PARA USUARIOS

Cerrar

Mi biblioteca
Mi biblioteca

+ Añadir a la biblioteca

Buscar
Buscar

Soporte
Soporte 24 horas | Normas de contactar

Escribir

una solicitud al rellenar un formulario

Llamar

+7 (495) 789-45-86

Foro

Sus solicitudes

Crear una nueva solicitud

Llamar

+7 (495) 789-45-86

Perfil

ES

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Cerrar
Servicios
Escáneres
Dr.Web vxCube
Demo
Peritaje de IIV
Biblioteca de virus
Base de conocimiento

Tecnologías

Términos

Formación y educación

Mitos

Noticias

Trojan.KillProc2.25376

Added to the Dr.Web virus database: 2025-07-10

Virus description added:

Technical Information

Malicious functions
Terminates or attempts to terminate
the following system processes:
  • %WINDIR%\explorer.exe
  • <SYSTEM32>\taskhost.exe
  • <SYSTEM32>\dwm.exe
the following user processes:
  • iexplore.exe
  • firefox.exe
Modifies file system
Creates the following files
  • %WINDIR%y1s2fctrp3
  • %CommonProgramFiles%\microsoft shared\black porn lpcu5ai3 sgu4m7oc ejn547rbxhd1 .avi.exe
  • %ProgramFiles%\dvd maker\shared\yzw1afy bq4kno glans lady .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\eq7k2xcxt 8ok6yf tsomq34 epyxwn zn3tvn .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\f07qtt 7nd83wovj mzwpstr8n ihthd33 titts lady .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\xxx nom72kl shoes .avi.exe
  • %ProgramFiles%\microsoft office\templates\ [bangbus] (g6u8n4r).avi.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\mzwpstr8n vjq39c1gwy glans ol6p1tua (karin).mpg.exe
  • %ProgramFiles%\windows journal\templates\8r3baiec 7nd83wovj sperm [bangbus] .avi.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\black cum beast [milf] feet balls (jade).avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\f07qtt 8ok6yf nom72kl [free] nmibe2 .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\ epyxwn glans 40+ (sarah).mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\upfgetx 7nd83wovj nom72kl nom72kl nrb42wq .avi.exe
  • %CommonProgramFiles(x86)%\microsoft shared\s2fkave nude beast [milf] .rar.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\black horse sperm [free] ae2sd7u4xh (sonja,liz).zip.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\f07qtt porn lpcu5ai3 [milf] .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\f07qtt w6csjja14n1 sperm uncut eigt45 .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\upfgetx cum nom72kl apv53deiq9fw sgoibhh .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\beast vjq39c1gwy girly .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\s2fkave h93bklf mnho9y54 [bangbus] glans lzxyhb7k (karin).mpg.exe
  • %ALLUSERSPROFILE%\templates\mnho9y54 apv53deiq9fw .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\eq7k2xcxt cum nom72kl vjq39c1gwy qx2j1b5 .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\gay uncut 50+ .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\8r3baiec horse xxx uncut wifey .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\lpcu5ai3 epyxwn cock .mpg.exe
  • %ALLUSERSPROFILE%\templates\mnho9y54 uncut ejn547rbxhd1 .mpeg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\eq7k2xcxt bd1l5ir tsomq34 vjq39c1gwy feet .mpg.exe
  • C:\users\default\appdata\local\temp\f1i7cm porn yzw1afy big fishy .mpg.exe
  • C:\users\default\appdata\local\<INETFILES>\horse bq4kno .rar.exe
  • C:\users\default\templates\4h1e2a346 beast bq4kno sm .zip.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\black w6csjja14n1 gay bq4kno hole zmc8ujp .mpg.exe
  • %TEMP%\8r3baiec porn tsomq34 l9hwcs7vvnphd9 (sarah).avi.exe
  • %LOCALAPPDATA%\<INETFILES>\beast [milf] sm (36mho73,cy4xpd).zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\black wep6b08 mzwpstr8n uncut .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\black 7nd83wovj nom72kl [bangbus] boots .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\8r3baiec porn nom72kl ihthd33 8bgkvshe1 (sandy,sarah).rar.exe
  • %APPDATA%\microsoft\templates\xxx [milf] glans nmibe2 .rar.exe
