务
扫描仪
Dr.Web vxCube
试用
病毒知识库
知识库

技术

术语

教育培训

误区

新闻

Trojan.KillProc2.27671

Added to the Dr.Web virus database: 2025-07-16

Virus description added:

Technical Information

Malicious functions
Terminates or attempts to terminate
the following system processes:
  • %WINDIR%\explorer.exe
  • <SYSTEM32>\taskhost.exe
  • <SYSTEM32>\dwm.exe
the following user processes:
  • iexplore.exe
  • firefox.exe
Modifies file system
Creates the following files
  • %WINDIR%y1s2fctrp3
  • %CommonProgramFiles%\microsoft shared\gzn4ud7e 8ok6yf gay [bangbus] sgoibhh .mpeg.exe
  • %ProgramFiles%\dvd maker\shared\mnho9y54 apv53deiq9fw fw58kpr41ob1w .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\nom72kl hot (!) .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\upfgetx 8ok6yf nom72kl vjq39c1gwy .rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\tsomq34 hot (!) wifey .mpg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\f07qtt porn beast 7vepaqjm (y8oxsqa).mpeg.exe
  • %ProgramFiles%\windows journal\templates\mzwpstr8n [free] young .zip.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\nom72kl [free] cock .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\s2fkave cum nom72kl epyxwn glans .mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\yzw1afy bq4kno feet sweet .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\beast epyxwn hole .zip.exe
  • %CommonProgramFiles(x86)%\microsoft shared\8r3baiec h93bklf gay bq4kno js80j73 .zip.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\eq7k2xcxt porn gay [free] cock 779mipj (y8oxsqa).mpg.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\fac71w2 h93bklf hot (!) .zip.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\f1i7cm porn xxx vjq39c1gwy boots .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\s2fkave cum mnho9y54 girls (2hbt8wr).rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\eq7k2xcxt horse horse ihthd33 nrb42wq .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\yzw1afy uncut ash .mpg.exe
  • %ALLUSERSPROFILE%\templates\upfgetx horse mzwpstr8n hot (!) (g6u8n4r).avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\8r3baiec bd1l5ir lpcu5ai3 hot (!) titts nrb42wq (cy4xpd).avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\horse vjq39c1gwy (cy4xpd).mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\xxx [bangbus] .rar.exe
  • %ALLUSERSPROFILE%\templates\mnho9y54 bq4kno 40+ .mpeg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\beast ihthd33 feet qq6w54yfhtqrbwcslg (dxocjwba).avi.exe
  • C:\users\default\appdata\local\<INETFILES>\s2fkave cum lpcu5ai3 [milf] girly .zip.exe
  • C:\users\default\templates\0287zh mnho9y54 big titts rv0y8n .mpg.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\fac71w2 xakmpl beast uncut .rar.exe
  • %TEMP%\f1i7cm porn mnho9y54 [free] cock ejn547rbxhd1 (sarah).avi.exe
  • %LOCALAPPDATA%\<INETFILES>\ uncut glans 40+ .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\tsomq34 uncut .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\upfgetx xakmpl mnho9y54 vjq39c1gwy ol6p1tua .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\yzw1afy apv53deiq9fw .zip.exe
  • %APPDATA%\microsoft\templates\gay sgu4m7oc titts js80j73 (2hbt8wr).mpeg.exe
  • %APPDATA%\microsoft\windows\templates\mzwpstr8n uncut hole young (liz).mpeg.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\black porn bq4kno rv0y8n .zip.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\s2fkave wep6b08 tsomq34 l9hwcs7vvnphd9 hole .mpeg.exe
  • %HOMEPATH%\templates\horse [free] hole (sonja,2hbt8wr).mpg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\yzw1afy [free] glans ol6p1tua (jade).rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\s2fkave w6csjja14n1 horse nom72kl eigt45 .avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\8r3baiec horse xxx ihthd33 40+ .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\z9z7rwe h93bklf yzw1afy [free] titts sweet (jade).mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\8r3baiec 7nd83wovj gay nom72kl lzxyhb7k .mpeg.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\s2fkave wep6b08 mzwpstr8n l9hwcs7vvnphd9 50+ .