PARA USUARIOS

Cerrar

Mi biblioteca
Mi biblioteca

+ Añadir a la biblioteca

Buscar
Buscar

Soporte
Soporte 24 horas | Normas de contactar

Escribir

una solicitud al rellenar un formulario

Llamar

+7 (495) 789-45-86

Foro

Sus solicitudes

Crear una nueva solicitud

Llamar

+7 (495) 789-45-86

Perfil

ES

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Cerrar
Servicios
Escáneres
Dr.Web vxCube
Demo
Biblioteca de virus
Base de conocimiento

Tecnologías

Términos

Formación y educación

Mitos

Noticias

Trojan.KillProc2.29182

Added to the Dr.Web virus database: 2025-07-16

Virus description added:

Technical Information

Malicious functions
Terminates or attempts to terminate
the following system processes:
  • %WINDIR%\explorer.exe
  • <SYSTEM32>\taskhost.exe
  • <SYSTEM32>\dwm.exe
the following user processes:
  • iexplore.exe
  • firefox.exe
Modifies file system
Creates the following files
  • %WINDIR%y1s2fctrp3
  • %CommonProgramFiles%\microsoft shared\ bq4kno shoes .mpeg.exe
  • %ProgramFiles%\dvd maker\shared\mzwpstr8n sgu4m7oc boobs .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\0287zh gay 7nd83wovj girls .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\z9z7rwe 8ok6yf [free] young .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\horse big feet (jenna,haj1oyikd).mpg.exe
  • %ProgramFiles%\microsoft office\templates\h93bklf hot (!) sweet .avi.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\viaz50 beast beast apv53deiq9fw zn3tvn (sandy).zip.exe
  • %ProgramFiles%\windows journal\templates\z1qxwcd horse ihthd33 .rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\wpjwijv porn 7vepaqjm sweet (dehod0).rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\f07qtt 7nd83wovj bd1l5ir nom72kl ash .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\zc8giv9 nude hot (!) .zip.exe
  • %CommonProgramFiles(x86)%\microsoft shared\mnho9y54 apv53deiq9fw 8bgkvshe1 .mpg.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\lpcu5ai3 porn l9hwcs7vvnphd9 kfp2yqq b37oavmx289 .zip.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\wpjwijv xxx lpcu5ai3 big .zip.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\7nd83wovj sperm nom72kl .avi.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\zc8giv9 8ok6yf yzw1afy 7vepaqjm qx2j1b5 .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\wep6b08 wep6b08 7vepaqjm feet (y8oxsqa,sandy).zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\porn mnho9y54 hot (!) titts 779mipj .mpeg.exe
  • %ALLUSERSPROFILE%\templates\eq7k2xcxt wep6b08 l9hwcs7vvnphd9 latex .zip.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\z9z7rwe horse porn big 40+ (haj1oyikd).zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\wpjwijv horse hot (!) hole fishy .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\fac71w2 8ok6yf nom72kl epyxwn kfp2yqq ae2sd7u4xh (haj1oyikd).rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\8r3baiec bd1l5ir 7vepaqjm .avi.exe
  • %ALLUSERSPROFILE%\templates\ikdyfwhy sperm mzwpstr8n [milf] .zip.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\eq7k2xcxt sperm wep6b08 hot (!) boobs (sarah).avi.exe
  • C:\users\default\appdata\local\temp\xxx [free] js80j73 (sarah).zip.exe
  • C:\users\default\appdata\local\<INETFILES>\ddqayq vjq39c1gwy 6tl9zg0uqa .avi.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\cum [bangbus] .rar.exe
  • C:\users\default\templates\eq7k2xcxt gay big qq6w54yfhtqrbwcslg (y8oxsqa).zip.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\beast l9hwcs7vvnphd9 (sonja,jenna).zip.exe
  • %TEMP%\wpjwijv 7nd83wovj girls .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\sperm 7nd83wovj big latex .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\z1qxwcd xxx sgu4m7oc (g6u8n4r,dehod0).mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\f07qtt mzwpstr8n wep6b08 bq4kno cock .mpg.exe
  • %APPDATA%\microsoft\templates\fac71w2 nude cum l9hwcs7vvnphd9 sweet .mpg.exe
  • %APPDATA%\microsoft\windows\templates\f07qtt 7nd83wovj l9hwcs7vvnphd9 .zip.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\wep6b08 l9hwcs7vvnphd9 shoes .avi.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\black yzw1afy gay 7vepaqjm .mpeg.exe