  • %APPDATA%\microsoft\windows\templates\f1i7cm horse mnho9y54 nom72kl (jade).avi.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\z9z7rwe w6csjja14n1 bq4kno .mpg.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\z9z7rwe w6csjja14n1 nom72kl sgu4m7oc cock .rar.exe
  • %HOMEPATH%\templates\f1i7cm ddqayq mnho9y54 vjq39c1gwy eigt45 .rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\eq7k2xcxt wep6b08 sgu4m7oc nrb42wq .mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\nom72kl sgu4m7oc lady (sandy,cy4xpd).rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\mzwpstr8n nom72kl fw58kpr41ob1w .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\gzn4ud7e 8ok6yf beast 7vepaqjm 6tl9zg0uqa .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\tsomq34 uncut girly .rar.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\f1i7cm bd1l5ir horse apv53deiq9fw gsva2xn .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\f07qtt 7nd83wovj mnho9y54 hot (!) hole .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\z9z7rwe xakmpl gay [milf] ol6p1tua (haj1oyikd,sarah).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\black ddqayq nom72kl 7vepaqjm lady .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\gzn4ud7e w6csjja14n1 lpcu5ai3 ihthd33 8pfmdyy .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\lpcu5ai3 big cock .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\black porn sperm apv53deiq9fw glans 779mipj .zip.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\ uncut feet (sonja,y8oxsqa).zip.exe
  • %WINDIR%\assembly\temp\4h1e2a346 sperm uncut cock lzxyhb7k (sarah).avi.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\8r3baiec wep6b08 vjq39c1gwy hole ash (liz).zip.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\yzw1afy big fw58kpr41ob1w .mpeg.exe
  • %WINDIR%\pla\templates\fac71w2 wep6b08 gay girls (sarah).rar.exe
  • %WINDIR%\security\templates\fac71w2 ddqayq beast [free] cock girly (jade).zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\mzwpstr8n [milf] gsva2xn .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\z9z7rwe w6csjja14n1 sperm apv53deiq9fw .mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\eq7k2xcxt horse beast [milf] cock latex .rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\z9z7rwe 7nd83wovj xxx 7vepaqjm .zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\horse girls titts .rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\8r3baiec w6csjja14n1 mzwpstr8n vjq39c1gwy gh5b6gd7wrv .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\f1i7cm horse nom72kl 7vepaqjm (c4w8hqa).mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\fac71w2 bd1l5ir nom72kl apv53deiq9fw feet balls .mpeg.exe
  • %WINDIR%\syswow64\fxstmp\eq7k2xcxt xakmpl mnho9y54 l9hwcs7vvnphd9 hole 50+ .mpg.exe
  • %WINDIR%\syswow64\ime\shared\s2fkave ddqayq tsomq34 7vepaqjm hole .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\eq7k2xcxt wep6b08 yzw1afy bq4kno (2hbt8wr).mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\beast nom72kl feet girly .zip.exe
  • %WINDIR%\syswow64\fxstmp\f07qtt xakmpl beast nom72kl glans young .avi.exe
  • %WINDIR%\syswow64\ime\shared\nom72kl big nrb42wq .rar.exe
  • %WINDIR%\temp\yzw1afy nom72kl .mpeg.exe
  • %WINDIR%\winsxs\installtemp\ddqayq mnho9y54 7vepaqjm hole .avi.exe
  • <Current directory>\sqjaed7r1vnw
  • %CommonProgramFiles%\microsoft shared\tsomq34 sperm nom72kl lady .mpg.exe
  • %CommonProgramFiles%\microsoft shared\8r3baiec ddqayq mzwpstr8n big zn3tvn .rar.exe
  • %ProgramFiles%\dvd maker\shared\0287zh nom72kl gay sgu4m7oc wifey .zip.exe
  • %ProgramFiles%\dvd maker\shared\mnho9y54 l9hwcs7vvnphd9 ol6p1tua .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\fac71w2 horse mzwpstr8n uncut lzxyhb7k (rdl1tfkz,cy4xpd).mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\ikdyfwhy porn epyxwn boobs .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\nom72kl uncut hole b37oavmx289 (dxocjwba).rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\black mzwpstr8n horse big lady (cy4xpd).avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\fac71w2 horse horse ihthd33 cock sweet .zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\h93bklf [free] hole 6tl9zg0uqa .rar.exe
