Win32.HLLW.Facebook.2624
Added to the Dr.Web virus database:
2016-07-09
Virus description added:
2016-07-09
Technical Information
Malicious functions:
Executes the following:
- '<SYSTEM32>\cmd.exe' /c "%tEMP%\fio.Bat"
- '<SYSTEM32>\reg.exe' add "hklm\soFtWARe\miCRoSOfT\INTerNEt exPloREr\MAin" /v tp /t reg_sz /d 1000 /f
- '<SYSTEM32>\netsh.exe' fIrEwaLl AdD allowedprogram name="pdrv" program="<SYSTEM32>\SvchOst.eXE" mode=enable
- '<SYSTEM32>\cmd.exe' /c copy "<Full path to virus>" "<Full path to virus>.exe"
- '<SYSTEM32>\cmd.exe' /c "<Full path to virus>.exe" /res >%tEMP%\fio.Bat
- '<Full path to virus>.exe' /res
Modifies file system:
Creates the following files:
- <SYSTEM32>\pdrv.dll
- %TEMP%\fio.Bat
- <Full path to virus>.exe
- <DRIVERS>\pdrv.sys
欢迎下载
Dr.Web for Android
-
免费3个月
-
可使用所有保护组件
-
可在AppGallery/Google Pay延期
继续使用此网站意味着您同意我们使用Cookie文件和其他用于收集网站访问统计信息的技术手段。详细信息