  • %HOMEPATH%\templates\mzwpstr8n beast big .rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\fac71w2 8ok6yf porn apv53deiq9fw jxqgtp lady .mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\ikdyfwhy 7nd83wovj porn l9hwcs7vvnphd9 (sarah,sonja).mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\eq7k2xcxt gay wep6b08 [free] cock mg9fvb2xk9 .rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\upfgetx 8ok6yf lpcu5ai3 7vepaqjm hotel .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\s2fkave beast nom72kl lady .zip.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\porn h93bklf ihthd33 ash girly (rdl1tfkz,c4w8hqa).zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\black mzwpstr8n girls 40+ (rdl1tfkz).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\7b6fhxi w6csjja14n1 h93bklf vjq39c1gwy 40+ .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\fac71w2 sperm horse vjq39c1gwy 6tl9zg0uqa .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\sperm bq4kno hotel .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\z1qxwcd lpcu5ai3 nom72kl glans (haj1oyikd,y8oxsqa).mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\w6csjja14n1 apv53deiq9fw .avi.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\nude big 8pfmdyy .mpg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\mzwpstr8n uncut .zip.exe
  • %WINDIR%\assembly\temp\horse ddqayq apv53deiq9fw boobs qx2j1b5 .rar.exe
  • %WINDIR%\assembly\tmp\ikdyfwhy horse [free] hole .avi.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\0287zh porn sperm ihthd33 .avi.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\cum [bangbus] ol6p1tua (dehod0,dehod0).avi.exe
  • %WINDIR%\pla\templates\4h1e2a346 xakmpl hot (!) zn3tvn .avi.exe
  • %WINDIR%\security\templates\mzwpstr8n xxx uncut titts .zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\gzn4ud7e horse girls 50+ (karin).avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\beast [milf] b37oavmx289 .mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\xakmpl ihthd33 6tl9zg0uqa (y8oxsqa,dxocjwba).rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\mzwpstr8n ddqayq 7vepaqjm cock (cy4xpd).zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\mzwpstr8n tsomq34 [bangbus] eigt45 .mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\mnho9y54 uncut 8pfmdyy .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\beast apv53deiq9fw (sandy).avi.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\gzn4ud7e nom72kl bd1l5ir uncut .mpg.exe
  • %WINDIR%\syswow64\fxstmp\upfgetx ddqayq l9hwcs7vvnphd9 8bgkvshe1 (y8oxsqa).mpeg.exe
  • %WINDIR%\syswow64\ime\shared\8ok6yf l9hwcs7vvnphd9 .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\nude girls (haj1oyikd).mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\z9z7rwe mnho9y54 lpcu5ai3 sgu4m7oc 40+ .rar.exe
  • %WINDIR%\syswow64\fxstmp\s2fkave mzwpstr8n l9hwcs7vvnphd9 jxqgtp 8pfmdyy (liz).rar.exe
  • %WINDIR%\syswow64\ime\shared\8r3baiec horse yzw1afy ihthd33 nrb42wq .mpg.exe
  • %WINDIR%\temp\mnho9y54 hot (!) .rar.exe
  • %WINDIR%\winsxs\installtemp\sperm nude hot (!) (sandy,dehod0).mpeg.exe
  • <Current directory>\sqjaed7r1vnw
  • %CommonProgramFiles%\microsoft shared\sperm tsomq34 apv53deiq9fw feet .mpeg.exe
  • %CommonProgramFiles%\microsoft shared\lpcu5ai3 apv53deiq9fw .rar.exe
  • %ProgramFiles%\dvd maker\shared\beast sgu4m7oc zmc8ujp (36mho73,jade).zip.exe
  • %ProgramFiles%\dvd maker\shared\7b6fhxi porn girls (sarah,liz).mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\eq7k2xcxt ddqayq epyxwn balls .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\yzw1afy [free] 8bgkvshe1 .rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\nom72kl apv53deiq9fw boots .mpg.exe
  • %ProgramFiles%\microsoft office\templates\upfgetx xakmpl mzwpstr8n [bangbus] (g6u8n4r).mpeg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\f07qtt cum lpcu5ai3 [milf] zn3tvn .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\asian yzw1afy uncut .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\zc8giv9 7nd83wovj [milf] feet fishy .rar.exe
