Para el funcionamiento correcto del sitio web, debe activar el soporte de JavaScript en su navegador.
Win32.HLLW.Autoruner.63388
Added to the Dr.Web virus database:
2011-10-12
Virus description added:
2011-10-12
Technical Information
Malicious functions:
Creates and executes the following:
C:\nfkcvyyx.exe (downloaded from the Internet)
C:\vuoteg.exe (downloaded from the Internet)
C:\tascnl.exe (downloaded from the Internet)
C:\fslurss.exe (downloaded from the Internet)
C:\iecixtr.exe (downloaded from the Internet)
C:\ymhf.exe (downloaded from the Internet)
C:\rrwskt.exe (downloaded from the Internet)
C:\750234914 (downloaded from the Internet)
Modifies file system :
Creates the following files:
C:\nfkcvyyx.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\msppq[1].php
C:\vuoteg.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\burvfjwxoo[1].php
C:\tascnl.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\xdnnsfgt[1].php
C:\fslurss.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\SL6TKFAX\hjttqqeess[1].php
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\dwxxopc[1]
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\cvifgtduer[1].php
C:\iecixtr.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\wcpdqdri[1].php
C:\ymhf.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\SL6TKFAX\ynkkhuvvft[1].php
C:\rrwskt.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\kdrivwwab[1].php
C:\750234914
Deletes itself.
Network activity:
Connects to:
TCP:
HTTP GET requests:
aa###eoslz.com/progs/gfctifwkxy/msppq.php
aa###eoslz.com/progs/gfctifwkxy/burvfjwxoo.php
aa###eoslz.com/progs/gfctifwkxy/xdnnsfgt.php?ad###############################################
aa###eoslz.com/progs/gfctifwkxy/hjttqqeess.php
aa###eoslz.com/progs/gfctifwkxy/dwxxopc
aa###eoslz.com/progs/gfctifwkxy/cvifgtduer.php
aa###eoslz.com/progs/gfctifwkxy/wcpdqdri.php
aa###eoslz.com/progs/gfctifwkxy/ynkkhuvvft.php
aa###eoslz.com/progs/gfctifwkxy/kdrivwwab.php?ad########
UDP:
DNS ASK aa###eoslz.com
'<Private IP address>':1034
Descargue Dr.Web para Android
Gratis por 3 meses
Todos los componentes de protección
Renovación de la demo a través de AppGallery/Google Pay
Si Vd. continúa usando este sitio web, esto significa que Vd. acepta el uso de archivos Cookie y otras tecnologías para que recabemos las estadísticas sobre los visitantes. Más información
OK