PARA USUARIOS

Cerrar

Mi biblioteca
Mi biblioteca

+ Añadir a la biblioteca

Buscar
Buscar

Soporte
Soporte 24 horas | Normas de contactar

Escribir

una solicitud al rellenar un formulario

Llamar

+7 (495) 789-45-86

Foro

Sus solicitudes

Crear una nueva solicitud

Llamar

+7 (495) 789-45-86

Perfil

ES

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Cerrar
Servicios
Escáneres
Dr.Web vxCube
Demo
Biblioteca de virus
Base de conocimiento

Tecnologías

Términos

Formación y educación

Mitos

Noticias

Trojan.KillProc2.28249

Added to the Dr.Web virus database: 2025-07-16

Virus description added:

Technical Information

Malicious functions
Terminates or attempts to terminate
the following system processes:
  • %WINDIR%\explorer.exe
  • <SYSTEM32>\taskhost.exe
  • <SYSTEM32>\dwm.exe
the following user processes:
  • iexplore.exe
  • firefox.exe
Modifies file system
Creates the following files
  • %WINDIR%y1s2fctrp3
  • %CommonProgramFiles%\microsoft shared\wpjwijv nude mnho9y54 nom72kl .mpg.exe
  • %ProgramFiles%\dvd maker\shared\xakmpl 8ok6yf sgu4m7oc .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\zc8giv9 horse gay bq4kno cock .zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\0287zh w6csjja14n1 sgu4m7oc hole ae2sd7u4xh .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\sperm girls hotel .mpg.exe
  • %ProgramFiles%\microsoft office\templates\z9z7rwe 8ok6yf xxx bq4kno young (sandy,cy4xpd).mpg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\8r3baiec sperm uncut sm .avi.exe
  • %ProgramFiles%\windows journal\templates\ikdyfwhy mzwpstr8n mzwpstr8n epyxwn hole (gina,jade).mpeg.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\viaz50 sperm mnho9y54 7vepaqjm (dehod0,y8oxsqa).zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\jxaglwti mnho9y54 h93bklf hot (!) lady (sarah).avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\beast horse [milf] hole (g6u8n4r,rdl1tfkz).mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\wpjwijv cum mnho9y54 uncut zn3tvn (sonja,sonja).zip.exe
  • %CommonProgramFiles(x86)%\microsoft shared\s2fkave h93bklf girls .avi.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\z1qxwcd bd1l5ir tsomq34 [bangbus] titts zmc8ujp (sonja,hyo87il).zip.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\black 8ok6yf sgu4m7oc ol6p1tua .avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\gay wep6b08 [milf] 50+ (jenna,liz).avi.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\wpjwijv h93bklf [bangbus] titts .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\xxx bq4kno hole (36mho73,sarah).rar.exe
  • %ALLUSERSPROFILE%\templates\bd1l5ir [milf] boobs .zip.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\w6csjja14n1 vjq39c1gwy lzxyhb7k (2hbt8wr,cy4xpd).rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\8r3baiec ddqayq mzwpstr8n vjq39c1gwy shoes .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\f1i7cm mnho9y54 [bangbus] legs .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\zc8giv9 yzw1afy vjq39c1gwy (gina).avi.exe
  • %ALLUSERSPROFILE%\templates\nom72kl vjq39c1gwy .zip.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\f07qtt nom72kl [bangbus] sgoibhh .rar.exe
  • C:\users\default\appdata\local\temp\zc8giv9 wep6b08 xakmpl nom72kl sweet .mpg.exe
  • C:\users\default\appdata\local\<INETFILES>\z1qxwcd ddqayq ihthd33 wifey .mpeg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\asian mzwpstr8n mnho9y54 epyxwn 6tl9zg0uqa .zip.exe
  • C:\users\default\templates\viaz50 lpcu5ai3 bq4kno ol6p1tua .rar.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\zc8giv9 8ok6yf big glans lzxyhb7k .avi.exe
  • %TEMP%\bd1l5ir bq4kno .mpg.exe
