La mia libreria
La mia libreria

+ Aggiungi alla libreria

Supporto
Supporto 24/7 | Regole per contattare

Richieste

Profile

Win32.HLLW.Autoruner1.51068

Aggiunto al database dei virus Dr.Web: 2013-07-20

La descrizione è stata aggiunta:

Technical Information

Malicious functions:
Creates and executes the following:
  • '%TEMP%\javaSetup.exe' /s REBOOT=Suppress JAVAUPDATE=0 WEBSTARTICON=0
  • '%TEMP%\javaSetup.exe' (downloaded from the Internet)
Executes the following:
  • '<SYSTEM32>\cscript.exe' //NoLogo %TEMP%\hd.vbs
Modifies file system :
Creates the following files:
  • %PROGRAM_FILES%\Zona\License_uk.rtf
  • %PROGRAM_FILES%\Zona\License_ru.rtf
  • %PROGRAM_FILES%\Zona\License_en.rtf
  • %TEMP%\appdata.7z
  • %TEMP%\Zona.7z
  • %PROGRAM_FILES%\Zona\utils.jar
  • %APPDATA%\Zona\init.xml
  • %TEMP%\ZonaInstall.log
  • %TEMP%\hd.vbs
  • %TEMP%\javaSetup.exe
  • %TEMP%\zon2.tmp
Network activity:
Connects to:
  • 'i2.#8.net':80
  • 'zo#a.ru':80
TCP:
HTTP GET requests:
  • zo#a.ru/Zona.7z
  • zo#a.ru/appdata.7z
  • i2.#8.net/T/gJr_X.jpeg
  • zo#a.ru/jre_latest.exe
UDP:
  • DNS ASK dl.#ona.ru
  • DNS ASK i2.#8.net
  • DNS ASK zo#a.ru
Miscellaneous:
Searches for the following windows:
  • ClassName: 'Shell_TrayWnd' WindowName: '(null)'