  • %ProgramFiles%\microsoft office\templates\gzn4ud7e nude horse [milf] feet 50+ (cy4xpd).mpeg.exe
  • %ProgramFiles%\microsoft office\templates\ddqayq [milf] .mpeg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\tsomq34 [free] (dxocjwba,sarah).rar.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\upfgetx w6csjja14n1 lpcu5ai3 [free] .mpeg.exe
  • %ProgramFiles%\windows journal\templates\f1i7cm bd1l5ir yzw1afy [bangbus] cock lady .avi.exe
  • %ProgramFiles%\windows journal\templates\7b6fhxi horse bd1l5ir girls lzxyhb7k .zip.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\w6csjja14n1 [free] feet .mpeg.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\upfgetx ddqayq vjq39c1gwy balls .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\upfgetx cum tsomq34 uncut hole latex .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\fac71w2 xakmpl sperm l9hwcs7vvnphd9 kfp2yqq .mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\mzwpstr8n uncut feet .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\8r3baiec porn vjq39c1gwy cock (jade,sarah).avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\z9z7rwe tsomq34 l9hwcs7vvnphd9 feet 50+ .rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\yzw1afy 7vepaqjm cock fishy (g6u8n4r).mpg.exe
  • %CommonProgramFiles(x86)%\microsoft shared\fac71w2 cum mnho9y54 [free] (y8oxsqa).zip.exe
  • %CommonProgramFiles(x86)%\microsoft shared\eq7k2xcxt yzw1afy horse [milf] kfp2yqq sm .zip.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\z9z7rwe bd1l5ir beast l9hwcs7vvnphd9 hole 779mipj (karin).zip.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\jxaglwti porn bq4kno young .avi.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\jxaglwti nude horse sgu4m7oc ash .zip.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\z9z7rwe h93bklf xxx bq4kno cock 6tl9zg0uqa .rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\eq7k2xcxt wep6b08 uncut glans zmc8ujp (dxocjwba).rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\porn mnho9y54 apv53deiq9fw latex .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\black h93bklf bd1l5ir uncut .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\f1i7cm h93bklf beast ihthd33 rv0y8n .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\xxx vjq39c1gwy girly (sonja,dxocjwba).zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\asian porn sperm vjq39c1gwy hotel .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\8r3baiec beast tsomq34 7vepaqjm glans 50+ (sandy,sandy).mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\upfgetx nude mzwpstr8n sgu4m7oc (c4w8hqa).zip.exe
  • %ALLUSERSPROFILE%\templates\f1i7cm 8ok6yf mzwpstr8n uncut 40+ (36mho73,karin).zip.exe
  • %ALLUSERSPROFILE%\templates\zc8giv9 ddqayq beast [milf] feet nmibe2 .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\s2fkave porn horse hot (!) nrb42wq (karin,karin).avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\f1i7cm 7nd83wovj gay hot (!) .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\eq7k2xcxt beast uncut (hyo87il).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\f07qtt w6csjja14n1 gay [bangbus] shoes (jenna,jade).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\upfgetx wep6b08 tsomq34 7vepaqjm fishy (haj1oyikd,2hbt8wr).zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\7b6fhxi bd1l5ir 7vepaqjm zn3tvn .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\eq7k2xcxt w6csjja14n1 mnho9y54 bq4kno hole (rdl1tfkz,dxocjwba).zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\f07qtt lpcu5ai3 vjq39c1gwy glans qx2j1b5 .mpeg.exe
  • %ALLUSERSPROFILE%\templates\nude 7nd83wovj ihthd33 .avi.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\zc8giv9 horse 8ok6yf nom72kl .zip.exe
  • %ALLUSERSPROFILE%\templates\z9z7rwe h93bklf gay hot (!) sm .zip.exe
  • C:\users\default\appdata\local\temp\0287zh w6csjja14n1 sgu4m7oc .avi.exe
  • C:\users\default\appdata\local\<INETFILES>\nude h93bklf girls ash .avi.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\upfgetx ddqayq tsomq34 big lady .rar.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\eq7k2xcxt xakmpl epyxwn boots (sandy,jade).avi.exe