  • %LOCALAPPDATA%\<INETFILES>\xakmpl 8ok6yf ihthd33 nrb42wq .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\h93bklf beast [bangbus] (karin).mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\f07qtt bd1l5ir epyxwn .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\asian 7nd83wovj apv53deiq9fw boots .avi.exe
  • %APPDATA%\microsoft\templates\xakmpl horse bq4kno .zip.exe
  • %APPDATA%\microsoft\windows\templates\wpjwijv xakmpl hot (!) .avi.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\black big gsva2xn .zip.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\ddqayq ihthd33 (haj1oyikd).rar.exe
  • %HOMEPATH%\templates\eq7k2xcxt 8ok6yf yzw1afy [free] nmibe2 .zip.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\viaz50 tsomq34 [bangbus] lady .avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\ikdyfwhy lpcu5ai3 gay ihthd33 .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\f1i7cm tsomq34 vjq39c1gwy 40+ .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\cum big .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\h93bklf nom72kl zn3tvn .avi.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\eq7k2xcxt yzw1afy 7vepaqjm (hyo87il).zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\black [milf] .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\tsomq34 hot (!) .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\cum uncut nmibe2 .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\8ok6yf 7vepaqjm 8pfmdyy .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\cum ddqayq ihthd33 kfp2yqq 779mipj (dehod0).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\z9z7rwe w6csjja14n1 big lzxyhb7k .rar.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\horse xxx hot (!) lzxyhb7k .zip.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\f07qtt gay beast uncut latex .rar.exe
  • %WINDIR%\assembly\temp\mnho9y54 bq4kno legs .rar.exe
  • %WINDIR%\assembly\tmp\zc8giv9 sperm [bangbus] .rar.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\black 7nd83wovj tsomq34 uncut boobs hotel .zip.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\zc8giv9 nude hot (!) zn3tvn .avi.exe
  • %WINDIR%\security\templates\zc8giv9 lpcu5ai3 uncut qq6w54yfhtqrbwcslg .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\7b6fhxi wep6b08 sperm ihthd33 girly (y8oxsqa,sarah).zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\gzn4ud7e 7nd83wovj lpcu5ai3 [free] (cy4xpd).mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\ddqayq tsomq34 [free] 6tl9zg0uqa .mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\yzw1afy tsomq34 vjq39c1gwy hotel .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\ikdyfwhy porn h93bklf apv53deiq9fw zn3tvn .mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\8ok6yf hot (!) kfp2yqq ash (dxocjwba,sonja).rar.exe
  • %WINDIR%\syswow64\config\systemprofile\f07qtt mzwpstr8n [milf] hole (gina,36mho73).mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\0287zh wep6b08 ihthd33 .avi.exe
  • %WINDIR%\syswow64\fxstmp\asian bd1l5ir vjq39c1gwy ash nrb42wq (sandy,dxocjwba).zip.exe
  • %WINDIR%\syswow64\ime\shared\beast 8ok6yf big kfp2yqq (hyo87il).mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\nom72kl nude [milf] gh5b6gd7wrv .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\viaz50 horse xakmpl nom72kl (cy4xpd,dxocjwba).zip.exe
  • %WINDIR%\syswow64\ime\shared\sperm hot (!) kfp2yqq .rar.exe
  • %WINDIR%\temp\viaz50 w6csjja14n1 sperm sgu4m7oc (liz).avi.exe
  • %WINDIR%\winsxs\installtemp\z1qxwcd w6csjja14n1 xakmpl ihthd33 779mipj .zip.exe
  • <Current directory>\sqjaed7r1vnw
  • %CommonProgramFiles%\microsoft shared\8r3baiec bd1l5ir ihthd33 hole lzxyhb7k .mpg.exe
  • %ProgramFiles%\dvd maker\shared\upfgetx xxx ddqayq epyxwn mg9fvb2xk9 .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\mzwpstr8n ihthd33 b37oavmx289 (dehod0,2hbt8wr).rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\eq7k2xcxt mzwpstr8n w6csjja14n1 uncut (jade).zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\f1i7cm yzw1afy nude ihthd33 .mpeg.exe
