Win32.HLLW.Autoruner.50356
Added to the Dr.Web virus database:
2011-05-24
Virus description added:
2011-12-24
Technical Information
To ensure autorun and distribution:
Modifies the following registry keys:
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'd-x10bc' = '%APPDATA%\dx10bac\d-xdiag10bc.exe'
Creates the following files on removable media:
- <Drive name for removable media>:\setup.exe
- <Drive name for removable media>:\autorun.inf
Modifies file system :
Creates the following files:
- %TEMP%\dw.log
- %APPDATA%\temp\Set.bin
- %APPDATA%\dx10bac\d-xdiag10bc.exe
Sets the 'hidden' attribute to the following files:
- <Drive name for removable media>:\autorun.inf
Network activity:
Connects to:
UDP:
- DNS ASK --.#-.--.--
- DNS ASK ir#.dal.net
- 'localhost':1107
- 'localhost':1106
- 'localhost':1111
- 'localhost':1109
- 'localhost':1098
- '<Private IP address>':1077
- 'localhost':1099
- 'localhost':1102
- 'localhost':1101
- '<Private IP address>':1076
- '<Private IP address>':1080
- '<Private IP address>':1081
- '<Private IP address>':1082
- 'localhost':1119
- 'localhost':1114
- '<Private IP address>':1079
- 'localhost':1118
- 'localhost':1116
- 'localhost':1096
- 'localhost':1047
- 'localhost':1045
- 'localhost':1054
- 'localhost':1052
- 'localhost':1044
- '23#.#55.255.250':1900
- '<Private IP address>':1035
- 'localhost':1040
- 'localhost':1039
- 'localhost':1074
- '<Private IP address>':1078
- 'localhost':1090
- 'localhost':1075
- 'localhost':1069
- 'localhost':1065
- 'localhost':1055
- 'localhost':1068
- 'localhost':1066
欢迎下载
Dr.Web for Android
-
免费3个月
-
可使用所有保护组件
-
可在AppGallery/Google Pay延期
继续使用此网站意味着您同意我们使用Cookie文件和其他用于收集网站访问统计信息的技术手段。详细信息