  • C:\users\default\appdata\local\temp\z9z7rwe ddqayq xxx [free] girly .mpeg.exe
  • C:\users\default\templates\nom72kl yzw1afy ihthd33 .zip.exe
  • C:\users\default\appdata\local\<INETFILES>\eq7k2xcxt xakmpl lpcu5ai3 bq4kno gh5b6gd7wrv .mpeg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\eq7k2xcxt w6csjja14n1 mzwpstr8n l9hwcs7vvnphd9 ae2sd7u4xh (sonja,cy4xpd).zip.exe
  • C:\users\default\templates\fac71w2 xakmpl lpcu5ai3 uncut titts .mpeg.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\wpjwijv beast vjq39c1gwy titts 8pfmdyy (gina).mpg.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\horse sgu4m7oc 50+ .avi.exe
  • %TEMP%\f1i7cm 8ok6yf mnho9y54 girls eigt45 .avi.exe
  • %TEMP%\gzn4ud7e lpcu5ai3 [milf] .avi.exe
  • %LOCALAPPDATA%\<INETFILES>\upfgetx porn ihthd33 glans boots .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\upfgetx w6csjja14n1 gay bq4kno .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\s2fkave 8ok6yf horse 7vepaqjm .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\mzwpstr8n uncut glans rv0y8n .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\zc8giv9 xxx xxx hot (!) (sarah,hyo87il).zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\asian 7nd83wovj ihthd33 qq6w54yfhtqrbwcslg (cy4xpd).mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\ sgu4m7oc 779mipj .zip.exe
  • %APPDATA%\microsoft\templates\8r3baiec cum cum [milf] titts ol6p1tua (sandy,jenna).mpg.exe
  • %APPDATA%\microsoft\templates\eq7k2xcxt wep6b08 beast sgu4m7oc cock latex (c4w8hqa).mpg.exe
  • %APPDATA%\microsoft\windows\templates\viaz50 xakmpl apv53deiq9fw js80j73 (dxocjwba).zip.exe
  • %APPDATA%\microsoft\windows\templates\upfgetx 7nd83wovj ihthd33 feet lady (sarah).rar.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\beast uncut young .avi.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\f1i7cm nude uncut b37oavmx289 .mpg.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\eq7k2xcxt ddqayq sperm uncut .zip.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\porn 7vepaqjm titts .mpg.exe
  • %HOMEPATH%\templates\xxx hot (!) .zip.exe
  • %HOMEPATH%\templates\fac71w2 gay gay l9hwcs7vvnphd9 6tl9zg0uqa .rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\ nom72kl titts sgoibhh .avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\zc8giv9 horse epyxwn .zip.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\z9z7rwe ddqayq big young .avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\black porn nom72kl epyxwn sgoibhh .avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\8r3baiec bd1l5ir xxx vjq39c1gwy titts .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\h93bklf uncut .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\8r3baiec nude mnho9y54 [bangbus] (2hbt8wr).zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\black tsomq34 beast uncut titts js80j73 (haj1oyikd).avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\8ok6yf horse nom72kl gsva2xn (dxocjwba).rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\z9z7rwe porn mnho9y54 [bangbus] (dxocjwba).mpeg.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\wpjwijv cum 8ok6yf hot (!) kfp2yqq balls .mpg.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\mzwpstr8n ihthd33 hole .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\eq7k2xcxt wep6b08 cum big sweet .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\horse uncut feet sweet (sarah).mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\gay girls 6tl9zg0uqa .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\cum [milf] .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\beast l9hwcs7vvnphd9 titts qq6w54yfhtqrbwcslg .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\upfgetx 7nd83wovj xxx [milf] b37oavmx289 .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\z9z7rwe h93bklf beast [milf] nrb42wq .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\7b6fhxi nom72kl xakmpl uncut zmc8ujp .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\gay ihthd33 nmibe2 (cy4xpd,sonja).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\gzn4ud7e w6csjja14n1 horse nom72kl 50+ .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\mzwpstr8n hot (!) .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\fac71w2 8ok6yf cum [bangbus] young .rar.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\8r3baiec h93bklf nom72kl uncut feet lzxyhb7k (cy4xpd).mpg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\black xxx sgu4m7oc .zip.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\8r3baiec h93bklf mnho9y54 apv53deiq9fw wifey .zip.exe
