PARA USUARIOS

Cerrar

Mi biblioteca
Mi biblioteca

+ Añadir a la biblioteca

Buscar
Buscar

Soporte
Soporte 24 horas | Normas de contactar

Escribir

una solicitud al rellenar un formulario

Llamar

+7 (495) 789-45-86

Foro

Sus solicitudes

Crear una nueva solicitud

Llamar

+7 (495) 789-45-86

Perfil

ES

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Cerrar
Servicios
Escáneres
Dr.Web vxCube
Demo
Biblioteca de virus
Base de conocimiento

Tecnologías

Términos

Formación y educación

Mitos

Noticias

Trojan.KillProc2.27950

Added to the Dr.Web virus database: 2025-07-16

Virus description added:

Technical Information

Malicious functions
Terminates or attempts to terminate
the following system processes:
  • %WINDIR%\explorer.exe
  • <SYSTEM32>\taskhost.exe
  • <SYSTEM32>\dwm.exe
the following user processes:
  • iexplore.exe
  • firefox.exe
Modifies file system
Creates the following files
  • %WINDIR%y1s2fctrp3
  • %CommonProgramFiles%\microsoft shared\ddqayq w6csjja14n1 girls .zip.exe
  • %ProgramFiles%\dvd maker\shared\mnho9y54 gay big boots .zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\f07qtt bd1l5ir lpcu5ai3 big hole ash .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\zc8giv9 7nd83wovj mnho9y54 uncut qq6w54yfhtqrbwcslg .zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\7b6fhxi nom72kl uncut legs .rar.exe
  • %ProgramFiles%\microsoft office\templates\ikdyfwhy bd1l5ir mzwpstr8n [free] kfp2yqq fishy .rar.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\ikdyfwhy ddqayq mzwpstr8n girls fishy (hyo87il,liz).mpg.exe
  • %ProgramFiles%\windows journal\templates\tsomq34 uncut latex .avi.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\z1qxwcd tsomq34 sgu4m7oc titts ae2sd7u4xh .mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\horse uncut (jade).mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\f07qtt horse mnho9y54 uncut young (rdl1tfkz).zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\black mnho9y54 horse 7vepaqjm ash .zip.exe
  • %CommonProgramFiles(x86)%\microsoft shared\upfgetx xakmpl nom72kl ihthd33 jxqgtp nrb42wq .rar.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\jxaglwti sperm vjq39c1gwy .zip.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\f07qtt yzw1afy vjq39c1gwy titts (c4w8hqa).rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\bd1l5ir vjq39c1gwy .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\zc8giv9 horse apv53deiq9fw young (dxocjwba,jade).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\xakmpl beast bq4kno glans zn3tvn (haj1oyikd,cy4xpd).zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\mnho9y54 ihthd33 .avi.exe
  • %ALLUSERSPROFILE%\templates\7nd83wovj w6csjja14n1 epyxwn feet (36mho73).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\f07qtt xakmpl uncut lady (sonja,gina).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\eq7k2xcxt sperm mzwpstr8n hot (!) .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\z9z7rwe ddqayq [milf] .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\s2fkave xakmpl mzwpstr8n hot (!) eigt45 .mpeg.exe
  • %ALLUSERSPROFILE%\templates\sperm [free] glans gsva2xn .rar.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\upfgetx cum xakmpl uncut feet (dxocjwba,rdl1tfkz).zip.exe
  • C:\users\default\appdata\local\temp\ikdyfwhy horse hot (!) .mpeg.exe
  • C:\users\default\appdata\local\<INETFILES>\8ok6yf apv53deiq9fw hairy .mpeg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\xakmpl gay hot (!) nmibe2 .rar.exe
  • C:\users\default\templates\zc8giv9 bd1l5ir gay [bangbus] .rar.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\7b6fhxi porn nom72kl [free] glans rv0y8n .zip.exe
  • %TEMP%\xakmpl uncut cock qq6w54yfhtqrbwcslg (g6u8n4r,hyo87il).zip.exe
  • %LOCALAPPDATA%\<INETFILES>\0287zh sperm [free] (dxocjwba,hyo87il).zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\lpcu5ai3 [milf] b37oavmx289 (sandy,g6u8n4r).mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\z1qxwcd xakmpl w6csjja14n1 ihthd33 hairy (2hbt8wr).zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\asian yzw1afy horse uncut .avi.exe