  • %ProgramFiles%\microsoft office\templates\gzn4ud7e yzw1afy nude [milf] glans qx2j1b5 (liz,jade).mpg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\horse [milf] 6tl9zg0uqa .avi.exe
  • %ProgramFiles%\windows journal\templates\viaz50 yzw1afy uncut .mpg.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\nom72kl cum [milf] js80j73 .mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\z9z7rwe beast porn nom72kl boobs sgoibhh .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\ikdyfwhy beast uncut .rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\ikdyfwhy mnho9y54 [free] glans qx2j1b5 .mpg.exe
  • %CommonProgramFiles(x86)%\microsoft shared\black gay bd1l5ir uncut jxqgtp rv0y8n .rar.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\f07qtt gay [milf] boobs wifey .mpeg.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\yzw1afy tsomq34 nom72kl jxqgtp 8bgkvshe1 .avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\jxaglwti bd1l5ir nude uncut ash .rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\fac71w2 lpcu5ai3 nom72kl [free] balls .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\s2fkave sperm h93bklf l9hwcs7vvnphd9 young .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\s2fkave w6csjja14n1 big rv0y8n .mpg.exe
  • %ALLUSERSPROFILE%\templates\gay [bangbus] (sandy).mpg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\mzwpstr8n nude big ash .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\z9z7rwe 7nd83wovj uncut ae2sd7u4xh .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\wpjwijv yzw1afy lpcu5ai3 [milf] .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\z9z7rwe [milf] mg9fvb2xk9 .zip.exe
  • %ALLUSERSPROFILE%\templates\ikdyfwhy beast xakmpl [free] sm .mpg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\wpjwijv 7nd83wovj 8ok6yf uncut kfp2yqq sm (c4w8hqa).mpg.exe
  • C:\users\default\appdata\local\temp\gzn4ud7e gay bd1l5ir [milf] .zip.exe
  • C:\users\default\appdata\local\<INETFILES>\gzn4ud7e sperm [bangbus] .mpeg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\4h1e2a346 mnho9y54 epyxwn shoes .zip.exe
  • C:\users\default\templates\viaz50 7nd83wovj ihthd33 .avi.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\zc8giv9 sperm sgu4m7oc ejn547rbxhd1 .avi.exe
  • %TEMP%\gzn4ud7e bd1l5ir 7nd83wovj [free] girly .zip.exe
  • %LOCALAPPDATA%\<INETFILES>\ddqayq vjq39c1gwy zmc8ujp (gina,liz).zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\7b6fhxi ddqayq uncut .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\7b6fhxi xakmpl apv53deiq9fw .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\mnho9y54 w6csjja14n1 epyxwn ash ejn547rbxhd1 (gina).mpg.exe
  • %APPDATA%\microsoft\templates\gzn4ud7e horse yzw1afy [milf] boobs young (cy4xpd,haj1oyikd).zip.exe
  • %APPDATA%\microsoft\windows\templates\wep6b08 yzw1afy 7vepaqjm glans b37oavmx289 .avi.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\8r3baiec tsomq34 xakmpl epyxwn legs zn3tvn .mpg.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\wpjwijv xxx apv53deiq9fw b37oavmx289 (jade).avi.exe
  • %HOMEPATH%\templates\fac71w2 tsomq34 girls (sonja).mpg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\4h1e2a346 mnho9y54 7vepaqjm 8bgkvshe1 .rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\black porn bd1l5ir vjq39c1gwy (hyo87il,liz).rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\ddqayq uncut sgoibhh .avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\jxaglwti bd1l5ir horse vjq39c1gwy sm (gina,rdl1tfkz).zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\8r3baiec xxx gay epyxwn sweet .rar.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\upfgetx xakmpl [free] .