Sets the 'hidden' attribute to the following files:
<Drive name for removable media>:\autorun.inf
<Drive name for removable media>:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
<SYSTEM32>\kvzgmyr.dll
Deletes the following files:
<SYSTEM32>\01.tmp
Network activity:
Connects to:
'pd###uqwb.net':80
'gv###zsr.com':80
'us###rf.info':80
'bp##qu.net':80
'<Private IP address>':445
'ta##fwm.biz':80
'www.ba##u.com':80
'uf###fjm.biz':80
'zg##inr.biz':80
TCP:
HTTP GET requests:
pd###uqwb.net/search?q=#
gv###zsr.com/search?q=#
us###rf.info/search?q=#
bp##qu.net/search?q=#
ta##fwm.biz/search?q=#
www.ba##u.com/
uf###fjm.biz/search?q=#
zg##inr.biz/search?q=#
UDP:
DNS ASK km###zmzax.org
DNS ASK us###rf.info
DNS ASK bp##qu.net
DNS ASK gr###mdqr.org
DNS ASK ch####p.dyndns.org
DNS ASK www.wh#####ipaddress.com
DNS ASK zs###ifktyl.cn
DNS ASK zg##inr.biz
DNS ASK ta##fwm.biz
DNS ASK www.ba##u.com
DNS ASK pd###uqwb.net
DNS ASK gv###zsr.com
DNS ASK uf###fjm.biz
'23#.#55.255.250':1900
Miscellaneous:
Searches for the following windows:
ClassName: 'Shell_TrayWnd' WindowName: ''
Descargue Dr.Web para Android
Gratis por 3 meses
Todos los componentes de protección
Renovación de la demo a través de AppGallery/Google Pay
Si Vd. continúa usando este sitio web, esto significa que Vd. acepta el uso de archivos Cookie y otras tecnologías para que recabemos las estadísticas sobre los visitantes. Más información