  • %APPDATA%\microsoft\windows\templates\nom72kl vjq39c1gwy (sonja).avi.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\zc8giv9 sperm horse uncut .mpg.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\xakmpl nom72kl ihthd33 boobs (gina).mpeg.exe
  • %HOMEPATH%\templates\ikdyfwhy xakmpl [free] .mpg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\porn nom72kl jxqgtp .avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\bd1l5ir gay [milf] .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\f07qtt cum uncut cock .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\f07qtt yzw1afy apv53deiq9fw titts .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\asian yzw1afy ihthd33 qx2j1b5 .mpeg.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\upfgetx porn mzwpstr8n [bangbus] boobs mg9fvb2xk9 .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\4h1e2a346 nom72kl 8ok6yf big cock b37oavmx289 (haj1oyikd,g6u8n4r).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\eq7k2xcxt xakmpl bq4kno nmibe2 .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\black mnho9y54 girls girly (rdl1tfkz,c4w8hqa).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\porn ihthd33 ash boots .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\tsomq34 ihthd33 .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\horse horse uncut hole .avi.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\s2fkave porn epyxwn .avi.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\porn gay vjq39c1gwy .mpeg.exe
  • %WINDIR%\assembly\temp\fac71w2 lpcu5ai3 nom72kl 7vepaqjm young .zip.exe
  • %WINDIR%\assembly\tmp\gzn4ud7e lpcu5ai3 7nd83wovj l9hwcs7vvnphd9 fishy (2hbt8wr).mpg.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\jxaglwti mnho9y54 epyxwn .avi.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\asian beast [milf] fishy .rar.exe
  • %WINDIR%\pla\templates\0287zh w6csjja14n1 apv53deiq9fw .rar.exe
  • %WINDIR%\security\templates\wpjwijv mnho9y54 uncut feet eigt45 .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\upfgetx beast big ejn547rbxhd1 .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\wpjwijv 8ok6yf uncut titts girly .avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\z1qxwcd ddqayq w6csjja14n1 ihthd33 .rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\asian xxx ddqayq l9hwcs7vvnphd9 kfp2yqq .zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\fac71w2 cum w6csjja14n1 vjq39c1gwy (rdl1tfkz,liz).avi.exe
  • %WINDIR%\syswow64\config\systemprofile\0287zh cum [milf] .avi.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\lpcu5ai3 [free] .zip.exe
  • %WINDIR%\syswow64\fxstmp\yzw1afy [free] kfp2yqq wifey (sonja,y8oxsqa).rar.exe
  • %WINDIR%\syswow64\ime\shared\f1i7cm h93bklf nom72kl zn3tvn .avi.exe
  • %WINDIR%\syswow64\config\systemprofile\upfgetx nom72kl ihthd33 jxqgtp sm .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\eq7k2xcxt nom72kl uncut mg9fvb2xk9 .avi.exe
  • %WINDIR%\syswow64\fxstmp\viaz50 tsomq34 7vepaqjm .rar.exe
  • %WINDIR%\syswow64\ime\shared\fac71w2 nude tsomq34 [milf] ash .rar.exe
  • %WINDIR%\temp\h93bklf [free] .zip.exe
  • %WINDIR%\winsxs\installtemp\beast 8ok6yf [bangbus] .mpeg.exe
  • <Current directory>\sqjaed7r1vnw
  • %CommonProgramFiles%\microsoft shared\z9z7rwe cum sgu4m7oc feet boots (dxocjwba,sandy).mpg.exe
  • %ProgramFiles%\dvd maker\shared\wpjwijv 7nd83wovj xxx apv53deiq9fw cock zn3tvn .zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\yzw1afy uncut .rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\mzwpstr8n girls jxqgtp (dxocjwba,liz).mpg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\f07qtt 7nd83wovj vjq39c1gwy .mpg.exe
  • %ProgramFiles%\windows journal\templates\nom72kl porn uncut glans 8pfmdyy (36mho73,jenna).mpg.exe
  • %CommonProgramFiles%\microsoft shared\black 7nd83wovj sperm bq4kno titts hairy .mpg.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\0287zh beast nom72kl 6tl9zg0uqa .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\7nd83wovj sperm 7vepaqjm 40+ .mpeg.exe
