Para el funcionamiento correcto del sitio web, debe activar el soporte de JavaScript en su navegador.
Win32.HLLW.Autoruner2.24014
Added to the Dr.Web virus database:
2016-05-16
Virus description added:
2016-05-16
Technical Information
To ensure autorun and distribution:
Modifies the following registry keys:
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Taskman' = '%HOMEPATH%\aegvvp.exe'
Malicious functions:
Executes the following:
Injects code into
the following system processes:
Modifies file system:
Creates the following files:
Sets the 'hidden' attribute to the following files:
Network activity:
UDP:
DNS ASK mu###.###tal-protection.net.ru
DNS ASK sl###.##fehousenumber.com
'mu###.###tal-protection.net.ru':41801
'sl###.##fehousenumber.com':41801
Miscellaneous:
Searches for the following windows:
ClassName: 'Ipfyxl Jmi' WindowName: 'Gtxkidhn. Sbmnvf, Nutu'
ClassName: 'Nutu, Ipfyxl Jmi' WindowName: 'Gtxkidhn. Sbmnvf'
ClassName: 'Xdmkka Qxjym Uvj' WindowName: 'Cdekwe Vpjvpmu, Y'
ClassName: 'Grdlxib Hhc. Ycu Bs' WindowName: 'Ebqyyea Bjwrlv, W'
ClassName: 'Dncqvht Weqfeo F' WindowName: 'Bhyex. Ecxf, Drcbph'
ClassName: 'Gem. Uj' WindowName: 'Ptdiglbjr Ipr, Xtrt, Ymeshc Epv'
ClassName: 'Ymeshc Epv, Gem. Uj' WindowName: 'Ptdiglbjr Ipr, Xtrt'
ClassName: 'Vix Grsyppq U' WindowName: 'Dpvoq Kjrj Dibt, Tbv'
ClassName: 'Tbv, Vix Grsyppq U' WindowName: 'Dpvoq Kjrj Dibt'
ClassName: 'Wguvpby. Yqfkn. Kn' WindowName: 'Uebsisqs Rmmbcotkwx'
ClassName: 'Nilpt Kmerb Cbmle E' WindowName: 'Qbklgig Nstw, Fhps'
ClassName: 'Njsosic S' WindowName: 'Kodpt, Wqsk. Iqw, Palkr'
ClassName: 'Udv' WindowName: 'Wcqwf Yrdbvry Bqiqn, Jjopj Xjxs'
ClassName: 'Jjopj Xjxs, Udv' WindowName: 'Wcqwf Yrdbvry Bqiqn'
ClassName: 'Palkr, Njsosic S' WindowName: 'Kodpt, Wqsk. Iqw'
ClassName: 'Hjwluxb Jgemydo' WindowName: 'Yfcitm Mpuntqeg, P'
ClassName: 'Exemipwbh Ypkjsa Wl' WindowName: 'Woxoguu Qaksj Dthos'
ClassName: 'Svca F' WindowName: 'Obtdsihjod Ornghpu, Wgb, Vkhd'
ClassName: 'Wgb, Vkhd, Svca F' WindowName: 'Obtdsihjod Ornghpu'
ClassName: 'W' WindowName: 'Mqwemiidy Unpb Boe, Lmgdofsn Oxm'
ClassName: 'Neqfwnsv Gu, Doiw' WindowName: 'Ybmkluak, Qphku'
ClassName: 'Mljru. Ysnjj. G' WindowName: 'Kdkjsr Lojjqhr Osk'
ClassName: 'Yisnj. Fvyck, Thspv' WindowName: 'Lptomlvgus Bhmq'
ClassName: 'Doiw' WindowName: 'Ybmkluak, Qphku, Neqfwnsv Gu'
ClassName: 'Ivlkaqs Rhmxu. Xi' WindowName: 'Wmmvwyp, Cpmwttx'
ClassName: 'Hlpa Msio' WindowName: 'Icyrwtlt Qoej Jnmm, Mvig'
ClassName: 'Mvig, Hlpa Msio' WindowName: 'Icyrwtlt Qoej Jnmm'
ClassName: 'Kkgpli. Rjld Qvem' WindowName: 'Omwxo. Fm, Gbtn Se'
ClassName: 'Pguykylw Lru. Gvfbv' WindowName: 'Wkmo. Oqy Bsyyjm'
ClassName: 'Thspv' WindowName: 'Lptomlvgus Bhmq, Yisnj. Fvyck'
ClassName: 'Qigdg Tr' WindowName: 'Iedwai Hwv Ygnkif K, Qbilcn'
ClassName: 'Qbilcn, Qigdg Tr' WindowName: 'Iedwai Hwv Ygnkif K'
ClassName: 'Lmgdofsn Oxm, W' WindowName: 'Mqwemiidy Unpb Boe'
ClassName: 'Uxdndjk Vgvnn Yfjyl' WindowName: 'Drxjo Cxme Rgpkokrh'
ClassName: 'Brhukgh' WindowName: 'Xjxep. Bwlkiwsn, Kricaf'
ClassName: 'Bgf. Cxpn, Rbdx Bs' WindowName: 'Mknpkdhl Tfdnqu Xpj'
ClassName: 'Jpagqw Vdpwl Thjtyj' WindowName: 'Sfsnq Gowjd Oioy'
ClassName: 'Kricaf, Brhukgh' WindowName: 'Xjxep. Bwlkiwsn'
ClassName: 'Rbdx Bs' WindowName: 'Mknpkdhl Tfdnqu Xpj, Bgf. Cxpn'
Descargue Dr.Web para Android
Gratis por 3 meses
Todos los componentes de protección
Renovación de la demo a través de AppGallery/Google Pay
Si Vd. continúa usando este sitio web, esto significa que Vd. acepta el uso de archivos Cookie y otras tecnologías para que recabemos las estadísticas sobre los visitantes. Más información
OK