Per il corretto funzionamento del sito, è necessario attivare il supporto di JavaScript nel browser.
Win32.HLLW.Autoruner.63388
Aggiunto al database dei virus Dr.Web:
2011-10-12
La descrizione è stata aggiunta:
2011-10-12
Technical Information
Malicious functions:
Creates and executes the following:
C:\nfkcvyyx.exe (downloaded from the Internet)
C:\vuoteg.exe (downloaded from the Internet)
C:\tascnl.exe (downloaded from the Internet)
C:\fslurss.exe (downloaded from the Internet)
C:\iecixtr.exe (downloaded from the Internet)
C:\ymhf.exe (downloaded from the Internet)
C:\rrwskt.exe (downloaded from the Internet)
C:\750234914 (downloaded from the Internet)
Modifies file system :
Creates the following files:
C:\nfkcvyyx.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\msppq[1].php
C:\vuoteg.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\burvfjwxoo[1].php
C:\tascnl.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\xdnnsfgt[1].php
C:\fslurss.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\SL6TKFAX\hjttqqeess[1].php
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\dwxxopc[1]
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\cvifgtduer[1].php
C:\iecixtr.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\wcpdqdri[1].php
C:\ymhf.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\SL6TKFAX\ynkkhuvvft[1].php
C:\rrwskt.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\kdrivwwab[1].php
C:\750234914
Deletes itself.
Network activity:
Connects to:
TCP:
HTTP GET requests:
aa###eoslz.com/progs/gfctifwkxy/msppq.php
aa###eoslz.com/progs/gfctifwkxy/burvfjwxoo.php
aa###eoslz.com/progs/gfctifwkxy/xdnnsfgt.php?ad###############################################
aa###eoslz.com/progs/gfctifwkxy/hjttqqeess.php
aa###eoslz.com/progs/gfctifwkxy/dwxxopc
aa###eoslz.com/progs/gfctifwkxy/cvifgtduer.php
aa###eoslz.com/progs/gfctifwkxy/wcpdqdri.php
aa###eoslz.com/progs/gfctifwkxy/ynkkhuvvft.php
aa###eoslz.com/progs/gfctifwkxy/kdrivwwab.php?ad########
UDP:
DNS ASK aa###eoslz.com
'<Private IP address>':1034
Scaricate Dr.Web per Android
Gratis per 3 mesi
Tutti i componenti di protezione
Rinnovo versione di prova tramite AppGallery/Google Pay
Continuando a utilizzare questo sito, l'utente acconsente al nostro utilizzo di file Cookie e di altre tecnologie per la raccolta di informazioni statistiche sui visitatori. Per maggiori informazioni
OK