[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] 'Description' = 'This zone contains all Web sites you haven't placed in other zones'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] 'Description' = 'This zone contains Web sites that could potentially damage your computer or data.'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] 'Description' = 'This zone contains all Web sites that are on your organization's intranet.'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] 'Description' = 'This zone contains Web sites that you trust not to damage your computer or data.'
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\Ass[1].exe
%TEMP%\294B4.dmp
%TEMP%\2E1AB.dmp
%TEMP%\2D98D.dmp
<SYSTEM32>\autorun.ini
%TEMP%\dw.log
<SYSTEM32>\winfiles.exe
%TEMP%\rmvxgaz
%TEMP%\aut1.tmp
%WINDIR%\winnt.exe
%TEMP%\aut2.tmp
%WINDIR%\winfiles.exe
%TEMP%\36BCB.dmp
%TEMP%\35DD1.dmp
%TEMP%\35610.dmp
%TEMP%\39A7C.dmp
%TEMP%\38BC6.dmp
%TEMP%\38241.dmp
%TEMP%\33F5C.dmp
%TEMP%\30205.dmp
%TEMP%\2F9C7.dmp
%TEMP%\2EAE3.dmp
%TEMP%\33895.dmp
%TEMP%\32413.dmp
%TEMP%\3134A.dmp
Sets the 'hidden' attribute to the following files:
<SYSTEM32>\autorun.ini
<Drive name for removable media>:\autorun.inf
<SYSTEM32>\winfiles.exe
%WINDIR%\winfiles.exe
Deletes the following files:
%TEMP%\RGI4.tmp
%TEMP%\RGI3.tmp
%TEMP%\RGI5.tmp
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\Ass[1].exe
%TEMP%\RGI6.tmp
%TEMP%\rmvxgaz
%TEMP%\aut1.tmp
%TEMP%\aut2.tmp
<Drive name for removable media>:\autorun.inf
<Drive name for removable media>:\winfiles.exe
Network activity:
Connects to:
'www.fr###ebtown.com':80
TCP:
HTTP GET requests:
www.fr###ebtown.com/badino2/Ass.exe
UDP:
DNS ASK www.fr###ebtown.com
Miscellaneous:
Searches for the following windows:
ClassName: 'Shell_TrayWnd' WindowName: ''
ClassName: 'Indicator' WindowName: ''
Descargue Dr.Web para Android
Gratis por 3 meses
Todos los componentes de protección
Renovación de la demo a través de AppGallery/Google Pay
Si Vd. continúa usando este sitio web, esto significa que Vd. acepta el uso de archivos Cookie y otras tecnologías para que recabemos las estadísticas sobre los visitantes. Más información