Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Win32.HLLW.Autoruner2.24078

Added to the Dr.Web virus database: 2016-05-19

Virus description added:

Technical Information

To ensure autorun and distribution:
Modifies the following registry keys:
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Taskman' = '%HOMEPATH%\aegvvp.exe'
Malicious functions:
Executes the following:
  • '<SYSTEM32>\svchost.exe'
Injects code into
the following system processes:
  • <SYSTEM32>\svchost.exe
Modifies file system:
Creates the following files:
  • %HOMEPATH%\aegvvp.exe
Sets the 'hidden' attribute to the following files:
  • %HOMEPATH%\aegvvp.exe
Network activity:
UDP:
  • DNS ASK mu###.###tal-protection.net.ru
  • DNS ASK sl###.##fehousenumber.com
  • 'mu###.###tal-protection.net.ru':19700
  • 'sl###.##fehousenumber.com':19700
Miscellaneous:
Searches for the following windows:
  • ClassName: 'Qftgx. Jfvk Wyyxn' WindowName: 'Bljuj. Emj. Auvp'
  • ClassName: 'Ydcgsicm Xftmalh Yd' WindowName: 'Mowmir. Wolwndej'
  • ClassName: 'Qostf, Y' WindowName: 'Qostf, Y'
  • ClassName: 'Miss Qdlyg' WindowName: 'Miss Qdlyg'
  • ClassName: 'Y' WindowName: 'Qostf, Y, Qostf'
  • ClassName: 'Qwhm. Bcqvaq Ftmd' WindowName: 'Hsfrt Sicyl Xmjqcor'
  • ClassName: 'Jdly Qpudgped Mdq' WindowName: 'Srce. Nrtmu, Hkbut'
  • ClassName: 'Uameag Ssohqxyb' WindowName: 'Jronp Gcwglbbb G'
  • ClassName: 'Ewjvohn Bx' WindowName: 'Ewjvohn Bx'
  • ClassName: 'Hlfix. Iutsi. Majhy' WindowName: 'Laxvle, Rgbbkquxl'
  • ClassName: 'Qrombk Rrowcxmbcfu' WindowName: 'Whcrd. Gjxbj, Sn'
  • ClassName: 'Xtdtyf. Slcqxfqk' WindowName: 'Nbxywefyo Ggv U'
  • ClassName: 'Nvdna. Ugqi Tcfctbk' WindowName: 'Qeswy, Tmiu Oofsur'
  • ClassName: 'Nte Pobolj' WindowName: 'Oihebkbwdf Kocj, Ujpe'
  • ClassName: 'Lctkh. Tdugdf Nc' WindowName: 'Ouhb. Ujcgrioq Ny'
  • ClassName: 'Jfw' WindowName: 'Bfqqoro. Ahptkas, Ciiha. Obj'
  • ClassName: 'Ciiha. Obj, Jfw' WindowName: 'Bfqqoro. Ahptkas'
  • ClassName: 'Ujpe, Nte Pobolj' WindowName: 'Oihebkbwdf Kocj'
  • ClassName: 'Jqxdglvbtm Xlbap' WindowName: 'Uhnret Soci Ixxvth'
  • ClassName: 'Kgv. Fcmeuh Fav' WindowName: 'Svjvgkd, Ebgppl'
  • ClassName: 'Ahjxoby Qrg. Wtdy' WindowName: 'Etmcnpf Wkutycqm'
  • ClassName: 'Aaaspg. Gwadavbx' WindowName: 'Hwswc, Lvsnx, Kw'
  • ClassName: 'Txvrcvqj. Nnyivsr' WindowName: 'Bwhknnj Ffmom, R'
  • ClassName: 'Sbwl' WindowName: 'Dehgeb, Ngkgpv V, Kkfvdp Hrb'
  • ClassName: 'Eaao Dyonm, Ccwa' WindowName: 'Ofph, Lvi, Vmfytvr'
  • ClassName: 'Isjgl C' WindowName: 'Kbqnd Toxnt Oqgkm, Ifqpmc'
  • ClassName: 'Ccwa' WindowName: 'Ofph, Lvi, Vmfytvr, Eaao Dyonm'
  • ClassName: 'Wlkxrxd Rqm, Iklgy' WindowName: 'Hhwbrexk Yuxtu B'
  • ClassName: 'Vkfwrypx Lnfvvrm N' WindowName: 'Ssptkd Vgef Xrnbc'
  • ClassName: 'Ifqpmc, Isjgl C' WindowName: 'Kbqnd Toxnt Oqgkm'
  • ClassName: 'Myavjhi Fyii Tsg' WindowName: 'Pfxga, Ymukr. Op'
  • ClassName: 'Yacocwj Ejj Wnabqld' WindowName: 'Ujmg. Wxiioac Tr'
  • ClassName: 'Dlc, Be, Syvyrc Cua' WindowName: 'Nwfty Amdswp Kbgkp'
  • ClassName: 'Qxvo. Lquwwq Hxe' WindowName: 'Tpwh Aivpnit Aqn'
  • ClassName: 'Syvyrc Cua' WindowName: 'Nwfty Amdswp Kbgkp, Dlc, Be'
  • ClassName: 'Iklgy' WindowName: 'Hhwbrexk Yuxtu B, Wlkxrxd Rqm'
  • ClassName: 'Iedewhlb, Etir Jeuc' WindowName: 'Etocsl, Ldchs Kj'
  • ClassName: 'Ruqp. La' WindowName: 'Jgwk, Ruqp. La, Jgwk'
  • ClassName: 'Etir Jeuc' WindowName: 'Etocsl, Ldchs Kj, Iedewhlb'
  • ClassName: 'Kkfvdp Hrb, Sbwl' WindowName: 'Dehgeb, Ngkgpv V'
  • ClassName: 'Vejiir Akgwo O' WindowName: 'Vejiir Akgwo O'
  • ClassName: 'Jgwk, Ruqp. La' WindowName: 'Jgwk, Ruqp. La'
  • ClassName: 'Yhljqg' WindowName: 'Exbyhu Kjjfg Gfqbg, Scds. Vhvev'
  • ClassName: 'Scds. Vhvev, Yhljqg' WindowName: 'Exbyhu Kjjfg Gfqbg'
  • ClassName: 'Rwegnxys Bghp Qasrn' WindowName: 'Pxnttkipmk Lptcp'
  • ClassName: 'Mfayl Jffn. Nuyrnqq' WindowName: 'Efkjeyf Cqkgdjl'
  • ClassName: 'Mmmrpp Pvgka Kucsc I' WindowName: 'Mmmrpp Pvgka Kucsc I'