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\fac71w2 xakmpl ihthd33 hole .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\8r3baiec wep6b08 tsomq34 nom72kl glans b37oavmx289 (y8oxsqa).mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\horse vjq39c1gwy (c4w8hqa).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\upfgetx w6csjja14n1 nom72kl big titts .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\ big hole ol6p1tua .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\z9z7rwe ddqayq mnho9y54 [free] glans fishy (jade).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\upfgetx cum mzwpstr8n ihthd33 (2hbt8wr).avi.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\f1i7cm horse tsomq34 hot (!) glans mg9fvb2xk9 .zip.exe
  • %WINDIR%\assembly\temp\f1i7cm h93bklf beast vjq39c1gwy feet sweet .avi.exe
  • %WINDIR%\assembly\tmp\gzn4ud7e bd1l5ir lpcu5ai3 sgu4m7oc ol6p1tua .mpg.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\z9z7rwe ddqayq sperm uncut .mpg.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\z9z7rwe xakmpl 7vepaqjm titts hotel (2hbt8wr).mpeg.exe
  • %WINDIR%\pla\templates\z9z7rwe 8ok6yf sperm girls ejn547rbxhd1 .mpg.exe
  • %WINDIR%\security\templates\beast girls feet .zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\nom72kl uncut gsva2xn .mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\s2fkave bd1l5ir yzw1afy l9hwcs7vvnphd9 mg9fvb2xk9 .zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\8r3baiec horse beast l9hwcs7vvnphd9 fishy .rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\f1i7cm nude nom72kl epyxwn .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\tsomq34 [milf] (y8oxsqa).mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\mnho9y54 uncut titts qx2j1b5 .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\xxx big cock .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\nom72kl girls .avi.exe
  • %WINDIR%\syswow64\fxstmp\mnho9y54 hot (!) cock gh5b6gd7wrv .zip.exe
  • %WINDIR%\syswow64\ime\shared\xxx bq4kno glans gsva2xn (2hbt8wr).zip.exe
  • %WINDIR%\syswow64\config\systemprofile\8r3baiec ddqayq tsomq34 7vepaqjm rv0y8n (sonja,cy4xpd).rar.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\sperm [bangbus] .rar.exe
  • %WINDIR%\syswow64\fxstmp\yzw1afy vjq39c1gwy sweet .mpeg.exe
  • %WINDIR%\syswow64\ime\shared\s2fkave cum mzwpstr8n sgu4m7oc glans .mpeg.exe
  • %WINDIR%\temp\mzwpstr8n l9hwcs7vvnphd9 50+ (sandy,liz).avi.exe
  • %WINDIR%\winsxs\installtemp\gzn4ud7e xakmpl girls .rar.exe
  • <Current directory>\sqjaed7r1vnw
  • %CommonProgramFiles%\microsoft shared\upfgetx nude horse nom72kl gh5b6gd7wrv .avi.exe
  • %ProgramFiles%\dvd maker\shared\gay vjq39c1gwy .rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\xxx hot (!) sgoibhh (sandy,c4w8hqa).mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\mzwpstr8n hot (!) 779mipj (sonja,cy4xpd).avi.exe
  • %ProgramFiles%\microsoft office\templates\f07qtt bd1l5ir xxx uncut cock .avi.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\f1i7cm nude beast vjq39c1gwy 40+ .rar.exe
  • %ProgramFiles%\windows journal\templates\gay sgu4m7oc zmc8ujp .mpeg.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\s2fkave cum beast uncut (c4w8hqa).avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\s2fkave wep6b08 xxx hot (!) (jade).rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\tsomq34 bq4kno nrb42wq .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\upfgetx porn sperm epyxwn hole lady (dxocjwba).rar.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\ddqayq lpcu5ai3 [milf] .mpg.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\horse apv53deiq9fw (g6u8n4r).rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\gzn4ud7e ddqayq beast [milf] .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\upfgetx wep6b08 sperm hot (!) balls .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\f1i7cm horse mnho9y54 [milf] eigt45 .rar.exe
  • %ALLUSERSPROFILE%\templates\xxx sgu4m7oc glans .zip.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\mnho9y54 [bangbus] .zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\sperm nom72kl 40+ .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\f1i7cm w6csjja14n1 xxx epyxwn eigt45 (36mho73,c4w8hqa).mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\f1i7cm 8ok6yf lpcu5ai3 ihthd33 glans .mpeg.exe
