Para el funcionamiento correcto del sitio web, debe activar el soporte de JavaScript en su navegador.
Win32.HLLW.Autoruner2.23934
Added to the Dr.Web virus database:
2016-05-14
Virus description added:
2016-05-14
Technical Information
To ensure autorun and distribution:
Modifies the following registry keys:
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Taskman' = '%HOMEPATH%\aegvvp.exe'
Malicious functions:
Executes the following:
Injects code into
the following system processes:
Modifies file system:
Creates the following files:
Sets the 'hidden' attribute to the following files:
Network activity:
UDP:
DNS ASK mu###.###tal-protection.net.ru
DNS ASK sl###.##fehousenumber.com
'mu###.###tal-protection.net.ru':41801
'sl###.##fehousenumber.com':41801
Miscellaneous:
Searches for the following windows:
ClassName: 'Oawgjnfp, Vkjh. A' WindowName: 'Wpngck Iiok Altxwt'
ClassName: 'Ufiflc. Hhjd Fxwhi' WindowName: 'Hxnpkuq, Hnbpoe'
ClassName: 'Bqaw, Juwfu. Ffg' WindowName: 'Bwdcp, Vsnxge Wletj'
ClassName: 'Vkjh. A' WindowName: 'Wpngck Iiok Altxwt, Oawgjnfp'
ClassName: 'Ieckkx' WindowName: 'Ekdwsc, Ndyhnud Kdr, Dpljdhni'
ClassName: 'Yvw, Yvpwwtd Jfrw' WindowName: 'Mngv Wchm, Twbyfu'
ClassName: 'Qbntyb Wbk' WindowName: 'Hlew, Eiqxcks. Hvg, Obvge'
ClassName: 'Dpljdhni, Ieckkx' WindowName: 'Ekdwsc, Ndyhnud Kdr'
ClassName: 'Yvpwwtd Jfrw' WindowName: 'Mngv Wchm, Twbyfu, Yvw'
ClassName: 'Cvwamfr Yvxfp Npic' WindowName: 'Nikchf Dxpm, Fj'
ClassName: 'Gayqilsjh Vbnxx' WindowName: 'Pcssuwr. Qngdpxyxxc'
ClassName: 'Kaxml' WindowName: 'Onupetgh, Cb, Wxyf, Marxr Wnrkpp'
ClassName: 'Marxr Wnrkpp, Kaxml' WindowName: 'Onupetgh, Cb, Wxyf'
ClassName: 'Pacwi Susud' WindowName: 'Rhq, Bgmwcup, Txyr, Lyrogq'
ClassName: 'Scfkuvs Yvtd, N' WindowName: 'Ctiedqbp Kkwsqpv Kp'
ClassName: 'Juwfu. Ffg' WindowName: 'Bwdcp, Vsnxge Wletj, Bqaw'
ClassName: 'Lyrogq, Pacwi Susud' WindowName: 'Rhq, Bgmwcup, Txyr'
ClassName: 'N' WindowName: 'Ctiedqbp Kkwsqpv Kp, Scfkuvs Yvtd'
ClassName: 'Nkj' WindowName: 'Bxcod Bhexd Drcqu I, Jmtgx, Aqdjw'
ClassName: 'Jmtgx, Aqdjw, Nkj' WindowName: 'Bxcod Bhexd Drcqu I'
ClassName: 'Cxcs, Ecf Qipd, Y' WindowName: 'Imwnb. Cyrq Gwdd'
ClassName: 'Sjwr Ivygf. Mxispo' WindowName: 'Fbiwqffine Djmqmvxe'
ClassName: 'Mtmtgqb Asqv Qmu N' WindowName: 'Tkihrhj Jmbyw Rv'
ClassName: 'Fdnrohhf. Ibqqnt' WindowName: 'Uywuafoy Ganutx'
ClassName: 'Hwxbf Uivt Knhrpe' WindowName: 'Naxxqsr, Eslpp Pys'
ClassName: 'Vgnku' WindowName: 'Ibiiiqx Tsi Ioybc, Chb, Lol'
ClassName: 'Chb, Lol, Vgnku' WindowName: 'Ibiiiqx Tsi Ioybc'
ClassName: 'Gqicaik Fc, Ebvm' WindowName: 'Gaphpu. Pgwnmll. Lp'
ClassName: 'Vx' WindowName: 'Ddhbbcvpp, Eigf, Taguxcqx Gsvd'
ClassName: 'Obvge, Qbntyb Wbk' WindowName: 'Hlew, Eiqxcks. Hvg'
ClassName: 'Ebvm' WindowName: 'Gaphpu. Pgwnmll. Lp, Gqicaik Fc'
ClassName: 'Taguxcqx Gsvd, Vx' WindowName: 'Ddhbbcvpp, Eigf'
ClassName: 'Nqwyw Bvsyrmkofx' WindowName: 'Csifgbvn Pg, Fog'
ClassName: 'Y' WindowName: 'Imwnb. Cyrq Gwdd, Cxcs, Ecf Qipd'
ClassName: 'Jjgl. Tt' WindowName: 'Xskluu Gyypjjyxhy, Dkrxufnn'
ClassName: 'Dkrxufnn, Jjgl. Tt' WindowName: 'Xskluu Gyypjjyxhy'
Descargue Dr.Web para Android
Gratis por 3 meses
Todos los componentes de protección
Renovación de la demo a través de AppGallery/Google Pay
Si Vd. continúa usando este sitio web, esto significa que Vd. acepta el uso de archivos Cookie y otras tecnologías para que recabemos las estadísticas sobre los visitantes. Más información
OK