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\cum girls .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\ikdyfwhy bd1l5ir uncut feet latex (sonja).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\8r3baiec porn hot (!) titts .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\7b6fhxi porn nom72kl big glans (sonja,g6u8n4r).rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\upfgetx mnho9y54 porn 7vepaqjm ash fishy .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\z1qxwcd wep6b08 [free] ash .zip.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\fac71w2 mnho9y54 [bangbus] zn3tvn (sarah,c4w8hqa).zip.exe
  • %WINDIR%\assembly\temp\z9z7rwe w6csjja14n1 7vepaqjm 779mipj (36mho73,y8oxsqa).avi.exe
  • %WINDIR%\assembly\tmp\z1qxwcd porn w6csjja14n1 big .mpeg.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\f07qtt uncut .avi.exe
  • %WINDIR%\security\templates\nom72kl ddqayq vjq39c1gwy legs (gina).zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\gzn4ud7e 8ok6yf 8ok6yf uncut titts fishy .mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\h93bklf horse bq4kno titts 8bgkvshe1 .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\zc8giv9 tsomq34 big boots (2hbt8wr,sandy).mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\sperm nom72kl .zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\gzn4ud7e 7nd83wovj hot (!) rv0y8n .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\yzw1afy bd1l5ir nom72kl .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\jxaglwti beast [bangbus] boots .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\mnho9y54 7vepaqjm 50+ .zip.exe
  • %WINDIR%\syswow64\fxstmp\jxaglwti 8ok6yf [bangbus] cock eigt45 .rar.exe
  • %WINDIR%\syswow64\ime\shared\fac71w2 bd1l5ir uncut titts zn3tvn (2hbt8wr).avi.exe
  • %WINDIR%\syswow64\config\systemprofile\tsomq34 xxx bq4kno gh5b6gd7wrv .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\gzn4ud7e sperm 7vepaqjm .mpg.exe
  • %WINDIR%\syswow64\fxstmp\ddqayq hot (!) .mpg.exe
  • %WINDIR%\syswow64\ime\shared\cum sperm hot (!) .mpg.exe
  • %WINDIR%\temp\tsomq34 bd1l5ir uncut titts .zip.exe
  • %WINDIR%\winsxs\installtemp\ddqayq big glans ol6p1tua .zip.exe
  • %CommonProgramFiles%\microsoft shared\black nom72kl cum bq4kno .mpeg.exe
  • %CommonProgramFiles%\microsoft shared\nom72kl epyxwn (karin).rar.exe
  • %ProgramFiles%\dvd maker\shared\ uncut nrb42wq (hyo87il,liz).mpg.exe
  • %ProgramFiles%\dvd maker\shared\asian nude wep6b08 ihthd33 jxqgtp fw58kpr41ob1w (sonja,jade).zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\h93bklf horse vjq39c1gwy fw58kpr41ob1w .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\tsomq34 epyxwn feet fishy (cy4xpd).mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\wpjwijv 8ok6yf sperm 7vepaqjm ash .rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\mnho9y54 [milf] fishy .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\nom72kl [milf] glans .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\xakmpl lpcu5ai3 vjq39c1gwy 8bgkvshe1 (36mho73).rar.exe
  • %ProgramFiles%\microsoft office\templates\s2fkave horse uncut nrb42wq (c4w8hqa).mpeg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\0287zh ddqayq tsomq34 nom72kl titts 8pfmdyy (sonja,dxocjwba).mpg.exe
  • %ProgramFiles%\microsoft office\templates\upfgetx horse gay uncut glans 50+ .mpg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\z9z7rwe horse gay sgu4m7oc feet sweet (jade).rar.exe
  • %ProgramFiles%\windows journal\templates\z1qxwcd wep6b08 [milf] ash 50+ .mpg.exe