  • %ProgramFiles%\dvd maker\shared\f1i7cm nude horse l9hwcs7vvnphd9 (2hbt8wr).mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\mnho9y54 [bangbus] ol6p1tua (sonja,sarah).avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\horse uncut feet .zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\ sgu4m7oc ae2sd7u4xh .rar.exe
  • %ProgramFiles%\microsoft office\templates\mnho9y54 ihthd33 nmibe2 .rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\lpcu5ai3 l9hwcs7vvnphd9 (haj1oyikd,g6u8n4r).avi.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\horse [milf] .mpeg.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\lpcu5ai3 [milf] eigt45 .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\mzwpstr8n yzw1afy uncut .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\xxx girls (dxocjwba).rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\black w6csjja14n1 mzwpstr8n hot (!) cock qx2j1b5 .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\upfgetx nude xxx nom72kl .rar.exe
  • %CommonProgramFiles(x86)%\microsoft shared\mnho9y54 l9hwcs7vvnphd9 feet fishy .zip.exe
  • %CommonProgramFiles(x86)%\microsoft shared\4h1e2a346 horse cum 7vepaqjm hole (haj1oyikd,g6u8n4r).mpg.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\gzn4ud7e wep6b08 lpcu5ai3 girls hole qx2j1b5 .mpeg.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\yzw1afy 7vepaqjm .mpg.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\mnho9y54 nom72kl hole shoes (cy4xpd).zip.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\cum mzwpstr8n nom72kl qx2j1b5 .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\fac71w2 7nd83wovj lpcu5ai3 ihthd33 glans fw58kpr41ob1w (liz).rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\4h1e2a346 nude nom72kl cock (c4w8hqa).zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\black 8ok6yf tsomq34 [bangbus] cock .avi.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\gzn4ud7e lpcu5ai3 hot (!) .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\yzw1afy sgu4m7oc lady (haj1oyikd,cy4xpd).zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\mzwpstr8n 7vepaqjm titts .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\s2fkave xxx lpcu5ai3 7vepaqjm zn3tvn .avi.exe
  • %ALLUSERSPROFILE%\templates\lpcu5ai3 epyxwn b37oavmx289 .avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\eq7k2xcxt w6csjja14n1 nom72kl bq4kno hotel .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\4h1e2a346 bd1l5ir uncut boobs wifey .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\gzn4ud7e horse mzwpstr8n [milf] gsva2xn .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\gay [milf] hole .mpeg.exe
  • %ALLUSERSPROFILE%\templates\tsomq34 [milf] .zip.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\gzn4ud7e xakmpl sperm [bangbus] feet gsva2xn (gina,karin).rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\upfgetx horse uncut boobs .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\7nd83wovj mzwpstr8n [bangbus] .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\xxx apv53deiq9fw 50+ .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\7nd83wovj yzw1afy girls fw58kpr41ob1w .mpeg.exe
  • %ALLUSERSPROFILE%\templates\f1i7cm 8ok6yf xxx bq4kno sgoibhh .mpeg.exe
  • %ALLUSERSPROFILE%\templates\f07qtt 8ok6yf 8ok6yf bq4kno .mpeg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\mnho9y54 sperm vjq39c1gwy girly (liz,haj1oyikd).zip.exe
  • C:\users\default\appdata\local\temp\ hot (!) .mpeg.exe
  • C:\users\default\appdata\local\temp\z9z7rwe porn ihthd33 feet 8pfmdyy .rar.exe
  • C:\users\default\appdata\local\<INETFILES>\xxx nom72kl lady .avi.exe
  • C:\users\default\appdata\local\<INETFILES>\ikdyfwhy sperm beast [milf] 50+ .mpg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\s2fkave mzwpstr8n girls .mpg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\s2fkave 8ok6yf mnho9y54 sgu4m7oc hotel .zip.exe
  • C:\users\default\templates\8r3baiec xakmpl epyxwn b37oavmx289 (hyo87il,dxocjwba).avi.exe
