Para el funcionamiento correcto del sitio web, debe activar el soporte de JavaScript en su navegador.
Win32.HLLW.Autoruner2.23919
Added to the Dr.Web virus database:
2016-05-13
Virus description added:
2016-05-13
Technical Information
To ensure autorun and distribution:
Modifies the following registry keys:
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Taskman' = '%HOMEPATH%\aegvvp.exe'
Malicious functions:
Executes the following:
Injects code into
the following system processes:
Modifies file system:
Creates the following files:
Sets the 'hidden' attribute to the following files:
Network activity:
UDP:
DNS ASK mu###.###tal-protection.net.ru
DNS ASK sl###.##fehousenumber.com
'mu###.###tal-protection.net.ru':27001
'sl###.##fehousenumber.com':27001
Miscellaneous:
Searches for the following windows:
ClassName: 'Vfguv N' WindowName: 'Kmfl, Mrydub Lcw, Emulh Ubjo'
ClassName: 'Emulh Ubjo, Vfguv N' WindowName: 'Kmfl, Mrydub Lcw'
ClassName: 'Dxopb, Axflb Ixo' WindowName: 'Gxmoa Nxjcc. Saqu'
ClassName: 'Avwnqxpq Svgp. Ene' WindowName: 'Ontvgs Jmfuumy. Fu'
ClassName: 'Nmlcuu Ug' WindowName: 'Cfngbvvs Wiv. V, Aftm'
ClassName: 'Aftm, Nmlcuu Ug' WindowName: 'Cfngbvvs Wiv. V'
ClassName: 'Lfydnc. T' WindowName: 'Rnkjj Ca, Taetc, Yuudrpjo'
ClassName: 'Yuudrpjo, Lfydnc. T' WindowName: 'Rnkjj Ca, Taetc'
ClassName: 'Axflb Ixo' WindowName: 'Gxmoa Nxjcc. Saqu, Dxopb'
ClassName: 'Jixwqd. Nlt' WindowName: 'Wmatllq Vvrcy Hhcs, Gabj'
ClassName: 'Gabj, Jixwqd. Nlt' WindowName: 'Wmatllq Vvrcy Hhcs'
ClassName: 'Bsogiee. Beyafdb' WindowName: 'Bngblbqr Chm, Jlaev'
ClassName: 'Ldhmefkw Dmmxjam' WindowName: 'Ffxjk. Ulsvrmbs'
ClassName: 'Locluf. Igawgvm' WindowName: 'Sdkwib Pfiri Grasc'
ClassName: 'Uanyyqq Quqkx Ur' WindowName: 'Cmqfkceflt. Mcikfuk'
ClassName: 'Bxbwxb Hi. Uyfkdkv' WindowName: 'Ipsoc. Cxpcvbtx Rml'
ClassName: 'Ljtrcab Rkfec Lu' WindowName: 'Exxfxahmee Ongk Fve'
ClassName: 'Mkkkyd Icasjk Lp' WindowName: 'Xacacyvc Wuebqv'
ClassName: 'Xfqbjed' WindowName: 'Vabirqg Vgonhga, Vescdkt'
ClassName: 'Vescdkt, Xfqbjed' WindowName: 'Vabirqg Vgonhga'
ClassName: 'Lurqr Vdy' WindowName: 'Mcsnweehg Bxmjs, Itou'
ClassName: 'Itou, Lurqr Vdy' WindowName: 'Mcsnweehg Bxmjs'
ClassName: 'Ubvklehf Ocbmcth' WindowName: 'Avige Quwukpc B'
ClassName: 'Hyvvful Tpifl. H' WindowName: 'Djlqjb Unkre Toeix'
ClassName: 'Wgx' WindowName: 'Xmqprmkr Qtvt. Rg, Jxddby Mibths'
ClassName: 'Jxddby Mibths, Wgx' WindowName: 'Xmqprmkr Qtvt. Rg'
ClassName: 'Uimdasfk, Mqect' WindowName: 'Ebph, Akytho Hu'
ClassName: 'Fohte Vtxylxjby' WindowName: 'Bpjntsu Grj Ugrft'
ClassName: 'Vllup Dtyx. Kkla' WindowName: 'Tlfhfbkx Uryj, N'
ClassName: 'Qyptgfal Oeg. Cpep' WindowName: 'Yewrgmq Wrafu Ovqol'
ClassName: 'Bctst Tinigmbuq T' WindowName: 'Ono. Uigafcebv T'
ClassName: 'Ixexf Hqrt, Dfw, N' WindowName: 'Uyujso. Amvluai'
ClassName: 'Mqect' WindowName: 'Ebph, Akytho Hu, Uimdasfk'
ClassName: 'Fdokugr Tmjleuf' WindowName: 'Kaqwmg. Plob, Iv'
ClassName: 'N' WindowName: 'Uyujso. Amvluai, Ixexf Hqrt, Dfw'
Descargue Dr.Web para Android
Gratis por 3 meses
Todos los componentes de protección
Renovación de la demo a través de AppGallery/Google Pay
Si Vd. continúa usando este sitio web, esto significa que Vd. acepta el uso de archivos Cookie y otras tecnologías para que recabemos las estadísticas sobre los visitantes. Más información
OK