  • %ProgramFiles%\windows journal\templates\mnho9y54 epyxwn (dxocjwba).avi.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\z1qxwcd bd1l5ir beast girls gsva2xn .rar.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\black h93bklf yzw1afy sgu4m7oc titts ejn547rbxhd1 .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\s2fkave w6csjja14n1 horse nom72kl young .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\8r3baiec 7nd83wovj beast epyxwn feet .mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\nom72kl 7vepaqjm glans fishy .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\xxx cum l9hwcs7vvnphd9 cock (rdl1tfkz).mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\s2fkave nom72kl girls zn3tvn .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\lpcu5ai3 ihthd33 glans ejn547rbxhd1 .zip.exe
  • %CommonProgramFiles(x86)%\microsoft shared\wep6b08 [bangbus] .mpg.exe
  • %CommonProgramFiles(x86)%\microsoft shared\f1i7cm h93bklf nom72kl vjq39c1gwy glans (rdl1tfkz,dxocjwba).zip.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\z9z7rwe tsomq34 horse ihthd33 cock nrb42wq .mpeg.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\upfgetx w6csjja14n1 beast 7vepaqjm fishy .mpeg.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\gay bd1l5ir uncut .mpeg.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\s2fkave wep6b08 yzw1afy sgu4m7oc hole shoes .zip.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\nom72kl l9hwcs7vvnphd9 .rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\w6csjja14n1 vjq39c1gwy kfp2yqq .avi.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\nom72kl sgu4m7oc hole .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\fac71w2 horse yzw1afy [bangbus] nmibe2 .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\beast uncut .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\nude 7vepaqjm .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\lpcu5ai3 vjq39c1gwy feet sm (dxocjwba).mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\wpjwijv xakmpl ddqayq girls glans (rdl1tfkz,2hbt8wr).zip.exe
  • %ALLUSERSPROFILE%\templates\wpjwijv h93bklf girls lady .zip.exe
  • %ALLUSERSPROFILE%\templates\mzwpstr8n vjq39c1gwy feet (sonja,liz).avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\eq7k2xcxt nude sperm epyxwn feet fw58kpr41ob1w (sarah).avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\wpjwijv mzwpstr8n apv53deiq9fw nmibe2 (sonja,jenna).rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\xxx bq4kno titts sweet (c4w8hqa).avi.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\z1qxwcd porn apv53deiq9fw hole ol6p1tua (dxocjwba).zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\mnho9y54 hot (!) titts nmibe2 .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\ddqayq ihthd33 b37oavmx289 (haj1oyikd,cy4xpd).zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\mnho9y54 big sweet (rdl1tfkz).mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\f1i7cm cum gay [bangbus] .avi.exe
  • %ALLUSERSPROFILE%\templates\f07qtt bd1l5ir yzw1afy epyxwn sweet .rar.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\8r3baiec h93bklf xxx [free] hole mg9fvb2xk9 (2hbt8wr).rar.exe
  • %ALLUSERSPROFILE%\templates\eq7k2xcxt xxx apv53deiq9fw .avi.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\gzn4ud7e horse mzwpstr8n hot (!) .mpeg.exe
  • C:\users\default\appdata\local\temp\cum 7vepaqjm .rar.exe
  • C:\users\default\appdata\local\temp\f07qtt horse lpcu5ai3 epyxwn zmc8ujp .mpeg.exe
  • C:\users\default\appdata\local\<INETFILES>\8r3baiec yzw1afy girls latex .mpeg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\fac71w2 gay bd1l5ir girls .rar.exe
  • C:\users\default\appdata\local\<INETFILES>\gay uncut hole 50+ (sarah).mpg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\yzw1afy l9hwcs7vvnphd9 feet qq6w54yfhtqrbwcslg (dxocjwba).mpg.exe
  • C:\users\default\templates\wpjwijv gay xxx [bangbus] fishy .mpeg.exe
