Para el funcionamiento correcto del sitio web, debe activar el soporte de JavaScript en su navegador.
Win32.HLLW.Autoruner1.24351
Added to the Dr.Web virus database:
2012-08-03
Virus description added:
2012-08-24
Technical Information
To ensure autorun and distribution:
Modifies the following registry keys:
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'mt' = '<SYSTEM32>\vaillo.exe'
Creates the following files on removable media:
<Drive name for removable media>:\System.exe
<Drive name for removable media>:\vaillo.exe
<Drive name for removable media>:\Sounds\Digital.exe
<Drive name for removable media>:\Images.exe
<Drive name for removable media>:\Sounds.exe
<Drive name for removable media>:\autorun.inf
<Drive name for removable media>:\Videos.exe
Malicious functions:
To complicate detection of its presence in the operating system,
forces the system hide from view:
hidden files
file extensions
Executes the following:
<SYSTEM32>\attrib.exe +r +h +s e:\autorun.inf
<SYSTEM32>\attrib.exe +r +h +s z:\autorun.inf
<SYSTEM32>\reg.exe add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v mt /t REG_SZ /d <SYSTEM32>\vaillo.exe /f
<SYSTEM32>\attrib.exe +r +h +s c:\autorun.inf
<SYSTEM32>\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /V ShowSuperHidden /t REG_DWORD /D 0 /f
<SYSTEM32>\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /V HideFileExt /t REG_DWORD /d 1 /f
<SYSTEM32>\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /V Hidden /t REG_DWORD /d 0 /f
Modifies file system :
Creates the following files:
<SYSTEM32>\Revo.exe
<SYSTEM32>\steb.exe
<SYSTEM32>\Viva.exe
<SYSTEM32>\Smash.exe
<SYSTEM32>\Click.exe
<SYSTEM32>\Honda.exe
<SYSTEM32>\chalie.exe
<SYSTEM32>\Fino.exe
%WINDIR%\system\drver.cab.sys
C:\System.exe
C:\Images.exe
C:\Sounds\Digital.exe
C:\vaillo.exe
C:\Sounds.exe
%WINDIR%\system\oeminfo.ini
C:\Videos.exe
C:\autorun.inf
%WINDIR%\freesex.exe
%WINDIR%\Kenel32.exe
%WINDIR%\taskes.exe
<SYSTEM32>.exe
<SYSTEM32>\vaillo.exe
%TEMP%\a27147.bat
%WINDIR%\Help\KGC.exe
%WINDIR%\Fonts\limons.ttf
%WINDIR%\suck.exe
<SYSTEM32>\Of.exe
<SYSTEM32>\God.exe
<SYSTEM32>\Heaven.exe
<SYSTEM32>\War.exe
%WINDIR%\Web\Wallpapers.exe
%WINDIR%\system\driber.exe
%WINDIR%\Media\soundsman.exe
%WINDIR%\Web\GameKhmer.exe
Sets the 'hidden' attribute to the following files:
<Drive name for removable media>:\autorun.inf
C:\autorun.inf
%TEMP%\a27147.bat
Descargue Dr.Web para Android
Gratis por 3 meses
Todos los componentes de protección
Renovación de la demo a través de AppGallery/Google Pay
Si Vd. continúa usando este sitio web, esto significa que Vd. acepta el uso de archivos Cookie y otras tecnologías para que recabemos las estadísticas sobre los visitantes. Más información
OK