Para el funcionamiento correcto del sitio web, debe activar el soporte de JavaScript en su navegador.
Win32.HLLW.Autoruner1.30479
Added to the Dr.Web virus database:
2012-11-27
Virus description added:
2012-11-27
Technical Information
To ensure autorun and distribution:
Modifies the following registry keys:
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Print Spooler Process' = '<SYSTEM32>\spool\drivers\w32x86\3\Printers.{2227A280-3AEA-1069-A2DE-08002B30309D}\spooler.exe'
Creates the following files on removable media:
<Drive name for removable media>:\autorun.inf
Malicious functions:
Executes the following:
<SYSTEM32>\attrib.exe +h N:\autorun.inf
<SYSTEM32>\attrib.exe +h M:\autorun.inf
<SYSTEM32>\attrib.exe +h L:\autorun.inf
<SYSTEM32>\attrib.exe +h Q:\autorun.inf
<SYSTEM32>\attrib.exe +h P:\autorun.inf
<SYSTEM32>\attrib.exe +h O:\autorun.inf
<SYSTEM32>\attrib.exe +h K:\autorun.inf
<SYSTEM32>\attrib.exe +h G:\autorun.inf
<SYSTEM32>\attrib.exe +h F:\autorun.inf
<SYSTEM32>\attrib.exe +h E:\autorun.inf
<SYSTEM32>\attrib.exe +h J:\autorun.inf
<SYSTEM32>\attrib.exe +h I:\autorun.inf
<SYSTEM32>\attrib.exe +h H:\autorun.inf
<SYSTEM32>\reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings" /f /v "Enabled" /t REG_DWORD /d 00000001
<SYSTEM32>\attrib.exe +h Z:\autorun.inf
<SYSTEM32>\attrib.exe +h Y:\autorun.inf
<SYSTEM32>\cmd.exe /c ""<Current directory>\ftp.bat" "
<SYSTEM32>\wscript.exe "<Current directory>\b.vbs"
<SYSTEM32>\reg.exe add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /f /v "Print Spooler Process" /d <SYSTEM32>\spool\drivers\w32x86\3\Printers.{2227A280-3AEA-1069-A2DE-08002B30309D}\spooler.exe
<SYSTEM32>\attrib.exe +h X:\autorun.inf
<SYSTEM32>\attrib.exe +h T:\autorun.inf
<SYSTEM32>\attrib.exe +h S:\autorun.inf
<SYSTEM32>\attrib.exe +h R:\autorun.inf
<SYSTEM32>\attrib.exe +h W:\autorun.inf
<SYSTEM32>\attrib.exe +h V:\autorun.inf
<SYSTEM32>\attrib.exe +h U:\autorun.inf
<SYSTEM32>\attrib.exe +h <Drive name for removable media>:\autorun.inf
<SYSTEM32>\attrib.exe +h K:\RECYCLER
<SYSTEM32>\attrib.exe +h J:\RECYCLER
<SYSTEM32>\attrib.exe +h I:\RECYCLER
<SYSTEM32>\attrib.exe +h N:\RECYCLER
<SYSTEM32>\attrib.exe +h M:\RECYCLER
<SYSTEM32>\attrib.exe +h L:\RECYCLER
<SYSTEM32>\attrib.exe +h H:\RECYCLER
<SYSTEM32>\attrib.exe +h <Drive name for removable media>:\RECYCLER
<SYSTEM32>\attrib.exe +h C:\RECYCLER
<SYSTEM32>\attrib.exe +h "<SYSTEM32>\spool\drivers\w32x86\3\Printers.{2227A280-3AEA-1069-A2DE-08002B30309D}\spooler.exe"
<SYSTEM32>\attrib.exe +h G:\RECYCLER
<SYSTEM32>\attrib.exe +h F:\RECYCLER
<SYSTEM32>\attrib.exe +h E:\RECYCLER
<SYSTEM32>\attrib.exe +h X:\RECYCLER
<SYSTEM32>\attrib.exe +h W:\RECYCLER
<SYSTEM32>\attrib.exe +h V:\RECYCLER
<SYSTEM32>\attrib.exe +h C:\autorun.inf
<SYSTEM32>\attrib.exe +h Z:\RECYCLER
<SYSTEM32>\attrib.exe +h Y:\RECYCLER
<SYSTEM32>\attrib.exe +h U:\RECYCLER
<SYSTEM32>\attrib.exe +h Q:\RECYCLER
<SYSTEM32>\attrib.exe +h P:\RECYCLER
<SYSTEM32>\attrib.exe +h O:\RECYCLER
<SYSTEM32>\attrib.exe +h T:\RECYCLER
<SYSTEM32>\attrib.exe +h S:\RECYCLER
<SYSTEM32>\attrib.exe +h R:\RECYCLER
Modifies file system :
Creates the following files:
<Current directory>\ftp.bat
<Current directory>\b.vbs
<Current directory>\a.vbs
<Current directory>\tmp
%TEMP%\bt2516.bat
C:\autorun.inf
%TEMP%\reg
Sets the 'hidden' attribute to the following files:
<Drive name for removable media>:\autorun.inf
C:\autorun.inf
%TEMP%\bt2516.bat
Descargue Dr.Web para Android
Gratis por 3 meses
Todos los componentes de protección
Renovación de la demo a través de AppGallery/Google Pay
Si Vd. continúa usando este sitio web, esto significa que Vd. acepta el uso de archivos Cookie y otras tecnologías para que recabemos las estadísticas sobre los visitantes. Más información
OK