  • C:\users\default\templates\eq7k2xcxt nude tsomq34 nom72kl young (sandy,dxocjwba).zip.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\viaz50 tsomq34 xxx hot (!) .zip.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\black 7nd83wovj yzw1afy l9hwcs7vvnphd9 8bgkvshe1 (36mho73,jade).rar.exe
  • %TEMP%\ ihthd33 .zip.exe
  • %TEMP%\8r3baiec bd1l5ir lpcu5ai3 [free] qq6w54yfhtqrbwcslg (sonja,g6u8n4r).mpeg.exe
  • %LOCALAPPDATA%\<INETFILES>\f07qtt horse big feet .mpg.exe
  • %LOCALAPPDATA%\<INETFILES>\mzwpstr8n cum ihthd33 feet eigt45 (dehod0,rdl1tfkz).rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\fac71w2 mzwpstr8n hot (!) b37oavmx289 .zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\s2fkave w6csjja14n1 sperm uncut cock .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\fac71w2 porn mnho9y54 uncut .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\7nd83wovj ddqayq [free] ash .zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\sperm vjq39c1gwy qq6w54yfhtqrbwcslg .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\upfgetx yzw1afy [bangbus] hairy (c4w8hqa).mpeg.exe
  • %APPDATA%\microsoft\templates\nom72kl nom72kl hole (36mho73,y8oxsqa).mpg.exe
  • %APPDATA%\microsoft\templates\4h1e2a346 horse bd1l5ir apv53deiq9fw (karin).rar.exe
  • %APPDATA%\microsoft\windows\templates\black porn sperm apv53deiq9fw .mpeg.exe
  • %APPDATA%\microsoft\windows\templates\black tsomq34 yzw1afy hot (!) nmibe2 (jade,y8oxsqa).mpeg.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\beast big (y8oxsqa).mpeg.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\viaz50 mzwpstr8n 7vepaqjm .mpg.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\f07qtt 7nd83wovj [free] titts .mpeg.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\z1qxwcd beast hot (!) titts ejn547rbxhd1 (jenna).avi.exe
  • %HOMEPATH%\templates\z9z7rwe cum beast hot (!) hole shoes .zip.exe
  • %HOMEPATH%\templates\8ok6yf 7vepaqjm qx2j1b5 .mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\asian wep6b08 epyxwn titts sgoibhh (rdl1tfkz).mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\fac71w2 cum nom72kl bq4kno young .rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\z9z7rwe w6csjja14n1 xxx l9hwcs7vvnphd9 sgoibhh .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\beast big glans sm .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\xxx big (sarah).zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\beast hot (!) (sarah).mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\8r3baiec wep6b08 nom72kl girls ejn547rbxhd1 .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\ horse l9hwcs7vvnphd9 (sonja).rar.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\xxx big sweet .zip.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\jxaglwti bd1l5ir girls .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\viaz50 xakmpl uncut ash .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\gay ihthd33 cock sm .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\gzn4ud7e mnho9y54 8ok6yf vjq39c1gwy hole .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\gzn4ud7e 7nd83wovj sperm epyxwn cock young (y8oxsqa).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\asian lpcu5ai3 epyxwn .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\ uncut feet b37oavmx289 (cy4xpd).rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\gay h93bklf 7vepaqjm glans lzxyhb7k .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\black 8ok6yf tsomq34 vjq39c1gwy nmibe2 .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\7nd83wovj xxx vjq39c1gwy hotel .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\f07qtt h93bklf nom72kl vjq39c1gwy hole sgoibhh .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\f1i7cm beast bd1l5ir girls rv0y8n (rdl1tfkz).mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\beast [bangbus] (sarah).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\s2fkave tsomq34 xakmpl uncut 8pfmdyy .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\nom72kl [milf] .avi.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\8r3baiec ddqayq [bangbus] 40+ .rar.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\yzw1afy uncut (y8oxsqa).mpg.exe
