Para el funcionamiento correcto del sitio web, debe activar el soporte de JavaScript en su navegador.
Win32.HLLW.Autoruner2.23915
Added to the Dr.Web virus database:
2016-05-13
Virus description added:
2016-05-13
Technical Information
To ensure autorun and distribution:
Modifies the following registry keys:
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Taskman' = '%HOMEPATH%\aegvvp.exe'
Malicious functions:
Executes the following:
Injects code into
the following system processes:
Modifies file system:
Creates the following files:
Sets the 'hidden' attribute to the following files:
Network activity:
UDP:
DNS ASK mu###.###tal-protection.net.ru
DNS ASK sl###.##fehousenumber.com
'mu###.###tal-protection.net.ru':33111
'sl###.##fehousenumber.com':33111
Miscellaneous:
Searches for the following windows:
ClassName: 'Qfdeq Tgooab' WindowName: 'Nwngrg Tcqd. Xjnn, Mkeyg'
ClassName: 'Ytfnti. Xlmsb. Sltx' WindowName: 'Fyjwl, Fvrl Mgh'
ClassName: 'Sftyl, Ggcrmx Ts' WindowName: 'Lrpriaun Ntt Wc'
ClassName: 'Mkeyg, Qfdeq Tgooab' WindowName: 'Nwngrg Tcqd. Xjnn'
ClassName: 'Kfmg Jjm. Hxpydxvr' WindowName: 'Ucnl, Sefhnhnt D'
ClassName: 'Rdnvm. Ppov Crjkava' WindowName: 'Frynvavf. Ovrsjq'
ClassName: 'Rnbsm Qblh Dinbr' WindowName: 'Ocul, Rupfjc Ucmqc'
ClassName: 'Ggcrmx Ts' WindowName: 'Lrpriaun Ntt Wc, Sftyl'
ClassName: 'Chjwm, Rdlbcs Lqblt' WindowName: 'Hjwwe. Fkaciyr. Eh'
ClassName: 'Rdlbcs Lqblt' WindowName: 'Hjwwe. Fkaciyr. Eh, Chjwm'
ClassName: 'Vwbnofu Xbrxlvb' WindowName: 'Hgwjwv Vlnri. Soce'
ClassName: 'Pplhctul' WindowName: 'Pvqrukh Xdm. Mhhi, Uinedap'
ClassName: 'Qcluudt Uxrlr Qgy' WindowName: 'Mbyjxe Thpxipiu'
ClassName: 'Onqod Qdkha. Bthsv' WindowName: 'Ibhynlu Txywtrw Hak'
ClassName: 'Uinedap, Pplhctul' WindowName: 'Pvqrukh Xdm. Mhhi'
ClassName: 'Idkawvntmb, Yy, Mgk' WindowName: 'Kqyi Yehjn Xihvj B'
ClassName: 'Mgk' WindowName: 'Kqyi Yehjn Xihvj B, Idkawvntmb, Yy'
ClassName: 'Nclrftt Beiilme' WindowName: 'Lmgop Oluwtd. Hxmk'
ClassName: 'Elhnmlki Rj. Pq' WindowName: 'Doabeosd Oedgakoos'
ClassName: 'Vjpwxh Wgverflb' WindowName: 'Bse, Uae. Yd. Ys'
ClassName: 'Siwphp Wgpwx. Sjxir' WindowName: 'Obwefwkueora Dsrc'
ClassName: 'Kgto. Ncfq Rgnuy' WindowName: 'Bxnri Muemdm Lpnxxy'
ClassName: 'Fftpbjg Hqjelju Q' WindowName: 'Qkpjjkp Icisp Lum'
ClassName: 'Geqp. Nhwvfh Hxprh' WindowName: 'Jtylkm, Kvdb Oyej'
ClassName: 'Vkbjny. Kqxu Bbal' WindowName: 'Fkghfheh Epryqc'
ClassName: 'Vkrkhj Egsvfn Wy' WindowName: 'Ecpjmk Wcaebiyp'
ClassName: 'Rtbhlkec Ikp' WindowName: 'Svao. Mcrbqif Eapqn, Qcpn'
ClassName: 'Cwphamr Luiclysb' WindowName: 'Bebtuchb Bqiegdbw O'
ClassName: 'Qfneln. Xdtq. Sdd' WindowName: 'Byjamxuj. Alwua, Q'
ClassName: 'Qcpn, Rtbhlkec Ikp' WindowName: 'Svao. Mcrbqif Eapqn'
Descargue Dr.Web para Android
Gratis por 3 meses
Todos los componentes de protección
Renovación de la demo a través de AppGallery/Google Pay
Si Vd. continúa usando este sitio web, esto significa que Vd. acepta el uso de archivos Cookie y otras tecnologías para que recabemos las estadísticas sobre los visitantes. Más información
OK