Para el funcionamiento correcto del sitio web, debe activar el soporte de JavaScript en su navegador.
Win32.HLLW.Autoruner.28439
Added to the Dr.Web virus database:
2010-09-16
Virus description added:
2019-11-14
Technical Information
Malicious functions
Hooks functions
in browsers
iexplore.exe process, cryptsp.dll module
iexplore.exe process, advapi32.dll module
Modifies file system
Creates the following files
%CommonProgramFiles(x86)%\microsoft shared\explorer.exe
C:\cftcab.txt
C:\rnfrib.jpg
C:\rcdxct.bmp
C:\qusdlu.gif
C:\uqaqud.doc
%CommonProgramFiles(x86)%\uiui8.dll
C:\1681.dat
C:\mfiles\winlogon.exe
D:\program files.exe
%LOCALAPPDATA%\microsoft\windows\history\history.ie5\mshist012019111120191112\index.dat
Sets the 'hidden' attribute to the following files
%CommonProgramFiles(x86)%\uiui8.dll
%CommonProgramFiles(x86)%\microsoft shared\explorer.exe
Moves the following files
from C:\cftcab.txt to C:\users\public\desktop\intennet exploner.lnk
from C:\rnfrib.jpg to C:\users\public\desktop\¸ä±ääãµäò»éú.url
from C:\rcdxct.bmp to C:\users\public\desktop\ìô±¦¹ºîïa.url
from C:\qusdlu.gif to C:\users\public\desktop\ãâ·ñµçó°c.url
from C:\uqaqud.doc to %HOMEPATH%\favorites\&Г§ГВ·Г—Гøö·µ¼º½&.url
from C:\1681.dat to %PROGRAMDATA%\microsoft\windows\start menu\programs\startup\8970.lnk
Network activity
TCP
HTTP GET requests
http://www.dh##5.com/?ie##
http://www.dh##5.com/4399.js
http://23##87.com/register?id#########
http://www.dh##5.com/favicon.ico
'hm.##idu.com':443
'23##87.com':443
UDP
DNS ASK dh##5.com
DNS ASK hm.##idu.com
DNS ASK 23##87.com
Miscellaneous
Searches for the following windows
ClassName: 'IEFrame' WindowName: ''
ClassName: 'WorkerW' WindowName: ''
ClassName: 'ReBarWindow32' WindowName: ''
ClassName: 'Address Band Root' WindowName: ''
ClassName: 'Edit' WindowName: ''
ClassName: '_____TTFrameWnd__101__' WindowName: ''
ClassName: 'Maxthon2_Frame' WindowName: ''
ClassName: '360se_Frame' WindowName: ''
ClassName: 'MS_AutodialMonitor' WindowName: ''
ClassName: 'MS_WebCheckMonitor' WindowName: ''
Creates and executes the following
'%CommonProgramFiles(x86)%\microsoft shared\explorer.exe'
Descargue Dr.Web para Android
Gratis por 3 meses
Todos los componentes de protección
Renovación de la demo a través de AppGallery/Google Pay
Si Vd. continúa usando este sitio web, esto significa que Vd. acepta el uso de archivos Cookie y otras tecnologías para que recabemos las estadísticas sobre los visitantes. Más información
OK