  • %WINDIR%\assembly\temp\8ok6yf l9hwcs7vvnphd9 zn3tvn .mpg.exe
  • %WINDIR%\assembly\temp\s2fkave h93bklf xxx sgu4m7oc (g6u8n4r).avi.exe
  • %WINDIR%\assembly\tmp\tsomq34 uncut cock qx2j1b5 .avi.exe
  • %WINDIR%\assembly\tmp\7b6fhxi 8ok6yf wep6b08 bq4kno lzxyhb7k (dehod0,rdl1tfkz).mpeg.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\z1qxwcd [milf] .avi.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\s2fkave 8ok6yf gay ihthd33 .mpg.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\nom72kl apv53deiq9fw titts (jenna,jenna).rar.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\mnho9y54 epyxwn latex .mpeg.exe
  • %WINDIR%\pla\templates\ [milf] rv0y8n .avi.exe
  • %WINDIR%\pla\templates\asian bd1l5ir xakmpl nom72kl b37oavmx289 .mpg.exe
  • %WINDIR%\security\templates\mnho9y54 bq4kno 8bgkvshe1 .zip.exe
  • %WINDIR%\security\templates\yzw1afy horse bq4kno ash .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\f07qtt h93bklf yzw1afy [free] 8bgkvshe1 .mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\mzwpstr8n [bangbus] cock .mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\upfgetx ddqayq sperm vjq39c1gwy titts zmc8ujp (sarah).rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\eq7k2xcxt yzw1afy tsomq34 vjq39c1gwy latex (jenna,y8oxsqa).mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\z9z7rwe wep6b08 lpcu5ai3 ihthd33 qq6w54yfhtqrbwcslg .mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\xxx big young .mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\s2fkave ddqayq lpcu5ai3 uncut nrb42wq .rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\nom72kl ihthd33 shoes .rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\black yzw1afy uncut kfp2yqq latex (gina).rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\nom72kl hot (!) fw58kpr41ob1w .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\xakmpl [free] cock (c4w8hqa,hyo87il).zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\ lpcu5ai3 uncut nmibe2 .rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\mnho9y54 big lzxyhb7k .avi.exe
  • %WINDIR%\syswow64\config\systemprofile\f1i7cm w6csjja14n1 nom72kl 7vepaqjm hole latex (dxocjwba).mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\black wep6b08 mnho9y54 [milf] glans .avi.exe
  • %WINDIR%\syswow64\fxstmp\cum mzwpstr8n sgu4m7oc eigt45 .rar.exe
  • %WINDIR%\syswow64\ime\shared\eq7k2xcxt h93bklf nom72kl uncut 8pfmdyy .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\fac71w2 cum mnho9y54 sgu4m7oc (dxocjwba).mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\nom72kl 7vepaqjm 779mipj .zip.exe
  • %WINDIR%\syswow64\fxstmp\mnho9y54 vjq39c1gwy glans .rar.exe
  • %WINDIR%\syswow64\fxstmp\ddqayq [free] gsva2xn (liz,liz).mpg.exe
  • %WINDIR%\syswow64\ime\shared\f1i7cm horse xxx epyxwn rv0y8n .avi.exe
  • %WINDIR%\temp\gzn4ud7e ddqayq lpcu5ai3 vjq39c1gwy sgoibhh .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\8r3baiec horse l9hwcs7vvnphd9 boots .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\cum hot (!) hotel .mpeg.exe
  • %WINDIR%\syswow64\fxstmp\beast w6csjja14n1 nom72kl zmc8ujp .mpg.exe
  • %WINDIR%\syswow64\ime\shared\gzn4ud7e wep6b08 yzw1afy epyxwn mg9fvb2xk9 .avi.exe
  • %WINDIR%\temp\wpjwijv cum 7nd83wovj sgu4m7oc jxqgtp .rar.exe
Miscellaneous
Searches for the following windows
  • ClassName: 'Progman' WindowName: ''
  • ClassName: 'Proxy Desktop' WindowName: ''
Restarts the analyzed sample
Executes the following
  • '%WINDIR%\explorer.exe'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play