  • %ProgramFiles%\windows journal\templates\gzn4ud7e 8ok6yf sperm ihthd33 ejn547rbxhd1 (36mho73,karin).mpg.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\sperm girls shoes .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\mnho9y54 horse bq4kno .avi.exe
  • %ProgramFiles%\microsoft office\templates\cum sgu4m7oc nrb42wq .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\z9z7rwe xakmpl mzwpstr8n l9hwcs7vvnphd9 hole latex .avi.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\wpjwijv 7nd83wovj uncut 779mipj .rar.exe
  • %ProgramFiles%\windows journal\templates\lpcu5ai3 bd1l5ir 7vepaqjm ash .avi.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\bd1l5ir uncut lady .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\upfgetx ddqayq ihthd33 feet boots .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\s2fkave wep6b08 beast uncut lady (hyo87il,g6u8n4r).zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\black ddqayq mzwpstr8n girls .rar.exe
  • %CommonProgramFiles(x86)%\microsoft shared\sperm vjq39c1gwy .mpg.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\eq7k2xcxt ddqayq gay l9hwcs7vvnphd9 girly (gina,karin).mpeg.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\upfgetx 8ok6yf mzwpstr8n uncut titts .rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\jxaglwti xxx [free] boobs eigt45 (rdl1tfkz,sonja).mpg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\s2fkave 8ok6yf mnho9y54 [milf] feet .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\7b6fhxi 8ok6yf 7nd83wovj big .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\h93bklf girls .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\xxx vjq39c1gwy 40+ (haj1oyikd,cy4xpd).mpeg.exe
  • %ALLUSERSPROFILE%\templates\8r3baiec 8ok6yf yzw1afy [free] .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\lpcu5ai3 ihthd33 balls (sandy,dxocjwba).mpeg.exe
  • %CommonProgramFiles(x86)%\microsoft shared\horse epyxwn nmibe2 .avi.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\lpcu5ai3 epyxwn sweet (36mho73,cy4xpd).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\upfgetx xakmpl beast epyxwn glans fw58kpr41ob1w (sarah).zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\mnho9y54 sgu4m7oc (2hbt8wr).rar.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\zc8giv9 horse 7nd83wovj [free] (hyo87il,g6u8n4r).rar.exe
  • %ALLUSERSPROFILE%\templates\f1i7cm h93bklf yzw1afy [bangbus] fw58kpr41ob1w .mpg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\s2fkave 8ok6yf gay vjq39c1gwy titts js80j73 .mpg.exe
  • C:\users\default\appdata\local\temp\mnho9y54 ihthd33 titts hotel (liz).mpg.exe
  • C:\users\default\appdata\local\<INETFILES>\ epyxwn qq6w54yfhtqrbwcslg (haj1oyikd,c4w8hqa).zip.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\horse uncut sweet .avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\f1i7cm xakmpl cum sgu4m7oc .zip.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\nom72kl [milf] (jade).zip.exe
  • C:\users\default\templates\horse bq4kno feet young .avi.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\ikdyfwhy w6csjja14n1 sperm uncut .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\fac71w2 nude xxx [free] ash qq6w54yfhtqrbwcslg .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\asian nude uncut legs .rar.exe
  • %ALLUSERSPROFILE%\templates\ikdyfwhy nom72kl .rar.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\horse [free] fishy .rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\f1i7cm horse lpcu5ai3 epyxwn hole (haj1oyikd,sarah).avi.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\ddqayq yzw1afy 7vepaqjm cock .rar.exe
  • %TEMP%\sperm ihthd33 .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\gzn4ud7e nom72kl w6csjja14n1 uncut 6tl9zg0uqa .mpeg.exe
  • %LOCALAPPDATA%\<INETFILES>\eq7k2xcxt nude beast nom72kl 8bgkvshe1 .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\gzn4ud7e mnho9y54 uncut lady .mpg.exe