  • %ALLUSERSPROFILE%\templates\s2fkave 7nd83wovj beast vjq39c1gwy .zip.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\nom72kl nom72kl cock gsva2xn (c4w8hqa).avi.exe
  • C:\users\default\appdata\local\temp\gay big fishy .rar.exe
  • C:\users\default\appdata\local\<INETFILES>\fac71w2 7nd83wovj gay uncut (2hbt8wr).mpeg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\upfgetx w6csjja14n1 yzw1afy big glans 8pfmdyy (2hbt8wr).rar.exe
  • C:\users\default\templates\black h93bklf sperm 7vepaqjm titts 6tl9zg0uqa .avi.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\z9z7rwe wep6b08 nom72kl uncut 6tl9zg0uqa .avi.exe
  • %TEMP%\f1i7cm ddqayq uncut fw58kpr41ob1w .mpeg.exe
  • %LOCALAPPDATA%\<INETFILES>\8r3baiec ddqayq horse big gsva2xn .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\gay uncut titts eigt45 .avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\horse [milf] cock gh5b6gd7wrv .avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\lpcu5ai3 [milf] (cy4xpd).zip.exe
  • %APPDATA%\microsoft\templates\sperm [bangbus] fishy .mpg.exe
  • %APPDATA%\microsoft\windows\templates\black bd1l5ir gay vjq39c1gwy wifey (rdl1tfkz,c4w8hqa).mpg.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\s2fkave xakmpl gay ihthd33 feet nrb42wq .zip.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\f1i7cm xakmpl yzw1afy hot (!) (cy4xpd).mpg.exe
  • %HOMEPATH%\templates\nom72kl ihthd33 glans .rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\ [free] feet ejn547rbxhd1 (sarah).rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\eq7k2xcxt xakmpl mnho9y54 7vepaqjm nmibe2 (gina,karin).mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\z9z7rwe nude l9hwcs7vvnphd9 .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\fac71w2 ddqayq mnho9y54 l9hwcs7vvnphd9 cock hairy (y8oxsqa).avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\f07qtt nude horse [milf] 8bgkvshe1 .mpeg.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\fac71w2 nude tsomq34 big cock sm .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\black xakmpl beast uncut (cy4xpd).mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\eq7k2xcxt xakmpl beast ihthd33 .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\gzn4ud7e w6csjja14n1 mzwpstr8n bq4kno (jade).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\mnho9y54 uncut js80j73 .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\lpcu5ai3 hot (!) qx2j1b5 (rdl1tfkz,sarah).mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\mnho9y54 [free] 779mipj .avi.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\upfgetx horse beast [free] young (hyo87il,karin).avi.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\fac71w2 8ok6yf yzw1afy apv53deiq9fw cock (jenna,jade).mpeg.exe
  • %WINDIR%\assembly\temp\fac71w2 ddqayq bq4kno feet .mpeg.exe
  • %WINDIR%\assembly\tmp\f1i7cm nude lpcu5ai3 [milf] hole lzxyhb7k .mpeg.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\lpcu5ai3 hot (!) b37oavmx289 (sonja,sarah).mpeg.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\z9z7rwe horse xxx uncut cock shoes .mpg.exe
  • %WINDIR%\pla\templates\mzwpstr8n big titts lzxyhb7k (c4w8hqa).mpeg.exe
  • %WINDIR%\security\templates\tsomq34 uncut titts .zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\upfgetx bd1l5ir nom72kl [free] .mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\8r3baiec bd1l5ir mzwpstr8n bq4kno .mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\tsomq34 vjq39c1gwy feet .zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\gzn4ud7e wep6b08 horse [milf] cock boots (karin).avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\eq7k2xcxt ddqayq horse 7vepaqjm titts .zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\mnho9y54 uncut titts hotel .avi.exe
  • %WINDIR%\syswow64\config\systemprofile\sperm ihthd33 feet balls (y8oxsqa).zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\nom72kl epyxwn shoes (sonja,liz).zip.exe
  • %WINDIR%\syswow64\fxstmp\upfgetx w6csjja14n1 xxx [bangbus] js80j73 .mpg.exe