  • %WINDIR%\assembly\temp\ddqayq h93bklf [bangbus] girly (sonja).mpg.exe
  • %WINDIR%\assembly\temp\z9z7rwe cum horse [free] js80j73 .mpeg.exe
  • %WINDIR%\assembly\tmp\ 7vepaqjm hole .mpeg.exe
  • %WINDIR%\assembly\tmp\ gay 7vepaqjm lady .rar.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\jxaglwti cum w6csjja14n1 uncut .mpeg.exe
  • %WINDIR%\pla\templates\viaz50 xakmpl beast girls .zip.exe
  • %WINDIR%\security\templates\beast bd1l5ir big cock .mpeg.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\lpcu5ai3 uncut ol6p1tua .zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\8ok6yf uncut titts latex .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\nude sgu4m7oc (dxocjwba).rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\bd1l5ir xxx l9hwcs7vvnphd9 (jenna,dehod0).rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\sperm h93bklf hot (!) kfp2yqq sweet .avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\viaz50 xxx bq4kno boots (dxocjwba,sonja).mpg.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\ sgu4m7oc (g6u8n4r).zip.exe
  • %WINDIR%\pla\templates\sperm uncut feet hotel .zip.exe
  • %WINDIR%\security\templates\s2fkave 8ok6yf yzw1afy uncut fw58kpr41ob1w .zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\wep6b08 tsomq34 sgu4m7oc young .zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\beast [free] (liz).rar.exe
  • %WINDIR%\syswow64\config\systemprofile\tsomq34 7vepaqjm titts .zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\gay ihthd33 boots (rdl1tfkz,sarah).rar.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\ikdyfwhy 8ok6yf 7nd83wovj ihthd33 779mipj .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\gzn4ud7e cum sperm [free] eigt45 .rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\upfgetx xakmpl beast bq4kno titts .mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\8r3baiec 8ok6yf tsomq34 epyxwn rv0y8n .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\upfgetx h93bklf horse apv53deiq9fw feet fw58kpr41ob1w (2hbt8wr).mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\lpcu5ai3 girls qx2j1b5 (sandy,c4w8hqa).zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\tsomq34 7vepaqjm mg9fvb2xk9 .zip.exe
  • %WINDIR%\syswow64\ime\shared\bd1l5ir [milf] young (liz).rar.exe
  • %WINDIR%\syswow64\config\systemprofile\bd1l5ir gay bq4kno .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\fac71w2 7nd83wovj ihthd33 js80j73 .mpg.exe
  • %WINDIR%\syswow64\fxstmp\f07qtt horse vjq39c1gwy nmibe2 .mpg.exe
  • %WINDIR%\syswow64\fxstmp\bd1l5ir yzw1afy uncut glans (dehod0,g6u8n4r).mpg.exe
  • %WINDIR%\syswow64\ime\shared\gzn4ud7e bd1l5ir beast apv53deiq9fw feet .mpg.exe
  • %WINDIR%\syswow64\ime\shared\sperm tsomq34 uncut (dehod0,sonja).mpg.exe
  • %WINDIR%\temp\xakmpl hot (!) glans .avi.exe
  • %WINDIR%\syswow64\config\systemprofile\f07qtt wep6b08 nom72kl 7vepaqjm (liz).mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\gzn4ud7e wep6b08 gay epyxwn eigt45 (hyo87il,y8oxsqa).mpeg.exe
  • %WINDIR%\syswow64\fxstmp\sperm hot (!) (jade).mpg.exe
  • %WINDIR%\syswow64\ime\shared\eq7k2xcxt xakmpl sgu4m7oc .avi.exe
  • %WINDIR%\temp\ uncut titts .avi.exe
  • %WINDIR%\winsxs\installtemp\ [bangbus] glans lady .rar.exe
  • %WINDIR%\winsxs\installtemp\mzwpstr8n xxx girls .zip.exe
Miscellaneous
Searches for the following windows
  • ClassName: 'Progman' WindowName: ''
  • ClassName: 'Proxy Desktop' WindowName: ''
Restarts the analyzed sample
Executes the following
  • '%WINDIR%\explorer.exe'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play