  • %ALLUSERSPROFILE%\templates\7b6fhxi xakmpl [milf] kfp2yqq .mpg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\gzn4ud7e porn porn [bangbus] jxqgtp .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\s2fkave ddqayq sperm apv53deiq9fw lzxyhb7k .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\sperm 7vepaqjm 779mipj .rar.exe
  • C:\users\default\appdata\local\temp\zc8giv9 bd1l5ir nude [bangbus] (sandy).mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\f1i7cm ddqayq bq4kno titts latex .avi.exe
  • C:\users\default\appdata\local\<INETFILES>\z9z7rwe mzwpstr8n horse l9hwcs7vvnphd9 wifey (g6u8n4r,jenna).mpg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\xakmpl [milf] glans latex .mpg.exe
  • C:\users\default\templates\ ddqayq girls boobs mg9fvb2xk9 .avi.exe
  • %APPDATA%\microsoft\templates\fac71w2 nude gay big sm .rar.exe
  • %APPDATA%\microsoft\windows\templates\gzn4ud7e nude beast [free] lzxyhb7k .rar.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\beast uncut zmc8ujp .zip.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\f07qtt h93bklf mzwpstr8n vjq39c1gwy girly .mpeg.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\wpjwijv beast apv53deiq9fw (gina).avi.exe
  • %TEMP%\black horse uncut shoes .mpeg.exe
  • %HOMEPATH%\templates\horse apv53deiq9fw girly .avi.exe
  • %LOCALAPPDATA%\<INETFILES>\porn 7nd83wovj big cock zn3tvn .avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\asian nom72kl nude [milf] mg9fvb2xk9 .mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\ uncut titts nrb42wq .zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\7b6fhxi nude sgu4m7oc (karin).avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\black h93bklf lpcu5ai3 bq4kno cock eigt45 (g6u8n4r).mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\cum uncut 50+ .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\mnho9y54 7vepaqjm feet ejn547rbxhd1 .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\upfgetx 7nd83wovj lpcu5ai3 sgu4m7oc latex .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\upfgetx bd1l5ir lpcu5ai3 [bangbus] glans zn3tvn .avi.exe
  • %APPDATA%\microsoft\templates\lpcu5ai3 h93bklf [bangbus] young (2hbt8wr).mpg.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\f07qtt h93bklf sperm bq4kno sweet .mpg.exe
  • %APPDATA%\microsoft\windows\templates\horse l9hwcs7vvnphd9 .zip.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\nom72kl [bangbus] glans .rar.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\f07qtt tsomq34 sperm sgu4m7oc boobs 6tl9zg0uqa .zip.exe
  • %HOMEPATH%\templates\7b6fhxi mnho9y54 sperm bq4kno glans b37oavmx289 .mpg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\tsomq34 [milf] .mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\asian h93bklf [milf] ash wifey .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\ikdyfwhy 8ok6yf uncut (sandy).rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\7nd83wovj porn [milf] b37oavmx289 .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\upfgetx porn mnho9y54 big titts (hyo87il,cy4xpd).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\f1i7cm w6csjja14n1 mnho9y54 apv53deiq9fw cock 8pfmdyy .zip.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\gzn4ud7e ddqayq vjq39c1gwy shoes (haj1oyikd).rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\yzw1afy girls gh5b6gd7wrv .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\yzw1afy bq4kno b37oavmx289 .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\black h93bklf yzw1afy 7vepaqjm cock .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\upfgetx horse yzw1afy epyxwn js80j73 .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\f1i7cm h93bklf yzw1afy girls hotel .rar.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\z9z7rwe 7nd83wovj lpcu5ai3 sgu4m7oc zn3tvn (sonja,cy4xpd).mpg.exe
  • %WINDIR%\assembly\temp\beast 7vepaqjm .mpeg.exe
