Para el funcionamiento correcto del sitio web, debe activar el soporte de JavaScript en su navegador.
Win32.HLLW.Autoruner1.57552
Added to the Dr.Web virus database:
2013-10-04
Virus description added:
2013-10-05
Technical Information
To ensure autorun and distribution:
Creates the following services:
[<HKLM>\SYSTEM\ControlSet001\services\IKEEXT] 'Start' = '00000002'
[<HKLM>\SYSTEM\ControlSet001\services\Discovery PnP-X IP Source PC Awareness Spooler] 'Start' = '00000002'
Malicious functions:
To complicate detection of its presence in the operating system,
blocks the following features:
Creates and executes the following:
'%WINDIR%\mepjijjfw.exe' "%WINDIR%\ceqiwxnu.exe"
'%WINDIR%\TEMP\yhrpeufi7yns6lwr.exe' -r 51894 tcp
'%TEMP%\yhrpeufh2wjs6lwrljthkk.exe'
'%WINDIR%\ceqiwxnu.exe'
Executes the following:
'<SYSTEM32>\svchost.exe' -k NetworkServiceNetworkRestricted
'<SYSTEM32>\netsh.exe' firewall set opmode disable
'<SYSTEM32>\wermgr.exe' -queuereporting
Modifies file system :
Creates the following files:
%WINDIR%\vkbffphw\run
%WINDIR%\vkbffphw\rng
%WINDIR%\vkbffphw\cfg
%WINDIR%\vkbffphw\por
%WINDIR%\Temp\yhrpeufi7yns6lwr.exe
%TEMP%\yhrpeufh2wjs6lwrljthkk.exe
%WINDIR%\vkbffphw\tst
%WINDIR%\vkbffphw\etc
%WINDIR%\mepjijjfw.exe
%WINDIR%\ceqiwxnu.exe
Sets the 'hidden' attribute to the following files:
%WINDIR%\mepjijjfw.exe
%WINDIR%\ceqiwxnu.exe
Deletes the following files:
%WINDIR%\Temp\yhrpeufi7yns6lwr.exe
%TEMP%\yhrpeufh2wjs6lwrljthkk.exe
Network activity:
Connects to:
TCP:
HTTP GET requests:
pe###hecon.com/forum/search.php?me#########################################
UDP:
DNS ASK li###hot.net
DNS ASK ab###ach.net
DNS ASK lo###oss.net
DNS ASK so###about.net
DNS ASK we###ruit.net
DNS ASK ve###ruit.net
DNS ASK ju###ray.net
DNS ASK mo###ray.net
DNS ASK yo###njoy.net
DNS ASK mo###uia.com
DNS ASK dn#.##ftncsi.com
DNS ASK el#####arimagine.com
DNS ASK pe###hecon.com
DNS ASK ta###wash.net
DNS ASK sa###ave.net
DNS ASK th###rrefk.com
'23#.#55.255.250':1900
Miscellaneous:
Searches for the following windows:
ClassName: 'Shell_TrayWnd' WindowName: '(null)'
Descargue Dr.Web para Android
Gratis por 3 meses
Todos los componentes de protección
Renovación de la demo a través de AppGallery/Google Pay
Si Vd. continúa usando este sitio web, esto significa que Vd. acepta el uso de archivos Cookie y otras tecnologías para que recabemos las estadísticas sobre los visitantes. Más información
OK