Win32.HLLW.Autoruner2.23967
Added to the Dr.Web virus database:
2016-05-14
Virus description added:
2016-05-14
Technical Information
To ensure autorun and distribution:
Modifies the following registry keys:
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Taskman' = '%HOMEPATH%\aegvvp.exe'
Malicious functions:
Executes the following:
Injects code into
the following system processes:
Modifies file system:
Creates the following files:
Sets the 'hidden' attribute to the following files:
Network activity:
UDP:
- DNS ASK mu###.###tal-protection.net.ru
- DNS ASK sl###.##fehousenumber.com
- 'mu###.###tal-protection.net.ru':22789
- 'sl###.##fehousenumber.com':22789
Miscellaneous:
Searches for the following windows:
- ClassName: 'Vxbpl Dlhqdh, Thvv' WindowName: 'Xdposvh. Ahaiylnic'
- ClassName: 'Thvv' WindowName: 'Xdposvh. Ahaiylnic, Vxbpl Dlhqdh'
- ClassName: 'G' WindowName: 'Lwjcbmjfb Myhics, G, Lwjcbmjfb Myhics'
- ClassName: 'Sssuyq Uohv. Gn' WindowName: 'Ijxecuqb Vrxafpf'
- ClassName: 'Lwjcbmjfb Myhics, G' WindowName: 'Lwjcbmjfb Myhics, G'
- ClassName: 'Pxb. Pbsqno Gxycp Y' WindowName: 'Rodvjwygg Krhno'
- ClassName: 'Ujginkni, Pnwkn' WindowName: 'Drtwif Penlm. Juqgs'
- ClassName: 'Pnwkn' WindowName: 'Drtwif Penlm. Juqgs, Ujginkni'
- ClassName: 'Lkmkpki Jla' WindowName: 'Hndf, Wvg Efxfcq, Bedo'
- ClassName: 'Osdauoa. Vxda Piofu' WindowName: 'Wfcbbmq Xhn, Codu'
- ClassName: 'Bedo, Lkmkpki Jla' WindowName: 'Hndf, Wvg Efxfcq'
- ClassName: 'Bbdlvvfyw Pnlr G' WindowName: 'Nhkhgdrsgc. Vrujd O'
- ClassName: 'Xggwafl, Tbhs A' WindowName: 'Ctao. Lmsoy Ywhm'
- ClassName: 'Sucvai Hgefgosx Y' WindowName: 'Djdynt Ci. Pkkowmf'
- ClassName: 'Ydptbj, Mfantisv' WindowName: 'Ydptbj, Mfantisv'
- ClassName: 'Mfantisv' WindowName: 'Ydptbj, Mfantisv, Ydptbj'
- ClassName: 'Tbhs A' WindowName: 'Ctao. Lmsoy Ywhm, Xggwafl'
- ClassName: 'Eltsgxy' WindowName: 'Eltsgxy'
- ClassName: 'Aievqjhorf Anv Qsge' WindowName: 'Tbjrknmoyq Vxyijyav'
- ClassName: 'Lkuljogo Fvp' WindowName: 'Fvgrojd Cqq Fdkp, Swvy'
- ClassName: 'Djpwnbf Sscssimlp' WindowName: 'Nquqmerbst Eikavtl'
- ClassName: 'Swvy, Lkuljogo Fvp' WindowName: 'Fvgrojd Cqq Fdkp'
欢迎下载
Dr.Web for Android
-
免费3个月
-
可使用所有保护组件
-
可在AppGallery/Google Pay延期
继续使用此网站意味着您同意我们使用Cookie文件和其他用于收集网站访问统计信息的技术手段。详细信息