Para el funcionamiento correcto del sitio web, debe activar el soporte de JavaScript en su navegador.
Win32.HLLW.Autoruner2.24376
Added to the Dr.Web virus database:
2016-06-08
Virus description added:
2016-06-08
Technical Information
To ensure autorun and distribution:
Modifies the following registry keys:
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Taskman' = '%HOMEPATH%\aegvvp.exe'
Malicious functions:
Executes the following:
Injects code into
the following system processes:
Modifies file system:
Creates the following files:
Sets the 'hidden' attribute to the following files:
Network activity:
UDP:
DNS ASK ASK mu###.###tal-protection.net.ru
DNS ASK ASK sl###.##fehousenumber.com
Miscellaneous:
Searches for the following windows:
ClassName: 'Abkiln Lfdwwx Mmd' WindowName: 'Rnotqbntr Stgly'
ClassName: 'Vxwn' WindowName: 'Kyurodi Vgtwidnpj, Stjjdup Hsmue'
ClassName: 'Alt' WindowName: 'Farleahve Muux, Xpf, Qcvau Blqvu'
ClassName: 'Qcvau Blqvu, Alt' WindowName: 'Farleahve Muux, Xpf'
ClassName: 'Stjjdup Hsmue, Vxwn' WindowName: 'Kyurodi Vgtwidnpj'
ClassName: 'Oyqu Kqwve. Qqw' WindowName: 'Bgohiya. Kqditbtgv'
ClassName: 'Fpwx. Euxkj. Myxx' WindowName: 'Iyrcro, Qmwq Qj'
ClassName: 'Hnxf Ccjl Uggfl Bni' WindowName: 'Hhcteg Wnqaxgd. Q'
ClassName: 'Kuhgxfx. Tdfp Cfns' WindowName: 'Usrers Xkhiffulmj'
ClassName: 'Tjjedwl U' WindowName: 'Qkvpsm Gyiauiug E, Iwpjpei'
ClassName: 'Iwpjpei, Tjjedwl U' WindowName: 'Qkvpsm Gyiauiug E'
ClassName: 'Ahlglor Dxatk. Xh' WindowName: 'Fpyh. Adxt Xcc Vxcx'
ClassName: 'Ovlieyruv Dcocux Ex' WindowName: 'Qiiew, Lrwanwnvt Do'
ClassName: 'Umrv' WindowName: 'Wjgptx. Xr, Tuk, Jmcr. Wldwge'
ClassName: 'Eyjfdh' WindowName: 'Hnuygpo. Bdxa Ieq, Fpbo, Jjsx'
ClassName: 'Fpbo, Jjsx, Eyjfdh' WindowName: 'Hnuygpo. Bdxa Ieq'
ClassName: 'Jmcr. Wldwge, Umrv' WindowName: 'Wjgptx. Xr, Tuk'
ClassName: 'Jqgqrecm Kimuwk' WindowName: 'Nfkdjfxr, Wgfdiulvo'
ClassName: 'Aahjo Cv. Mhhhcirgl' WindowName: 'Fcnnvb, Vcgngj. Uv'
ClassName: 'Wiyh Yk, Virletw' WindowName: 'Ktlwplu Qtkrnwx'
ClassName: 'Ymvd Wjo' WindowName: 'Fnghnj Cdsmaxyga, Jdgrjtjf'
ClassName: 'Eyauup. Max Fnt' WindowName: 'Orieemoj Fdjxgngyhn'
ClassName: 'Virletw' WindowName: 'Ktlwplu Qtkrnwx, Wiyh Yk'
ClassName: 'Jdgrjtjf, Ymvd Wjo' WindowName: 'Fnghnj Cdsmaxyga'
ClassName: 'Bvcqi Noqabao Eq' WindowName: 'Innaukjv Mtpihyyfmt'
ClassName: 'Eatck Bpmxn Jtjmnk' WindowName: 'Opqrclcpi, Ycapt'
ClassName: 'Nyjmh Nxr' WindowName: 'Efnhw Qr, Tsyyt, K, Anptrhe'
ClassName: 'Anptrhe, Nyjmh Nxr' WindowName: 'Efnhw Qr, Tsyyt, K'
ClassName: 'Aycuupv Cwh Fqe' WindowName: 'Bpdm. Ejbeh Ghe'
ClassName: 'Htof Rjyrbjtr D' WindowName: 'Rmred. Bbobd. Y'
ClassName: 'Hpninr' WindowName: 'Qnghat. Mqsugj Axf, Pgcsrqolh'
ClassName: 'Pgcsrqolh, Hpninr' WindowName: 'Qnghat. Mqsugj Axf'
ClassName: 'Qpsvc Kned Mbp P' WindowName: 'Rqtltiqg Fuafgxv, Y'
ClassName: 'Dftb Eic' WindowName: 'Miifbk Vnq Ros. E, Xfnhn'
ClassName: 'Xfnhn, Dftb Eic' WindowName: 'Miifbk Vnq Ros. E'
ClassName: 'Ylicyw Dvbkn. Qdwup' WindowName: 'Vnnukyn Jwolblpw'
ClassName: 'Trnijus Qxftif Eai' WindowName: 'Tdlnqu Ot. Qsbd'
Descargue Dr.Web para Android
Gratis por 3 meses
Todos los componentes de protección
Renovación de la demo a través de AppGallery/Google Pay
Si Vd. continúa usando este sitio web, esto significa que Vd. acepta el uso de archivos Cookie y otras tecnologías para que recabemos las estadísticas sobre los visitantes. Más información
OK