  • %WINDIR%\assembly\tmp\f1i7cm h93bklf sperm epyxwn .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\asian h93bklf cum sgu4m7oc wifey (36mho73).mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\jxaglwti cum sgu4m7oc glans 40+ .mpg.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\f1i7cm 7nd83wovj horse vjq39c1gwy latex .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\z9z7rwe vjq39c1gwy titts .avi.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\z9z7rwe xakmpl tsomq34 7vepaqjm feet .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\ikdyfwhy xxx nom72kl (jade,dxocjwba).zip.exe
  • %WINDIR%\pla\templates\ [milf] .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\ikdyfwhy cum xxx big fw58kpr41ob1w .zip.exe
  • %WINDIR%\security\templates\upfgetx h93bklf beast big titts 50+ .mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\z9z7rwe w6csjja14n1 beast [milf] titts ejn547rbxhd1 (sarah).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\ddqayq uncut .mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\f07qtt porn [free] 6tl9zg0uqa .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\f1i7cm w6csjja14n1 tsomq34 vjq39c1gwy ash .avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\nom72kl nom72kl hole ol6p1tua (karin).mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\gzn4ud7e ddqayq xxx uncut rv0y8n (haj1oyikd,dxocjwba).mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\z9z7rwe xakmpl nom72kl big hole sm .mpg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\sperm lpcu5ai3 big .avi.exe
  • %WINDIR%\syswow64\config\systemprofile\gay bq4kno 6tl9zg0uqa .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\s2fkave bd1l5ir beast 7vepaqjm titts .avi.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\jxaglwti sperm uncut glans zmc8ujp .zip.exe
  • %WINDIR%\assembly\temp\7nd83wovj girls 40+ .avi.exe
  • %WINDIR%\assembly\tmp\w6csjja14n1 nom72kl ihthd33 .rar.exe
  • %WINDIR%\syswow64\fxstmp\beast [bangbus] (karin).rar.exe
  • %WINDIR%\syswow64\ime\shared\tsomq34 big .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\eq7k2xcxt ddqayq epyxwn 40+ .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\horse apv53deiq9fw balls .mpg.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\xakmpl [free] girly .mpeg.exe
  • %WINDIR%\syswow64\fxstmp\f1i7cm bd1l5ir xxx ihthd33 .mpeg.exe
  • %WINDIR%\syswow64\ime\shared\eq7k2xcxt nude lpcu5ai3 epyxwn qx2j1b5 .mpeg.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\nom72kl [bangbus] (cy4xpd,sarah).rar.exe
  • %WINDIR%\pla\templates\jxaglwti mnho9y54 7vepaqjm glans 779mipj .mpg.exe
  • %WINDIR%\temp\f1i7cm porn xxx uncut sgoibhh .zip.exe
  • %WINDIR%\security\templates\horse [free] ol6p1tua .zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\wep6b08 cum [bangbus] zmc8ujp .mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\jxaglwti mnho9y54 ihthd33 titts zn3tvn (c4w8hqa).mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\horse vjq39c1gwy boots (dxocjwba).zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\0287zh 7nd83wovj 7vepaqjm wifey .mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\horse uncut jxqgtp .avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\bd1l5ir wep6b08 [milf] hole .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\gzn4ud7e gay nom72kl ihthd33 .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\z1qxwcd beast xxx apv53deiq9fw gh5b6gd7wrv (gina,sonja).zip.exe
  • %WINDIR%\syswow64\fxstmp\horse horse epyxwn b37oavmx289 (cy4xpd).avi.exe
  • %WINDIR%\syswow64\ime\shared\0287zh bd1l5ir hot (!) (sandy).avi.exe
  • %WINDIR%\syswow64\config\systemprofile\nude apv53deiq9fw (c4w8hqa).zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\viaz50 horse xakmpl [bangbus] .rar.exe
  • %WINDIR%\syswow64\fxstmp\wpjwijv wep6b08 sgu4m7oc b37oavmx289 .mpg.exe
  • %WINDIR%\syswow64\ime\shared\mzwpstr8n l9hwcs7vvnphd9 hole gsva2xn .zip.exe
  • %WINDIR%\temp\upfgetx porn [milf] (cy4xpd).zip.exe
  • %WINDIR%\winsxs\installtemp\wpjwijv mnho9y54 nom72kl 8pfmdyy .avi.exe
  • %WINDIR%\winsxs\installtemp\xakmpl yzw1afy [bangbus] js80j73 .rar.exe
Miscellaneous
Searches for the following windows
  • ClassName: 'Progman' WindowName: ''
  • ClassName: 'Proxy Desktop' WindowName: ''
Restarts the analyzed sample
Executes the following
  • '%WINDIR%\explorer.exe'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play