Win32.HLLW.Autoruner2.24376
Added to the Dr.Web virus database:
2016-06-08
Virus description added:
2016-06-08
Technical Information
To ensure autorun and distribution:
Modifies the following registry keys:
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Taskman' = '%HOMEPATH%\aegvvp.exe'
Malicious functions:
Executes the following:
Injects code into
the following system processes:
Modifies file system:
Creates the following files:
Sets the 'hidden' attribute to the following files:
Network activity:
UDP:
- DNS ASK ASK mu###.###tal-protection.net.ru
- DNS ASK ASK sl###.##fehousenumber.com
Miscellaneous:
Searches for the following windows:
- ClassName: 'Abkiln Lfdwwx Mmd' WindowName: 'Rnotqbntr Stgly'
- ClassName: 'Vxwn' WindowName: 'Kyurodi Vgtwidnpj, Stjjdup Hsmue'
- ClassName: 'Alt' WindowName: 'Farleahve Muux, Xpf, Qcvau Blqvu'
- ClassName: 'Qcvau Blqvu, Alt' WindowName: 'Farleahve Muux, Xpf'
- ClassName: 'Stjjdup Hsmue, Vxwn' WindowName: 'Kyurodi Vgtwidnpj'
- ClassName: 'Oyqu Kqwve. Qqw' WindowName: 'Bgohiya. Kqditbtgv'
- ClassName: 'Fpwx. Euxkj. Myxx' WindowName: 'Iyrcro, Qmwq Qj'
- ClassName: 'Hnxf Ccjl Uggfl Bni' WindowName: 'Hhcteg Wnqaxgd. Q'
- ClassName: 'Kuhgxfx. Tdfp Cfns' WindowName: 'Usrers Xkhiffulmj'
- ClassName: 'Tjjedwl U' WindowName: 'Qkvpsm Gyiauiug E, Iwpjpei'
- ClassName: 'Iwpjpei, Tjjedwl U' WindowName: 'Qkvpsm Gyiauiug E'
- ClassName: 'Ahlglor Dxatk. Xh' WindowName: 'Fpyh. Adxt Xcc Vxcx'
- ClassName: 'Ovlieyruv Dcocux Ex' WindowName: 'Qiiew, Lrwanwnvt Do'
- ClassName: 'Umrv' WindowName: 'Wjgptx. Xr, Tuk, Jmcr. Wldwge'
- ClassName: 'Eyjfdh' WindowName: 'Hnuygpo. Bdxa Ieq, Fpbo, Jjsx'
- ClassName: 'Fpbo, Jjsx, Eyjfdh' WindowName: 'Hnuygpo. Bdxa Ieq'
- ClassName: 'Jmcr. Wldwge, Umrv' WindowName: 'Wjgptx. Xr, Tuk'
- ClassName: 'Jqgqrecm Kimuwk' WindowName: 'Nfkdjfxr, Wgfdiulvo'
- ClassName: 'Aahjo Cv. Mhhhcirgl' WindowName: 'Fcnnvb, Vcgngj. Uv'
- ClassName: 'Wiyh Yk, Virletw' WindowName: 'Ktlwplu Qtkrnwx'
- ClassName: 'Ymvd Wjo' WindowName: 'Fnghnj Cdsmaxyga, Jdgrjtjf'
- ClassName: 'Eyauup. Max Fnt' WindowName: 'Orieemoj Fdjxgngyhn'
- ClassName: 'Virletw' WindowName: 'Ktlwplu Qtkrnwx, Wiyh Yk'
- ClassName: 'Jdgrjtjf, Ymvd Wjo' WindowName: 'Fnghnj Cdsmaxyga'
- ClassName: 'Bvcqi Noqabao Eq' WindowName: 'Innaukjv Mtpihyyfmt'
- ClassName: 'Eatck Bpmxn Jtjmnk' WindowName: 'Opqrclcpi, Ycapt'
- ClassName: 'Nyjmh Nxr' WindowName: 'Efnhw Qr, Tsyyt, K, Anptrhe'
- ClassName: 'Anptrhe, Nyjmh Nxr' WindowName: 'Efnhw Qr, Tsyyt, K'
- ClassName: 'Aycuupv Cwh Fqe' WindowName: 'Bpdm. Ejbeh Ghe'
- ClassName: 'Htof Rjyrbjtr D' WindowName: 'Rmred. Bbobd. Y'
- ClassName: 'Hpninr' WindowName: 'Qnghat. Mqsugj Axf, Pgcsrqolh'
- ClassName: 'Pgcsrqolh, Hpninr' WindowName: 'Qnghat. Mqsugj Axf'
- ClassName: 'Qpsvc Kned Mbp P' WindowName: 'Rqtltiqg Fuafgxv, Y'
- ClassName: 'Dftb Eic' WindowName: 'Miifbk Vnq Ros. E, Xfnhn'
- ClassName: 'Xfnhn, Dftb Eic' WindowName: 'Miifbk Vnq Ros. E'
- ClassName: 'Ylicyw Dvbkn. Qdwup' WindowName: 'Vnnukyn Jwolblpw'
- ClassName: 'Trnijus Qxftif Eai' WindowName: 'Tdlnqu Ot. Qsbd'
欢迎下载
Dr.Web for Android
-
免费3个月
-
可使用所有保护组件
-
可在AppGallery/Google Pay延期
继续使用此网站意味着您同意我们使用Cookie文件和其他用于收集网站访问统计信息的技术手段。详细信息