Para el funcionamiento correcto del sitio web, debe activar el soporte de JavaScript en su navegador.
Win32.HLLW.Autoruner1.57375
Added to the Dr.Web virus database:
2013-10-01
Virus description added:
2013-10-02
Technical Information
To ensure autorun and distribution:
Modifies the following registry keys:
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe <SYSTEM32>\sysico.exe'
Creates the following files on removable media:
<Drive name for removable media>:\system.exe
<Drive name for removable media>:\Autorun.inf
Malicious functions:
Creates and executes the following:
Executes the following:
'<SYSTEM32>\reg.exe' add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden" /f /v UncheckedValue /t REG_DWORD /d 0
'<SYSTEM32>\reg.exe' add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v Shell /t REG_SZ /d "Explorer.exe <SYSTEM32>\sysico.exe"
'<SYSTEM32>\reg.exe' /c reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v Shell /t REG_SZ /d "Explorer.exe <SYSTEM32>\sysico.exe"
'<SYSTEM32>\reg.exe' /pid=4088
'<SYSTEM32>\reg.exe' /pid=3624
'<SYSTEM32>\reg.exe' /pid=1480
'<SYSTEM32>\reg.exe' /pid=3640
'<SYSTEM32>\reg.exe' /pid=280
'<SYSTEM32>\reg.exe' /pid=592
'<SYSTEM32>\reg.exe' /pid=1880
'<SYSTEM32>\reg.exe' /pid=3780
Injects code into
the following system processes:
<SYSTEM32>\reg.exe
<SYSTEM32>\cmd.exe
Modifies file system :
Creates the following files:
C:\system.exe
C:\Autorun.inf
<SYSTEM32>\sysico.exe
Sets the 'hidden' attribute to the following files:
C:\system.exe
C:\Autorun.inf
<Drive name for removable media>:\system.exe
<Drive name for removable media>:\Autorun.inf
Deletes the following files:
Moves the following files:
from <SYSTEM32>\sysico.exe to <SYSTEM32>\cdk.dll
Miscellaneous:
Searches for the following windows:
ClassName: '(null)' WindowName: 'Windows Task Manager'
ClassName: '#32770' WindowName: '(null)'
ClassName: 'SysListView32' WindowName: '(null)'
Descargue Dr.Web para Android
Gratis por 3 meses
Todos los componentes de protección
Renovación de la demo a través de AppGallery/Google Pay
Si Vd. continúa usando este sitio web, esto significa que Vd. acepta el uso de archivos Cookie y otras tecnologías para que recabemos las estadísticas sobre los visitantes. Más información
OK