Para el funcionamiento correcto del sitio web, debe activar el soporte de JavaScript en su navegador.
Win32.HLLW.Autoruner.10315
Added to the Dr.Web virus database:
2009-11-24
Virus description added:
2022-06-22
Technical Information
To ensure autorun and distribution
Modifies the following registry keys
[<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = 'c:\fcSRV.exe'
Modifies file system
Creates the following files
C:\1.vbe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\picture.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms5\picture.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveprojecttoolset\picture.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\welcome tool\picture.exe
%ProgramFiles%\microsoft office\stationery\1033\picture.exe
%ProgramFiles%\windows media player\media renderer\picture.exe
%ProgramFiles%\windows media player\network sharing\picture.exe
%ProgramFiles%\windows sidebar\gadgets\mediacenter.gadget\images\picture.exe
%ProgramFiles%\winrar\sound.exe
%ProgramFiles(x86)%\k-lite codec pack\mpc-hc64\picture.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\acrocef\sound.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\picture.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\tracked-send\images\email\dummy\picture.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\resource\typesupport\unicode\icu\sound.exe
%CommonProgramFiles(x86)%\microsoft shared\stationery\picture.exe
%CommonProgramFiles(x86)%\services\picture.exe
%ProgramFiles(x86)%\google\chrome\application\42.0.2311.135\sound.exe
%ProgramFiles(x86)%\k-lite codec pack\sound.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\picture.exe
%ProgramFiles%\windows sidebar\gadgets\slideshow.gadget\images\picture.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\fieldtypepreview\picture.exe
%ProgramFiles%\microsoft office\media\cagcat10\picture.exe
%CommonProgramFiles%\microsoft shared\grphflt\picture.exe
%CommonProgramFiles%\microsoft shared\ink\sound.exe
%CommonProgramFiles%\microsoft shared\smart tag\lists\1033\sound.exe
%CommonProgramFiles%\microsoft shared\stationery\picture.exe
%CommonProgramFiles%\services\picture.exe
%ProgramFiles%\dvd maker\shared\dvdstyles\picture.exe
%ProgramFiles%\java\jre1.8.0_45\lib\sound.exe
%ProgramFiles%\microsoft office\clipart\pub60cor\picture.exe
%ProgramFiles%\microsoft office\office14\sound.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\groovedocumentreview\picture.exe
%ProgramFiles%\microsoft office\office14\picture.exe
%ProgramFiles%\microsoft office\office14\1033\sound.exe
%ProgramFiles%\microsoft office\office14\groove\toolbmps\picture.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\calendar\picture.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\commondata\picture.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\computers\picture.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\discussion\picture.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\picture.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\picture.exe
%ProgramFiles(x86)%\microsoft visual studio .net 2003\common7\packages\debugger\sound.exe
Moves the following files
from %ProgramFiles(x86)%\microsoft.net\sdk\v1.1\tool developers guide\docs\assembly metadata unmanaged api.doc to %ProgramFiles(x86)%\microsoft.net\sdk\v1.1\tool developers guide\docs\~wrl0001.tmp
Modifies the following files
%ProgramFiles(x86)%\microsoft.net\sdk\v1.1\tool developers guide\docs\debug.doc
%ProgramFiles(x86)%\microsoft.net\sdk\v1.1\tool developers guide\docs\debugref.doc
Substitutes the following files
%ProgramFiles(x86)%\Microsoft.NET\SDK\v1.1\Tool Developers Guide\docs\Assembly Metadata Unmanaged API.doc
%ProgramFiles(x86)%\Microsoft.NET\SDK\v1.1\Tool Developers Guide\docs\Debug.doc
%ProgramFiles(x86)%\Microsoft.NET\SDK\v1.1\Tool Developers Guide\docs\DebugRef.doc
Miscellaneous
Creates and executes the following
'%WINDIR%\syswow64\wscript.exe' "C:\1.VBE"
'%WINDIR%\syswow64\cmd.exe' /c C:\1.vbe' (with hidden window)
Executes the following
'%WINDIR%\syswow64\cmd.exe' /c C:\1.vbe
'%ProgramFiles%\microsoft office\office14\winword.exe' /Automation -Embedding
Descargue Dr.Web para Android
Gratis por 3 meses
Todos los componentes de protección
Renovación de la demo a través de AppGallery/Google Pay
Si Vd. continúa usando este sitio web, esto significa que Vd. acepta el uso de archivos Cookie y otras tecnologías para que recabemos las estadísticas sobre los visitantes. Más información
OK