  • C:\users\default\templates\eq7k2xcxt cum beast epyxwn glans .rar.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\8r3baiec horse mnho9y54 nom72kl 779mipj .mpg.exe
  • %TEMP%\xxx 7vepaqjm ash (dehod0,dxocjwba).zip.exe
  • %LOCALAPPDATA%\<INETFILES>\eq7k2xcxt h93bklf mzwpstr8n [milf] glans .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\wpjwijv gay vjq39c1gwy cock 40+ (karin).mpg.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\7b6fhxi beast tsomq34 apv53deiq9fw 50+ .rar.exe
  • %APPDATA%\microsoft\templates\lpcu5ai3 uncut sm .rar.exe
  • %APPDATA%\microsoft\windows\templates\z9z7rwe xakmpl xxx epyxwn cock (jenna,g6u8n4r).rar.exe
  • %TEMP%\f1i7cm lpcu5ai3 [bangbus] ash ejn547rbxhd1 .mpeg.exe
  • %LOCALAPPDATA%\<INETFILES>\mzwpstr8n ddqayq [milf] .rar.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\sperm big (2hbt8wr).rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\8ok6yf bq4kno jxqgtp (rdl1tfkz,karin).mpg.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\eq7k2xcxt bd1l5ir xxx ihthd33 feet b37oavmx289 .avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\mzwpstr8n ihthd33 ejn547rbxhd1 (hyo87il,jenna).mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\horse yzw1afy uncut .rar.exe
  • %HOMEPATH%\templates\upfgetx horse xxx epyxwn .avi.exe
  • %APPDATA%\microsoft\templates\wpjwijv mnho9y54 wep6b08 [free] .avi.exe
  • %APPDATA%\microsoft\windows\templates\zc8giv9 [milf] glans (sandy,rdl1tfkz).avi.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\wpjwijv xxx 7nd83wovj sgu4m7oc (dxocjwba,36mho73).mpeg.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\ikdyfwhy nude 7nd83wovj [milf] 50+ (liz).avi.exe
  • %HOMEPATH%\templates\ikdyfwhy w6csjja14n1 epyxwn feet ol6p1tua (sandy,gina).zip.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\horse cum [free] .rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\f07qtt porn yzw1afy bq4kno nmibe2 (jenna,g6u8n4r).mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\8ok6yf mzwpstr8n uncut zmc8ujp .zip.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\gzn4ud7e w6csjja14n1 nom72kl [milf] feet boots (dxocjwba).rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\viaz50 ddqayq l9hwcs7vvnphd9 8bgkvshe1 .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\sperm girls nrb42wq .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\ [free] ol6p1tua (sonja,2hbt8wr).mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\xakmpl yzw1afy hot (!) boots .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\upfgetx horse horse l9hwcs7vvnphd9 cock .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\xxx l9hwcs7vvnphd9 .zip.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\yzw1afy girls .mpeg.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\fac71w2 tsomq34 [milf] kfp2yqq (sarah).mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\mnho9y54 bq4kno .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\lpcu5ai3 hot (!) titts .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\0287zh bd1l5ir hot (!) balls .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\zc8giv9 horse xakmpl nom72kl legs hairy .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\beast l9hwcs7vvnphd9 (dxocjwba).rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\yzw1afy horse l9hwcs7vvnphd9 qq6w54yfhtqrbwcslg .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\wpjwijv sperm girls ash gh5b6gd7wrv .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\gzn4ud7e ddqayq beast [milf] .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\lpcu5ai3 girls glans zmc8ujp (dxocjwba).mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\nom72kl [milf] balls .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\tsomq34 big .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\jxaglwti nom72kl nom72kl 7vepaqjm 779mipj .rar.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\sperm bq4kno glans ae2sd7u4xh .avi.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\7b6fhxi beast 7vepaqjm .mpg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\tsomq34 [bangbus] b37oavmx289 .mpg.exe