  • %WINDIR%\syswow64\ime\shared\beast [free] shoes (rdl1tfkz,liz).avi.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\porn yzw1afy bq4kno feet 779mipj .avi.exe
  • %WINDIR%\syswow64\fxstmp\black 7nd83wovj sperm [free] hole js80j73 (dxocjwba).avi.exe
  • %WINDIR%\syswow64\ime\shared\gzn4ud7e 7nd83wovj yzw1afy sgu4m7oc eigt45 .rar.exe
  • %WINDIR%\temp\xxx ihthd33 40+ .mpg.exe
  • %WINDIR%\winsxs\installtemp\wpjwijv beast nom72kl .mpeg.exe
  • %CommonProgramFiles%\microsoft shared\f1i7cm ddqayq gay l9hwcs7vvnphd9 feet .avi.exe
  • %CommonProgramFiles%\microsoft shared\asian sperm cum l9hwcs7vvnphd9 js80j73 .zip.exe
  • %ProgramFiles%\dvd maker\shared\gzn4ud7e nude horse [free] cock b37oavmx289 (sarah).mpeg.exe
  • %ProgramFiles%\dvd maker\shared\z9z7rwe mnho9y54 ihthd33 young (cy4xpd,jade).mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\tsomq34 apv53deiq9fw zmc8ujp (haj1oyikd,jade).avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\black 7nd83wovj gay bq4kno fw58kpr41ob1w .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\wpjwijv xakmpl l9hwcs7vvnphd9 titts (hyo87il,haj1oyikd).rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\z9z7rwe yzw1afy 7nd83wovj 7vepaqjm 8bgkvshe1 .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\eq7k2xcxt xakmpl beast girls cock (rdl1tfkz,2hbt8wr).zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\ddqayq epyxwn 8pfmdyy .avi.exe
  • %ProgramFiles%\microsoft office\templates\yzw1afy 7vepaqjm nmibe2 (rdl1tfkz,liz).rar.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\fac71w2 porn tsomq34 sgu4m7oc (g6u8n4r).rar.exe
  • %ProgramFiles%\windows journal\templates\xxx uncut (2hbt8wr).zip.exe
  • %ProgramFiles%\microsoft office\templates\0287zh mnho9y54 bq4kno (dehod0,sonja).avi.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\upfgetx horse 7vepaqjm mg9fvb2xk9 .mpeg.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\z9z7rwe xakmpl mnho9y54 hot (!) ae2sd7u4xh .mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\xxx bq4kno titts .zip.exe
  • %ProgramFiles%\windows journal\templates\yzw1afy wep6b08 uncut wifey .mpeg.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\4h1e2a346 cum beast girls shoes .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\7nd83wovj nom72kl (liz).avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\black w6csjja14n1 bq4kno js80j73 (karin,sonja).rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\asian yzw1afy bd1l5ir [milf] gsva2xn .mpg.exe
  • %CommonProgramFiles(x86)%\microsoft shared\nude [bangbus] legs gh5b6gd7wrv (36mho73).mpeg.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\4h1e2a346 mzwpstr8n gay nom72kl fw58kpr41ob1w .rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\z9z7rwe nude hot (!) glans qq6w54yfhtqrbwcslg .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\f07qtt 7nd83wovj yzw1afy [milf] .mpg.exe
  • %CommonProgramFiles(x86)%\microsoft shared\upfgetx h93bklf sperm nom72kl (dxocjwba).mpeg.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\mzwpstr8n hot (!) hole .mpg.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\asian h93bklf beast l9hwcs7vvnphd9 ash (dxocjwba).rar.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\black porn vjq39c1gwy zn3tvn .rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\8r3baiec porn yzw1afy bq4kno feet .rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\nude big wifey .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\wpjwijv yzw1afy uncut .rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\nude nom72kl .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\jxaglwti 8ok6yf [free] .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\8r3baiec cum yzw1afy l9hwcs7vvnphd9 feet .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\8r3baiec cum tsomq34 epyxwn .zip.exe
  • %ALLUSERSPROFILE%\templates\fac71w2 ddqayq sgu4m7oc 8bgkvshe1 (jenna,jade).zip.exe
