Para el funcionamiento correcto del sitio web, debe activar el soporte de JavaScript en su navegador.
Win32.HLLW.Autoruner2.23305
Added to the Dr.Web virus database:
2016-03-09
Virus description added:
2016-03-09
Technical Information
To ensure autorun and distribution:
Modifies the following registry keys:
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Taskman' = '%HOMEPATH%\aegvvp.exe'
Malicious functions:
Executes the following:
Injects code into
the following system processes:
Modifies file system:
Creates the following files:
Sets the 'hidden' attribute to the following files:
Network activity:
UDP:
DNS ASK mu###.###tal-protection.net.ru
DNS ASK sl###.##fehousenumber.com
'mu###.###tal-protection.net.ru':33111
'sl###.##fehousenumber.com':33111
Miscellaneous:
Searches for the following windows:
ClassName: 'Sakfux' WindowName: 'Bpsy, Jice. Regkttr, Prnrxmb'
ClassName: 'Prnrxmb, Sakfux' WindowName: 'Bpsy, Jice. Regkttr'
ClassName: 'Knpai Cfusmyoxf' WindowName: 'Drgbin Bjjykplv Lm'
ClassName: 'Oeyoourwf Cgrfvm Xk' WindowName: 'Ugwgqfv Rcxd, K'
ClassName: 'Yuggdgk Bkxssagqm' WindowName: 'Vvmgbnx Yboyn Hlmer'
ClassName: 'Bqeoshe Goqdre Jgy' WindowName: 'Pnco Qhipict Ayhbu'
ClassName: 'Ewlhlmfe Yvkwkpkc E' WindowName: 'Cpxjtid Ru. Lim'
ClassName: 'Kiycbam, Ofbpak Nhq' WindowName: 'Huknt. Xpnuavgiu'
ClassName: 'Fluoemwjg Hvrqq' WindowName: 'Iteaqw, Jhdst Keioo'
ClassName: 'Ofbpak Nhq' WindowName: 'Huknt. Xpnuavgiu, Kiycbam'
ClassName: 'Vri. Jod, Ujxrhr' WindowName: 'Wotiyq Ltlsl Ndei'
ClassName: 'Pqqhr. Jbwfs. W' WindowName: 'Vppnuw. Mrjyqk N'
ClassName: 'Ujxrhr' WindowName: 'Wotiyq Ltlsl Ndei, Vri. Jod'
ClassName: 'Riccah' WindowName: 'Xvfdm Ndrl Apjn, Ggjhrikx'
ClassName: 'Ggjhrikx, Riccah' WindowName: 'Xvfdm Ndrl Apjn'
ClassName: 'Vbiwol Ofgm. Pxvxv' WindowName: 'Ejij, Fydeasv. Ou'
ClassName: 'Drdaeqwq Cirbni' WindowName: 'Gnewa, Tmh, Sefao'
ClassName: 'Sixn, Vqples Swht' WindowName: 'Ludh. Fcki Uutihy'
ClassName: 'Lrjgprsuuh Jwvpraws' WindowName: 'Gclatkolo Ropal Kd'
ClassName: 'Vqples Swht' WindowName: 'Ludh. Fcki Uutihy, Sixn'
ClassName: 'Yfmxv Xxnma, Crihh' WindowName: 'Cjdwg, Rpbx Oijhfhp'
ClassName: 'Dprmilt Dxljb. Vd' WindowName: 'Hxlsbwl Lhixb, Bvq'
ClassName: 'Crihh' WindowName: 'Cjdwg, Rpbx Oijhfhp, Yfmxv Xxnma'
ClassName: 'Chbmd. Jfsu. Gj' WindowName: 'Xyfb. Pnua. Lxsyfc'
ClassName: 'Fibkgyx Tfqxw Pr' WindowName: 'Hpsih Lhx, Bl, Vfym'
ClassName: 'Jniyxrc Vocv Rsqqe' WindowName: 'Yweb Upsb Elcssa'
ClassName: 'Fpufwd Nxjxv Cpv' WindowName: 'Hcjbdpq Qapavpk Itd'
ClassName: 'Ktgcn Srk. Pdrnl' WindowName: 'Bavkf Otu, Rmin, Ao'
ClassName: 'Caowm. Fyb Ilbrrqe' WindowName: 'Ypviicwx Fvgx Vsue'
ClassName: 'Ctudlhf Kqyah Pwb' WindowName: 'Yluooo Juw, Psn'
ClassName: 'Eaqc Dnhje' WindowName: 'Dtgjfbau Uyhspmd, Rnui Ei'
ClassName: 'Rnui Ei, Eaqc Dnhje' WindowName: 'Dtgjfbau Uyhspmd'
ClassName: 'Vntjgy Xrcmx, Ub' WindowName: 'Psyyxfb Jqjcvpy'
ClassName: 'Lkxial Flvnqi Yjde' WindowName: 'Rddxcuoa Cdc. Ruhug'
ClassName: 'Ub' WindowName: 'Psyyxfb Jqjcvpy, Vntjgy Xrcmx'
ClassName: 'Ucvje. Cvyurq. Gc' WindowName: 'Nlgewpact Qrsgycje'
ClassName: 'Pnuif Aojaeaf. Igb' WindowName: 'Syn. Hhhxd Sqii'
ClassName: 'Avme Swdpn Sqgwo' WindowName: 'Uvxyrpuxxr, Swgu'
ClassName: 'B' WindowName: 'Xhauhw, Cfdcyarm R, Xoeopy. Kctthtu'
ClassName: 'Xoeopy. Kctthtu, B' WindowName: 'Xhauhw, Cfdcyarm R'
Descargue Dr.Web para Android
Gratis por 3 meses
Todos los componentes de protección
Renovación de la demo a través de AppGallery/Google Pay
Si Vd. continúa usando este sitio web, esto significa que Vd. acepta el uso de archivos Cookie y otras tecnologías para que recabemos las estadísticas sobre los visitantes. Más información
OK