  • %WINDIR%\assembly\temp\fac71w2 h93bklf nom72kl bq4kno titts b37oavmx289 (2hbt8wr).avi.exe
  • %WINDIR%\assembly\tmp\eq7k2xcxt horse sperm nom72kl sm .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\f1i7cm 8ok6yf xakmpl epyxwn .rar.exe
  • %WINDIR%\assembly\temp\z9z7rwe sperm 8ok6yf ihthd33 zmc8ujp .mpeg.exe
  • %WINDIR%\assembly\tmp\tsomq34 horse [bangbus] .mpeg.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\lpcu5ai3 sgu4m7oc gh5b6gd7wrv .mpeg.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\0287zh tsomq34 [free] .zip.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\eq7k2xcxt xakmpl nom72kl bq4kno rv0y8n (sonja,sarah).avi.exe
  • %WINDIR%\pla\templates\tsomq34 epyxwn cock (rdl1tfkz,liz).avi.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\nom72kl bq4kno cock gh5b6gd7wrv .rar.exe
  • %WINDIR%\security\templates\upfgetx horse horse 7vepaqjm feet 8pfmdyy (jade).mpg.exe
  • %WINDIR%\security\templates\beast horse uncut zmc8ujp .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\upfgetx ddqayq horse bq4kno hole .zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\s2fkave ddqayq lpcu5ai3 [free] .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\xxx tsomq34 [free] lzxyhb7k (cy4xpd,rdl1tfkz).avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\xxx bq4kno titts latex .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\fac71w2 tsomq34 bq4kno hairy .mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\ddqayq sperm uncut qx2j1b5 .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\black wep6b08 lpcu5ai3 [free] fishy .zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\7nd83wovj bd1l5ir [free] cock ejn547rbxhd1 .rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\upfgetx horse tsomq34 epyxwn glans mg9fvb2xk9 .zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\asian xakmpl epyxwn (gina,dxocjwba).avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\4h1e2a346 porn cum [milf] qq6w54yfhtqrbwcslg (rdl1tfkz,sonja).mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\gzn4ud7e 8ok6yf xxx epyxwn titts .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\black ddqayq tsomq34 epyxwn glans (rdl1tfkz,g6u8n4r).mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\horse nude apv53deiq9fw .avi.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\0287zh yzw1afy horse big .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\f1i7cm w6csjja14n1 nom72kl ihthd33 .mpeg.exe
  • %WINDIR%\syswow64\fxstmp\porn tsomq34 [free] .mpeg.exe
  • %WINDIR%\syswow64\ime\shared\gzn4ud7e h93bklf sperm hot (!) (g6u8n4r).rar.exe
  • %WINDIR%\syswow64\fxstmp\beast [milf] fishy .mpg.exe
  • %WINDIR%\syswow64\ime\shared\4h1e2a346 yzw1afy [bangbus] .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\gzn4ud7e 7nd83wovj beast uncut .avi.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\mzwpstr8n ihthd33 js80j73 .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\7nd83wovj beast sgu4m7oc cock (gina,36mho73).zip.exe
  • %WINDIR%\syswow64\fxstmp\upfgetx cum mzwpstr8n l9hwcs7vvnphd9 girly .avi.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\f1i7cm porn yzw1afy sgu4m7oc gsva2xn .zip.exe
  • %WINDIR%\syswow64\ime\shared\eq7k2xcxt porn sperm [milf] gh5b6gd7wrv .mpeg.exe
  • %WINDIR%\syswow64\fxstmp\ddqayq apv53deiq9fw ash sweet .avi.exe
  • %WINDIR%\syswow64\ime\shared\4h1e2a346 h93bklf xxx big .zip.exe
  • %WINDIR%\temp\eq7k2xcxt 7nd83wovj lpcu5ai3 [bangbus] .zip.exe
  • %WINDIR%\temp\4h1e2a346 h93bklf w6csjja14n1 [milf] sweet .avi.exe
  • %WINDIR%\winsxs\installtemp\mnho9y54 bq4kno nrb42wq (jenna,y8oxsqa).avi.exe
  • %WINDIR%\winsxs\installtemp\s2fkave mnho9y54 bd1l5ir [free] zn3tvn .rar.exe
Miscellaneous
Searches for the following windows
  • ClassName: 'Progman' WindowName: ''
  • ClassName: 'Proxy Desktop' WindowName: ''
Restarts the analyzed sample
Executes the following
  • '%WINDIR%\explorer.exe'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play