  • %ALLUSERSPROFILE%\templates\cum ddqayq big glans .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\upfgetx porn mzwpstr8n 7vepaqjm glans (haj1oyikd,karin).rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\zc8giv9 w6csjja14n1 cum [bangbus] qx2j1b5 .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\z9z7rwe nude vjq39c1gwy glans ol6p1tua (c4w8hqa).rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\beast ihthd33 titts zmc8ujp .avi.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\z1qxwcd nude vjq39c1gwy ash .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\horse [free] .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\8r3baiec wep6b08 tsomq34 bq4kno fw58kpr41ob1w .avi.exe
  • %ALLUSERSPROFILE%\templates\mzwpstr8n sgu4m7oc glans mg9fvb2xk9 (sarah).rar.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\s2fkave w6csjja14n1 horse girls sm .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\wep6b08 xakmpl sgu4m7oc jxqgtp latex (g6u8n4r,liz).mpeg.exe
  • C:\users\default\appdata\local\temp\mnho9y54 girls 8bgkvshe1 .rar.exe
  • C:\users\default\appdata\local\<INETFILES>\8r3baiec 8ok6yf big (cy4xpd).mpg.exe
  • %ALLUSERSPROFILE%\templates\ bq4kno boobs .mpeg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\4h1e2a346 tsomq34 7vepaqjm balls .rar.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\f07qtt bd1l5ir xxx 7vepaqjm hairy .mpg.exe
  • C:\users\default\templates\tsomq34 vjq39c1gwy titts sm .mpeg.exe
  • C:\users\default\appdata\local\temp\f1i7cm 7vepaqjm feet qx2j1b5 .avi.exe
  • C:\users\default\appdata\local\<INETFILES>\gzn4ud7e lpcu5ai3 hot (!) glans ejn547rbxhd1 .rar.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\black l9hwcs7vvnphd9 hole (liz,2hbt8wr).mpg.exe
  • C:\users\default\templates\nude xxx ihthd33 6tl9zg0uqa .zip.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\ 7vepaqjm eigt45 .mpeg.exe
  • %TEMP%\beast bq4kno 50+ .avi.exe
  • %LOCALAPPDATA%\<INETFILES>\yzw1afy uncut feet 50+ (g6u8n4r).mpeg.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\ikdyfwhy lpcu5ai3 ddqayq l9hwcs7vvnphd9 .avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\lpcu5ai3 epyxwn (cy4xpd).mpeg.exe
  • %TEMP%\fac71w2 beast [milf] mg9fvb2xk9 .avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\black horse ihthd33 (dehod0,2hbt8wr).avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\z9z7rwe h93bklf tsomq34 ihthd33 hole qq6w54yfhtqrbwcslg .zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\fac71w2 xxx uncut nrb42wq (hyo87il,sonja).mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\8ok6yf horse epyxwn rv0y8n .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\lpcu5ai3 vjq39c1gwy .rar.exe
  • %APPDATA%\microsoft\templates\zc8giv9 tsomq34 uncut .zip.exe
  • %APPDATA%\microsoft\templates\s2fkave horse l9hwcs7vvnphd9 young .mpeg.exe
  • %APPDATA%\microsoft\windows\templates\z9z7rwe 8ok6yf sgu4m7oc hole .rar.exe
  • %APPDATA%\microsoft\windows\templates\s2fkave sperm girls mg9fvb2xk9 .avi.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\zc8giv9 cum beast uncut hotel .mpg.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\f1i7cm xakmpl mnho9y54 [bangbus] lady .zip.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\wpjwijv 7nd83wovj mzwpstr8n bq4kno lady (y8oxsqa,haj1oyikd).avi.exe
  • %HOMEPATH%\templates\lpcu5ai3 bd1l5ir l9hwcs7vvnphd9 js80j73 .rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\z9z7rwe porn sgu4m7oc .mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\cum [bangbus] feet hotel .zip.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\gzn4ud7e w6csjja14n1 xxx uncut (2hbt8wr).rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\fac71w2 beast uncut kfp2yqq (karin,hyo87il).zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\mzwpstr8n beast [free] sgoibhh .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\horse xxx apv53deiq9fw .zip.exe
  • %HOMEPATH%\templates\nom72kl vjq39c1gwy hole latex .mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\mnho9y54 uncut .rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\s2fkave 7nd83wovj gay ihthd33 (jade).rar.exe
Miscellaneous
Searches for the following windows
  • ClassName: 'Progman' WindowName: ''
  • ClassName: 'Proxy Desktop' WindowName: ''
Restarts the analyzed sample
Executes the following
  • '%WINDIR%\explorer.exe'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play
Wechat