Win32.HLLW.Lime.3529
Added to the Dr.Web virus database:
2014-01-30
Virus description added:
2014-02-01
Technical Information
Malicious functions:
Searches for windows to
detect analytical utilities:
- ClassName: 'OLLYDBG' WindowName: '(null)'
- ClassName: 'FileMonClass' WindowName: '(null)'
Sets a new unauthorized home page for Windows Internet Explorer.
Modifies file system :
Creates the following files:
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\login[1].html
Network activity:
Connects to:
- '17##.qq.com':80
- '12#.#25.114.144':80
- 'localhost':1036
TCP:
HTTP GET requests:
- 17##.qq.com//login.html
- 12#.#25.114.144/vwktmrutijbtvwq
UDP:
- DNS ASK 17##.qq.com
- DNS ASK hi.##idu.com
Miscellaneous:
Searches for the following windows:
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: '18467-41' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
欢迎下载
Dr.Web for Android
-
免费3个月
-
可使用所有保护组件
-
可在AppGallery/Google Pay延期
继续使用此网站意味着您同意我们使用Cookie文件和其他用于收集网站访问统计信息的技术手段。详细信息